Caddy as TLS-TCP proxy for multiple(range) of ports?

1. The problem I’m having:

I have a (windows) app that uses TLS that I want to proxy with a auto TLS certificate updater… like CaddyServer :slight_smile:

It uses a range of ports (about 100) that needs to mapped 1:1 from the outside IP to the inside server.

I already have a Caddy “multiplexor” I’d like to use.

2. Error messages and/or full log output:

None yet, as I’m asking for feasibility/advice in the CaddySetup

3. Caddy version:

The version that will work, haven;t deployed/tested any

4. How I installed and ran Caddy:

Preferably using supervisor on Devuan

a. System environment:

Linux VPS

b. Command:


c. Service/unit/compose file:


d. My complete Caddy config:

None yet, asking help/guidance/pointers

5. Links to relevant resources:

contemplating mholt/caddy-l4 - but how to do a range inbound to range (1:1 mapped) on the receiving server

To clarify, you don’t want Caddy to terminate TLS? If so then you definitely need caddy-l4. Vanilla Caddy ships with an HTTP server, so if you need raw TCP (including TLS passthrough) then you need caddy-l4.

Unfortunately JSON config doesn’t support port ranges currently (Caddyfile does in certain places though such as reverse_proxy as a shortcut) so you’ll need to list out each port you want to listen on in the config.

You can then use the proxy handler to route the traffic wherever. I would suggest using a connection placeholder to get the connecting port to make the proxy config simple, but I’m not sure if we have a placeholder for the port alone. /cc @matt if you know.

1 Like


BBI -TLS-connection(ValidCert)-> Caddy -TLSconnection(ignorecert)-> WindowsApplication

(BBI: BigBadInternet)

Will put some time into caddy-l4, thanks

I don’t think we have many placeholders for L4 yet.

So, if needed, @Hendrik_Visage can open an issue and I’ll be happy to add it :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.