Use caddy to proxy ssh

1. Caddy version (caddy version):


2. How I run Caddy:

a. System environment:


b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: "3.7"

    image: caddy:2.4.3
    restart: unless-stopped
      - "80:80"
      - "443:443"
      - /etc/caddy:/etc/caddy
      - caddy_data:/data
      - caddy_config:/config

    external: true

d. My complete Caddyfile or JSON config: {

3. The problem I’m having:

I’m trying to use caddy as a proxy of ssh, but it didn’t work when I using ssh -p 443,
and it shows like this

kex_exchange_identification: Connection closed by remote host

what should I do to proxy ssh using caddy, or is there some other right ways ?

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

If you want to log in with the ssh command-line tool directly, you’ll need a Layer 4 proxy. Caddy has a plugin: GitHub - mholt/caddy-l4: Layer 4 (TCP/UDP) app for Caddy

If you want the browser to be a client: GitHub - huashengdun/webssh: Web based ssh client (The example is with nginx but it could be adapted for Caddy)

1 Like

In your docker-compose.yml, you have caddy:2.4.3. That’s not the latest. The latest is 2.4.5. Please upgrade!

As @benatkin has said, this won’t work with vanilla Caddy. Caddy is an HTTP server and proxy, but SSH is not HTTP, it’s communication over TCP.

The caddy-l4 plugin adds support for proxying TCP/UDP, but does not have Caddyfile support at this time, so you’d have to use a JSON config. If you have other HTTP sites you still need to serve, you can run caddy adapt --pretty to adapt your Caddyfile to JSON, then augment your JSON config with what you need for caddy-l4.

1 Like

@francislavoie @benatkin thanks for your replies, I’m trying to use the caddy-l4 plugin you mentioned.

I created this file days ago, it’s the latest version at that time. :rofl:
But still thanks for your remind!


This topic was automatically closed after 30 days. New replies are no longer allowed.