How can I use DNS challenge in Caddy2?

wordlesswind · February 20, 2020, 4:14pm

1. My Caddy version (`caddy version`):

Docker-CE caddy/caddy:alpine

2. How I run Caddy:

docker run -v “/home/name/docker/proxy/Caddyfile:/etc/caddy/Caddyfile” -v “/home/name/docker/proxy/config:/root/.config/caddy” -v “/home/name/docker/proxy/local:/root/.local/share/caddy” -v “/home/name/docker/web:/root/wwwroot” -p “80:80” -p “443:443” -p “443:443/udp” caddy/caddy:alpine

a. System environment:

Ubuntu 18.04.3 LTS (GNU/Linux 4.15.0-72-generic x86_64)

b. Command:

--config "/etc/caddy/Caddyfile" --adapter "caddyfile"

c. Service/unit/compose file:

NULL

d. My complete Caddyfile or JSON config:

{
    email i@qingly.me
    experimental_http3
}

example.com, *.example.com {
    root * /root/wwwroot
    encode zstd gzip brotli
    php_fastcgi php-fpm:9000
    header {
        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
    }
    tls {
        curves p384
        dns cloudflare {
            api_token "<Zone ID>"
            zone_api_token "<Account ID>"
        }
    }
}

3. The problem I’m having:

Due to restrictions host provider, I can not seem to use HTTP challenge and TLS-ALPN challenge.
Now my IP has been rate limited.

So I want to set it through DNS challenge, but there doesn’t seem to be a Caddy2 document, so I want to ask you if there is any problem with my Caddyfile?

Also, I don’t know if my php_fastcgi setting is correct, should it be set to the service name of php-fpm in compose file? Or does it automatically listen on port 9000
I don’t even know how to set the directory address in Docker.

Thank you!

4. Error messages and/or full log output:

NULL

francislavoie · February 20, 2020, 5:07pm

You need to build Caddy with DNS plugin support. See this recent thread where someone else got it working:

Right now, the official docker image doesn’t support building with custom plugins, but you can track the progress here: Allow customised Caddy builds by zakcutner · Pull Request #27 · caddyserver/caddy-docker · GitHub

Without additional context, your php_fastcgi directive looks correct to me. When running with docker-compose, you typically use the service name of the container you want to proxy to.

Edit: It seems like this was a popular thread in search results. Since this was written, some better options are available.

For non-docker setups, follow the instructions here:
How to use DNS provider modules in Caddy 2
For docker, write a Dockerfile that uses the builder image. See the section on the Docker Hub docs titled “Adding custom Caddy modules” Docker and also reference this post to choose which plugin you’ll need.

wordlesswind · February 20, 2020, 7:33pm

OK, thank you for your help!

frenchvandal · March 16, 2020, 4:22pm

Is it possible to have a simple example of a docker-compose.yml with the build image? Thanks!

francislavoie · March 16, 2020, 4:34pm

There’s instructions in the README on how to set up your own Dockerfile to build with modules (plugins): GitHub - caddyserver/caddy-docker: Source for the official Caddy v2 Docker Image

With docker-compose, just make sure to set the volume bindings and ports (see the docker run examples in the README)

system · June 14, 2020, 4:34pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.