使用场景
源站和反代分开,即源站和反代各一台服务器
系统:Debian12
caddy一键脚本
curl -sS -O https://raw.githubusercontent.com/woniu336/open_shell/main/caddy_manager.sh && chmod +x caddy_manager.sh && ./caddy_manager.sh
安装caddy
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod o+r /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
检测是否安装成功
caddy -v
配置修改
nano /etc/caddy/Caddyfile
我的配置如下
2345.com {
redir https://www.2345.com{uri} permanent
}
www.2345.com {
reverse_proxy 源站服务器ip:80
tls {
protocols tls1.2 tls1.3
}
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
Referrer-Policy no-referrer-when-downgrade
-Via
-Alt-Svc
}
log {
output file /var/log/caddy/2345.com.log {
roll_size 10mb
roll_keep 5
}
}
}
如果你的站点允许其他站点嵌入,例如播放器啥的,记得把以下配置注释掉
X-Frame-Options DENY
最后重启生效
systemctl restart caddy
将 Caddy 添加到开机自启
systemctl enable caddy
查看Caddy2运行状态
systemctl status caddy
多站点配置
修改配置
# 定义可复用的配置片段
(common_config) {
reverse_proxy 源站服务器ip:80
tls {
protocols tls1.2 tls1.3
}
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
Referrer-Policy no-referrer-when-downgrade
-Via
-Alt-Svc
}
}
2345.com {
redir https://www.2345.com{uri} permanent
}
www.2345.com {
import common_config
log {
output file /var/log/caddy/2345.com.log {
roll_size 10mb
roll_keep 5
}
}
}
new.example.com {
import common_config
log {
output file /var/log/caddy/new-example.log {
roll_size 10mb
roll_keep 5
}
}
}
然后重启生效
systemctl restart caddy
负载均衡
配置如下, 移除了日志的部分
# 定义可复用的配置片段
(common_config) {
reverse_proxy {
to 后端服务器1:80 后端服务器2:80
# 负载均衡策略(可选:round_robin, least_conn, ip_hash)
lb_policy round_robin
# 故障转移配置
lb_try_duration 30s
lb_try_interval 250ms
# 被动健康检查
fail_duration 30s
max_fails 3
unhealthy_status 5xx
# 主动健康检查
health_uri /
health_interval 15s
health_timeout 3s
}
tls {
protocols tls1.2 tls1.3
}
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
Referrer-Policy no-referrer-when-downgrade
X-XSS-Protection "1; mode=block"
-Via
-Alt-Svc
-Server
}
# 错误处理
handle_errors {
@5xx expression {http.error.status_code} >= 500
respond @5xx "服务暂时不可用,请稍后重试" 503
@4xx expression {http.error.status_code} >= 400
respond @4xx "请求错误" {http.error.status_code}
}
}
2345.com {
redir https://www.2345.com{uri} permanent
}
www.2345.com {
import common_config
}
header的部分也可以改成如下配置
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
X-XSS-Protection "1; mode=block"
-Via
-Alt-Svc
-Server
}
问题排查
配置出现错误,有可能是日志权限问题
# 创建日志目录
sudo mkdir -p /var/log/caddy
# 设置正确的所有者和权限
sudo chown -R caddy:caddy /var/log/caddy
sudo chmod 755 /var/log/caddy
卸载caddy
systemctl stop caddy
apt purge caddy
rm -rf /etc/caddy /var/lib/caddy /var/log/caddy