This tutorial is inspired by a question posted on the Rasberry Pi Stack Exchange site titled “Website behind Firewall: How to SSL through a Reverse SSH Tunnel?”.
A little background. The person posting the question is using a Raspberry Pi to host a website and has opened a reverse SSH tunnel from their Raspberry Pi to a VPS..for the sake of this tutorial, a Digital Ocean VPS. The original poster has pointed DNS for a custom domain to the Digital Ocean VPS and would like to know how to access the Pi’s website from said domain.
In this tutorial we will cover setting up a self hosted website using a Raspberry Pi and Docker. Obtaining and setting up a Digital Ocean VPS. Installing Caddy on our VPS to be used as a proxy server to route traffic to our custom domain back to the Raspberry Pi via an ssh reverse tunnel. An added benefit of using Caddy is that Caddy will obtain a free SSL certificate via Let’s encrypt for us.
So, if this is of interest to you continue reading…
What is a Raspberry Pi?
Raspberry Pi is an ultra affordable computer the size of a credit card and can be had for as little as $35 dollars for a 2GB model capable of running Raspberry Pi OS and Ubuntu. For this tutorial we will also be running Docker on the Raspberry Pi and use an Apache Docker container to host our website.
What is a Digital Ocean VPS?
Digital Ocean is a cloud provider offering services ranging from managed databases and storage to hosted Virtual Private Server (VPS) solutions. A VPS is a virtual computer hosted on managed infrastructure. You don’t have to worry about the underlying hardware, but have to manage the OS on the VPS.
What is SSH?
SSH is a secure shell typically used for server administration. It allows a remote system to access another system using public/private key pairs to secure the connection. In our use case we will be using the SSH session to create a reverse tunnel from our Raspberry Pi to a Digital Ocean VPS. You can SSH into another system with the following command.
Where “user” is the username with access credentials on the remote server and “ip” is the FQDN or