系统:debian12
准备工作
假设1234.com是用户访问的域名,再找一个域名,例如 1234.kkk.eu.org
1234.kkk.eu.org 绑定到源站(注意:1234.com也要绑定到源站)
1234.kkk.eu.org 解析到源服务器 IP 地址,开启 CDN(小云朵),设置为灵活模式
给 Caddy 正确的日志目录权限
sudo mkdir -p /var/log/caddy
sudo chown -R caddy:caddy /var/log/caddy
sudo chmod 750 /var/log/caddy
安装caddy
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod o+r /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
检测是否安装成功
caddy -v
配置修改
nano /etc/caddy/Caddyfile
反代配置如下:
(common) {
tls {
protocols tls1.2 tls1.3
}
header {
-Via
-Alt-Svc
-Server
}
}
(proxy) {
header_up Host {upstream_hostport}
header_up X-Real-IP {remote}
}
1234.com {
redir https://www.1234.com{uri} permanent
}
www.1234.com {
import common
reverse_proxy https://1234.kkk.eu.org {
import proxy
}
}
或者
g.1111.cc {
encode zstd gzip
reverse_proxy https://xxxx.22222.eu.org {
transport http {
dial_timeout 2s
keepalive 30s
keepalive_idle_conns 100
}
header_up Host {upstream_hostport}
header_up X-Real-IP {remote}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
-Server
-Via
-Alt-Svc
-X-Powered-By
defer
}
@blockedips remote_ip \
66.132.159.0/24 \
162.142.125.0/24 \
167.94.138.0/24 \
167.94.145.0/24 \
167.94.146.0/24 \
167.248.133.0/24 \
199.45.154.0/24 \
199.45.155.0/24 \
206.168.34.0/24 \
206.168.35.0/24 \
2602:80d:1000:b0cc:e::/80 \
2620:96:e000:b0cc:e::/80 \
2602:80d:1003::/112 \
2602:80d:1004::/112
handle @blockedips {
respond "Your IP has been blocked." 403 {
close
}
}
@badbots header_regexp User-Agent "(?i)censys|shodan|zoomeye|ahrefs|mj12|semrush|dotbot|libwww-perl|nmap|masscan|dirbuster|sqlmap|nikto|wpscan|whatweb|wget|fetch|httpclient|crawler|scrapy|httpx|netcraft|zgrab|nessus|openvas"
handle @badbots {
respond "Access denied" 403 {
close
}
}
@assets path_regexp \.(jpg|jpeg|png|gif|webp|svg|ico|bmp|avif|icon|css|js|mjs|map|woff2?|ttf|otf|eot|wasm)$
header @assets Cache-Control "public, max-age=2592000, immutable"
log {
level INFO
output file /var/log/caddy/caddy-web.log {
roll_size 10MB
roll_keep 10
}
}
}
或者(推荐)
# 公共配置片段
(common_security) {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
-Server
-Via
-Alt-Svc
-X-Powered-By
defer
}
@blockedips remote_ip \
66.132.159.0/24 \
162.142.125.0/24 \
167.94.138.0/24 \
167.94.145.0/24 \
167.94.146.0/24 \
167.248.133.0/24 \
199.45.154.0/24 \
199.45.155.0/24 \
206.168.34.0/24 \
206.168.35.0/24 \
2602:80d:1000:b0cc:e::/80 \
2620:96:e000:b0cc:e::/80 \
2602:80d:1003::/112 \
2602:80d:1004::/112
handle @blockedips {
respond "Your IP has been blocked." 403 {
close
}
}
@badbots header_regexp User-Agent "(?i)censys|shodan|zoomeye|ahrefs|mj12|semrush|dotbot|libwww-perl|nmap|masscan|dirbuster|sqlmap|nikto|wpscan|whatweb|wget|fetch|httpclient|crawler|scrapy|httpx|netcraft|zgrab|nessus|openvas"
handle @badbots {
respond "Access denied" 403 {
close
}
}
@assets path_regexp \.(jpg|jpeg|png|gif|webp|svg|ico|bmp|avif|icon|css|js|mjs|map|woff2?|ttf|otf|eot|wasm)$
header @assets Cache-Control "public, max-age=2592000, immutable"
}
(common_log) {
log {
level INFO
output file /var/log/caddy/caddy-web.log {
roll_size 10MB
roll_keep 10
}
}
}
# 站点配置
g.11111.cc {
encode zstd gzip
reverse_proxy https://www.22222.com {
transport http {
dial_timeout 2s
keepalive 30s
keepalive_idle_conns 100
}
header_up Host {upstream_hostport}
header_up X-Real-IP {remote}
}
import common_security
import common_log
}
重启生效
systemctl restart caddy
将 Caddy 添加到开机自启
systemctl enable caddy
查看 Caddy2 运行状态
systemctl status caddy
格式规范的警告,使用以下命令修复
caddy fmt --overwrite /etc/caddy/Caddyfile
卸载caddy
systemctl stop caddy
apt purge caddy
rm -rf /etc/caddy /var/lib/caddy /var/log/caddy