Hosting local https with trusted cert from Cloudflare with Caddy

Caddy and tools needed for xcaddy

Install caddy from the docs: caddyserver.com/docs/install

Install Go

I did this just using snaps

sudo snap install --classic go

Install git as well

sudo apt install git

Install xcaddy per the github instructions: https://github.com/caddyserver/xcaddy

Now you should be able to build Caddy with the cloudflare dns plugin:

xcaddy build --with github.com/caddy-dns/cloudflare

Stop caddy

sudo systemctl stop caddy

Replace the existing caddy binary

Find where the existing Caddy binary is installed:

which caddy

This typically returns /usr/bin/caddy or /usr/local/bin/caddy.

Now, replace the existing binary with the one you just built:

sudo mv caddy /usr/bin/caddy
sudo chmod +x /usr/bin/caddy

Verify the new binary is in place

caddy version
caddy list-modules | grep dns

You should see dns.providers.cloudflare listed.

Restart caddy

sudo systemctl restart caddy

If you encounter issues, check the logs:

journalctl -u caddy --no-pager --lines=50

to dry run the Caddyfile:

sudo caddy validate

Open up your Caddfile located at /etc/caddy/Caddyfile

Add a block for the domain you want to handle on the local network

immich.local.yourdomain.com {
    tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }
    reverse_proxy 127.0.0.1:2283
}

You'll need a Cloudflare API Token to allow Caddy to manage your DNS.

Go to Cloudflare Dashboard → API Tokens. Click Create Token → Custom Token. Set permissions: Zone → DNS → Edit Zone Resources → Include Specific Zone → Select Your Domain Click Create Token and copy it.

Now create an A record in your cloudflare dns with a wildcard, i.e. *.local and send it to the local IP of your server.

You now have a web server with domains that can only be used on the local network.

Comments