Caddy X-Forwarded Header problems after updating to 26.1.3

Started by Fórest, March 04, 2026, 05:06:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 04, 2026, 05:06:05 PM
Hi,

after updating to 26.1.3 I have X-Forwarded Header problems with Caddy.

Before the update the headers on a proxy backend looked like this:

Host: domain.xyz.de
X-Forwarded-For: 192.168.10.171, 192.168.100.1
X-Forwarded-Host: domain.xyz.de, domain.xyz.de
X-Forwarded-Proto: https
X-Forwarded-Server: 127.0.1.1

After the update the headers a looking like this:

Host: 192.168.100.150
X-Forwarded-For: 192.168.10.171
X-Forwarded-Host: 192.168.100.150
X-Forwarded-Server: 127.0.1.1

Under Caddy/Reverse Proxy/Headers I didn't configure any custom headers. Under General Settings/Advanced is for Client IP Headers the default X-Forwarded-For selected.

Any idea what broke this or is this a problem with the latest Caddy update?
March 04, 2026, 05:35:17 PM #1
Most likely this change upstream?

https://github.com/caddyserver/caddy/pull/7454
Hardware:
DEC740
March 04, 2026, 05:51:01 PM #2 Last Edit: March 04, 2026, 05:52:46 PM by Patrick M. Hausen
That makes sense. I did not notice any problems at first, because I run (almost) all of my backend services over HTTP.

Only Crafty (a minecraft server manager) is via HTTPS, because they made the debatable choice to enforce HTTPS for all communication, even if a reverse proxy is in place. So be it.

Promptly web sockets stopped working. I could fix it by adding a header configuration in Caddy like this:



Activate in your handler under Transport: HTTP Headers, afterwards.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 04, 2026, 05:57:20 PM #3
Yup this looks like the right fix indeed, good that the plugin was always flexible with headers.

Im sure more users with tls skip verify will run into this over time, thanks for the screenshots :)
Hardware:
DEC740
March 05, 2026, 02:44:25 PM #4
Thanks,

this solved the problem :)
March 06, 2026, 08:04:33 AM #5
Fixed my problem too.

Thank you.

Adrian
Adrian from Down Under
March 06, 2026, 04:24:29 PM #6
Thanks for posting, fixed my issue as well!
March 11, 2026, 09:05:45 AM #7
this fixed unifi for me....
With unifi I was able to login... to the unifi os server... and then blank page. Scratched my head for days, until I came across this post.

thanks again....
Today at 04:16:50 PM #8 Last Edit: Today at 04:20:48 PM by AdamReece.WebBox
Thanks for the notes and links.

I just spent hours searching around for a fix to this problem. Suddenly when updating to 26.1 today all of our reverse proxy sites were getting HTTP 421 Misdirected Request from upstream Apache instances. (Adding my comment as no search results were coming up specifically for HTTP 421.)

Found this: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#https

Using value "{hostport}" for the Host header in all our handlers resolved this for us. (One of our sites doesn't use port 443 making "{hostport}" instead of "{host}" necessary.)

Always great when an important unannounced change occurs. (Thanks Caddy..!)
Adam Reece | WebBox
Print
Go Up Pages1
User actions