Caddy2初体验(20230323更新)
本文最后更新于 1562 天前, 如有失效请评论区留言.
Caddy2
使用小记
将Caddy升级到 Caddy2, 记录一下。 2.0版本改变挺大的。
环境
腾讯云香港轻量, Debian 11, 秒不可言。
安装caddy2
使用镜像或者源安装(推荐源安装)
安装caddy
docker安装
docker pull ysicing/caddy2
repo(推荐)安装
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://mirrors.ysicing.net/caddy/stable/deb/debian any-version main" | tee /etc/apt/sources.list.d/caddy.list
apt-get update
apt-get install caddy
二进制安装
wget https://github.com/caddyserver/caddy/releases/download/v2.6.4/caddy_2.6.4_linux_amd64.tar.gz
tar xf caddy_2.6.4_linux_amd64.tar.gz
mv caddy /usr/bin/caddy
配置systemd
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
# User=caddy
# Group=caddy
# EnvironmentFile=-/etc/caddy/caddy.env
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Caddyfile使用
目前 Caddy2 官方推荐配置文件使用 JSON 格式,或者,不使用配置文件,直接调用 admin API。但我推荐使用 Caddyfile, 日常维护起来要方便一些
caddy validate --adapter caddyfile --config /etc/caddy/Caddyfile
官方虽然说从v1升级到v2很简单,我信你的鬼
示例
{
# 开启实验性 HTTP/3
experimental_http3
# 测试通过的生产环境中去除该项
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
debug
}
(common_headers) {
encode gzip
}
(secure_headers) {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
}
}
(LOG) {
log {
output file "{args.0}" {
roll_size 100M
roll_uncompressed
roll_local_time
roll_keep 3
roll_keep_for 7d
}
format json
}
}
(ERR) {
handle_errors {
redir https://{err.status_code}.ysicing.net
}
}
import /etc/caddy/*.caddy
ci.hk2.godu.dev {
tls ops.ysicing@gmail.com
import common_headers
import secure_headers
import LOG "/var/log/caddy/ci.hk2.godu.dev.log"
import ERR
reverse_proxy 169.254.0.2:80
}
cr.hk2.godu.dev {
tls ops.ysicing@gmail.com
import common_headers
import secure_headers
import LOG "/var/log/caddy/cr.hk2.godu.dev.log"
import ERR
reverse_proxy 127.0.0.1:404
}
:80 {
respond "2020 hello"
}
配置说明
caddy2 引入了全局选项global options的概念,并且如果全局选项存在,必须位于 Caddyfile 的开头
{
# 开启实验性 HTTP/3
experimental_http3
# 测试通过的生产环境中去除该项
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
- 支持HTTP/3, 工作在 UDP 协议上,需要放行443 UDP
- Let’s Encrypt 测试环境,默认caddy2是处于生产环境,测试时可改为测试环境