1. The problem I’m having:
I can’t get SSH over Layer4 at port 443 to work.
2. Error messages and/or full log output:
3. Caddy version:
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
4. How I installed and ran Caddy:
a. System environment:
Inside FreeBSD ( TrueNAS Core) Jails
b. Command:
caddy start
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
{
email myaddress@email.com
default_sni mysite.biz
acme_dns cloudflare abcDEfghIjKlmNOpqrsTUVwxyz
auto_https prefer_wildcard
storage_clean_interval 7d
log default {
output file /config/caddy.log {
roll_size 1mb
roll_keep 3
roll_keep_for 72h
}
}
dynamic_dns {
provider cloudflare abcDEfghIjKlmNOpqrsTUVwxyz
domains {
mysite.biz @ dns *.dns ssh
}
check_interval 5m
ttl 12h
}
layer4 {
:853 {
@tlsdns tls sni dns.mysite.biz
route @tlsdns {
proxy 192.168.0.53:853 192.168.0.54:853
}
@quictraffic quic
route @quictraffic {
proxy 192.168.0.53:853 192.168.0.54:853
}
}
:443 {
@l4ssh http host ssh.mysite.biz
route @l4ssh {
subroute {
@isssh ssh
route @isssh {
proxy {
upstream 192.168.0.22:22
}
}
}
}
route {
subroute {
@allhttp http
route @allhttp {
proxy localhost:80
}
@allhttps tls
route @allhttps {
proxy localhost:2019
}
}
}
}
}
}
mysite.biz {
root * /usr/local/www/temp
encode zstd gzip
redir /jellyfin /jellyfin/
handle_path /jellyfin/* {
reverse_proxy 192.168.0.35:8096
}
redir /localai /localai/
handle_path /localai/* {
reverse_proxy http://192.168.0.15:3000
}
redir /dns2 /dns2/
handle_path /dns2/* {
reverse_proxy adguard.local {
transport http {
tls
tls_insecure_skip_verify
}
}
}
redir /dns-query/ /dns-query
handle_path /dns-query {
reverse_proxy 192.168.0.53 192.168.0.54 {
lb_policy header X-Upstream {
fallback first
}
transport http {
tls
tls_insecure_skip_verify
}
}
}
handle_path /* {
reverse_proxy 192.168.0.55 {
header_up Host linkstack.1.mysite.biz
}
}
respond * 404
}
linkstack.1.mysite.biz {
reverse_proxy 192.168.0.55 {
header_up Host {upstream_hostport}
}
}
*.dns.mysite.biz {
root * /usr/local/www/temp
encode gzip zstd
handle_path /dns-query {
reverse_proxy 192.168.0.53{uri} 192.168.0.54{uri} {
lb_policy header X-Upstream {
fallback first
}
transport http {
tls
tls_insecure_skip_verify
}
}
}
handle_path /* {
respond * 200
}
respond * 404
}
5. Links to relevant resources:
https://www.reddit.com/r/selfhosted/comments/tqavcj/introducing_caddyssh/