@fvbommel so I just tested it myself and it does seem like a malicious user could simply open up any private service by modifying the Host header.
Unfortunately, bind is not working for me because I’m running Caddy inside of Docker. When I try and bind to the VPN IP I get the following error:
Error: loading initial config: loading new config: http app module: start: listening on 10.0.20.124:443 The bind: cannot assign requested address
Is there any other way to separate the services other than bind?
Edit: solved it by using the Matcher to disallow non-VPN IPs. See: Only allow certain IPs to access the server in reverse proxy - #2 by francislavoie
I’ll still check @fvbommel 's reply as the solution since I didn’t know HTTP Host headers could be forged in that manner. Thanks.