SShoyu
SSH local publisher — expose local services via reverse tunnels + Caddy
local service → sshoyu → SSH reverse tunnel → Caddy → public subdomain
How it works
- The client runs
sshoyu <subdomain> <localport> - The client queries the server for the next available tunnel port (3000+)
- An SSH reverse tunnel is opened:
-R <remoteport>:<local-ip>:<localport> - The server registers a new reverse proxy block in the Caddyfile
- Caddy is reloaded — the subdomain is immediately live
- On disconnect (Ctrl+C or connection drop), the block is removed and Caddy reloaded
Client setup quick start
Run on any machine to install the sshoyu client:
curl -fsSL http://abreudenis.com/install.sh | shThis will:
- Install
sshoyuto/usr/local/bin/sshoyu - Generate a dedicated SSH key at
~/.ssh/sshoyu_id_ed25519 - Print the public key to send to the server administrator
Usage
sshoyu <subdomain> <localport># Expose a local web app on port 3000
sshoyu myapp 3000
# → https://myapp.abreudenis.com
# Expose Portainer on port 9443
sshoyu portainer 9443
# → https://portainer.abreudenis.com
# Expose a plain HTTP service on port 80
sshoyu site 80
# → https://site.abreudenis.comPress Ctrl+C to close the tunnel. The subdomain is removed from Caddy immediately.
Custom SSH key
SSHOYU_KEY=~/.ssh/other_key sshoyu myapp 3000Server setup
Requirements
- Debian/Ubuntu server
- Caddy installed and running
- A wildcard DNS record pointing
*.abreudenis.comto your server's IP
Install
wget https://github.com/abreudenis83/sshoyu/releases/latest/download/sshoyu-server_<version>_all.deb
sudo dpkg -i sshoyu-server_<version>_all.debDuring installation you will be asked for:
| Question | Description | Default |
|---|---|---|
| SSH hostname | Public hostname clients will connect to | — |
| SSH port | Port sshd listens on for sshoyu connections | 22 |
| SSH user | System user created for tunnel connections | sshoyu |
Reconfigure
sudo dpkg-reconfigure sshoyu-serverRemove
# Remove package (keeps config and user)
sudo dpkg -r sshoyu-server
# Remove everything including config and user
sudo dpkg --purge sshoyu-serverServer management
Key management
# Authorize a new client key
sudo sshoyu --add-key "ssh-ed25519 AAAA... user@host"
# List all authorized keys
sudo sshoyu --list-keys
# Revoke a client key
sudo sshoyu --remove-key "ssh-ed25519 AAAA... user@host"Tunnel management
# List active tunnels
sudo sshoyu --list-tunnels
# Close a specific tunnel
sudo sshoyu --close-tunnel <subdomain>Monitoring
The package installs a systemd service (sshoyu-monitor) that runs every 15 seconds and removes stale Caddyfile blocks when tunnels die.
systemctl status sshoyu-monitor
journalctl -u sshoyu-monitor -fConfiguration
/etc/sshoyu/sshoyu.conf (server-side):
SSH_HOST=your-domain.com
SSH_PORT=22
SSH_USER=sshoyu
CADDYFILE_PATH=/etc/caddy/Caddyfile
MIN_REMOTE_PORT=3000
LOCK_FILE_DIR=/tmp