I’ve been trying to get a wildcard certificate for my domain for use in Caddy…

i’ve got caddy installed and working fine but it seems i need to build caddy manually to include the cloudflaredns module?

My issue is that i installed caddy using apt… so i’m not really sure what i’m meant to do now…

Does anyone have any suggestions?

  • D4NM3D@reddthat.comOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thank you for this… i need to take some time to read it more thoroughly… though your approach with Docker though will likely make a lot more sense for my environment.

    • Perhyte@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Docker is also a bit tricky, because to use a custom binary you need to build a custom image. But if you don’t mind manually installing updates it’s not too bad.

      • D4NM3D@reddthat.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I had it running but it didn’t seem to be issuing wildcards… but afterwards i realised that whilst i had told it to use the cloudflare API… i don’t think at any stage i’d actually told it to issue wildcards… i guess i need to figure out how to do that…

        I’m questioning my need though really… i think the docs say it’s not recommended unless you’re dealing with thousands of subdomains…

        • Perhyte@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It will only issue wildcards if you have any sites named like *.yourdomain.com, i.e. it needs to see the *. to know to issue wildcards.

          The relevant parts of my Caddyfile look like this:

          {
          	# TLS settings.
          	acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          	email {env.ACME_EMAIL}
          }
          
          # Proxy a subdomain to a backend server.
          # Usage: `import proxy subdomain backendHost`
          (proxy) {
          	@sub-{args.0} host {args.0}.{$DOMAIN}
          	handle @sub-{args.0} {
          		reverse_proxy http://{args.1}
          	}
          }
          
          # Put everything in the same block to get a wildcard certificate.
          *.{$DOMAIN} {
          	# Handle particular subdomains.
          	import proxy changedetection changedetection:5000
          	import proxy uptime uptime-kuma:3001
          	import proxy whoami whoami
          
          	# Fallback message (unknown subdomain).
          	handle {
          		error "This subdomain is not currently in use." 404
          	}
          }
          

          The (alias) snippet at the top is used in the site block to tell it how to use a particular subdomain.

          (I’ve removed some Authelia stuff and handling the apex domain)

          {$DOMAIN} fills in my base domain from the environment, and {env.*} does the same for my credentials (but without putting it in the JSON config).