arya
February 16, 2023, 3:28pm
1
Debian 11.6 (amd64), Caddy v2.6.2 , run with systemd service (from deb package)
I have a caddy server running on a domain which has GeoDNS on it, that is, DNS that points to the closest server to the user’s location.
I have tried making a script that copies over the domain ssl stuff, but this has to be done for every domain which is painful…
Pages for logged out editors learn more
GeoDNS (or GeoIP) is a patch for BIND DNS server software, to allow geographical split horizon (different DNS answers based on client's geographical location), based on MaxMind's geoip (commercial) or geolite (free) databases.
The objective of this technology is to enhance the domain name lookup by address resolution based on geographical location of the client. For example a website might have 2 servers, one located in France and one in the US. Wi...
There are tools like Syncthing, and of course, as you’ve tried, scripts. It can be done. You could sync the entire storage directory, which would make things simpler.
If you actually share the underlying storage somehow between your distributed Caddy servers, they can maintain a single store of TLS assets in concert, and even solve challenges on each others’ behalf. This would allow a Caddy server in the US to solve a challenge on behalf of a Caddy server in India.
To do that, you could either configure one of Caddy’s multiple storage modules , or you can just abstract the underlying directory with the default storage (on the file system) such as via NFS mount.
See:https://caddyserver.com/docs/automatic-https#storage https://caddyserver.com/docs/caddyfile/options#storage
2 Likes
balki
February 17, 2023, 1:06am
3
Or is there a better way to retrieve the certificates while still using GeoDNS.
Yes. Use dns plugins to make caddy get certificates using dns challenge . Then it does not matter what ip is used in dns record. Works even with private/local ips.
1 Like
@balki True, but the problem with that approach is that each Caddy instance would have to fetch their own certificate, which adds additional pressure on ACME issuers. There’s also limits to the amount of certificates you can have per individual domain. So it’s best to use a storage mechanism to share certificates across all Caddy instances.
arya
February 18, 2023, 9:20am
5
The thing is that we use our own self-hosted knot-dns.cz server. While its supported by acme.sh, its not by caddy-dns…
arya
February 18, 2023, 10:57am
6
So it looks like there is a caddy-dns plugin for rfc2136, which seems to be supported by knot-dns. I will try that and update here if it works…
1 Like
arya
February 18, 2023, 1:48pm
7
xcaddy build --with github.com/caddy-dns/rfc2136 just gets stuck
$ .local/share/go/bin/xcaddy build --with github.com/caddy-dns/rfc2136
2023/02/18 18:53:37 [INFO] Temporary folder: /tmp/buildenv_2023-02-18-1853.3780530729
2023/02/18 18:53:37 [INFO] Writing main module: /tmp/buildenv_2023-02-18-1853.3780530729/main.go
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
// plug in Caddy modules here
_ "github.com/caddyserver/caddy/v2/modules/standard"
_ "github.com/caddy-dns/rfc2136"
)
func main() {
caddycmd.Main()
}
2023/02/18 18:53:37 [INFO] Initializing Go module
2023/02/18 18:53:37 [INFO] exec (timeout=10s): /sbin/go mod init caddy
go: creating new go.mod: module caddy
go: to add module requirements and sums:
go mod tidy
2023/02/18 18:53:37 [INFO] Pinning versions
2023/02/18 18:53:37 [INFO] exec (timeout=0s): /sbin/go get -d -v github.com/caddyserver/caddy/v2
go: added github.com/beorn7/perks v1.0.1
go: added github.com/caddyserver/caddy/v2 v2.6.4
go: added github.com/caddyserver/certmagic v0.17.2
go: added github.com/cespare/xxhash/v2 v2.1.2
go: added github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
go: added github.com/golang/mock v1.6.0
go: added github.com/golang/protobuf v1.5.2
go: added github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38
go: added github.com/google/uuid v1.3.0
go: added github.com/klauspost/cpuid/v2 v2.2.3
go: added github.com/libdns/libdns v0.2.1
go: added github.com/matttproud/golang_protobuf_extensions v1.0.1
go: added github.com/mholt/acmez v1.1.0
go: added github.com/miekg/dns v1.1.50
go: added github.com/onsi/ginkgo/v2 v2.2.0
go: added github.com/prometheus/client_golang v1.14.0
go: added github.com/prometheus/client_model v0.3.0
go: added github.com/prometheus/common v0.37.0
go: added github.com/prometheus/procfs v0.8.0
go: added github.com/quic-go/qpack v0.4.0
go: added github.com/quic-go/qtls-go1-18 v0.2.0
go: added github.com/quic-go/qtls-go1-19 v0.2.0
go: added github.com/quic-go/qtls-go1-20 v0.1.0
go: added github.com/quic-go/quic-go v0.32.0
go: added go.uber.org/atomic v1.9.0
go: added go.uber.org/multierr v1.6.0
go: added go.uber.org/zap v1.24.0
go: added golang.org/x/crypto v0.5.0
go: added golang.org/x/exp v0.0.0-20221205204356-47842c84f3db
go: added golang.org/x/mod v0.6.0
go: added golang.org/x/net v0.7.0
go: added golang.org/x/sys v0.5.0
go: added golang.org/x/term v0.5.0
