Linux – Reverse Proxy SSH Using NGINX to Docker Containers

TDLR: x.a.se:22 and y.a.se:22 should accept and lead to machine x and machine y respectively. NGINX just coordinates traffic by reverse proxying.

Hi there awesome community, Oscar from Sweden here.

Current setup

I have a host machine that accepts a.se, let's call the host machine A. So ssh [email protected] leads to the SSH-service at port 22 on machine A. Machine A run docker containers: machine B and some other machines, lets focus on one container at a time.

Desired usage

I want this to happen:

1. The user Bob operating machine B does not have access to machine A since the user is not trusted.
2. User Bob connects to b.a.se:22 with SSH and gets a shell at machine B.

The problem

I don't know how to configure this. I think I'm looking for a reverse proxy of SSH. All my other endpoints are reversed proxied using NGINX since that is what I'm best at, so I'm looking into ngx_stream_proxy_module which can basically reverse proxy any TCP connections. The thing is that i cant wrap my head around how NGINX stream proxy should be able to distinguish between a.se, b.a.se and let's say n.a.se where n is any string.

If you have any questions regarding my setup or the question itself, please add a comment and i will add an edit to this question. Thanks in advance, any help and insight is much appreciated.

Note: The host machine runs Debian 11 and I have full access. I prefer Docker as a container manager and NGINX to route network traffic.

Note: I've added links to some of the most basic resources, this is not to poke fun of potential helpers, it's too aid in helping others who read this thread in the future asking the same question as I do now.