Caddy with integrated support for Cloudflare verification challenges via the Cloudflare module.
Latest:
docker pull ghcr.io/kerimhudson/caddy-cloudflare:latest-alpine
docker pull ghcr.io/kerimhudson/caddy-cloudflare:2.8.1-alpine
This image builds using the caddy:alpine and caddy:builder-alpine images, and includes the Cloudflare module. For more information about the build, I'd recommend you view the Dockerfile.
I use this image personally, but for safety and security I would recommend that you fork and build this for yourself if you wish to use it.
The Github workflow to build uses variables and so will build the image based on your github username.
- A Cloudflare account
- A domain registered on your cloudflare account
Any domains you wish to use not registered with a Cloudflare account will need to use a different tls method. You can read more about TLS in Caddy here, and about modules in the Caddy documentation.
- Generate a Cloudflare Token
Make sure to use a scoped API token, NOT a global API key. It will need two permissions: Zone-Zone-Read and Zone-DNS-Edit.
- Provide this token as an environment variable when using the Docker image, using something like
CLOUDFLARE_API_TOKEN
Examples:
docker run -e CLOUDFLARE_API_TOKEN=your_token_value caddy-cloudflare:latestversion: "3.7"
services:
caddy:
image: caddy-cloudflare:latest
environment:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
...- Add the TLS definition to your Caddyfile
For ease, I create a reusable block that can be used across all definitions.
# Caddyfile
(cloudflare) {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
example.com {
import cloudflare
respond "Hello, world"
}