Skip to content
高进波的博客

Caddy安装和使用

Caddy安装

on docker

docker run --name caddy -d -p 80:80 -p 443:443 -p 127.0.0.1:2019:2019\
    -e TZ=Asia/Shanghai -e DNS=223.5.5.5,8.8.8.8 \
    -v /data/web/:/usr/share/caddy/ \
    -v /data/caddy/config:/config \
    -v /data/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v /data/caddy/data:/data \
    caddy:2.9.1-alpine


curl 127.0.0.1:2019/config/ -v|jq

on ubuntu/debian

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

on centos

#centos8
dnf install 'dnf-command(copr)'
dnf copr enable @caddy/caddy
dnf install caddy


#centos7
yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy

使用

反向代理

https://gaojinbo.com {
   reverse_proxy /path http://localhost:54321 {
      header_up Host 101.2.2.2
      #header_up Host {host}
      header_up X-Real-IP {remote}
      header_up X-Forwarded-For {remote}
      header_up X-Forwarded-Port {server_port}
      header_up X-Forwarded-Proto "http"
   }
}

跨域

https://gaojinbo.com {
   reverse_proxy /path http://localhost:54321 {
      header_up Host {http.reverse_proxy.upstream.hostport}
      header_down Access-Control-Allow-Headers *
      header_down Access-Control-Allow-Origin *
   }
}

代理websocket

bsc-rpc.gaojinbo.com {
    reverse_proxy http://127.0.0.1:8545
}

重定向

#1
www.gaojinbo.com {
  redir https://gaojinbo.com{uri} permanent
}


#2
gaojinbo.com {
  redir /about-us /about
  reverse_proxy localhost:9000
}


#3
http://gaojinbo.com {
  redir https://{host}{uri}
}

文件列表

gaojinbo.com {
        # Set this path to your site's directory.
        root * /usr/share/caddy


        # Enable the static file server.
        file_server browse
}

缓存头控制

http://idm.gaojinbo.com {
        header /static* {
                Cache-Control "public, max-age=3600, must-revalidate"
        }
        # no cache for sitemaps
        header / {
                Cache-Control "no-cache, no-store, must-revalidate"
        }
   reverse_proxy http://localhost:8080 {
      header_up Host {host}
      header_up X-Real-IP {remote}
      header_up X-Forwarded-For {remote}
   }


}

去掉Server头信息

(headerz) {
    header {
    -server
    -Link
    -X-Powered-By
    }
}


gaojinbo.com {
        reverse_proxy http://localhost:19997 {
                header_up Host 182.254.244.86
        }
                http_cache {  # 针对各个站点的cdn配置
                #cache_type file
                #path /tmp/cache
                cache_type in_memory
                default_max_age 15m
                match_path /
                match_header Content-Type text/css text/javascript application/javascript image/jpg image/png "text/plain; charset=utf-8"
        }
        import headerz
}

自定义SSL

casdoor.gaojinbo.com {
tls /opt/ssl/gaojinbo.crt /opt/ssl/gaojinbo.key
   reverse_proxy http://localhost:8000 {
   }
}

自定义404

gaojinbo.com {
        root * /web/gaojinbo.com/
        file_server
        handle_errors {
          rewrite * /{err.status_code}.html
          file_server
        }
}

监控metrics

{
        supervisor {
                php-fpm --nodaemonize {
                        env DEBUG false
                        redirect_stdout stdout
                        redirect_stderr stdout
                        restart_policy on_failure
                }
        }
        servers {
                metrics
        }
}


:80 {
        respond "Hi!"
}


http://tt.gaojinbo.com {
    root * /app/public/wp6/wordpress/
    php_fastcgi localhost:9000
    file_server
}

限速

#编译插件
xcaddy build --with github.com/mholt/caddy-ratelimit


gaojinbo.com {
    rate_limit 5 1h {
        jitter 1s
    }
}
#每小时内最多处理 5 个请求
#jitter 1s 表示每次计算重试时间时,会在基础上增加最多 1 秒的随机时间,以分散重试请求