diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..851c379 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,6 @@ +{ + "cSpell.words": [ + "caddyfile", + "nslookup" + ] +} \ No newline at end of file diff --git a/content/posts/2023/12/05/cloudflare-dns-proxy-with-caddy.md b/content/posts/2023/12/05/cloudflare-dns-proxy-with-caddy.md new file mode 100644 index 0000000..e2213a5 --- /dev/null +++ b/content/posts/2023/12/05/cloudflare-dns-proxy-with-caddy.md @@ -0,0 +1,46 @@ +--- +title: "Cloudflare DNS Proxy With Caddy" +date: 2023-12-05T14:57:40-08:00 +draft: false +tags: [on-prem, hosting, caddy, cloudflare] +--- + +I have been using [Caddy](https://caddyserver.com/) as my [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for a bit now and its been great! I have also been using [Cloudflare](https://www.cloudflare.com/) for my DNS given its all API driven. But one thing I ran into issues with was being able to use Cloudflare to proxy my hosting IP behind one of their servers. This would be allow allow a user to `nslookup` against my dns record and only tell them about the Cloudflare IP. This is ideal because then I am able to hide my personal IP Address from the internet. + +But when I started with Caddy, I was not able to get this feature to work. But at the end of the day I picked Caddy because it has [Automatic Https](https://caddyserver.com/docs/automatic-https). This one feature and it being written in Go was one of the reasons I picked this. I did attempt to use something like `nginx` but this was before I had my own domain, and my tests failed. + +## Dynamic DNS + +One of the other reasons why I picked Cloudflare was because it was API driven. I have a Dynamic IP Address, and needed to ensure my sites would not be down when my IP changed. So I created a little Go tool called [cloudflare-ddns](https://git.jamestombleson.com/jtom38/cloudflare-ddns). The name is very basic but does the job. + +This tool is very simple. Every 15 minutes, it will check my IP Address and make sure all my defined A records in Cloudflare match. If they don't, then it will update them. If that is of intrest to you, take a look at the source code. + +## Cloudflare DNS Proxy + +So now that we have a little bit of a background, one thing I wanted to figure out was how to make this all work. + +I did try to use the Proxy service in the past but due to time, I did not spend much time on it. +I had https already so I did not care to mess around with it too much more. +But I did go and enable the Proxy service to see what happened. + +When it was enabled I was getting `Too Many Redirects` back. Well, this is because Caddy and Cloudflare both are trying to redirect my http traffic to https. +Given the Cloudflare was also trying to handle https for me, this made sense. +So to use the Cloudflare proxy, I need to configure Caddy to not handle https. + +## The solution + +So to make this all work its actually very simple. +Open your `caddyfile` and update the record to define `http://` for the host you want. + +```caddyfile +http://fake.domain.com { + reverse_proxy 192.168.1.1:8080 +} +``` + +Save the file and restart Caddy. + +Once Caddy comes back only, go over to Cloudflare and enable the proxy service on your A record and within a couple minutes, things should flow again! +if you run `nslookup fake.domain.com` you should now see the DNS record not point to your IP but a Cloudflare IP. + +With that change you are now good to go!