Table of Contents
This docker image is based on work from @lucaslorentz which I included the plugin Cloudflare.
This is only difference between this one and his image.
๐ If you need more details about how to use this image I will advise you to go to his GitHub and review the documentation.
It is useful if you are planning to use the reverse proxy from โข๏ธ Caddy together with Let's Encrypt and Cloudflare DNS as a challenge.
The main purpose of creating this image is to have DNS challenge for wildcard domains.
I am using GitHub Actions where it will update weekly docker image and both plugins.
It also can keep the IP address up to date thanks to Caddy DynamicDNS.
๐ฐ It will work on any Linux box amd64 or Raspberry Pi with arm64 or arm32.
You will need to have:
- ๐ณ Docker
- ๐ docker-compose
- Domain name -> you can get from Name Cheap
- Cloudflare DNS Zone
You will tell โข๏ธ Caddy where it has to route traffic in docker network, as โข๏ธ Caddy is ingress on this case.
โฌ๏ธ A simple docker-compose.yml:
version: "3.3"
services:
caddy:
container_name: caddy
image: homeall/caddy-reverse-proxy-cloudflare:latest
restart: unless-stopped
environment:
TZ: 'Europe/London'
volumes:
- "/var/run/docker.sock:/var/run/docker.sock" #### needs socket to read events
- "./caddy-data:/data" #### needs volume to back up certificates
ports:
- "80:80"
- "443:443"
labels: # Global options
caddy.email: [email protected] #### needs for acme CERT registration account
whoami0:
container_name: whoiam
image: jwilder/whoami:latest
hostname: TheDocker ############################----->>Expected result using curl
restart: unless-stopped
labels:
caddy: your.example.com #### needs for caddy to redirect traffic
# caddy.servers.protocols: "experimental_http3" #### For HTTP/3
# caddy.tls.ca: "https://acme.zerossl.com/v2/DV90" ### Only if you will prefer ZeroSSL. Default it is Let's Encypt.
caddy.reverse_proxy: "{{upstreams 8000}}" #### needs to tell caddy which port number should send traffic
caddy.tls.protocols: "tls1.3" #### This is optional. Default it is tls1.2
caddy.tls.ca: "https://acme-staging-v02.api.letsencrypt.org/directory" # Needs only for testing purpose. Remove this line after you finished your tests.
caddy.tls.dns: "cloudflare $API-TOKEN" #### You will have to replace here $API-TOKEN with your real scoped API token from Cloudflare.
Please get your scoped API-Token from here.
โฌ๏ธ Go on TOP โ๏ธ
โฌ๏ธ Your can run the following command to see that is working:
$ curl --insecure -vvI https://test.ionut.vip 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
* Server certificate:
* subject: CN=test.ionut.vip ################################ CA from Let's Enctrypt Staging
* start date: Jan 5 15:15:00 2021 GMT
* expire date: Apr 5 15:15:00 2021 GMT
* issuer: CN=Fake LE Intermediate X1 ######################## This is telling you that acme is working as expected!
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fc02180ec00)
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
$ curl -k https://test.ionut.vip
I'm TheDocker################################### Expected result from hostname above
healthy word. This is telling you that docker is running healtcheck itself in order to make sure it is working properly.
โฌ๏ธ Please test yourself using the following command:
โฏ docker inspect --format "{{json .State.Health }}" caddy | jq
{
"Status": "healthy",
"FailingStreak": 0,
"Log": [
{
"Start": "2021-01-04T11:10:49.2975799Z",
"End": "2021-01-04T11:10:49.3836437Z",
"ExitCode": 0,
"Output": ""
}
]
}
๐๏ธ Distributed under the MIT license. See LICENSE for more information.
๐ด Please free to open a ticket on Github.
- ๐ @lucaslorentz ๐
- ๐ โข๏ธ @Caddy ๐ฅ and its huge ๐๏ธ community โ
- ๐ dns.providers.cloudflare ๐
โฌ๏ธ Go on TOP โ๏ธ
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent