Open in app

Sign in

Write

Sign in

Configuring Caddy with Wildcard Subdomains

Romario Fitzgerald
2 min readJun 13, 2023
Photo by NASA on Unsplash

Welcome, diligent learners. Today, I’ll guide you through setting up a Caddy v2 server on Ubuntu, fully configured to support automatic HTTPS and wildcard subdomains, with DNS managed through DigitalOcean.

Prerequisites: An Ubuntu system with a user account featuring sudo privileges and a domain name registered with DigitalOcean.

Step 1: Installing Caddy

Our journey begins with ensuring your system package lists are up to date. This is crucial to maintain software currency and security:

sudo apt-get update

Caddy is not available in the standard Ubuntu repositories, requiring direct download from its website. At the time of writing, the latest stable version is v2.6.4:

wget https://github.com/caddyserver/caddy/releases/download/v2.6.4/caddy_2.6.4_linux_amd64.deb

Next, we’ll install Caddy with dpkg, a Debian package manager tool:

sudo dpkg -i caddy_2.6.4_linux_amd64.deb

We should ensure Caddy was installed properly by checking its status:

systemctl status caddy

Step 2: Configuring Caddy for Wildcard Subdomains

With Caddy installed, we now focus on making it handle wildcard subdomains. This enables our server to route traffic from any subdomain (e.g., sub1.yourdomain.com, sub2.yourdomain.com) to our application.

This is achieved by editing Caddy’s main configuration file:

sudo nano /etc/caddy/Caddyfile

Now, insert the following server block:

*.yourdomain.com {
    reverse_proxy 127.0.0.1:3000
}

The *.yourdomain.com syntax signals that the server block should handle any subdomain of "yourdomain.com". reverse_proxy 127.0.0.1:3000 instructs Caddy to forward all traffic it receives to an application running on the localhost (127.0.0.1) at port 3000.

Remember to replace “yourdomain.com” with your actual domain.

Step 3: Activating Automatic HTTPS with DigitalOcean DNS

Now to the pièce de résistance: Caddy’s automatic HTTPS. Out of the box, Caddy secures your sites with HTTPS by obtaining SSL/TLS certificates from Let’s Encrypt. But for wildcard certificates, we need to perform DNS validation.

With DigitalOcean as our DNS provider, we’ll require our DigitalOcean API token. This token allows Caddy to make DNS changes during the ACME DNS challenge, necessary for wildcard certificates. You can generate an API token from the DigitalOcean dashboard (remember, this token is sensitive data!).

Here’s the updated configuration with DigitalOcean DNS:

*.yourdomain.com {
    reverse_proxy 127.0.0.1:3000
    tls {
        dns digitalocean {env.DIGITALOCEAN_API_TOKEN}
    }
}

Replace {env.DIGITALOCEAN_API_TOKEN} with your actual DigitalOcean API token.

The tls directive instructs Caddy to secure the connection using TLS. The nested dns digitalocean {env.DIGITALOCEAN_API_TOKEN} is an instruction for Caddy to use DigitalOcean's DNS for the ACME DNS challenge, crucial for obtaining a wildcard certificate.

Once done, apply the changes by restarting Caddy:

sudo systemctl restart caddy

And there you have it! An expertly configured Caddy v2 server with wildcard subdomains, automatic HTTPS via Let’s Encrypt, and DNS management via DigitalOcean. Caddy gracefully handles certificate management, including automatic renewals.

Caddy
Wildcard
Wildcard Ssl

--

--

Romario Fitzgerald

Written by Romario Fitzgerald

24 Followers

I’m a young software developer and entrepreneur who is always looking for ways to grow.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams