Caddy 2 cluster / Certmagic TLS cluster support for Consul K/V

Consul K/V Storage for Caddy TLS data.

This cluster plugin enables Caddy 2 to store TLS data like keys and certificates in Consul's K/V store so you don't have to rely on a shared filesystem. This allows you to use Caddy 2 in distributed environment and use a centralized storage for auto-generated certificates that is shared between all Caddy instances.

With this plugin it is possible to use multiple Caddy instances with the same HTTPS domain for instance with DNS round-robin. All data that is saved in the KV store is encrypted using AES.

The version of this plugin in the master branch supports Caddy 2.0.0+ using CertMagic's Storage Interface

Older versions

• For Caddy 0.10.x to 0.11.1 : use the old_storage_interface branch.
• For Caddy 1.x : use the caddy1 branch.

Configuration

Caddy configuration

You need to specify tlsconsul as the storage module in Caddy's configuration. This can be done in the config file of using the admin API.

JSON (reference)

...
{
    "storage": {
        "module": "tlsconsul"
    }
}
...

Caddyfile (reference)

...
{
    storage tlsconsul {}
}
...

Consul configuration

Because this plugin uses the official Consul API client you can use all ENV variables like CONSUL_HTTP_ADDR or CONSUL_HTTP_TOKEN to define your Consul address and token. For more information see https://github.com/hashicorp/consul/blob/master/api/api.go

Without any further configuration a running Consul on 127.0.0.1:8500 is assumed.

There are additional ENV variables for this plugin:

• CADDY_CLUSTERING_CONSUL_AESKEY defines your personal AES key to use when encrypting data. It needs to be 32 characters long.
• CADDY_CLUSTERING_CONSUL_PREFIX defines the prefix for the keys in KV store. Default is caddytls