[Solved] Reverse proxy ssh connection — Caddyfile configuration not working

I’d like to ssh from remote to my server and while caddy is working perfectly for many other services (nextcloud, wekan etc), I’ve tried to set up another proxy to the ssh port of my server like follows.

I’ve set my caddyfile as:

ssh.domain.tld {
    proxy / localhost:22
}

Optionally I’ve tried also with the transparent option as another user tried here. The issue I’m facing is that the connection simply goes in timeout and I don’t understand why.

I’m not very proficient (yet) networking wise, so there might be some fundamental concept I’m missing which is given for granted in the documentation for proxies. I guess I’m also lacking some tools to help myself debugging this.

Caddy is listening as per default on ports 80 and 443.

Hey @Maxiride!

The issue here is that Caddy can’t “talk” SSH protocol. It only talks HTTP(S). It can’t receive an SSH connection and proxy it to your server.

A raw TCP proxy will work (Caddy can do this with it’s net server type, but not with its HTTP server), but you lose the capability to differentiate by hostname (i.e. ssh.domain.tld), because the hostname is specified as part of the HTTP(S) exchange.

You’ll save yourself a lot of trouble by leaving HTTP on its default ports 80 and 443, and leaving SSH on it’s own default port 22 (or moving it up to a random high numbered port). Caddy web server isn’t the right tool to make SSH accessible.

As for the timeouts - I’d wager that’s because your SSH client is trying to connect on its own default port 22, rather than the HTTPS port Caddy’s listening on (443) - and port 22 is firewalled (otherwise you wouldn’t need to proxy it somehow).

2 Likes

Thanks for the explanation =)

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.