Proxying SSH with caddy

keith · October 8, 2016, 3:20am

Hi,

First of all, thanks for making caddy. Caddy rocks! Caddy for president!

I’d like to use it to proxy SSH requests to different machines on my local network. Something like this:

pc1.mydomain.tld:22 {
  proxy / localhost:22 {
    transparent
  }
}
pc2.mydomain.tld:22 {
  proxy / 192.168.1.2:22 {
    transparent
  }
}

So I can run

$ ssh pc1.mydomain.tld

Is this possible? I do have port 22 open at the relevant subdomains and pointing to the machine with caddy. I get this error from systemd:

2016/10/07 23:10:25 listen tcp :22: bind: address already in use

I followed google to #316 on github, where Matt requested the output of caddy -log stderr. Here’s mine:

2016/10/07 23:10:53 [ERROR] Unable to make new certificate storage path: mkdir /home/keith/.caddy/acme: permission denied

Please follow instructions at: 
https://github.com/mholt/caddy/issues/902#issuecomment-228876011

OK, well, uh, that makes no sense at all. The timestamp seems to indicate that the errors are related. But the instructions at that link just ask me to move ~/.caddy/letsencrypt to ~/.caddy/acme. But only ~/.caddy/acme exists, and the permissions show that it’s already owned by user caddy and in group caddy.

I’m baffled. Did I find a bug? Or am I trying to do the impossible?

matt · October 8, 2016, 6:36am

Hey Keith, a few things I noticed.

Caddy doesn’t know how to proxy SSH – it’s not a raw TCP proxy; the proxy directive of the HTTP server is an HTTP proxy.

What version of Caddy are you running, and did you just upgrade? Looks like your system has some permissions misconfigured. (The two errors are probably unrelated.)

keith · October 8, 2016, 7:18am

Ah, so I suspected. I guess using transparent was futile.

I’m not sure how to check the version. I tried this:

$ caddy -version
2016/10/08 02:59:55 [ERROR] Unable to make new certificate storage path: mkdir /home/keith/.caddy/acme: permission denied

Please follow instructions at:
https://github.com/mholt/caddy/issues/902#issuecomment-228876011

It resembles issue #1067.

Here are the permissions:

$ sudo ls -l ~/.caddy
total 8
drwx------ 3 caddy caddy 4096 Sep  1 08:04 acme
drwx------ 2 caddy caddy 4096 Sep 23 12:53 ocsp

Sept. 1 is probably the date I downloaded and installed caddy, so I guess it’s v0.9.1. Looks like I missed the fix. I’ll report back after upgrading…

keith · October 8, 2016, 4:50pm

That seems to have worked!

$ caddy -version
Caddy 0.9.3

…but I stil get

$ caddy -log stderr
2016/10/08 12:38:22 [ERROR] Unable to make new certificate storage path: mkdir /home/keith/.caddy/acme: permission denied

Please follow instructions at:
https://github.com/mholt/caddy/issues/902#issuecomment-228876011

I was under the impression that this command would just display logs. But when I ran it as root or caddy, it started a server instance. That makes sense then: my user doesn’t have permission to run caddy. That’s intentional. Systemd starts it with User=caddy.

So this is a non-issue, as far as I can tell.

matt · October 8, 2016, 9:03pm

Great, glad you fixed it by upgrading. Caddy doesn’t display logs, it just writes them, -log stderr says to write logs to stderr. But if you want to display a file for example, you have to use something like cat or tail or a text editor.

system · January 6, 2017, 9:03pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.