caddy icon indicating copy to clipboard operation
caddy copied to clipboard
verified publisher icon caddyserver

Allow Caddy to bind to an interface name (not IP address)

Open DanielSidhion opened this issue 1 year ago • 8 comments

I'm provisioning servers that have an internal interface (to communicate with other servers), and also an external interface. I'm using Caddy as a reverse proxy for external services, but also for an internal service.

To prevent Caddy from binding on all interfaces for the internal service, I'm using a bind <internal ip address> directive, but this is a bit problematic since that interface gets its IP address from DHCP, so there's some friction with manual work involved whenever a new server is provisioned. This is done as an additional defensive measure, given that there's a firewall preventing external traffic on the internal port.

The name of the interface is always fixed (e.g. enp10s0), so ideally I'd like to be able to bind to an interface name instead, and then I can reuse the same config across servers. I couldn't find an issue for this, has this use case been discussed before, and is this a feature request that makes sense, or do you suggest I solve this in a different way?

DanielSidhion avatar Feb 21 '25 00:02 DanielSidhion

There's #6506 as PoC, but it might need refinement in terms of experience.

mohammed90 avatar Feb 21 '25 15:02 mohammed90

I am encountering the exact same limitation.

I don't know the internal IP of my VPS when I generate my Caddyfile, so I now rely on @publicip not remote_ip 100.64.0.0/10. It would be great if I could tighten it down with something along the lines of bind tailscale0.

RCdeWit avatar Jul 28 '25 20:07 RCdeWit

Hi there,

I am also facing this issue. Would love to see it as a feature if this option becomes available. Are there any workarounds currently?

I am also looking to bind to a Tailscale interface as mentioned in the previous comment

softwaresweetsoftware avatar Aug 12 '25 15:08 softwaresweetsoftware

Hi! I propose the following solution for this issue:

  • Added support for bind "interfaceName" syntax
  • Supports IP version modes: bind "eth0:8080:ipv4", bind "eth0:8080:ipv6", bind "eth0:8080:auto" - first try to use the IPv4 address of the interface; if no IPv4 is available, it will fall back to IPv6.

Siomachkin avatar Sep 13 '25 19:09 Siomachkin

Hi! I propose the following solution for this issue:

  • Added support for bind "interfaceName" syntax
  • Supports IP version modes: bind "eth0:8080:ipv4", bind "eth0:8080:ipv6", bind "eth0:8080:auto" - first try to use the IPv4 address of the interface; if no IPv4 is available, it will fall back to IPv6.

This syntax makes alot of sense IMO. Would love to see it implemented

softwaresweetsoftware avatar Sep 13 '25 19:09 softwaresweetsoftware

I happen to have this exact same use case. There's definitely a market for this feature- however small it may appear.

OoLunar avatar Oct 23 '25 02:10 OoLunar

Yes it's coming very soon in https://github.com/caddyserver/caddy/pull/7256 @OoLunar

francislavoie avatar Oct 23 '25 03:10 francislavoie

Yes it's coming very soon in #7256 @OoLunar

Very excited about this change : )

softwaresweetsoftware avatar Oct 23 '25 10:10 softwaresweetsoftware