/docker-caddy-cloudflare

The official Caddy Docker image built with the Cloudflare DNS module

Primary LanguageDockerfileApache License 2.0Apache-2.0

Caddy-Cloudflare

Docker Hub GitHub tag (latest SemVer) GitHub build status License

The official Caddy Docker image with the added caddy-dns/cloudflare module for DNS-01 ACME validation support. This image does not change anything with Caddy except replacing the caddy binary. Built for all supported platforms!

# Docker Hub
docker pull iarekylew00t/caddy-cloudflare:latest

# GHCR
docker pull ghcr.io/iarekylew00t/caddy-cloudflare:latest

Tags

The following tags are available for the iarekylew00t/caddy-cloudflare image.

  • latest
  • <version> (eg: 2.6.4, including: 2.6, 2, etc.)

Usage

Since this is built off the official Docker image all of the same Volumes, Environment variables, etc. can be used with this container. Please refer to the official Caddy Docker image and docs for more information on using Caddy.

Simply create the container as usual and include your CF_API_TOKEN (email no longer required for API Tokens). We can utilizing Caddy's support for Environment varaiables to pass these values into our Caddyfile.

docker run --rm -it \
  --name caddy \
  -p 80:80 \
  -p 443:443 \
  -v caddy_data:/data \
  -v caddy_config:/config \
  -v $PWD/Caddyfile:/etc/caddy/Caddyfile \
  -e CF_API_TOKEN=UhKLc...JD9jk \
  iarekylew00t/caddy-cloudflare:latest

Then set the global acme_dns directive in your Caddyfile

{
  acme_dns cloudflare {env.CF_API_TOKEN}
}

or via JSON

{
  "module": "acme",
  "challenges": {
    "dns": {
      "provider": {
        "name": "cloudflare",
        "api_token": "{env.CF_API_TOKEN}"
      }
    }
  }
}

See the caddy-dns/cloudflare module and tls directive for advanced usage.

Creating a Cloudflare API Token

You can generate a Cloudflare API token via the Cloudflare web console using the following steps:

  1. Login to your Dashboard
  2. Go to Account Profile > API Tokens
  3. Click "Create token" (Use the "Create Custom Token" option)
  4. Grant the following permissions:
    • Zone > Zone > Read
    • Zone > DNS > Edit

Building

You can easily build the Docker image locally by doing

docker build -t caddy-cloudflare .

Container signatures

All container images will be automatically signed via Cosign using keyless signatures. You can use the following command to verify the integrity of these images yourself.

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp https://github.com/IAreKyleW00t/docker-caddy-cloudflare/.github/workflows/ \
  iarekylew00t/caddy-cloudflare:latest

Contributing

Feel free to contribute and make things better by opening an Issue or Pull Request.

License

See LICENSE.