A custom Caddy build with the Cloudflare DNS plugin pre-installed, for use in a homelab. The image is built automatically via GitHub Actions and published to the GitHub Container Registry (GHCR).
The Cloudflare DNS plugin enables Caddy to solve ACME DNS-01 challenges, allowing you to obtain TLS certificates for internal services without exposing port 80 to the internet.
Versions are pinned in versions.env:
CADDY_VERSION=2.9.1
CLOUDFLARE_PLUGIN_VERSION=v0.2.3To update, edit that file and push a new tag to trigger a build:
# Edit versions.env, then:
git add versions.env
git commit -m "chore: bump to caddy 2.x.x"
git tag v2.x.x
git push origin main --tagsThe CLOUDFLARE_PLUGIN_VERSION must be a Go module pseudo-version. To get the latest:
curl https://proxy.golang.org/github.com/caddy-dns/cloudflare/@latestPull the image from GHCR:
docker pull ghcr.io/stelianmorariu/caddy-cf:latestReference it in your docker-compose.yml:
services:
caddy:
image: ghcr.io/stelianmorariu/caddy-cf:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
environment:
- CLOUDFLARE_API_TOKEN=your_token_here
volumes:
caddy_data:
caddy_config:Configure DNS-01 challenge in your Caddyfile:
example.internal {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
reverse_proxy localhost:8080
}
| Tag | Description |
|---|---|
latest |
Latest build from main |
v2.9.1 |
Exact Caddy release version |
2.9 |
Major.minor |
sha-<commit> |
Specific commit |