使用Caddy 2的安装、配置gzip,websocket,redir,PHP,basicauth搭建一个简单的WEB网站。

Caddy V2版本改动较大,详见Upgrading to Caddy 2配置文件Caddyfile、JSON与Caddy v1不兼容。许多小伙伴们吐槽在开倒车,可视自己的需求决定是否升级到Caddy2,详情参考Caddy官网

  1. https://caddyserver.com
  2. https://github.com/caddyserver/caddy

安装

Caddy下载安装

Debian, Ubuntu, Raspbian

echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" \
    | tee -a /etc/apt/sources.list.d/caddy-fury.list
apt update
apt install caddy

Fedora or RHEL/CentOS 8:

dnf install 'dnf-command(copr)'
dnf copr enable @caddy/caddy
dnf install caddy

RHEL/CentOS 7:

yum install yum-plugin-copr
yum copr enable @caddy/caddy
yum install caddy

选择插件Download Caddy

比如Debian_x86_x64选择Linux amd64系统,再勾选插件(可多选)下载 后的文件名为caddy_linux_amd64_custom替换掉/usr/bin/caddy二进制可执行文件

mv caddy_linux_amd64_custom /usr/bin/caddy
chmod +x /usr/bin/caddy

配置 systemd 开机自动启动服务

if you configure Caddy with a file.

curl -s  https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service  -o /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl enable caddy.service
systemctl status caddy.service

if you configure Caddy solely through its API.

curl -s  https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy-api.service  -o /etc/systemd/system/caddy-api.service
systemctl daemon-reload
systemctl enable caddy-api.service
systemctl status caddy-api.service

配置Caddfile配置文件

编辑文件/etc/caddy/Caddyfile 示范如下

example.com {
	#experimental_http3
	#respond "Hello, world!"
	root * /usr/share/caddy/example.com
	file_server /* browse
	#file_server
	encode gzip zstd
	php_fastcgi unix//run/php/php7.3-fpm.sock
	#Protect all resources in /secret so only Bob can access them with the password "hiccup"
	basicauth /secret/* {
	Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX	
	#使用caddy hash-password生成base64密码
	}
	#redir https://example.com{uri}
	@v2ray_websocket {
	path /ray
	header Connection *Upgrade*
	header Upgrade websocket
	}
    reverse_proxy @v2ray_websocket localhost:22782
}

验证Caddyfile有效性

caddy adapt --config caddy adapt --config /etc/caddy/Caddyfile --pretty --validate

Caddyfile生成JSON配置

caddy adapt --config /etc/caddy/Caddyfile --pretty

通过systemd管理caddy

systemctl start caddy.service
systemctl stop caddy.service
systemctl restart caddy.service
systemctl reload caddy.service
systemctl status caddy.service

Caddy 2生成的SSL证书默认路径

/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt
/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key

其它

root@debian:~# caddy version
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
root@debian:~# caddy
Caddy is an extensible server platform.

usage:
  caddy <command> [<args...>]

commands:
  adapt           Adapts a configuration to Caddy's native JSON
  build-info      Prints information about this build
  environ         Prints the environment
  file-server     Spins up a production-ready file server
  fmt             Formats a Caddyfile
  hash-password   Hashes a password and writes base64
  help            Shows help for a Caddy subcommand
  list-modules    Lists the installed Caddy modules
  reload          Changes the config of the running Caddy instance
  reverse-proxy   A quick and production-ready reverse proxy
  run             Starts the Caddy process and blocks indefinitely
  start           Starts the Caddy process in the background and then returns
  stop            Gracefully stops a started Caddy process
  trust           Installs a CA certificate into local trust stores
  untrust         Untrusts a locally-trusted CA certificate
  validate        Tests whether a configuration file is valid
  version         Prints the version

Use 'caddy help <command>' for more information about a command.

Full documentation is available at:
https://caddyserver.com/docs/command-line
root@debian:~#