说明:之前关于反向代理教程发了好几个了,参考:利用Nginx反向代理来简单镜像HTTP(S)网站的方法,不过对比使用Caddy来反代的方法,还是麻烦了些,但是Nginx性能却好些,各有优点吧,一般不想折腾的就建议使用Caddy来反代,毕竟Caddy配置简单也支持自签Let’s Encrypt SSL证书,很方便。
更新
【2020.10.20】
替换脚本caddy安装包,算是修复了,有疑问随时留言即可。
安装Caddy
运行以下命令:
wget -N --no-check-certificate https://raw.githubusercontent.com/iiiiiii1/doubi/master/caddy_install.sh && chmod +x caddy_install.sh && bash caddy_install.sh
#备用地址
wget -N --no-check-certificate https://www.moerats.com/usr/shell/Caddy/caddy_install.sh && chmod +x caddy_install.sh && bash caddy_install.sh
配置文件
以下所有示例域名为toyoo.ml,请注意替换为自己的域名 !
1、服务器IP反向代理
下面是一个,用你服务器的IP来反向代理一个http协议的网站http://www.baidu.com 。
# 以下全部内容是一个整体,是一个命令,全部复制粘贴到SSH软件中并一起执行!
echo ":80 {
gzip
proxy / http://www.baidu.com
}" > /usr/local/caddy/Caddyfile
服务器IP也可以反向代理HTTPS协议的网站,但是需要自签SSL证书,现在的浏览器一般都不会认自签的SSL证书,所以不建议这么做。
2、域名反向代理HTTP
下面是一个,用你的域名来反向代理一个http协议的网站http://www.baidu.com。
# 以下全部内容是一个整体,是一个命令,全部复制粘贴到SSH软件中并一起执行!
echo "http://toyoo.ml {
gzip
proxy / http://www.baidu.com
}" > /usr/local/caddy/Caddyfile
如果你需要反向代理HTTPS协议的网站,比如https://www.baidu.com,那么继续看下面步骤。
3、域名反向代理HTTPS
如果你有SSL证书和密匙的话,把SSL证书(xxx.crt)和密匙(xxx.key)文件放到/root文件夹下(也可以是其他文件夹,自己改下面代码),然后这样做:
# 以下全部内容是一个整体,是一个命令,全部复制粘贴到SSH软件中并一起执行!
echo "https://toyoo.ml {
gzip
tls /root/xxx.crt /root/xxx.key
proxy / https://www.baidu.com
}" > /usr/local/caddy/Caddyfile
如果你没有SSL证书和密匙,那么你可以这样做:
下面的xxxx@xxx.xx改成你的邮箱,同时需要注意的是,申请SSL证书前,请务必提前解析好域名记录(解析后最好等一会,以全球生效),否则Caddy会申请并配置失败!
# 以下全部内容是一个整体,是一个命令,全部复制粘贴到SSH软件中并一起执行!
echo "https://toyoo.ml {
gzip
tls xxxx@xxx.xx
proxy / https://www.baidu.com
}" > /usr/local/caddy/Caddyfile
如果一切正常,那么Caddy会自动帮你申请SSL证书并配置好,而且会定时续约SSL证书和强制http重定向至https!
4、HTTP重定向为HTTPS
当你是手动指定SSL证书和密匙 来配置的话,Caddy只会监听443端口(https),并不会自动设置80端口(http)的重定向(如果是Caddy自动申请的SSL证书,那么就自动做好了),如果要做重定向的话,可以这样做:
下面的示例代码中,是把http://toyoo.ml、http://233.toyoo.ml、https://666.toyoo.ml三个域名都重定向到了 https://toyoo.ml。
# 以下全部内容是一个整体,是一个命令,全部复制粘贴到SSH软件中并一起执行!
echo "http://toyoo.ml ,http://233.toyoo.ml ,https://666.toyoo.ml {
redir https://toyoo.ml{url}
}
https://toyoo.ml {
gzip
tls /root/xxx.crt /root/xxx.key
proxy / https://www.baidu.com
}" > /usr/local/caddy/Caddyfile
修改完Caddy的配置文件后,重启Caddy即可。
/etc/init.d/caddy restart
关于Caddy更多介绍参考:一个极简的HTTP Server: Caddy一键安装脚本。
版权声明:本文为原创文章,版权归 Rat's Blog 所有,转载请注明出处!
本文链接:https://www.moerats.com/archives/422/
如教程需要更新,或者相关链接出现404,可以在文章下面评论留言。
怎么设置多个域名反代呢 a.com和b.com 都指向一个地址
请问Rats知道怎么同时反代和本地么,就是 website.com 为本地目录运行网站,但单独抽出 website.com/api 用于代理,我试了同时设置的话反代会 404……
还没试过,可以试试proxy /api https://xx.com,这种反代参数
您好!请问这个能反代理g~G么,我用的群晖,有自己的不备案域名,在docker安装Linux在部署。这样会出现问题么?
