I use Caddy for this. I’ll leave links to the documentation as well as a few examples.
Here’s the documentation for wildcard certs. https://caddyserver.com/docs/automatic-https#wildcard-certificates
Here’s how you add DNS providers to Caddy without Docker. https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148
Here’s how you do it with Docker. https://github.com/docker-library/docs/tree/master/caddy#adding-custom-caddy-modules
Look for the DNS provider in this repository first. https://github.com/caddy-dns
Here’s documentation about using environment variables. https://caddyserver.com/docs/caddyfile/concepts#environment-variables
Docker
A few examples of Dockerfiles. These will build Caddy with DNS support.
DuckDNS
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/duckdns
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Cloudflare
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/cloudflare
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Porkbun
FROM caddy:2-builder AS builder
RUN xcaddy build --with github.com/caddy-dns/porkbun
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Configure DNS provider
This is what to add the the Caddyfile, I’ve used these in the examples that follow this section. You can look at the repository for the DNS provider to see how to configure it for example.
DuckDNS
https://github.com/caddy-dns/cloudflare?tab=readme-ov-file#caddyfile-examples
tls {
dns duckdns {env.DUCKDNS_API_TOKEN}
}
CloudFlare
https://github.com/caddy-dns/cloudflare?tab=readme-ov-file#caddyfile-examples Dual-key
tls {
dns cloudflare {
zone_token {env.CF_ZONE_TOKEN}
api_token {env.CF_API_TOKEN}
}
}
Single-key
tls {
dns cloudflare {env.CF_API_TOKEN}
}
PorkBun
https://github.com/caddy-dns/porkbun?tab=readme-ov-file#config-examples Global
{
acme_dns porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
}
or per site
tls {
dns porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
}
Caddyfile
And finally the Caddyfile examples.
DuckDNS
Here’s how you do it with DuckDNS.
*.example.org {
tls {
dns duckdns {$DUCKDNS_TOKEN}
}
@hass host home-assistant.example.org
handle @hass {
reverse_proxy home-assistant:8123
}
}
Also you can use environment variables like this.
*.{$DOMAIN} {
tls {
dns duckdns {$DUCKDNS_TOKEN}
}
@hass host home-assistant.{$DOMAIN}
handle @hass {
reverse_proxy home-assistant:8123
}
}
CloudFlare
*.{$DOMAIN} {
tls {
dns cloudflare {env.CF_API_TOKEN}
}
@hass host home-assistant.{$DOMAIN}
handle @hass {
reverse_proxy home-assistant:8123
}
}
Porkbun
*.{$DOMAIN} {
tls {
dns porkbun {
api_key {env.PORKBUN_API_KEY}
api_secret_key {env.PORKBUN_API_SECRET_KEY}
}
}
@hass host home-assistant.{$DOMAIN}
handle @hass {
reverse_proxy home-assistant:8123
}
}
Unfortunately that’s one area I am bad with, I tend to use reverse_proxy for most such as Baikal running with the ckulka/baikal Docker image (which runs Nginx or Apache), otherwise I only static sites.
I’d start by looking at Baikal’s config for Apache and Nginx, https://sabre.io/baikal/install/ and comparing to the directives for Caddy, https://caddyserver.com/docs/caddyfile/directives and
Since it uses PHP, it will need that, https://caddyserver.com/docs/caddyfile/patterns#php
Upon my searches I came across this, it talks about running Baikal with Caddy specifically. https://github.com/caddyserver/caddy/issues/497
I hope that this provided some helpful directions.