Hey,
For some time now I have been using caddy events exec and some bash scripts to update my local DNS entries on OPNsense. That worked great, but using the cert_obtained event was always a bit janky, and it required a Caddy container with at least bash, jq, and curl installed.
So I created a OPNsense DNS module and Unbound and Dnsmasq providers.
Together with caddy dynamicdns you can get a pretty automated setup:
{
dynamic_dns {
provider opnsense {
host {env.OPNSENSE_HOSTNAME}
api_key {env.OPNSENSE_API_KEY}
api_secret_key {env.OPNSENSE_API_SECRET}
dns_service dnsmasq # or unbound
insecure # optional, skip TLS verification for self signed certs
}
domains {
example.com
}
dynamic_domains
ip_source interface eth0
check_interval 5m
ttl 1h
}
acme_dns porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
}
test_caddy.example.com {
respond "Welcome to Caddy!"
}
If you are running this as a Docker container, you might want to change ip_source to static {env.DOCKER_HOST_IP}.
I am using this together with caddy docker proxy. Now I only need to add labels to my containers, for example:
labels:
caddy: mycontainer.example.com
caddy.reverse_proxy: "{{upstreams 8080}}"
They will then get a valid TLS certificate and a local DNS entry on OPNsense.
Here is a demo:
And my personal Caddy docker image with documentation:
Have fun and happy home labbing 