/srv # caddy version
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
I can only manually update A/CNAME of my primary DNS provider. To be clear my primary DNS provider is unsupported by Caddy (no plugin exists)
Caddy has to be reached by the ACME provider over non-standard ports - say 81, 444 - this requires me to use DNS challenge - which I don’t think I can do manually?
Can I?
So I was thinking I would solve this the following way:
Use duckdns to host the A record. Enable and use the duckdns Caddy plugin to solve the DNS challenge
Create a manual CNAME at my primary DNS provider to point to this duckdns entry
If the free Cloudflare tier will provide me the same benefits as duckdns - I am happy to skip duckdns and start using Cloudflare directly - never used Cloudflare but familiar with duckdns and find it simple.
Would appreciate any feedback.
Does all if this sound reasonable? Are there better solutions?
Background:
I want to be able to host multiple docker “stacks” on the same VM where each stack has its own Caddy for ingress. As a result, it’s not possible to have all the Caddy instances listen on the same 80, 443 (this is a temp. challenge until I get more comfortable with the Caddy API where I will have one Caddy for ingress and add/remove entries as these stacks come and go)
I am curious to know which DNS/Nameserver provider you are using, if you’d like to share it
Yes. Both the HTTP (:80) and TLS-ALPN (:443) acme challenges have to be externally reachable on :80 and :443 respectably.
And yes, there is no manual DNS challenge mode.
This is called DNS challenge delegation, as you might already know
And you don’t need to host your A record there for that. All you have to add is a CNAME to _acme-challenge.example.com (where example.com is your domain) and point that to duckdns.
The caddy duckdns provider (dns.providers.duckdns) used to be the only DNS provider which supported that use-case (afaik).
But with the upcoming Caddy v2.5.0, including the first beta (v2.5.0-beta.1) released just 5 days ago, this will be/is possible with all DNS providers using dns_challenge_override_domain.
So if you like, you could try out the beta and use any DNS provider, including Cloudflare - if you like - with a CNAME record.
You could however also use Cloudflare directly, without the use of DNS challenge delegation, if you change your Nameserver to Cloudflare’s. That’s fairly straight forward and quickly done.
With that, you only need to run a single Caddy for all your Docker containers and will be able to dynamically add or alter vhosts/domains via Docker labels from within your Stack config (docker-compose I assume).
And as a bonus, you don’t need to use the DNS acme challenge all together because you are using :80 and :443 again
I would like to do that. Do I use the xcaddy, pull the latest code from git and build a custom docker image or is there an image that already does that?
