Cloudflared like tunnel module

Does anyone know of a module that performs a job similar to cloudflared in that the reverse proxy connects to the caddy server, and the caddy server can then use that incoming connection to proxy requests?

My use case is a classic NATed home server I want requests proxied to.

I know there are alternative approaches like frp etc, but I was wondering if there’s a caddy module for this that can potentially remove intermediate servers/services/proxies.

Finally if anyone has suggestions for similar modules I could look at for inspiration, I would appreciate the tips!

I’m not really sure what you’re looking for exactly. But you could go as simple as an SSH tunnel to send through the traffic via a VPS or something.

SSH doesn’t work in my setup due to traffic shaping by my ISP (on pretty much anything non HTTP). frp does work, with a setup like:

app <- frp client <-> frp server <- caddy

I’m looking for a way to remove some of the intermediate hops here.

Maybe Tailscale works for your use case? You can have Tailscale running on a VPS along with a Caddy instance, then Caddy proxies the requests through the Tailscale tunnel to the app. You can avoid the need for a separate Tailscale process by using this plugin:

Funnily enough tailscale is my current setup, but I get hiccups with it because of my ISP doing aggressive traffic shaping on UDP.

I took a stab at writing a module to do this. It’s really just a proof of concept at this point, but I think the idea should work. Here’s the code:

There’s a number of things to figure out, first of which is how to hook into the PING frames to ensure the connection is healthy and reconnect as needed. There’s more features like multiple backends etc. Would be happy to hear any thoughts/security considerations etc. My understanding of Caddy’s architecture is very new and limited.

In the meanwhile, from the readme –

This Caddy module provides a handler that allows for a client connection to
be turned into a server. This way your backend server connects to your Caddy
load balancer instance, and the requests are then sent over this connection. It
allows for your backend server to not accept any public connections, and only
requires it to support outgoing connections.

Implementation

In Caddy, when the module recieves a valid client request that intends to
become the server, it Hijacks the connection, and converts it to a HTTP2 Client
Connection, which can be used as a http.RoundTripper. This serves as the
reverse proxy target.

The server makes a TLS secured HTTP/1.1 connection to Caddy, and then treats
that connection as a HTTP2 Server Connection. It then starts serving requests on
this connection.

This topic was automatically closed after 30 days. New replies are no longer allowed.