docker-baseimage-alpine-nginx VS caddy-l4

For nginx, if you don't want to deal with Docker, you can probably just follow their quick start guide, installing it on the gateway/proxy server. For the config file, if chucking on a "stream" block like I showed onto the default file that exists on install doesn't cut it, you can always reference linuxserver's default config file. Again, all I did was nuke the "http" block since I wasn't using it.

# Version 2022/08/05 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf.sample ### Based on alpine defaults # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable user abc; # Set number of worker processes automatically based on number of CPU cores. include /config/nginx/worker_processes.conf; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Configures default error logger. error_log /config/log/nginx/error.log; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; # Include files with config snippets into the root context. include /etc/nginx/conf.d/*.conf; events { # The maximum number of simultaneous connections that can be opened by # a worker process. worker_connections 1024; } http { # Includes mapping of file name extensions to MIME types of responses # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; # Name servers used to resolve names of upstream servers into addresses. # It's also needed when using tcpsocket and udpsocket in Lua modules. #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; include /config/nginx/resolver.conf; # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; # Specifies the maximum accepted body size of a client request, as # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. client_max_body_size 0; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. sendfile on; # Causes nginx to attempt to send its HTTP response head in one packet, # instead of using partial frames. Default is 'off'. tcp_nopush on; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # Enable gzipping of responses. #gzip on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; # Helper variable for proxying websockets. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Sets the path, format, and configuration for a buffered log write. access_log /config/log/nginx/access.log; # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; } daemon off; pid /run/nginx.pid;

1 │ ## Version 2018/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx.conf 2 │ 3 │ user abc; 4 │ worker_processes 4; 5 │ pid /run/nginx.pid; 6 │ include /etc/nginx/modules/*.conf; 7 │ 8 │ events { 9 │ worker_connections 768; 10 │ # multi_accept on; 11 │ } 12 │ 13 │ http { 14 │ 15 │ ## 16 │ # Basic Settings 17 │ ## 18 │ 19 │ sendfile on; 20 │ tcp_nopush on; 21 │ tcp_nodelay on; 22 │ keepalive_timeout 65; 23 │ types_hash_max_size 2048; 24 │ # server_tokens off; 25 │ 26 │ # server_names_hash_bucket_size 64; 27 │ # server_name_in_redirect off; 28 │ 29 │ client_max_body_size 0; 30 │ 31 │ include /etc/nginx/mime.types; 32 │ default_type application/octet-stream; 33 │ 34 │ ## 35 │ # Logging Settings 36 │ ## 37 │ 38 │ access_log /config/log/nginx/access.log; 39 │ error_log /config/log/nginx/error.log; 40 │ 41 │ ## 42 │ # Gzip Settings 43 │ ## 44 │ 45 │ gzip on; 46 │ gzip_disable "msie6"; 47 │ 48 │ # gzip_vary on; 49 │ # gzip_proxied any; 50 │ # gzip_comp_level 6; 51 │ # gzip_buffers 16 8k; 52 │ # gzip_http_version 1.1; 53 │ # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 54 │ 55 │ ## 56 │ # nginx-naxsi config 57 │ ## 58 │ # Uncomment it if you installed nginx-naxsi 59 │ ## 60 │ 61 │ #include /etc/nginx/naxsi_core.rules; 62 │ 63 │ ## 64 │ # nginx-passenger config 65 │ ## 66 │ # Uncomment it if you installed nginx-passenger 67 │ ## 68 │ 69 │ #passenger_root /usr; 70 │ #passenger_ruby /usr/bin/ruby; 71 │ 72 │ ## 73 │ # Virtual Host Configs 74 │ ## 75 │ include /etc/nginx/conf.d/*.conf; 76 │ include /config/nginx/site-confs/*; 77 │ 78 │ } 79 │ 80 │ 81 │ #mail { 82 │ # # See sample authentication script at: 83 │ # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript 84 │ # 85 │ # # auth_http localhost/auth.php; 86 │ # # pop3_capabilities "TOP" "USER"; 87 │ # # imap_capabilities "IMAP4rev1" "UIDPLUS"; 88 │ # 89 │ # server { 90 │ # listen localhost:110; 91 │ # protocol pop3; 92 │ # proxy on; 93 │ # } 94 │ # 95 │ # server { 96 │ # listen localhost:143; 97 │ # protocol imap; 98 │ # proxy on; 99 │ # } 100 │ #} 101 │ daemon off;

https://github.com/mholt/caddy-l4 and https://github.com/kadeessh/kadeessh can do SSH forwarding.

3) Use a L4 TCP/UDP plugin for caddy. https://github.com/mholt/caddy-l4

Wireguard gives my service servers their own internal IP for the gateway to reference (nothing fancy done with it, no iptables modifications like you may see on other guides), and I use NGINX for the game server proxying, specifically linuxserver's nginx container. I love Caddy, but even with caddy-l4 I couldn't get it working right for Valheim (and thus UDP), but NGINX worked real quick.

This may help: https://github.com/mholt/caddy-l4

Well, that's a bit off-topic from the parent comment, which was more about the Caddyfile supporting complex config (versus the underlying JSON config) and not really "complex usecases".

But that said, from a quick Google search... was this an RTMP stream? If so, I suppose you'd want to use https://github.com/mholt/caddy-l4 which is a plugin for Caddy that lets you do TCP-layer things. Caddy's standard distribution just ships an HTTP server (plus TLS and PKI, etc), which is layer-7

You might be able to use caddy-l4's "tee" handler to pipe into multiple "proxy" handlers. But I'm not sure anyone's tried this yet, I had no idea people did this sort of thing. I'd be interested to hear if it does work though.

If you are only having your services accessible via LAN, HTTPS isn't totally necessary, but I would still recommend it. I think a reverse proxy will be easier than your described method. Just set it to listen to 443 and have all of your other services on random ports being proxied from the reverse proxy. If you want HTTPS from your reverse proxy to your services, most reverse proxies will have this kind of feature. Here is the caddy L4 raw TCP stream module: https://github.com/mholt/caddy-l4

I had a similar problem a while back and found this project (Caddy-L4). It had no releases or examples on how to build it so I forked it and added some Docker stuff.

"Caddy L4" aka "Project Conncept" might be what you're looking for:

https://github.com/mholt/caddy-l4

"Project Conncept is an experimental layer 4 app for Caddy. It facilitates composable handling of raw TCP/UDP connections based on properties of the connection or the beginning of the stream."