Community discussions

MikroTik App
  4. Other topics
  5. Containers

Caddy reverse proxy with automatic lets encrypt.

Post Reply
 
elico
Member Candidate
Member Candidate
Topic Author
Posts: 147
Joined: Mon Nov 07, 2016 3:23 am

Caddy reverse proxy with automatic lets encrypt.

Sat Dec 02, 2023 11:37 am

Has anyone tried Caddy reverse proxy with automatic lets encrypt to run ontop of RouterOS container?
It can be pretty nice.
The only issue is the configuration and process management.
A simple port 443 and port 80 port forwarding into the container is a must.
Then the configuration should be auto generated somehow in case you have more than one domain.

I was thinking about caddy api to configure but I don't have much time for this now.
 
Any suggestions?
A Caddyfile can be:
Code: Select all
{
        email address@example.com
}

https://sn.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom1.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom2.example.org {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

https://dom1.example.com {
        reverse_proxy https://172.17.0.1:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
Top
 
vovan700i
newbie
Posts: 33
Joined: Wed Jun 06, 2012 8:34 am

Re: Caddy reverse proxy with automatic lets encrypt.

Mon Dec 04, 2023 10:11 am

I use Caddy with automatic LE certificates running on top of RouterOS in container, it works like a charm.

In fact, the only thing I needed for certificates to work is the following lines in config (inside each domain section or separately with imports followed):
Code: Select all
tls {
    dns cloudflare MY_TOKEN
}
Be advised, a stock Caddy doesn't include any DNS verification plugins (Cloudflare, Route53, etc.), thus I use my own build with the plugins I need included. In case you use HTTP verification instead, you should probably refer to Caddy documentation for details/examples.
Top
 
nickvacula
just joined
Posts: 3
Joined: Thu Mar 30, 2023 3:29 pm

Re: Caddy reverse proxy with automatic lets encrypt.

Thu Dec 14, 2023 10:54 pm

I'm too using Caddy with Let's Encrypt on top of ROS but with Godaddy plugin, not Cloudflare, also custom build, similar to what @vovan700i described above. Work like a charm and I like it!

Note, if you use DNS verification plugin here, your Godaddy API token has a secret and a key, you just specify them both via semicolon:
Code: Select all
tls {
	dns godaddy YOUR_GODADDY_SECRET:YOUR_GODADDY_KEY
}
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest
  4. Other topics
  5. Containers