caddy-l4 VS caddy-ssh

https://github.com/mholt/caddy-l4 and https://github.com/kadeessh/kadeessh can do SSH forwarding.

3) Use a L4 TCP/UDP plugin for caddy. https://github.com/mholt/caddy-l4

Wireguard gives my service servers their own internal IP for the gateway to reference (nothing fancy done with it, no iptables modifications like you may see on other guides), and I use NGINX for the game server proxying, specifically linuxserver's nginx container. I love Caddy, but even with caddy-l4 I couldn't get it working right for Valheim (and thus UDP), but NGINX worked real quick.

This may help: https://github.com/mholt/caddy-l4

Well, that's a bit off-topic from the parent comment, which was more about the Caddyfile supporting complex config (versus the underlying JSON config) and not really "complex usecases".

But that said, from a quick Google search... was this an RTMP stream? If so, I suppose you'd want to use https://github.com/mholt/caddy-l4 which is a plugin for Caddy that lets you do TCP-layer things. Caddy's standard distribution just ships an HTTP server (plus TLS and PKI, etc), which is layer-7

You might be able to use caddy-l4's "tee" handler to pipe into multiple "proxy" handlers. But I'm not sure anyone's tried this yet, I had no idea people did this sort of thing. I'd be interested to hear if it does work though.

If you are only having your services accessible via LAN, HTTPS isn't totally necessary, but I would still recommend it. I think a reverse proxy will be easier than your described method. Just set it to listen to 443 and have all of your other services on random ports being proxied from the reverse proxy. If you want HTTPS from your reverse proxy to your services, most reverse proxies will have this kind of feature. Here is the caddy L4 raw TCP stream module: https://github.com/mholt/caddy-l4

I had a similar problem a while back and found this project (Caddy-L4). It had no releases or examples on how to build it so I forked it and added some Docker stuff.

"Caddy L4" aka "Project Conncept" might be what you're looking for:

https://github.com/mholt/caddy-l4

"Project Conncept is an experimental layer 4 app for Caddy. It facilitates composable handling of raw TCP/UDP connections based on properties of the connection or the beginning of the stream."

Nice, this is kind of why I made Project Conncept. It's a powerful TCP and UDP stream multiplexer based on Caddy: https://github.com/mholt/caddy-l4

You can route raw TCP connections by using higher layer protocol matching logic like HTTP properties, SSH, TLS ClientHello info, and more, in composable routes that let you do nearly anything.

See the article linked in OP for example, Caddy at its core is actually just config management and runtime platform where just about any kind of app can be built on top. It just happens to ship with state of the art HTTP and TLS apps. Third party plugins can add even more, like https://github.com/mohammed90/caddy-ssh which is a fully featured SSH server. And this can all run from a single binary, using Go's concurrency model.

The plans are there! I focused on implementing the absolute necessary parts of every layer before taking round-2 for the more in-depth implementation. I actually have both the linked thread and the article saved aside to study when I'm ready to implement certificate-based authentication. Knowing Gitea already has it implemented, I had plans to study their implementation to know what I'm venturing into. If anybody else is interested in picking it up, please feel free to tackle it! I'd love to see that PR.

I've created tracking issue: https://github.com/mohammed90/caddy-ssh/issues/10