Caddy v2.10.0 failing to render {remote_ip} placeholder, causing 400 errors (previously saw "module not registered")

Help
1

Hello Caddy Community,

I’m running into a persistent and unusual issue with my Caddy reverse proxy setup on a Raspberry Pi, and I’m hoping to get some assistance diagnosing it.

My goal is to reverse proxy several services running on my local network using Caddy with automatic HTTPS via my DuckDNS domain. While some services are working correctly with HTTPS, I’m consistently getting “400: Bad Request” errors when trying to access Home Assistant and Portainer through Caddy.

Based on troubleshooting, the core problem seems to be that Caddy is failing to correctly render the {remote_ip} placeholder in the X-Forwarded-For header it sends to backend services.

My OS: Linux raspberrypi 6.12.25+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.25-1+rpt1 (2025-04-30) aarch64 GNU/Linux

Caddy Ver: 2.10.0
Install method: Installed via the official Caddy apt repository

My Complete Caddyfile:

{
        # Global options block
        email [PLEASE REPLACE WITH YOUR ACTUAL EMAIL ADDRESS]

        # debug # Uncomment if requested by community members
}

immich.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:2283
        log {
                output file /var/log/caddy/immich.log
        }
}

nextcloud.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:8081
        header {
                X-Forwarded-Proto https
                Strict-Transport-Security "max-age=15552000; includeSubDomains"
        }
        log {
                output file /var/log/caddy/nextcloud.log
        }
}

homepage.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:3000
        log {
                output file /var/log/caddy/homepage.log
        }
}

vaultwarden.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:11001
        log {
                output file /var/log/caddy/vaultwarden.log
        }
}

pihole.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:81
        log {
                output file /var/log/caddy/pihole.log
        }
}

glances.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:61208
        log {
                output file /var/log/caddy/glances.log
        }
}

homeassistant.defanouxpi.duckdns.org {
        reverse_proxy 192.168.50.143:8123 {
                header_up Host {host}
                header_up X-Real-IP {remote_ip}
                header_up X-Forwarded-For {remote_ip}
                header_up X-Forwarded-Proto {scheme}
                header_up Upgrade {header.Upgrade}
                header_up Connection {header.Connection}
        }
        log {
                output file /var/log/caddy/homeassistant.log
        }
}

portainer.defanouxpi.duckdns.org {
        reverse_proxy https://192.168.50.143:9443 {
                header_up Host {host}
                header_up X-Real-IP {remote_ip}
                header_up X-Forwarded-For {remote_ip}
                header_up X-Forwarded-Proto {scheme}
                header_up Upgrade {header.Upgrade}
                header_up Connection {header.Connection}
                transport tls {
                        insecure_skip_verify # Temporary for testing
                }
        }
        log {
                output file /var/log/caddy/portainer.log
        }
}

A snippet of my configuration.yaml for home assistant

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.50.143 # The internal IP address of my Raspberry Pi running Caddy
    # ... potentially other IPs if needed ...

Nothing else was changed with portainer yet so any help would be nice with that
but the error i get when trying to access that is ERR_SSL_PROTOCOL_ERROR

2

Please don’t ignore the template. It helps us. For instance, module not registered doesn’t make any sense in the context of your issue, and

The only thing I can tell you now, simply remove all of these

By default, Caddy passes through incoming headers—including Host—to the backend without modifications, with three exceptions:

1 Like