Please upgrade to v2.5.2
FYI, you can shorten this to:
header_up Host {upstream_hostport}
Ultimately, this is an issue with your upstream app. Caddy will send through the X-Forwarded-Host header with the correct hostname (as I think you know). Your upstream app should read from that (ideally, if configured with trusted proxies itself, but not all applications do that correctly). I suggest you open an issue with the devs of that app to get them to fix this.
That said, somewhat contrived, but you could do this on your internal Caddy instance
(host-var) {
@isExternal header X-Forwarded-Host *
vars @isExternal actualHost {header.X-Forwarded-Host}
vars actualHost {host}
}
https://service4.vpn {
import host-var
reverse_proxy https://docker4 {
header_up Host {vars.actualHost}
trusted_proxies private_ranges
}
}
Basically, constructs a variable depending on whether the incoming request had the X-Forwarded-Host header or not (it shouldn’t for directly internal connections, unless the client is trying to spoof the header, but why would someone connected to your VPN do that anyways?) and then you can use that variable in the proxy.