Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/luavixen/caddy-get-certificate-traefik-acme

Server that handles requests from the "http" Caddy TLS certificate manager using certificates from Traefik ACME acme.json storage files
https://github.com/luavixen/caddy-get-certificate-traefik-acme

caddy caddyserver tls-certificate tls-proxy tls-proxying traefik traefik-certificate-extract traefik-certs-dumper

Last synced: 19 days ago
JSON representation

Server that handles requests from the "http" Caddy TLS certificate manager using certificates from Traefik ACME acme.json storage files

Host: GitHub
URL: https://github.com/luavixen/caddy-get-certificate-traefik-acme
Owner: luavixen
Created: 2024-12-02T02:23:10.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-12-02T03:26:30.000Z (about 1 month ago)
Last Synced: 2024-12-02T03:26:45.469Z (about 1 month ago)
Topics: caddy, caddyserver, tls-certificate, tls-proxy, tls-proxying, traefik, traefik-certificate-extract, traefik-certs-dumper
Language: TypeScript
Homepage: https://caddyserver.com/docs/caddyfile/directives/tls#certificate-managers
Size: 10.7 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# caddy-get-certificate-traefik-acme
Server that handles requests from the `http` Caddy TLS certificate manager using certificates from Traefik ACME `acme.json` storage files.

Specifically, this lets Caddy use certificates provided by [Traefik's ACME / Let's Encrypt support](https://doc.traefik.io/traefik/https/acme/) without much hassle.
This is great if you want to put Traefik behind Caddy and still have Traefik manage all of its own certificates.

Usage is simple:
```sh
docker run \
-p 3000:3000 \
-v "/etc/traefik/acme.json:/acme.json" \
luavixen/caddy-get-certificate-traefik-acme:latest
```
You can also source certificates from multiple files:
```sh
docker run \
-p 3000:3000 \
-v "/etc/traefik/acme:/acme" \
-e ACME_STORAGE_PATH=/acme/acme1.json:/acme/acme2.json \
luavixen/caddy-get-certificate-traefik-acme:latest
```

I use this with [Dokploy](https://dokploy.com/) as I really like it, but I already use Caddy as my proxy.
Since Dokploy runs and manages its own Traefik instance, and routes everything through that, I needed to make Caddy send unmatched requests to Traefik transparently.

So, with Caddy handling ports 80 and 443, Traefik running behind it on 7080 and 7443, and `caddy-get-certificate-traefik-acme` on 3000, my Caddyfile looks something like this:
```caddyfile
# ... a bunch of Caddy-handled sites ...

# Match all HTTP requests and proxy them to Traefik
http:// {
reverse_proxy http://localhost:7080
}

# Match all HTTPS requests and proxy them to Traefik, but with the right certificates! :D
https:// {
tls {
# The magic is here:
get_certificate http http://localhost:3000/
}
reverse_proxy {
to https://localhost:7443
transport http {
tls_server_name {http.request.host}
}
}
}
```

Of course, this means that Caddy has to decrypt and re-encrypt everything, which sucks. But it works!

## Authors
Made with ❤ by Lua ([foxgirl.dev](https://foxgirl.dev/))