- Buy a domain from a domain registrar.
- In domain registrar settings, change the nameserver to the following entries:
ns3.digitalocean.com,ns2.digitalocean.com,ns1.digitalocean.com - Wait for this change to propogate. You can search "DNS propogation tool", and then test your domain name there. You should check the
NS(Name Server) record. - In the Digital Ocean console, create a personal access token with "Read" and "Write" permissions for Domains. (You will need "Write" as we will use it to create a TXT entry).
- Build the container image: `docker build -t localhost/caddy .
- Consider editing the Caddyfile - remove the
reverse_proxyexample if you do not have something to proxy to. - Create a "caddy_data" folder:
mkdir caddy_data. This means we can persist the certificates between container removals and creations. - Run the image:
docker run -e DIGITAL_OCEAN_DNS_API_TOKEN=${ADD_TOKEN_HERE} -p 80:80 -p 443:433 -v "./Caddyfile:/etc/caddy/Caddyfile:ro" -v "./caddy_data:/data/caddy:rw" localhost/caddy - If you do not already for DNS server set up, add a hosts in /etc/hosts:
127.0.0.1 mydomain.com - Now visit
mydomain.comand see the green padlock on the URL bar!
Created
December 4, 2024 23:16
-
-
Save jamesrr39/6bbbcc4139772d4f1caf9fdea401ff2f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| # https://caddyserver.com/docs/caddyfile/options#email | |
| email [email protected] | |
| } | |
| (tls_config) { | |
| tls { | |
| dns digitalocean {env.DIGITAL_OCEAN_DNS_API_TOKEN} | |
| # If you are running a DNS server on your network, controlling this domain, Caddy will resolve your DNS server to that internal server, and place the TXT entry there. | |
| # Let's Encrypt will not be able to find the internal server, so will not issue a certificate. | |
| # So instead, specify the public Digital Ocean servers. | |
| resolvers ns3.digitalocean.com ns2.digitalocean.com ns1.digitalocean.com | |
| } | |
| } | |
| https://home-assistant.mydomain.com:443 { | |
| import tls_config | |
| reverse_proxy http://homeassistant:8123 | |
| } | |
| mydomain.com:443, *.mydomain.com:443 { | |
| import tls_config | |
| respond "{time.now}:{system.os}:{system.arch}" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM caddy:2.8.4-builder AS builder | |
| RUN xcaddy build \ | |
| --with github.com/caddy-dns/digitalocean | |
| FROM caddy:2.8.4 | |
| COPY --from=builder /usr/bin/caddy /usr/bin/caddy | |
| ADD start.sh /opt/start.sh | |
| CMD [ "/opt/start.sh" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| caddy run --config /etc/caddy/Caddyfile --adapter caddyfile |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment