0. Caddy非常好用而且简洁的反向代理服务器

一个用 Go 写的 Web 服务器,它的配置简洁,同时能自动开启 HTTPS、支持 HTTP/2 && QUIC

备注:我们的环境 CentOS linux 7.2

1. 下载和安装Caddy

  ]#  wget https://github.com/mholt/caddy/releases/download/v0.11.5/caddy_v0.11.5_linux_amd64.tar.gz
  ]#  tar zxvf caddy_v0.11.5_linux_amd64.tar.gz
  ]#  ./caddy -version
  	  Caddy 0.11.5 (+80dfb8b Mon Mar 04 19:50:49 UTC 2019) (unofficial)
  	  1file changed, 1 insertion(+), 1 deletion(-)
  	  caddy/caddymain/run.go
  ]#  sudo cp caddy /usr/local/bin/
  ]#  sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/caddy

2. 注册服务

使用的是官方提供的脚本 caddy.service,直接在解压包中就可以找到

]#  cp init/linux-systemd/caddy.service /etc/systemd/system

另外也可以从官方下载

https://github.com/mholt/caddy/blob/master/dist/init/linux-systemd/caddy.service

参考:https://github.com/mholt/caddy/blob/master/dist/init/linux-systemd/README.md

设置完成 /etc/caddy/Caddyfile 和 /etc/ssl/caddy 后再通过

]#  systemctl daemon-reload
]#  systemctl start caddy.service  //启动
]#  systemctl enable caddy.service  //开机启动
]#  systemctl stop caddy.service   //停止
]#  systemctl restart caddy.service  //重启
]#  systemctl status caddy.service -l  //查看状态

3. 创建用户和建立目录

为了安全起见,我们创建www-data用户和用户组

]#  groupadd www-data
]#  useradd -M -g www-data www-data 

上面创建了三个目录, /etc/caddy 用了存放 Caddy 的配置文件, /etc/ssl/caddy 存放证书, /var/www 是默认的网站目录。

]#  sudo mkdir /etc/caddy
]#  sudo chown -R root:www-data /etc/caddy
]#  sudo touch /etc/caddy/Caddyfile

]#  sudo mkdir /etc/ssl/caddy
]#  sudo chown -R www-data:root /etc/ssl/caddy
]#  sudo chmod 0755 /etc/ssl/caddy

]#  sudo mkdir /var/www
]#  sudo chown www-data:www-data /var/www

4. 配置 /etc/caddy/Caddyfile

比如本人博客域名到内部服务反向代理:

www.michaelapp.com {
   proxy / 127.0.0.1:2000 
   tls <Your Email>
}
	
ftps.michaelapp.com  {
        proxy / 127.0.0.1:9000 {
                header_upstream X-Forwarded-Proto {scheme}
                header_upstream X-Forwarded-Host {host}
                header_upstream Host {host}
                health_check /minio/health/ready
        }
        tls <Your Email>
}

5. 运行

]#  systemctl daemon-reload
]#  systemctl enable caddy.service  //开机启动
]#  systemctl restart caddy.service  //重启

6. 参考文献