header_down has to be used inside reverse_proxy. This is because it specifically manipulates headers going “down” to the client from the backend. So it will remove any Server header set by the backend.
However, Caddy still sets its own Server header too, which is what you’re seeing in your curl command.
Put header -server in your config outside of reverse_proxy and it should remove the header completely, including the one Caddy sets. It probably doesn’t in the route because routes affect the handler ordering. (I’m not sure why you have them all in a route in the first place?)
The old way only looks at the first SRV record, and it acts like a single upstream for health checking, even though there are multiple. It’s basically a hacky way to get it working, but it held us over until we had a better way. It also wasn’t extensible. But now we have native support for truly dynamic upstreams!
I dunno, depends on what your goals are. But it’s not obvious to me from looking at it. I usually only add things to the config once I determine they’re needed, rather than assuming they will be.
Please make sure to use -- double dashes for CLI arguments, we’re planning a change in a future version which will mean single dashes will no longer be supported.
Also FYI, the default container’s command will run Caddy with your Caddyfile as long as you mount the Caddyfile at /etc/caddy/Caddyfile. I suggest you do that instead.
There’s no reason at all to remove this header. It doesn’t reveal any information that clients couldn’t otherwise glean from your server (e.g. looking at TLS handshake patterns, etc). It doesn’t protect you in any way.