How to setup SSH port forwarding using Apache Reverse Proxy

Question

we have setup a proxy server between the internet and the backend servers. The HTTP requests are well managed with the VirtualHost directive.

We have a git server sitting behind the proxy, and we would like to access the repository using ssh only, but get rid of the port number in the URL.

For example: ssh://backend.server.com:7999 --> ssh://backend.server.com

Below is the configuration of apache proxy:

ProxyRequests 
ProxyPreserveHost On
ProxyVia Full
AllowCONNECT 7999

The AllowCONNECT directive is supposed to handle the port 7999 via ssh, but I'm not sure this configuration is enough.

What do I need to configure to manage the ssh protocol as we manage the http via ProxyPass and ProxyPassReverse?

Thanks.

Answer 1

I might be misguided here because I don't know all the gory details of how Apache can take care of different kinds of traffic but, AFAIK:

• ProxyPass and ProxyPassReverse take care of http request mappings, not ssh paths.
• As a matter of fact, can Apache take care of ssh traffic... at all?
• If you were using a GNU/Linux server, you could just set up some iptables nat rule to make traffic reaching this host in a certain port (say, port 22) to be "forwarded" to another host. If you would like to go that route, you will have to add a -t nat PREROUTING rule to ask the traffic to be directed to the other host and a -t nat POSTROUTING rule to make sure that responses for this traffic that will be sent to the originating host comes back this way to this very same host so that it can be "denatted" (unless this host is the route that the traffic will flow out when they come back from the ssh server to the host that created the ssh request).
• If requests will reach a windows server, I have no idea of how this is done there.