I’m trying to assess the caddy infrastructure and configuration and after reading the documentation, I’m left with a few questions regarding whether or not my desired configuration is possible.
Conditions
- Caddy is my reverse proxy for my docker applications
- Caddy runs in LAN on docker host
- LAN names use a publicly registered domain name and will connect directly
- Remote clients will connect via VPN (netbird) and I don’t want to set up and/or configure a PKI.
- I have an internal authoritative DNS for serving A records to LAN (and VPN) clients
- Server is BIND9 and I can use RFC 2136
- I have an external authoritative DNS for serving TXT records to LetsEncrypt
- Server is BIND9 and I can use RFC 2136
Expectation
What I am hoping for is that caddy can dynamically react to published docker services and update the internal DNS and retrieve and manage certificates for those services.
Results of my research
- Caddy is subtly complex and extremely versatile and powerful and much more than the simple proxy that it is perceived to be.
- Caddy supports various DNS providers, including RFC 2136
- The extension caddy-docker-upstreams provides the ability to use Docker labels to configure and publish services in caddy.
- This appears to provide similar functionality as Traefik’s labels
The basics of LetsEncrypt integration and static reverse proxy configuration are well documented and I think I understand what I have to do.
Questions
- Is it possible to dynamically configure DNS resource records and LetsEncrypt certificates using just the docker labels?
- If it is possible, where can I find information about configuring dynamic provisioning A/AAAA/CNAME resource records in my DNS server?
a. Is it standard if a DNS provider is globally defined?
Thanks for sharing any insights you may have.