Text only | Text with Images

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Fórest on March 04, 2026, 05:06:05 PM

Title: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: Fórest on March 04, 2026, 05:06:05 PM
Hi,

after updating to 26.1.3 I have X-Forwarded Header problems with Caddy.

Before the update the headers on a proxy backend looked like this:

Host: domain.xyz.de
X-Forwarded-For: 192.168.10.171, 192.168.100.1
X-Forwarded-Host: domain.xyz.de, domain.xyz.de
X-Forwarded-Proto: https
X-Forwarded-Server: 127.0.1.1

After the update the headers a looking like this:

Host: 192.168.100.150
X-Forwarded-For: 192.168.10.171
X-Forwarded-Host: 192.168.100.150
X-Forwarded-Server: 127.0.1.1

Under Caddy/Reverse Proxy/Headers I didn't configure any custom headers. Under General Settings/Advanced is for Client IP Headers the default X-Forwarded-For selected.

Any idea what broke this or is this a problem with the latest Caddy update?
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: Monviech (Cedrik) on March 04, 2026, 05:35:17 PM
Most likely this change upstream?

https://github.com/caddyserver/caddy/pull/7454
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: Patrick M. Hausen on March 04, 2026, 05:51:01 PM
That makes sense. I did not notice any problems at first, because I run (almost) all of my backend services over HTTP.

Only Crafty (a minecraft server manager) is via HTTPS, because they made the debatable choice to enforce HTTPS for all communication, even if a reverse proxy is in place. So be it.

Promptly web sockets stopped working. I could fix it by adding a header configuration in Caddy like this:

(https://forum.opnsense.org/index.php?action=dlattach;attach=52813;image)

Activate in your handler under Transport: HTTP Headers, afterwards.
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: Monviech (Cedrik) on March 04, 2026, 05:57:20 PM
Yup this looks like the right fix indeed, good that the plugin was always flexible with headers.

Im sure more users with tls skip verify will run into this over time, thanks for the screenshots :)
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: Fórest on March 05, 2026, 02:44:25 PM
Thanks,

this solved the problem :)
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: xxup on March 06, 2026, 08:04:33 AM
Fixed my problem too.

Thank you.

Adrian
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: gpfountz on March 06, 2026, 04:24:29 PM
Thanks for posting, fixed my issue as well!
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: bucky2780 on March 11, 2026, 09:05:45 AM
this fixed unifi for me....
With unifi I was able to login... to the unifi os server... and then blank page. Scratched my head for days, until I came across this post.

thanks again....
Title: Re: Caddy X-Forwarded Header problems after updating to 26.1.3
Post by: AdamReece.WebBox on March 13, 2026, 04:16:50 PM
Thanks for the notes and links.

I just spent hours searching around for a fix to this problem. Suddenly when updating to 26.1 today all of our reverse proxy sites were getting HTTP 421 Misdirected Request from upstream Apache instances. (Adding my comment as no search results were coming up specifically for HTTP 421.)

Found this: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#https

Using value "{hostport}" for the Host header in all our handlers resolved this for us. (One of our sites doesn't use port 443 making "{hostport}" instead of "{host}" necessary.)

Always great when an important unannounced change occurs. (Thanks Caddy..!)
Text only | Text with Images