- Create new token https://dash.cloudflare.com/profile/api-tokens
Give your token a descriptive name (e.g. Caddy), and add 2 permissions:
- Zone - Zone - Read
- Zone - DNS - Edit
./caddy_cf_token
CF_TOKEN=...caddy/Caddyfile
https://example.com {
tls {
dns cloudflare {env.CF_TOKEN}
resolvers 1.1.1.1 # optional
}
# ...
}./compose.yaml
networks:
my-net:
external: true
services:
caddy:
image: teamgosh/caddy
container_name: caddy
ports:
- "80:80"
- "443:443"
- "443:443/udp" # Used by QUIC / HTTP/3
env_file: ${PWD}/caddy_cf_token
volumes:
- ./caddy:/etc/caddy
- ./data:/data
- ./www:/var/www
restart: unless-stopped
networks:
- my-net- Turn on "Proxied" in Cloudflare's DNS Dashboard
Credits: https://roelofjanelsinga.com/articles/using-caddy-ssl-with-cloudflare/