Hi, how do you run forgejo under a reverse proxy while using an ssh channel to pull/push commits?
From what I understand caddy is only able to proxy http traffic.
If you connect from outside your LAN, you would need to forward the ssh port to the server in your router settings. If you are inside the LAN, just use the ip address of the forgejo server.
You don’t. That’s not what caddy is. Use a bastion for ssh.
Edit: link https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump
There seems to be mixed reactions to this suggestion. I don’t know enough to understand why.
Because forgejo’s ssh isn’t for a normal ssh service, but rather so that users can access git over ssh.
Now technically, a bastion should work, but it’s not really what people want when they are trying to set up git over ssh. Since git/ssh is a service, rather than an administrative tool, why shouldn’t it be configured within the other tools used for exposes services? (Reverse proxy/caddy).
And in addition to that, people most probably want git/ssh to be available publicly, which a bastion host doesn’t do.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| DNS | Domain Name Service/System |
| Git | Popular version control system, primarily for code |
| HTTP | Hypertext Transfer Protocol, the Web |
| HTTPS | HTTP over SSL |
| IP | Internet Protocol |
| SFTP | Secure File Transfer Protocol for encrypted file transfer, over SSH |
| SSH | Secure Shell for remote terminal access |
| SSL | Secure Sockets Layer, for transparent encryption |
| TCP | Transmission Control Protocol, most often over IP |
| TLS | Transport Layer Security, supersedes SSL |
| VPS | Virtual Private Server (opposed to shared hosting) |
| nginx | Popular HTTP server |
[Thread #962 for this sub, first seen 10th Sep 2024, 12:25] [FAQ] [Full list] [Contact] [Source code]
I don’t think you can with caddy
I dont know about caddy but nginx proxy manager does this very well. Also, if running in docker, you can expose the port that runs ssh for forgejo und a different port than the host machine‘s (eg 2222). In that case you just put the remote in with the port and call it a day.
