Duplicacy Web currently logs the client IP in the following way whenever the login fails:
“2022/05/09 17:02:00 Incorrect admin password from [IP]:[PORT]: derived token is [token1], admin token is [token2]”
However, I run Duplicacy Web behind a reverse proxy. So the logged IP is the address of the reverse proxy. This is fine but I would also like to have the IP of the real client. I believe this can be obtained from X-Forwarded-For or X-Real-IP HTTP header.