可以,不过得国外的网络才行
失效了 可以修复下脚本吗
有时间我看看,V1版本好像直接给停了。
博主你好,我想问一下,我用香港的VPS搭建了 Caddy , 然后设置了80端口的反向代理,就是上文的代码直接拷贝SSH执行,然后重启Caddy。但是我直接访问VPS的IP地址,却打不开。显示 154.204.42.244 HTTP ERROR -2146697211,请问是什么问题,如何解决?
博主你好,我安装配置了2个版本的Caddy,导致现在一键脚本中的卸载命令发生变化了,现在想把两个Caddy都卸载重新部署,该怎么办呀? 新安装的Caddy命令中并没有卸载选项
Usage of caddy:
Agree to the CA's Subscriber Agreement-agree
-ca string
URL to certificate authority's ACME server directory (default "https://acme-v02.api.letsencrypt.org/directory")-caddyfile-to-json
From Caddyfile stdin to JSON stdout-catimeout duration
Default ACME CA HTTP timeout (default 30s)-conf string
Caddyfile to load (default "Caddyfile")-cpu string
CPU cap (default "100%")-default-sni string
If a ClientHello ServerName is empty, use this ServerName to choose a TLS certificate-disable-http-challenge
Disable the ACME HTTP challenge-disable-tls-alpn-challenge
Disable the ACME TLS-ALPN challenge-disabled-metrics string
Comma-separated list of telemetry metrics to disable-email string
Default ACME CA account email address-env
Enable to print environment variables-envfile string
Path to file with environment variables to load in KEY=VALUE format-ginkgo.debug
If set, ginkgo will emit node output to files when running in parallel.-ginkgo.dryRun
If set, ginkgo will walk the test hierarchy without actually running anything. Best paired with -v.-ginkgo.failFast
If set, ginkgo will stop running a test suite after a failure occurs.-ginkgo.failOnPending
If set, ginkgo will mark the test suite as failed if any specs are pending.-ginkgo.flakeAttempts int
Make up to this many attempts to run each spec. Please note that if any of the attempts succeed, the suite will not be failed. But any failures will still be recorded. (default 1)-ginkgo.focus string
If set, ginkgo will only run specs that match this regular expression.-ginkgo.noColor
If set, suppress color output in default reporter.-ginkgo.noisyPendings
If set, default reporter will shout about pending tests. (default true)-ginkgo.noisySkippings
If set, default reporter will shout about skipping tests. (default true)-ginkgo.parallel.node int
This worker node's (one-indexed) node number. For running specs in parallel. (default 1)-ginkgo.parallel.streamhost string
The address for the server that the running nodes should stream data to.-ginkgo.parallel.synchost string
The address for the server that will synchronize the running nodes.-ginkgo.parallel.total int
The total number of worker nodes. For running specs in parallel. (default 1)-ginkgo.progress
If set, ginkgo will emit progress information as each spec runs to the GinkgoWriter.-ginkgo.randomizeAllSpecs
If set, ginkgo will randomize all specs together. By default, ginkgo only randomizes the top level Describe, Context and When groups.-ginkgo.regexScansFilePath
If set, ginkgo regex matching also will look at the file path (code location).-ginkgo.seed int
The seed used to randomize the spec suite. (default 1586486989)-ginkgo.skip string
If set, ginkgo will only run specs that do not match this regular expression.-ginkgo.skipMeasurements
If set, ginkgo will skip any measurement specs.-ginkgo.slowSpecThreshold float
(in seconds) Specs that take longer to run than this threshold are flagged as slow by the default reporter. (default 5)-ginkgo.succinct
If set, default reporter prints out a very succinct report-ginkgo.trace
If set, default reporter prints out the full stack trace when a failure occurs-ginkgo.v
If set, default reporter print out all specs as they begin.-grace duration
Maximum duration of graceful shutdown (default 5s)-host string
Default host-http-port int
Default port to use for HTTP (default 80)-http2
Use HTTP/2 (default true)-https-port int
Default port to use for HTTPS (default 443)-json-to-caddyfile
From JSON stdin to Caddyfile stdout-log string
Process log file-log-roll-compress
Gzip-compress rolled process log files (default true)-log-roll-mb int
Roll process log when it reaches this many megabytes (0 to disable rolling) (default 100)-log-timestamps
Enable timestamps for the process log (default true)-pidfile string
Path to write pid file-plugins
List installed plugins-port string
Default port (default "2015")-quic
Use experimental QUIC-quiet
Quiet mode (no initialization output)-revoke string
Hostname for which to revoke the certificate-root string
Root path of default site (default ".")-type string
Type of server to run (default "http")-validate
Parse the Caddyfile but do not start the server-version
Show version找到caddy二进制文件,command -v caddy就可以找到了,脚本安装的caddy好像在/usr/loacl/caddy文件夹,具体我忘了
502 Bad Gateway
搭建完,提示这个打不开
这个需要看下日志才行,tail -f /tmp/caddy.log命令
博主,能通过反代自己博客来得到加速的效果吗?gia线路内存小挤不下博客。
没啥不可以的,记得设置缓存
这不是逗比根据地的教程吗
对的
请问博主,我这边把caddyfile里的内容清掉了,手动恢复的时候,有一条proxy/....localhost:.....,这边是固定的参数,还是需要怎么设置
信息太少,不太清楚,你恢复后,重启看看