To build Caddy with custom modules, first you'll want the XCaddy tool: https://github.com/caddyserver/xcaddy/releases
For Linux (AMD64), the following commands can be ran to install XCaddy v0.1.5 (released 30 Jul 2020 - latest version as of 26 Oct 2020)
To use XCaddy, you need the Golang (Go) development tools to compile Caddy (and the extra modules) from source code.
For Ubuntu 18.04 / 20.04 - it's usually best to install the dev tools via Ubuntu's snap system
In the following example, we'll build the latest Caddy with the following extra modules:
For each Caddy module, add a '–with' argument, pointing to the github repo URL, without the http(s):// at the start.
If you originally installed Caddy from package repos such as the fury.io repos for Ubuntu/Debian, then you'll want to update the systemd service for Caddy so that it points at /usr/local/bin/caddy (your custom built caddy with modules) instead of /usr/bin/caddy (original caddy from apt/yum)
Use systemctl to create a systemd overrides file, rather than editing the service file directly
Inside of the overrides file editor (nano or vim), enter the following, which tells systemd to clear the original caddy's ExecStart / ExecReload lines, and replace them with appropriate start/reload commands which use the customised /usr/local/bin/caddy
instead of /usr/bin/caddy
NOTE: Unfortunately, due to the design of Caddy, you'll need to copy the matcher into every domain block you want to use it in. You can't make a globally usable named matcher.
To avoid hitting certificate request rate limits, it's a good idea to test you can get SSL certs from staging first.
Staging LetsEncrypt must be configured in the root matcher block (inside curly braces before any other matchers)
The variable 'remote_host' contains the IPv4 / IPv6 address of the client connecting to the HTTP server
Full http.xxx variable list: https://caddyserver.com/docs/modules/http#docs
Simple specify each domain separated by a comma and a space:
Using TLS on-demand, Caddy will automatically obtain an SSL certificate for each sub-domain only when a sub-domain is requested for the first time.
This allows you to avoid having to configure Caddy to have access to your domain's DNS provider to use wildcard DNS: