Please mind the formatting of your config by using code blocks. Here’s a cleaned format:
{
servers {
listener_wrappers {
layer4 {
@ssh_layer4 ssh
route @ssh_layer4 {
proxy :22 {
}
}
route
}
tls
}
}
}
To get the real client IP address, you’ll have to use PROXY protocol. The solution found online for SSH is to use mmproxy, which merely unwarps the PROXY protocol header, which Caddy can already do via the proxy_protocol inside listener_wrapper, so you don’t really need to use mmproxy. However, it appears to require these iptable manipulation:
ip rule add from 127.0.0.1/8 iif lo table 123
ip route add local 0.0.0.0/0 dev lo table 123
ip -6 rule add from ::1/128 iif lo table 123
ip -6 route add local ::/0 dev lo table 123
The final config can be something like this:
{
servers {
listener_wrappers {
proxy_protocol
layer4 {
@ssh_layer4 ssh
route @ssh_layer4 {
proxy :22
}
route
}
tls
}
}
}
However, DISCLAIMER, I have not tested myself. Manipulating iptables without understanding may cause network issue, to say the least. You’ll have to asses, test, and judge if the config and setup is correct.