I’d like to be able to SSH into my server from time-to-time from work but the only port open is 443. Can I set up caddy server to route traffic from SSH (22) to 443 using net?
I saw the caddy-net and think that might work but I’m unsure on how to set it up.
Caddy’s HTTP(S) server can’t do this - different protocol. Caddy’s net server type can proxy raw TCP traffic, though - so you could sit Caddy at the edge and forward all port 443 traffic to port 22 on your machine. It’d be equivalent to running your SSH server directly on the edge at port 443.
To set it up, download Caddy from Download Caddy, selecting the net server type from the bottom of the plugins list (under the “Server Types” header).
Use a Caddyfile like the examples given in the plugin’s documentation:
I think a simple proxy :443 [SSH-HOST]:22 is correct. Lastly, don’t forget to add the -type=net flag when you run Caddy.
So all traffic going to 443 for that subdomain will go to 22 or does that mean all traffic on the machine going to 443 will go to 22? The later won’t do me much good.
Perhaps I misunderstood - you said the only open port is port 443, and you want to make SSH available on this port?
proxy :443 [SSH-HOST]:22 should receive traffic on the open port (443) and forward it to port 22 on [SSH-HOST].
That means that externally you’ll connect over port 443, but the machine on the inside of your network will be using the standard port. If you need it the other way 'round, just swap the ports.
I’m sure I was not clear. Apologies. What I should have said is that I want to have a bunch of subdomains that program forward to different web apps but in addition I would like a subdomain that points to my ssh.
I have ‘shell in a box’ set up but I want able to reverse proxy to it. This is how I’m trying in my Caddyfile:
To route SSH to one endpoint and HTTP(S) to another, Caddy would have to recognize and expect both protocols on the same port. It’s not designed to handle SSH at all, so Caddy is not going to be the right choice to multiplex SSH and HTTP(S), I’m afraid.
That said, shellinabox is not SSH - it’s a web server (looks like we had a classic case of XY Problem), so you should be able to proxy to it. To find out why Caddy can’t talk to it, try running curl -IL localhost:4200 on your Caddy host and let us know what comes back.
Unfortunately this did not work. I’m getting the ‘502 Bad Gateway’ when I try this. I can get to the page from another machine on my network using https://ipaddress:4200 … It does complain that it’s insecure but I can continue onto Shell in the Box.
Ahh. Add the insecure_skip_verify subdirective to your proxy. Caddy is trying to validate the upstream server’s certificate and can’t - this tells Caddy to ignore that problem.