Skip to content
/ caddy-cloudflare Public
forked from Technoguyfication/caddy-cloudflare

Caddy with integrated support for Cloudflare DNS-01 ACME verification challenges.

License

MIT license
0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nhitz/caddy-cloudflare

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

caddy-cloudflare

GitHub Workflow Status (with event) Docker Image Size with architecture (latest by date/latest semver) GitHub License

Caddy with integrated support for Cloudflare DNS-01 ACME verification challenges.

This is the base caddy image extended with the caddy-dns cloudflare module.

Please see the official Caddy Docker Image for more detailed deployment instructions.

Images

Includes image for both amd64 and arm64, rebuilt every Monday morning at 0300 UTC.

Requirements

  1. A Cloudflare account
  2. All domains you want to use with Caddy MUST be on your Cloudflare account. Any domains not through Cloudflare should use another verification method using the tls block here.

Instructions:

  1. Obtain your Cloudflare API token by visiting your Cloudflare dashboard and creating a token with the following permissions:

    • Zone / Zone / Read
    • Zone / DNS / Edit

  2. Set your cloudflare api token in secret.txt which will be used as a Docker secret:

    echo "asdf789adfg78_ad0fgh0dfg70adfg7" | cat > secret.txt

  3. Set read-only permission to the secret:

    chmod 400 secret.txt

  4. Add this snippet to the top of your Caddyfile:

    (tls-cloudflare) {
	tls {
		dns cloudflare {env.CLOUDFLARE_API_TOKEN}
	}
}

  5. Import the snippet below where you declare your domain in your Caddyfile:

    www.example.net, example.net {
	import tls-cloudflare
	respond "wawaweewa"
}

  6. Create a docker-compose.yml (substituting your own email address):

    services:
  caddy:
    image: ghcr.io/nhitz/caddy-cloudflare:latest
    container_name: caddy
    restart: unless-stopped
    environment:
      ACME_EMAIL: "[email protected]"	# <-- Change
      ACME_AGREE: 'true'
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./caddy_data:/data
      - ./caddy_config:/config
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
    secrets:
      - cloudflare_api_token

secrets:
  cloudflare_api_token:
    file: ./secret.txt

  7. Do the thing:

    docker compose up --detached

Editing the Caddyfile

If you ever change your Caddyfile, these are some useful commands to use aftwards:

Format the Caddyfile:

docker exec -it caddy sh -c "caddy fmt --overwrite /etc/caddy/Caddyfile"

Validate the Caddyfile: Tests whether a configuration file is valid.

docker exec -it caddy sh -c "caddy validate --config /etc/caddy/Caddyfile"

Reload the Caddyfile: Changes the config of the running Caddy instance.

docker exec -it caddy sh -c "caddy reload --config /etc/caddy/Caddyfile"

Useful aliases to add to your .bash_aliases:

alias caddy-fmt='docker exec -it caddy sh -c "caddy fmt --overwrite /etc/caddy/Caddyfile"'
alias caddy-validate='docker exec -it caddy sh -c "caddy validate --config /etc/caddy/Caddyfile"'
alias caddy-reload='docker exec -it caddy sh -c "caddy reload --config /etc/caddy/Caddyfile"'
alias caddy-all='caddy-fmt && caddy-validate && caddy-reload'

About

Caddy with integrated support for Cloudflare DNS-01 ACME verification challenges.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages 1

 

Languages

  • Shell 68.5%
  • Dockerfile 31.5%