go: added golang.org/x/text v0.7.0
go: added golang.org/x/tools v0.2.0
go: added google.golang.org/protobuf v1.28.1
2023/02/18 18:53:39 [INFO] exec (timeout=0s): /sbin/go get -d -v github.com/caddy-dns/rfc2136 github.com/caddyserver/caddy/v2
go: downloading github.com/caddy-dns/rfc2136 v0.1.0
go: downloading github.com/libdns/rfc2136 v0.1.0
go: added github.com/caddy-dns/rfc2136 v0.1.0
go: added github.com/libdns/rfc2136 v0.1.0
2023/02/18 18:53:54 [INFO] exec (timeout=0s): /sbin/go get -d -v
go: downloading github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b
go: downloading github.com/go-chi/chi v4.1.2+incompatible
go: downloading github.com/smallstep/certificates v0.23.2
go: downloading github.com/smallstep/truststore v0.12.1
go: downloading go.step.sm/crypto v0.23.2
go: downloading github.com/smallstep/nosql v0.5.0
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2
go: downloading github.com/google/cel-go v0.13.0
go: downloading google.golang.org/genproto v0.0.0-20230202175211-008b39050e57
go: downloading github.com/klauspost/compress v1.15.15
go: downloading golang.org/x/sync v0.1.0
go: downloading github.com/BurntSushi/toml v1.2.1
go: downloading github.com/Masterminds/sprig/v3 v3.2.3
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0
go: downloading github.com/alecthomas/chroma/v2 v2.5.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0
go: downloading github.com/yuin/goldmark v1.5.4
go: downloading go.opentelemetry.io/otel v1.13.0
go: downloading github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0
go: downloading go.opentelemetry.io/otel/sdk v1.13.0
go: downloading github.com/inconshreveable/mousetrap v1.0.1
go: downloading howett.net/plist v1.0.0
go: downloading go.step.sm/cli-utils v0.7.5
go: downloading go.step.sm/linkedca v0.19.0
go: downloading google.golang.org/grpc v1.52.3
go: downloading gopkg.in/square/go-jose.v2 v2.6.0
go: downloading github.com/fxamacker/cbor/v2 v2.4.0
go: downloading github.com/slackhq/nebula v1.6.1
go: downloading github.com/antlr/antlr4/runtime/Go/antlr v1.4.10
go: downloading github.com/stoewer/go-strcase v1.2.0
go: downloading github.com/felixge/httpsnoop v1.0.3
go: downloading go.opentelemetry.io/otel/metric v0.36.0
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading go.opentelemetry.io/otel/trace v1.13.0
go: downloading github.com/Masterminds/semver/v3 v3.2.0
go: downloading github.com/huandu/xstrings v1.3.3
go: downloading github.com/imdario/mergo v0.3.12
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.2.0
go: downloading github.com/spf13/cast v1.4.1
go: downloading go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0
go: downloading go.opentelemetry.io/proto/otlp v0.12.0
go: downloading filippo.io/edwards25519 v1.0.0
go: downloading github.com/micromdm/scep/v2 v2.1.0
go: downloading go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
go: downloading github.com/urfave/cli v1.22.12
go: downloading github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
go: downloading github.com/manifoldco/promptui v0.9.0
go: downloading github.com/rs/xid v1.4.0
go: downloading github.com/Microsoft/go-winio v0.6.0
go: downloading github.com/mitchellh/go-ps v1.0.0
go: downloading github.com/dgraph-io/badger v1.6.2
go: downloading github.com/dgraph-io/badger/v2 v2.2007.4
go: downloading go.etcd.io/bbolt v1.3.6
go: downloading github.com/go-sql-driver/mysql v1.6.0
go: downloading github.com/jackc/pgx/v4 v4.17.2
go: downloading github.com/x448/float16 v0.8.4
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/cenkalti/backoff/v4 v4.1.2
go: downloading github.com/grpc-ecosystem/grpc-gateway v1.16.0
go: downloading github.com/go-kit/kit v0.10.0
go: downloading github.com/dgraph-io/ristretto v0.1.0
go: downloading github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13
go: downloading github.com/jackc/pgconn v1.13.0
go: downloading github.com/jackc/pgtype v1.12.0
go: downloading github.com/jackc/pgio v1.0.0
go: downloading github.com/jackc/pgproto3/v2 v2.3.1
go: downloading github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96
go: downloading github.com/golang/snappy v0.0.4
go: downloading github.com/go-logfmt/logfmt v0.5.1
go: downloading github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
go: downloading github.com/golang/glog v1.0.0
go: downloading github.com/jackc/chunkreader/v2 v2.0.1
go: downloading github.com/jackc/pgpassfile v1.0.0
go: downloading github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b
go: downloading github.com/shurcooL/sanitized_anchor_name v1.0.0
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading github.com/mattn/go-isatty v0.0.13
Sorry about that, there’s a bug in go get which is causing things to hang due to some dependency graph issues. There’s a fix on the master branch of that plugin already. Try to build like this for now:
xcaddy build --with github.com/caddy-dns/rfc2136@master
1 Like
arya
February 18, 2023, 4:49pm
9
Yup, that fixed it. Thanks a ton!
1 Like
system
March 20, 2023, 4:50pm
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
