So apparently since nginx 1.9, a stream module was added that would be able to reverse proxy SSH connections. I would like to have one on a standard port for cases where only certain ports are allowed in a network.

So far my config looks like this (nginx 1.14):

server {
    server_name test.laptop;
    listen 80;
    set $upstream ssh;
    location / {
         proxy_pass_header Authorization;
         proxy_pass http://$upstream;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_http_version 1.1;
         proxy_set_header Connection "";
         proxy_buffering off;
         client_max_body_size 0;
         proxy_read_timeout 10000s;
         proxy_redirect off;
     }

}

upstream ssh {
  server localhost:22;
}

If I visit test.laptop, I get the expected error

SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 Protocol mismatch.

However when I try to connect via ssh, I get

ssh_exchange_identification: Connection closed by remote host

Any idea what I am doing wrong?