Building Custom Caddy Servers

Caddy is built using Go(lang) so to get going we’re going to need Go installed on our server if we are going to be building an extended version of caddy.

First, lets check what version of Go is already installed, if there is one:

If you do have Go installed, you’ll see something like this:

1root@caddyserver:~# go version
2go version go1.23.5 linux/amd64

If you don’t have Go installed, you’ll see this:

1root@caddyserver:~# go version
2-bash: go: command not found

Which means you’ll need to get it installed. Let’s go get Go. Once you know what version you are going to be using, you can install it as follows, or you can just follow the instructions on the Go website.

1GO_VERSION=1.23.5
2
3wget https://go.dev/dl/go{GO_VERSION}.linux-amd64.tar.gz
4rm -rf /usr/local/go && tar -C /usr/local -zxf go{GO_VERSION}.linux-amd64.tar.gz
5export PATH=$PATH:/usr/local/go/bin

Now, when you run go version you will get a better response

1root@caddyserver:~# go version
2go version go1.23.5 linux/amd64

Next, we should actually install caddy, this will just make it simpler to make sure all the infrastructure is in place once we come to update caddy with our custom build.

1apt install caddy -y
2systemctl stop caddy

We are going to stop caddy as soon as we get it in there, we don’t want it running so that we can update it once we have our build.

Next step is to get xcaddy installed so that we can build our custom version

1sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
2curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
3curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-xcaddy.list
4apt update
5apt install xcaddy -y
6xcaddy --version

Excellent, we have caddy and xcaddy installed. Now we can make a build of caddy with an additional module. You can find a list of the extra features on the download page. That is the other way to build this out but there are warnings all over the page telling us not to use it, so we will continue with this method. We are going to be building caddy with Bunny DNS for our DNS challenges, because it is awesome.

1xcaddy build --with github.com/caddy-dns/bunny

This will build the new version with bunny dns resulting in a new caddy binary being created in whichever directory you called the command from. Now all you have to do is copy the new binary across so that it can used when you start it up

1cp ./caddy /usr/bin/
2systemctl start caddy

The last piece of the puzzle is to add our Bunny DNS API key into the Caddyfile.

1micro /etc/caddy/Caddyfile
2# yeah, that's right, I use micro. You can use whichever text editor you like, no judgement.

Update you Caddyfile to include your Bunny DNS API Key

 1# The Caddyfile is an easy way to configure your Caddy web server.
 2#
 3# Unless the file starts with a global options block, the first
 4# uncommented line is always the address of your site.
 5#
 6# To use your own domain name (with automatic HTTPS), first make
 7# sure your domain's A/AAAA DNS records are properly pointed to
 8# this machine's public IP, then replace ":80" below with your
 9# domain name.
10
11tls {
12        acme_dns bunny XXxxXxXx-xxxx-XXXX-xxxx-XXXX-XXxxXXxxXXxx
13}
14
15
16:80 {
17        # Set this path to your site's directory.
18        root * /usr/share/caddy
19
20        # Enable the static file server.
21        file_server
22
23        # Another common task is to set up a reverse proxy:
24        # reverse_proxy localhost:8080
25
26        # Or serve a PHP site through php-fpm:
27        # php_fastcgi localhost:9000
28}

I am going to be honest, this isn’t the end to the document but there is enough information in here to be getting on with and will help someone get going. At this point I ran into an issue with the Bunny API and the DNS updates are not working to create the wildcard certs. I am going to be looking into it.