Caddy DNS modules and Caddy Docker Proxy, a few questions to get started

SaladCesar · February 7, 2025, 11:22am

1. The problem I’m having:

Hi,

I would have questions about Caddy DNS modules and Caddy Docker Proxy, and I don’t succeed to get answers on their dedicated help channels, that is why I am asking here.

I am trying to find explanations about what exactly Caddy DNS modules do and don’t, and how to configure them properly with Caddy Docker Proxy.

I am using Cloudflare as my DNS zone.
Both my public IPV4 and IPV6 can change, so I want both to be updated automatically by Caddy.
Additionnally, I would like caddy to automatically create CNAME records when I add a new subdomain configuration. I couldn’t find the information if caddy DNS modules can do that or not.

If I understood correctly, Caddy DNS modules (GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare) do not update A / AAAA DNS records. To do that, another module is required, for example GitHub - mholt/caddy-dynamicdns: Caddy app that keeps your DNS records (A/AAAA) pointed at itself. .

I am trying to get that configured through Caddy Docker Proxy, if possible as global configuration so that it applies to every subdomain I have.

So far, my configuration is the following:

    platform: ${PLATFORM}
    container_name: caddy
    ports:
      - 80:80
      - 443:443/tcp
      - 443:443/udp
    environment:
      - CADDY_INGRESS_NETWORKS=services
      - DOCKER_HOST=tcp://dockersocket:2375
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    depends_on:
      - dockersocket
      - sablier
    networks:
      - services
      - dockersocket
    volumes:
     # - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONFIG_FOLDER}/caddy:/data
    restart: unless-stopped
    labels:
      
      caddy.dynamic_dns.provider: cloudflare ${CADDY_CLOUDFLARE_DNSTOKEN}
      caddy.dynamic_dns.domains.: ${DOMAIN}

      caddy.acme_dns: cloudflare ${CADDY_CLOUDFLARE_DNSTOKEN}

But it doesn’t produce the expected configuration, that is

{
	dynamic_dns {
		provider cloudflare {env.CLOUDFLARE_API_TOKEN}
		domains {
			example.com
		}
	}
}

What I get is

{
	dynamic_dns {
		provider cloudflare {env.CLOUDFLARE_API_TOKEN}
		domains {
			example {
                             com
                         }
		}
	}
}

I couldn’t find how to escape the . in my configuration.

I would have the following questions:

Am I using the right modules to achieve CNAME automatic creation/deletion and A / AAAA automatic updating ?
Is it possible to apply their configuration globally without having to copy it for every subdomain ?
Am I configuring them the right way ?
How to escape the . character in a Caddy Docker Proxy configuration ? Is there another way to achieve the result ?

Thanks for any answer, have a nice day.

2. Error messages and/or full log output:

3. Caddy version: v2.9.1

4. How I installed and ran Caddy:

Built with Docker and xcaddy, with GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare and GitHub - mholt/caddy-dynamicdns: Caddy app that keeps your DNS records (A/AAAA) pointed at itself. plugins

a. System environment:

Docker on Debian

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

    platform: ${PLATFORM}
    container_name: caddy
    ports:
      - 80:80
      - 443:443/tcp
      - 443:443/udp
    environment:
      - CADDY_INGRESS_NETWORKS=services
      - DOCKER_HOST=tcp://dockersocket:2375
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    depends_on:
      - dockersocket
      - sablier
    networks:
      - services
      - dockersocket
    volumes:
     # - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONFIG_FOLDER}/caddy:/data
    restart: unless-stopped
    labels:
      
      caddy.dynamic_dns.provider: cloudflare ${CADDY_CLOUDFLARE_DNSTOKEN}
      caddy.dynamic_dns.domains.: ${DOMAIN}

      caddy.acme_dns: cloudflare ${CADDY_CLOUDFLARE_DNSTOKEN}

For each of my services:

    labels:
      caddy: gitea.${DOMAIN}
      caddy.reverse_proxy: gitea:3000

d. My complete Caddy config:

{
	acme_dns cloudflare REDACTED
	grace_period 10s
	dynamic_dns {
		provider cloudflare REDACTED
		domains {
			mydomain {
				com
			}
		}
	}

}
auth.mydomain.com {
	reverse_proxy authentik-server:9000
}
gitea.mydomain.com {
	reverse_proxy gitea:3000
}
openmediavault.mydomain.com {
	reverse_proxy http://192.168.1.27:10997
}
vault.mydomain.com {
	reverse_proxy vaultwarden:80
}

5. Links to relevant resources:

TheRettom · February 9, 2025, 2:42am

I don’t believe automatic CNAME creation/deletion is a standard feature of Caddy or its DNS modules. This functionality would probably require a custom script or extension that integrates with Caddy and the DNS provider’s API.

I had to do research to come to this, but I believe you’re encountering an issue with the dot (.) character in the caddy.dynamic_dns.domains. label. Caddy Docker Proxy labels are interpreted as nested configurations. A nested configuration refers to a setup where configuration settings are organized in a hierarchical structure, allowing for complex configurations to be expressed more clearly. The dot is likely being interpreted as a level separator in the Caddy configuration structure, leading to the nested example.com becoming example { com }.

In Caddy Docker Proxy labels, to use a dot in a label key, we typically need to use underscores instead. Caddy Docker Proxy automatically converts underscores in labels back to dots when generating the Caddyfile. So caddy_dynamic_dns_domains_ should be used, or alternatively, use proper YAML or JSON configuration within the Caddy config volume. You are trying to define caddy.dynamic_dns.domains.: ${DOMAIN} where : is likely causing issues. For a list, it should be caddy.dynamic_dns.domains: ${DOMAIN} where ${DOMAIN} contains the comma-separated domain names.

Question 1: I don’t think any modules automatically create or delete CNAMEs.
Question 2: Yep, with the Docker labels that you have.
Question 3: Nope.
Question 4: It looks like you need to use underscores in labels (e.g., caddy_dynamic_dns_domains). Alternatively, a full Caddyfile configuration allows for better configurations if labels are insufficient.

SaladCesar · February 11, 2025, 1:48pm

Thank you for your answer !

Ok, now I know what can and can’t be done with Caddy modules. I will keep the cloudflare caddy dns module as it makes acme much simpler.
Cool
Ok
I tried underscore, double underscore, / … none of them worked to escape the . character in the option name. I found out a single post where someone had this issue, and it was with the exact same module (dynamic-dns), but even if he/she received a lot of help, he/she didn’t find a solution either: Escaping domain name in attribute · Issue #316 · lucaslorentz/caddy-docker-proxy · GitHub.

I finally gave up and went back to an external solution to keep my A/AAAA records up to date, using a dedicated ddns container. GitHub - qdm12/ddns-updater: Container to update DNS records periodically with WebUI for many DNS providers

TheRettom · February 11, 2025, 4:02pm

One thing I guess I failed to mention was that your Caddyfile:

{
	acme_dns cloudflare REDACTED
	grace_period 10s
	dynamic_dns {
		provider cloudflare REDACTED
		domains {
			mydomain {
				com
			}
		}
	}
}

is wrong. It should look like:

{
	acme_dns cloudflare REDACTED
	grace_period 10s
	dynamic_dns {
		provider cloudflare REDACTED
		domains {
			mydomain.com @ auth gitea openmediavault vault
		}
	}
}

That can also cause issues.

system · March 13, 2025, 4:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.