Caddy webserver - valid certificates for hosted services
- Setup a debian machine or use an existing machine
installInstall xcaddy (add xcaddy apt repository)
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-xcaddy.list sudo apt update sudo apt install xcaddy
- Install prebuild go language from go website
mkdir golang cd golang #remove existing go version rm -rf /usr/local/go # check for latest release and download wget https://go.dev/dl/go1.22.2.linux-amd64.tar.gz tar -xvf go1.22.2.linux-amd64.tar.gz -C /usr/local # set environment variables for go / e.g. edit bash.bashrc export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
- Build your own caddy binary with needed plugins - in this case include dns-netcup module
xcaddy build --with github.com/caddy-dns/netcup # move binary to /usr/bin # rename it to caddy_custom to mark it as custom build mv caddy /usr/bin/caddy_custom # create default config Directory fpr Caddyfile mkdir /etc/caddy touch /etc/caddy/Caddyfile
- Create systemd service file and enable it
# create caddy group groupadd --system caddy #create caddy user useradd --system \ --gid caddy \ --create-home \ --home-dir /var/lib/caddy \ --shell /usr/sbin/nologin \ --comment "Caddy web server" \ caddy # create empty service file touch /etc/systemd/system/multi-user.target.wants/caddy.service
This example service file includes env vars for the netcup dns module
# caddy.service # # For using Caddy with a config file. # # Make sure the ExecStart and ExecReload commands are correct # for your installation. # # See https://caddyserver.com/docs/install for instructions. # # WARNING: This service does not use the --resume flag, so if you # use the API to make changes, they will be overwritten by the # Caddyfile next time the service is restarted. If you intend to # use Caddy's API to configure it, add the --resume flag to the # `caddy run` command or use the caddy-api.service file instead. [Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ After=network.target network-online.target Requires=network-online.target [Service] Environment="NETCUP_CUSTOMER_NUMBER=XXXXX" Environment="NETCUP_API_KEY=XXXXX" Environment="NETCUP_API_PASSWORD=XXXXX" Type=notify User=caddy Group=caddy ExecStart=/usr/bin/caddy_custom run --environ --config /etc/caddy/Caddyfile ExecReload=/usr/bin/caddy_custom reload --config /etc/caddy/Caddyfile --force TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 PrivateTmp=true ProtectSystem=full AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target