I use a containerized caddy in order to reverse proxy all of the http(s) requests from my site to other docker containers. The ports 80 and 443 are forwarded out of the caddy container, so it is accessible from outside docker. This works fine, however when a request is received from tailscale (for example, using curl to make a request to http://tailscale-name from another tailnet-connected device), it does not see the correct origin IP. For normal http requests, it would see the public ip of the computer accessing it, however when accessed via tailscale, the ip shown for caddy is the gateway of the docker network (172.19.0.1 in my case) instead of the real ip (100.x.y.z). This is a problem because I would like to be able to detect tailscale requests inside of caddy and add extra routes, however that is not possible if the origin ip is not correct.
I use a docker network with the subnet 172.19.0.0/16 which the caddy container uses, and tailscale is running on the host machine (not containerized). The OS is Ubuntu 22.04.1 LTS aarch64, docker version is
20.10.23, and tailscale version is
1.36.0. I also selfhost headscale rather than using tailscale.com, however that is likely not affecting this.