Reverse proxy for ssh3

[vaminakov]

Since ssh3 uses http/3, it is theoretically possible to host it behind a reverse proxy. Then there is no need to use x509 certificates (there is no such option now).
I tried to host ssh3 behind angie (a fork of nginx that can use http/3 both ways), but I'm running into the following problem (with verbose):

DBG dialing QUIC host at myhost:443
DBG QUIC handshake complete
password for https://root@myhost:443/ssh3?user=root:
DBG try the following Identity: password-identity
DBG send CONNECT request to the server
ERR bad SSH version fields
ERR Could not parse server version: "Angie"
ERR Could not open channel: returned non-200 and non-401 status code: 400

And Angie log:

quic reserved transport param id:0x4d4, skipped while handling frames, client: 10.10.0.4, server: 0.0.0.0:443
quic unknown transport param id:0x20, skipped while handling frames, client: 10.10.0.4, server: 0.0.0.0:443
client sent unknown pseudo-header ":protocol" while reading client request, client: 10.10.0.4, server: myhost

Is my idea possible?

[vaminakov]

And when reverse-proxy ssh3, it's not enough to add option to start without certificates. Need to proxy_pass some headers:

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For "";

[fliberd]

Works?