I ended up building it myself, which may be the best option if you want to use other plugins. I have it set up in my own Forgejo with a CI configuration to auto build the binary and docker image. Forgejo let's you also host container images, so I can just pull from the latest build wherever I need it.
this post was submitted on 23 Jun 2026
14 points (100.0% liked)
Selfhosted
60114 readers
623 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
I custom-build the Caddy container since it is easy to do with xcaddy. It is automated to run every week via Forgejo Actions on a Forgejo repo, and one can pull the latest images from there using Portainer or whatever docker updater software there is.
You can also use any other CI/CD solutions you like as long as it churn out a regularly updated image. Github Actions is another good one if you don't wanna set up Forgejo.
The caddy-cloudflare image is probably also enough for your use case, assuming they're regularly updated. But if you like control, CI is one way to go.
There is recently an 'official' caddy with cloudflare Docker Image
Maintainer is Matthew Holt himself the creator of Caddy github issue reply from mholt
Holy shit, that's awesome! Thanks for sharing
One thing to keep in mind is that the release cycle isn't very clear. Caddy itself is updated frequently, but this Caddy+Cloudflare image appears to be updated independently and was last rebuilt about 3 months ago. That means it may lag behind upstream Caddy releases, so it's worth checking whether timely updates are important for your use case.
I asked myself the same question before. If only caddy had an official image with the cloudflare plugin, so we wouldn't have to build ourselves or trust 3rd party providers. But oh well, if you have any other custom image, you might as well build caddy as well.
You could just build it yourself, there's not much to it.
Dockerfile:
ARG VERSION=2
FROM caddy:${VERSION}-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:${VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
My Dockerfile is under dockerfile-dns and then in docker-compose.yaml instead of pointing to an image I have:
services:
caddy:
build: ./dockerfile-dns
I'm not 100% sure of the right way to update it, but I think I usually use something like docker compose build --pull --no-cache.
I'm not entirely sure, but I think you can skip the "--no-cache" as it seems to still check for image updates. It helps to speed things up, especially if you check for updates more frequently.
This is basically the dockerfile these projects provide, so I guess I could do this myself. How do you keep the caddy container up to date? I have tugtainer (something like watchtower) update caddy automatically, but I guess this set up would break that
I have tugtainer (something like watchtower) update caddy automatically, but I guess this set up would break that
Does tugtainer (always makes me giggle) have to ability to label containers for exclusion like watchtower does?
Yup. It's basically watchtower with a gui
Well, what I was thinking/spitballing is that you could label your Caddy container, do updates on everything else. That leaves Caddy to administer when you can devote 15/20 minutes to rebuilding the Caddy container by itself. Not the most graceful, automated solution, but........
I can't help you with automation. I update my containers manually, whenever I think to do it. Nothing is accessible outside my network so I'm not worried about staying on top of security updates.
I have a Dockerifle like that:
ARG CADDY_VERSION=2.11.3
FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:${CADDY_VERSION}-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
and the docker-compose.yml file I use:
services:
caddy:
pull_policy: build
build:
context: .
And to build new versions I modify the Dockerfile after doing a docker compose down, and then to build the new version I use docker compose up.
I currently build my own Caddy docker container with a Dockerfile using xcaddy and the caddy-builder-alpine image.
xcaddy adds these github.com/caddy-dns/cloudflare github.com/lucaslorentz/caddy-docker-proxy/v2
That seems like a good option. How do you keep it updated?
I have a Dockerifle:
ARG CADDY_VERSION=2.11.3
FROM caddy:${CADDY_VERSION}-builder-alpine AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:${CADDY_VERSION}-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
and the docker-compose.yml file I have this snippet at the top, of course this isn't the full file as there are specifics to my usecase in my full yml:
services:
caddy:
pull_policy: build
build:
context: .
And to build new versions I modify the Dockerfile after doing a docker compose down, and then to build the new version I use docker compose up.``
Though this is outdated for my current setup, as I also use github.com/lucaslorentz/caddy-docker-proxy by adding "--with github.com/lucaslorentz/caddy-docker-proxy/v2" below where I added the Cloudflare repo.
This is so I can use Docker Labels to to automate entries.