Hello Caddy Team.
I am pretty impressed with the flexibility of Caddy and I think it can make WebRTC easier to deploy with its features, in fact the “regexp” matcher in caddy-l4 looks pretty promising 
I am playing around with caddy-layer4, TLS and Regexp matching in our app to be able to expose a TCP service (TURN) and an HTTP Server under the same domain with TLS.
This is how I am configuring it:
public:
listen:
- ":443"
routes:
# TLS handling. It resends to the same port to handle TURN and HTTP in plain TCP
- match:
- tls:
sni:
- mydomain.example.com
handle:
- handler: tls
connection_policies:
- alpn:
- http/1.1
- certificate_selection:
any_tag:
- mydomain.example.com
- handler: proxy
upstreams:
- dial:
- 127.0.0.1:443
# TCP demuxing for TURN
- match:
- regexp:
count: 6
pattern: "^[\x00-\x3F][\x00-\xFF][\x00-\xFF][\x00-\xFF]\x21\x12$"
handle:
- handler: proxy
upstreams:
- dial:
- 127.0.0.1:5349
# Http traffic
- handle:
- handler: proxy
upstreams:
- dial:
- 127.0.0.1:7880
As you can see, I am basically handling TLS to decrypt the request and resending it to the same port 443 to be able to separate TURN and HTTP traffic without the TLS encryption using the regexp matcher.
It is working perfectly fine. My question is: Am I doing this right? Is this the best approach to do this? Or is there a better way to implement this instead of re-sending to the same server the request to be able to demux the TURN and HTTP traffic?