Caddy with integrated support for Cloudflare DNS-01 ACME verification challenges.
I'm using this image in production myself, but you may wish to fork it and deploy your own version rather than trust my image (I would recommend you do).
Please see the official Caddy Docker Image for more detailed deployment instructions.
Includes images for regular and alpine versions of Caddy. Each are rebuilt every Monday morning at 0300 UTC from the :latest
and :alpine
tags respectively. Visit this repository on Docker Hub to pull images.
- A Cloudflare account
- All domains you want to use with Caddy MUST be on your Cloudflare account, for any domains not through Cloudflare you must fall back to another verification method using the
tls
block here.
Caddy will use DNS-01 ACME verification to generate certificates for any domains you specify in your Caddyfile. You can also use wildcard domains (e.g. *.example.com
) in your Caddyfile and certificates will be obtained for them. Substitute the :latest
tag for :alpine
to use a smaller base image with higher performance and less overhead.
-
Obtain your Cloudflare API token by visiting your Cloudflare dashboard and creating a token with the following permissions:
-
Zone / Zone / Read
-
Zone / DNS / Edit
The token does not need any more permissions than these for DNS-01 ACME verification.
-
-
Add this to your Caddyfile (or create one with this):
{ acme_dns cloudflare {$CLOUDFLARE_API_TOKEN} email {$ACME_EMAIL} }
-
Start your Docker container using the following command (substituting your own token and email address):
docker run -it --name caddy \ -p 80:80 \ -p 443:443 \ -v caddy_data:/data \ -v caddy_config:/config \ -v $PWD/Caddyfile:/etc/caddy/Caddyfile \ -e [email protected] \ -e CLOUDFLARE_API_TOKEN=123457890 \ -e ACME_AGREE=true \ technoguyfication/caddy-cloudflare:latest
Or for docker-compose:
version: "3.7" services: caddy: image: technoguyfication/caddy-cloudflare:latest restart: unless-stopped environment: - ACME_EMAIL="[email protected]" - CLOUDFLARE_API_TOKEN=1234567890 - ACME_AGREE=true ports: - "80:80" - "443:443" volumes: - caddy_data:/data - caddy_config:/config - $PWD/Caddyfile:/etc/caddy/Caddyfile volumes: caddy_data: caddy_config: