Caddyfile: dynamic domains with dynamic roots for SAAS project

Jerome38 · July 16, 2023, 6:37pm

Hello,

1. The problem I’m having:

I’m trying to create a CaddyFile which allows me to authorize any domain, as long as I have a directory with its name in my folder, and to use this directory as root

For example: if the domain example.com has its DNS A pointing to my server, and someone visits example.com, I want to

Check if I have a directory /home/codi/clients/example.com/
If yes, issue the SSL certificate and launch the index.html inside

It’s my first time with Caddy and I start with a complex scenario … my Caddyfile could be really bad, I’m sorry if my question it not good

2. Error messages and/or full log output:

When I try with a test domain, nothing happens and I don’t see any log in my “caddy run”

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Following the documentation, as a debian package

a. System environment:

Debian

b. Command:

I tried caddy start first but to see what’s happening I’m using caddy run now

d. My complete Caddy config:

{
  on_demand_tls {
    ask https://check.codicommerce.fr
  }
}

https://check.codicommerce.fr {
  root * /home/codi/clients/
  @deny not file /{host}/
  respond @deny 404
}

* {
  tls {
    on_demand
  }

  root /var/www/clients/{host}
  file_server
}

5. Links to relevant resources:

I took inspiration for my CaddyFile on these links:

Thx!

francislavoie · July 16, 2023, 7:25pm

Use :443, not *.

The placeholder you want is {query.domain}, because the ask domain is passed as a query parameter. If you did not file /{host}/ then it would always be checking not file /check.codicommerce.fr/ which isn’t what you want.

Also since you’re setting up the ask endpoint in Caddy itself, you don’t need to use a real domain for that site. You could just change it to localhost:8081 or something random like that. It’ll be significantly faster because then Caddy won’t need to set up TLS for the ask endpoint.

Jerome38 · July 16, 2023, 8:31pm

Thx a lot!

It works perfectly.
My root was incorrect too in the last part (missing an argument and wrong directory)

Here is my final Caddy file:

{
  on_demand_tls {
    ask http://localhost:8081
  }
}

http://localhost:8081 {
  root * /home/codi/clients/
  @deny not file /{query.domain}/
  respond @deny 404
}

:80, :443 {
  tls {
    on_demand
  }

  root * /home/codi/clients/{host}/public
  file_server
}

Such complex scenario in a few lines, Caddy is awesome!

francislavoie · July 16, 2023, 8:36pm

Using :80 here can mess things up. You should remove that. Only use :443.

Jerome38 · July 16, 2023, 8:50pm

Sure, thx for the advice (and again for the help!)

system · August 15, 2023, 8:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.