#
xcaddy
xcaddy is awesome for setting up your LetsEncrypt certs with a DNS challenge (handy if you don't often - or ever - want to expose port 80/443 to the www)
#
Install xcaddy
# Get regular caddy first so xcaddy compiles right
wget https://github.com/caddyserver/caddy/releases/download/v2.10.0/caddy_2.10.0_linux_amd64.tar.gz
tar -xzvf caddy_2.10.0_linux_amd64.tar.gz
# Then download/compile xcaddy
wget https://github.com/caddyserver/xcaddy/releases/download/v0.4.4/xcaddy_0.4.4_linux_amd64.tar.gz
tar -xzvf xcaddy_0.4.4_linux_amd64.tar.gz
sudo apt install golang -y
./xcaddy build --with github.com/caddy-dns/cloudflare
#
Get a CloudFlare API token
Do that here.
#
Adjust DNS zone
For the domain you want xcaddy to be able to edit:
- Grant
Zone > DNS > Editpermissions - Grant
Zone > Zone > Readpermissions
#
Create the Caddy file
Here's an example:
some.cool.site.com {
tls {
dns cloudflare {env.CF_API_TOKEN}
}
reverse_proxy 127.0.0.1:3001
log {
output file /var/log/caddy/yoursiteslog.log
}
}
#
Run xcaddy
CF_API_TOKEN=xxx sudo --preserve-env=CF_API_TOKEN ./caddy run --config ./Caddyfile