Behind nat, expose different end points on one port

So in a nat situation where is open to caddy and caddy pushes https requests off to a valid internal service that responds and all is fine in the world.

Now due to a change in some policies, I’m hoping to be able to continue to have the http service on port 443 open, but when I connect to the same port and domain via ssh that I can determine that and forward that off to somewhere else.

Is that possible? Some sort of header or protocol interrogation where if ssh go to the .10 machine otherwise got to the .15 machine?

Or should I use a sub page to the http service, to the ssh server?

It sounds like you can do port forwarding on your router on port 22 and forward to a different internal IP address.

If I’m way off here, it’s because I’m not quite sure what you’re trying to do.

1 Like

Caddy can route HTTP requests to different upstream servers, but it can’t route different protocols. You can forward arbitrary TCP traffic with the net server type, but that also can’t route based on protocol.

SSH uses port 22 by default. Like @CryptoSpartan suggested, forward that from your router to the .10 host, continue forwarding port 443 (default HTTPS) to your Caddy host.

If you’ve only got one port to play with, though, Caddy won’t be able to help you get SSH happening (unless you use Caddy to proxy a web service like Guacamole which hosts a web-based SSH terminal).

1 Like

I suspect from this one location that I can only connect outbound via 443 or 80 (which is why I don’t just add a new port forward)

So I do have another domain can I set up to the http service and use to the ssh service?

Oh and I guess the 2nd question, is even if I can get the identification of the two services working, will caddy pass ssh traffic?

Unfortunately, what you’re asking for specifically will not work. Caddy’s HTTP server can route via hostname, but it can’t talk SSH, only HTTP(S). The net server type can talk TCP (so it can forward any traffic you like), but won’t be able to route based on the hostname.

Ok, Thanks for the quick replies. Will try and look for a plan b.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.