Hi,
after updating to 26.1.3 I have X-Forwarded Header problems with Caddy.
Before the update the headers on a proxy backend looked like this:
Host: domain.xyz.de
X-Forwarded-For: 192.168.10.171, 192.168.100.1
X-Forwarded-Host: domain.xyz.de, domain.xyz.de
X-Forwarded-Proto: https
X-Forwarded-Server: 127.0.1.1
After the update the headers a looking like this:
Host: 192.168.100.150
X-Forwarded-For: 192.168.10.171
X-Forwarded-Host: 192.168.100.150
X-Forwarded-Server: 127.0.1.1
Under Caddy/Reverse Proxy/Headers I didn't configure any custom headers. Under General Settings/Advanced is for Client IP Headers the default X-Forwarded-For selected.
Any idea what broke this or is this a problem with the latest Caddy update?
Most likely this change upstream?
https://github.com/caddyserver/caddy/pull/7454
That makes sense. I did not notice any problems at first, because I run (almost) all of my backend services over HTTP.
Only Crafty (a minecraft server manager) is via HTTPS, because they made the debatable choice to enforce HTTPS for all communication, even if a reverse proxy is in place. So be it.
Promptly web sockets stopped working. I could fix it by adding a header configuration in Caddy like this:
(https://forum.opnsense.org/index.php?action=dlattach;attach=52813;image)
Activate in your handler under Transport: HTTP Headers, afterwards.
Yup this looks like the right fix indeed, good that the plugin was always flexible with headers.
Im sure more users with tls skip verify will run into this over time, thanks for the screenshots :)