Jitdor Tech Tips

Get Caddy 2.0 now with Cloudflare DNS Provider module for automatic TLS

Three components are prerequisites for building Caddy 2 from source, they are

  1. Go 1.14 or newer
  2. Go Modules enabled
  3. xcaddy the official custom caddy builder


If you are on Ubuntu 20.04 LTS, the latest Go you could install via apt is 1.13, whereas for Ubuntu 18.04 LTS and Debian 10 you are stuck with 1.11. That means we are going to have to install it manually. At the time of writing, the current version is 1.14.2, and it can be manually installed by the following steps:

wget https://dl.google.com/go/go1.14.2.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.14.2.linux-amd64.tar.gz

This would create the Go runtime at /usr/local/go/bin. Next, we need to add this path to the PATH environment variable, first by running the following command in the current session, and to add it in ~/.bashrc so that it will be included in subsequent sessions:

export PATH=$PATH:/usr/local/go/bin

We can verify successful installation and path setup by running go version and echo $PATH.

Go Modules

Go Modules can be enabled by a Go environment variable, you can set it via

go env -w GO111MODULE="auto"

To verify it has been set properly, run go env or go env | grep GO111MODULE.


Building xcaddy is a simple 3-step affair:

git clone https://github.com/caddyserver/xcaddy.git
cd xcaddy/cmd/xcaddy
go build

Upon successful compilation, the binary xcaddy will be built within the same directory and you are now ready to build Caddy.

Building Caddy 2

Instruct xcaddy to build a custom Caddy 2 production version with the TLS DNS Providers:

./xcaddy build --with github.com/caddy-dns/cloudflare

After some crunching, you should see the following output:

[INFO] Temporary folder: /tmp/buildenv_2020-05-06
[INFO] Writing main module: /tmp/buildenv_2020-05-06/main.go
[INFO] Initializing Go module
[INFO] exec (timeout=10s): /usr/local/go/bin/go mod init caddy
go: creating new go.mod: module caddy
[INFO] Pinning versions
[INFO] exec (timeout=5m0s): /usr/local/go/bin/go get -d -v github.com/caddyserver/caddy/v2
go: github.com/caddyserver/caddy/v2 upgrade => v2.0.0
[INFO] exec (timeout=5m0s): /usr/local/go/bin/go get -d -v github.com/caddy-dns/cloudflare
go: downloading github.com/caddy-dns/cloudflare v0.0.0-20200502232814-2d0180ea97cd
go: github.com/caddy-dns/cloudflare upgrade => v0.0.0-20200502232814-2d0180ea97cd
go: downloading github.com/libdns/cloudflare v0.0.0-20200501010544-dc6e6a382059
go: downloading golang.org/x/sys v0.0.0-20200413165638-669c56c373c4
go: downloading github.com/miekg/dns v1.1.29
go: downloading gopkg.in/square/go-jose.v2 v2.5.0
go: downloading github.com/cenkalti/backoff/v4 v4.0.2
[INFO] Build environment ready
[INFO] Building Caddy
[INFO] exec (timeout=5m0s): /usr/local/go/bin/go build -o /root/xcaddy/cmd/xcaddy/caddy -ldflags -w -s -trimpath
go: downloading github.com/manifoldco/promptui v0.7.0
go: downloading github.com/imdario/mergo v0.3.9
[INFO] Build complete: caddy
[INFO] Cleaning up temporary folder: /tmp/buildenv_2020-05-06

./caddy version
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=

There you have it! You may verify the Cloudflare plugin is there by running ./caddy list-modules | grep dns:


If you see this, everything is in order. Finally, move the caddy binary to the local binary directory:

mv caddy /usr/local/bin/

Rewriting systemd service and Caddyfile

As the launching parameters have changed, you will need a new systemd service file, such as the one below:


ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile


Converting Caddyfile from v1 to v2 is simple. Let’s say your Caddy1 file looks like below:

dllm.com {
   tls {
      dns cloudflare
   root /var/www/dllm
   fastcgi / /run/php/php7.4-fpm.sock php

The Caddyfile for Caddy 2 will be like this:

tls {
   dns cloudflare <api_token>
encode gzip
root * /var/www/dllm
php_fastcgi unix//run/php/php7.4-fpm.sock

Replace api_token with your Cloudflare API token. Note that this is referring to the API Token which you have assigned specific rights to (e.g. it can only update records within a particular zone), and not the Global API Key that was being used previously.

Refresh your systemd service by issuing the systemctl daemon-reload command, and you should be able to start your Caddy service at this point.

Pages: 1 2





Leave a Reply