README
¶
Linode module for Caddy
This package contains a DNS provider module for Caddy. It can be used to complete ACME DNS-01 challenges to get a TLS certificate from Let's Encrypt.
Caddy module name
dns.providers.linode
Caddy doesn't have this module built-in, so you need to build Caddy with this module.
See Building for instructions.
Building
To compile Caddy with this module, use xcaddy.
Import github.com/caddy-dns/linode using --with github.com/caddy-dns/linode:
xcaddy build --with github.com/caddy-dns/linode
This will produce a binary called caddy in the current directory that is
built with this module.
For an example of building Caddy with this module in a Docker container, see Example deployment.
Linode API token
See the README in the libdns-linode package for instructions on how to get a Linode Personal Access Token.
Example deployment
See this Caddyfile for an example deployment of this plugin. This docker-compose and Dockerfile build an image of Caddy with this plugin.
Config examples
To use this module for the ACME DNS challenge, configure the ACME issuer in your Caddy JSON like so:
{
"module": "acme",
"challenges": {
"dns": {
"provider": {
"name": "linode",
"api_token": "{env.LINODE_PERSONAL_ACCESS_TOKEN}",
"api_url": "{env.LINODE_API_URL}",
"api_version": "{env.LINODE_API_VERSION}",
"debug_logs_enabled": false
}
}
}
}
or with the Caddyfile:
# globally
{
acme_dns linode {$LINODE_PERSONAL_ACCESS_TOKEN}
}
# globally, with optional fields
{
acme_dns linode {
api_token {$LINODE_PERSONAL_ACCESS_TOKEN}
api_url {$LINODE_API_URL}
api_version {$LINODE_API_VERSION}
}
}
example.com {
}
# one site
example.com {
tls {
dns linode {$LINODE_PERSONAL_ACCESS_TOKEN}
}
}
# one site, with optional fields
example.com {
tls {
dns linode {
api_token {$LINODE_PERSONAL_ACCESS_TOKEN}
api_url {$LINODE_API_URL}
api_version {$LINODE_API_VERSION}
debug_logs_enabled false
}
}
}
# Full example, with recommended settings for Linode
example.com {
tls {
ca https://acme-v02.api.letsencrypt.org/directory
dns linode {
api_token {$LINODE_DNS_PAT}
api_url {$LINODE_API_URL}
api_version {$LINODE_API_VERSION}
debug_logs_enabled false
}
# Delay to ensure that the record is propagated, but disable
# checks because the local check always fails for me. Could be related
# to fail-loop described below?
propagation_delay 2m
propagation_timeout -1 # no checks
# When creating a TXT record with "0" TTL, Linode considers this a
# request for a record with the "Default" TTL, which results in a zone
# file with no TTL value.
# Common resolvers like 1.1.1.1 and 8.8.8.8 seem to cache this for a
# very long time. (24h?)
# Set dns_ttl to the lowest value allowed by Linode to avoid fail-loops
# where the CA sees the old TXT record despite the new one being present.
dns_ttl 30s
resolvers 1.1.1.1
}
# Serve static text at root
respond / "Hello world!"
}
You can replace {$*} or {env.*} with the actual values if you prefer to put it directly in your config instead of an environment variable.
The fields are:
api_token- The Linode Personal Access Token to use.api_url- The Linode API hostname to use, i.e.api.linode.com.api_version- The Linode API version to use, i.e.v4.debug_logs_enabled- true|false, whether to enable debug logs.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Provider ¶
Provider lets Caddy read and manipulate DNS records hosted by this DNS provider.
func (Provider) CaddyModule ¶
func (Provider) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*Provider) UnmarshalCaddyfile ¶
UnmarshalCaddyfile sets up the DNS provider from Caddyfile tokens. Syntax:
linode <api_token>
or, when specifying optional fields:
linode [<api_token>] {
api_token <string>
api_url <string>
api_version <string>
debug_logs_enabled <true|false>
}
Source Files