We’ve recently discovered Caddy while searching for a solution to handle custom domain feature editable by our clients and it seems to be a perfect solution for what we need, especially features such as automatically issuing certificates as well as config updates via API.
Now we’re finalizing the Caddy setup and we wish to implement On demand TLS to make sure our clients correctly pointed their domain names before we start issuing certificates. Since the domain name clients need to point to (CNAME record) is static, we’d like to contain the logic within Caddy server itself.
This means the ask
URL should ideally point back to Caddy server. The problem is how to actually proceed from there as there are a couple of possible solutions:
-
Easiest solution would be for the
ask
URL to point to a public serverless function (Firebase Functions, AWS Lambda etc.) which would do the DNS check- Unfortunately doing so would stretch our “custom domain” feature across different tech stacks
-
Spin another server (Node.js, PHP or something similar) on the same instance where Caddy is installed and then proxy “ask” URL via Caddy to the other server which would do the DNS check
- Problem with this solution is that we should maintain both Caddy and the other server
-
Check the DNS record in a shell script by using
nslookup
,dig
or something similar- This solution seems fairly simple with less requirements for maintenance but we’re not sure how to actually execute shell script via HTTP and return 200 or another status code depending on whether DNS check passed or not (we did try CGI module but to no avail)
Has anyone done something similar?