I’m looking into setting up https for my local services. Everything is currently set up using the official caddy docker image.
I want to use now connect caddy to cloudflare to resolve the DNS 01. It looks like this is possible with a drop in replacement for caddy from either https://github.com/CaddyBuilds/caddy-cloudflare or https://github.com/serfriz/caddy-custom-builds
Is anyone here using these builds? Are they reliable? Is there an alternative I havent considered?
You must log in or register to comment.
I ended up building it myself, which may be the best option if you want to use other plugins. I have it set up in my own Forgejo with a CI configuration to auto build the binary and docker image. Forgejo let’s you also host container images, so I can just pull from the latest build wherever I need it.
There is recently an ‘official’ caddy with cloudflare Docker Image
Maintainer is Matthew Holt himself the creator of Caddy github issue reply from mholt
I asked myself the same question before. If only caddy had an official image with the cloudflare plugin, so we wouldn’t have to build ourselves or trust 3rd party providers. But oh well, if you have any other custom image, you might as well build caddy as well.
You could just build it yourself, there’s not much to it.
Dockerfile:
ARG VERSION=2 FROM caddy:${VERSION}-builder AS builder RUN xcaddy build \ --with github.com/caddy-dns/cloudflare FROM caddy:${VERSION} COPY --from=builder /usr/bin/caddy /usr/bin/caddyMy Dockerfile is under dockerfile-dns and then in docker-compose.yaml instead of pointing to an image I have:
services: caddy: build: ./dockerfile-dnsI’m not 100% sure of the right way to update it, but I think I usually use something like
docker compose build --pull --no-cache.I’m not entirely sure, but I think you can skip the “–no-cache” as it seems to still check for image updates. It helps to speed things up, especially if you check for updates more frequently.
This is basically the dockerfile these projects provide, so I guess I could do this myself. How do you keep the caddy container up to date? I have tugtainer (something like watchtower) update caddy automatically, but I guess this set up would break that
I have tugtainer (something like watchtower) update caddy automatically, but I guess this set up would break that
Does tugtainer (always makes me giggle) have to ability to label containers for exclusion like watchtower does?
I can’t help you with automation. I update my containers manually, whenever I think to do it. Nothing is accessible outside my network so I’m not worried about staying on top of security updates.
I have a Dockerifle like that:
ARG CADDY_VERSION=2.11.3 FROM caddy:${CADDY_VERSION}-builder-alpine AS builder RUN xcaddy build \ --with github.com/caddy-dns/cloudflare FROM caddy:${CADDY_VERSION}-alpine COPY --from=builder /usr/bin/caddy /usr/bin/caddyand the docker-compose.yml file I use:
services: caddy: pull_policy: build build: context: .And to build new versions I modify the Dockerfile after doing a docker compose down, and then to build the new version I use docker compose up.
I currently build my own Caddy docker container with a Dockerfile using xcaddy and the caddy-builder-alpine image.
xcaddy adds these github.com/caddy-dns/cloudflare github.com/lucaslorentz/caddy-docker-proxy/v2
That seems like a good option. How do you keep it updated?
I have a Dockerifle:
ARG CADDY_VERSION=2.11.3 FROM caddy:${CADDY_VERSION}-builder-alpine AS builder RUN xcaddy build \ --with github.com/caddy-dns/cloudflare FROM caddy:${CADDY_VERSION}-alpine COPY --from=builder /usr/bin/caddy /usr/bin/caddyand the docker-compose.yml file I have this snippet at the top, of course this isn’t the full file as there are specifics to my usecase in my full yml:
services: caddy: pull_policy: build build: context: .And to build new versions I modify the Dockerfile after doing a docker compose down, and then to build the new version I use docker compose up.``
Though this is outdated for my current setup, as I also use github.com/lucaslorentz/caddy-docker-proxy by adding “–with github.com/lucaslorentz/caddy-docker-proxy/v2” below where I added the Cloudflare repo.
This is so I can use Docker Labels to to automate entries.
Note that the (non-windows) caddy and caddy: builder images are all alpine based. The “-alpine” tags point to the same images (as you can tell by the hashes). But some like to be explicit about it 💜.
