How to reverse proxy raw TCP connections

I would like to use Caddy to act as a reverse proxy that sits in front of an OpenVPN AS server. The initial connection for OpenVPN uses HTTPS, but then subsequent VPN traffic does not use HTTP and must be proxied as a TCP connection only.

I have a vanilla Ubuntu 20.04 installation and followed the installation instructions here. Caddy works fine for HTTP / HTTPS backends.

I believe correct way to run openvpn through Caddy is to use the layer4 module described here layer4 but i don’t know how to implement modules within my caddyfile, and don’t understand the documentation in the context of a broader caddyfile.

Assuming i’m correct, can someone please supply a complete end-to-end caddyfile example that shows how to

  1. Listen for connections to vpn.mydomain-.-com:443 -AND-
  2. Use the layer4 module and reverse proxy TCP connections to backend.mydomain-.-com:443


You need to install the GitHub - mholt/caddy-l4: Layer 4 (TCP/UDP) app for Caddy plugin, which involves making a custom build of Caddy. See instructions for that here (easiest with xcaddy):

Or download from the build server: Download Caddy

Unfortunately, caddy-l4 doesn’t have Caddyfile support yet (quite complicated to implement for it) so you’ll need to use JSON config for now.

This topic was automatically closed after 30 days. New replies are no longer allowed.