Does anyone know of a module that performs a job similar to cloudflared in that the reverse proxy connects to the caddy server, and the caddy server can then use that incoming connection to proxy requests?
My use case is a classic NATed home server I want requests proxied to.
I know there are alternative approaches like frp etc, but I was wondering if there’s a caddy module for this that can potentially remove intermediate servers/services/proxies.
Finally if anyone has suggestions for similar modules I could look at for inspiration, I would appreciate the tips!
Maybe Tailscale works for your use case? You can have Tailscale running on a VPS along with a Caddy instance, then Caddy proxies the requests through the Tailscale tunnel to the app. You can avoid the need for a separate Tailscale process by using this plugin:
I took a stab at writing a module to do this. It’s really just a proof of concept at this point, but I think the idea should work. Here’s the code:
There’s a number of things to figure out, first of which is how to hook into the PING frames to ensure the connection is healthy and reconnect as needed. There’s more features like multiple backends etc. Would be happy to hear any thoughts/security considerations etc. My understanding of Caddy’s architecture is very new and limited.
In the meanwhile, from the readme –
This Caddy module provides a handler that allows for a client connection to
be turned into a server. This way your backend server connects to your Caddy
load balancer instance, and the requests are then sent over this connection. It
allows for your backend server to not accept any public connections, and only
requires it to support outgoing connections.
Implementation
In Caddy, when the module recieves a valid client request that intends to
become the server, it Hijacks the connection, and converts it to a HTTP2 Client
Connection, which can be used as a http.RoundTripper. This serves as the
reverse proxy target.
The server makes a TLS secured HTTP/1.1 connection to Caddy, and then treats
that connection as a HTTP2 Server Connection. It then starts serving requests on
this connection.