Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

step-ca's logging middleware logs the client's IP address under remote-address field for each incoming requests, the value is taken directly from Request.RemoteAddr of Go's net/http.

The problem arises when step-ca is sitting behind a reverse proxy, the IP address of the proxy is logged instead of the actual client.

Why is this needed?

In the case where reverse proxy is used, the remote-address field is more useful for analysis/debugging/reporting when it is the real client IP.