Send http traffic to one side, and ssh traffic to other side

Help
1

1. The problem I’m having:

When I access in http I get nothing, in ssh I get:

debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request
debug1: kex_exchange_identification: banner line 1: Server: cloudflare
debug1: kex_exchange_identification: banner line 2: Date: Wed, 24 Jul 2024 14:31:03 GMT
debug1: kex_exchange_identification: banner line 3: Content-Type: text/html
debug1: kex_exchange_identification: banner line 4: Content-Length: 155
debug1: kex_exchange_identification: banner line 5: Connection: close
debug1: kex_exchange_identification: banner line 6: CF-RAY: -
debug1: kex_exchange_identification: banner line 7:
debug1: kex_exchange_identification: banner line 8: <html>
debug1: kex_exchange_identification: banner line 9: <head><title>400 Bad Request</title></head>
debug1: kex_exchange_identification: banner line 10: <body>
debug1: kex_exchange_identification: banner line 11: <center><h1>400 Bad Request</h1></center>
debug1: kex_exchange_identification: banner line 12: <hr><center>cloudflare</center>
debug1: kex_exchange_identification: banner line 13: </body>
debug1: kex_exchange_identification: banner line 14: </html>

But cloudflare is doing tcp requests

2. Error messages and/or full log output:

{"level":"error","ts":1721831164.4181287,"logger":"layer4","msg":"matching connection","remote":"172.19.0.16:45736","error":"EOF"}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

services:
  caddy:
    #    image: caddy:latest
    build:
      context: .
      dockerfile: caddy_forgejo.dockerfile
    restart: unless-stopped
    command: caddy run --config /etc/caddy/Caddyfile.json
    networks:
      - proxy-network
    container_name: caddy_forgejo
    cap_add:
      - NET_ADMIN
    volumes:
      - /path/to/caddy/forgejo_caddyfile.json:/etc/caddy/Caddyfile.json
      - /path/to/caddy/forgejo/site:/srv
      - /path/to/caddy/forgejo/data:/data
      - /path/to/caddy/forgejo/config:/config

networks:
  proxy-network:
    external: true

FROM caddy:builder AS builder

RUN xcaddy build \
    --with github.com/mholt/caddy-l4

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

a. System environment:

Docker version v1:24.0.6-ce, build

Linux localhost 4.19.315-perf+ #4 SMP PREEMPT Sun Jul 21 23:42:00 WEST 2024 aarch64 Android

b. Command:

Look at docker-compose.yaml

c. Service/unit/compose file:

d. My complete Caddy config:

{
  "apps": {
    "layer4": {
      "servers": {
        "http_server": {
          "listen": ["0.0.0.0:80"],
          "routes": [
            {
              "match": [
                {
                  "ssh": {}
                }
              ],
              "handle": [
                {
                  "handler": "proxy",
                  "upstreams": [
                    {
                      "dial": ["forgejo:22"]
                    }
                  ]
                }
              ]
            },
            {
              "match": [
                {
                  "http": []
                }
              ],
              "handle": [
                {
                  "handler": "proxy",
                  "upstreams": [
                    {
                      "dial": ["forgejo:3000"]
                    }
                  ]
                }
              ]
            }
          ]
        }
      }
    }
  }
}

5. Links to relevant resources:

2

I think you can’t use Cloudflare proxying if you want do things at the TCP-layer. Cloudflare is an HTTP proxy only. You’ll need to turn off “orange cloud” mode.

2 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.