Fusehunt

Fusehunt

Tech, web, programming, home automation, networking, and geeky blog.

30 May 2020

Setting up Caddy server 2 with Cloudflare in Docker

Caddy server is a very simple, super powerful, web server, written in Go. For hosting this Hugo based site it’s ideal. It also allows for configuration as a reverse proxy for other applications hosted within the network.

Lets first create a directory for this called “caddy”, with mkdir caddy. Then within there create a file called “Dockerfile”, in this file add the following:

1
2
3
4
5
6
7
8
FROM caddy:builder AS builder

RUN caddy-builder \
    github.com/caddy-dns/cloudflare

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

Here we’re first loading the Caddy builder service, then running it with the Cloudflare library URL on Github as a parameter. Before finally loading Caddy itself.

You can then use docker-compose to load it, with a docker-compose.yml file, which needs to be one level up from the “caddy” directory, add the following:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
version: "3.5"

services:

  caddy:
    container_name: caddy
    build:
      context: caddy
      network: host
    environment:
      CLOUDFLARE_EMAIL: '[email protected]' #Replace with your email.
      CLOUDFLARE_API_TOKEN: '************' #Replace with a Cloudflare API token.
    ports:
      - "443:443/tcp"
    volumes:
      - './Caddyfile:/etc/caddy/Caddyfile'
      - './html:/usr/share/caddy'
    restart: always

Here we define a caddy container and tell it to build the Dockerfile from the caddy directory. We set two environment variables, you email address you use to login to Cloudflare, and your Cloudflare API tokem. You will find this in your Cloudflare profile under API tokens. Be sure to create a new API token and don’t use the API key. The new token will need the permission “zone.dns”

We have defined the port 443 for https, becuase that’s Caddy’s default, you can add port 80 for http if you need it. Then we set two volumes, one for your Caddyfile, and one for your site code.

In your Caddy file you can add config similar to the following:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
{
  email [email protected]
}

fusehunt.co.uk {
  redir https://www.fusehunt.co.uk{uri} permanent
  tls [email protected] { 
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  }
}

www.fusehunt.co.uk {
  root * /usr/share/caddy/fusehunt/public
  file_server
  tls [email protected] { 
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  }
}

This is the Caddy file used for this site, be sure to replace the example email address with the one you use for Cloudflare.

The first section defines a global setting for your email addess. The next sets the apex domain to redirect to the www sub-domain. The third then serves the site from the volume we set in the docker-compose file. We pass in the Cloudflare API token to tell Caddy to ask Cloudflare when generating the SSL certificate.

comments powered by Disqus