Caddy with UFW and autodrop of rules

1. Caddy version (caddy version):

v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=

2. How I run Caddy:

I’m running a very, very, very simple Caddy setup currently, with just one domain setup behind a reverse proxy with zstd and gzip compression enabled. My Caddyfile is below.

a. System environment:

Ubuntu 20.04.2, using systemd

b. Command:

sudo service caddy start

c. Service/unit/compose file:


ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile


d. My complete Caddyfile or JSON config: {
  reverse_proxy localhost:1080
  encode zstd gzip

3. The problem I’m having:

I’m not having a problem, I’m trying to understand if something I’d like to do is possible. With nginx running with the Let’s Encrypt bot, I can set the bot to automatically drop my UFW firewall when it’s time to renew my SSL certificates, then it will re-enable the firewall once it’s completed its task.

My search on the internet hasn’t yielded any results in the ability to do such a thing. Is that possible with Caddy?

4. Error messages and/or full log output:

5. What I already tried:

As mentioned, I already spent a while searching on Google using different terms to try and see if what I want is doable, as well as reading the automatic HTTPS page but came up blank.

6. Links to relevant resources:

It’s not possible at the moment. I am working on an event dispatching system that might make this viable in the future, but no promises.

What you could do though, is use the DNS challenge instead of the HTTP or ALPN challenges if you need your firewall set up. The DNS challenge gets around ACME providers needing to connect directly to your server, by indirectly verifying ownership of the domain by checking for a special DNS record that is generated during the issuance flow.

If your DNS provider isn’t supported, you could consider using the duckdns plugin to delegate the challenge.

1 Like

Awesome, I’ll look into that thanks!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.