Caddy ‐ Installation and configuration - mluchettii/github-wiki-mluchetti GitHub Wiki

Environment: Raspberry Pi OS (Debian), Docker, Cloudflare

For this demonstration, I am installing Caddy Cloudflare, which is a custom version of the Caddy Docker image with built-in Cloudflare DNS-01 ACME validation. This is necessary for automatically obtaining SSL certificates.

Implementing this Docker setup is faster than having to manually compile Go, which is then used to compile xcaddy, a tool used to build custom Caddy binaries. xcaddy supports adding additional modules, such as the Cloudflare DNS module. For that, I followed the instructions from the official xcaddy repository. For this guide however, I want to show the easiest method of implementing Caddy in a Cloudflare setup.

Table of Contents

• Installation
• Configuration

Installation

Example docker-compose.yml file:

services:
  caddy:
    image: ghcr.io/caddybuilds/caddy-cloudflare:latest
    container_name: caddy-cloudflare
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - ./caddy_data:/data
      - ./caddy_config:/config
    environment:
      - CLOUDFLARE_API_TOKEN=your_cloudflare_api_token
volumes:
  caddy_data:
    external: true
  caddy_config:

Source: Caddy Cloudflare GitHub

Pull the Docker image and deploy the container using sudo docker compose up -d.

Configuration

The Caddyfile is a configuration file that contains the information for creating reverse proxies and obtaining SSL certificates, among other things. In addition, this version of Caddy allows us to set the ACME DNS challenge provider to use Cloudflare. Here is an example Caddyfile for an Apache site that listens on port 8080:

apache.example.com {

    # Set this path to your site's directory.
    root * /usr/share/caddy

    file_server

    reverse_proxy localhost:8080

    tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }
}

Source: Caddy Cloudflare GitHub

Write the changes to the file, then restart the Caddy Docker container.

With this configuration, Caddy will be able to serve the Apache site running on localhost:8080 to anyone that visits apache.example.com, given that a respective A record for the domain was created in Cloudflare. All connections will also be encrypted with SSL over HTTPS.