原创文章,转载请注明出处
https://qiedd.com/
众所周知,Caddy 可以自动申请证书,因此只要复用此证书,我就可以丢掉烦人的 acme.sh
安装 Caddy
Arch Linux
# xcaddy 在 aur 源 yay -Sy caddy xcaddy-bin go
其他发行版
go 安装: https://go.dev/doc/install
Caddy 安装: https://caddyserver.com/docs/install
xCaddy安装: https://github.com/caddyserver/xcaddy
编译 Caddy
Caddy 默认的 Proxy 无法对回落的流量进行 SNI 分流
# caddy 编译 xcaddy build --with github.com/mastercactapus/caddy2-proxyprotocol # 可以先看看运行的是哪个caddy systemctl cat caddy # 替换原版 caddy mv caddy /usr/bin/caddy # 查看是否编译成功 caddy list-modules # 结尾几行 ....... Standard modules: 100 caddy.listeners.proxy_protocol Non-standard modules: 1 Unknown modules: 0
配置 Caddy
Caddyfile 一般默认路径 /etc/caddy/Caddyfile
{
auto_https disable_redirects
servers :8080 {
listener_wrappers {
proxy_protocol {
timeout 2s
allow 0.0.0.0/0
}
tls
}
protocols h1 h2 h2c h3
}
}
:80 {
redir https://{host}{url}
}
import /etc/caddy/conf.d/*在 /etc/caddy/conf.d 中任意起一个文件
# vim /etc/caddy/conf.d/example.com
http://example.com:8080 {
reverse_proxy https://bing.com {
header_up Host {upstream_hostport}
transport http {
tls
}
}
}
example.com:8443 {
reverse_proxy https://bing.com {
header_up Host {upstream_hostport}
transport http {
tls
}
}
}Caddy 启动前请确认 /etc/hosts 不为空
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 启动 Caddy systemctl start caddy # 开机启动 systemctl enable caddy
查看 /var/lib/caddy/certificates 下是否有证书, 保存你证书的完整路径
# 查看路径 ls /var/lib/caddy/certificates # 例子 /var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt /var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key
配置 Xray
Archlinux
# 安装 Xray pacman -Sy xray
其他发行版: https://github.com/XTLS/Xray-install
修改 systemd 配置
# 查看路径 systemctl cat xray # 修改配置 vim /usr/lib/systemd/system/xray.service # 修改用户组 [Service] User=xray # 修改后 [Service] User=caddy # 重载 systemd systemctl daemon-reload
修改 xray 配置 /etc/xray/config.json, 脚本安装用户路径 (状态: 待补充)
{
"log": {
"loglevel": "debug"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:google"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "4ee9ae2b-fad5-4083-a036-b7e44bbc09f0",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "8080",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.3",
"certificates": [
{
"certificateFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt",
"keyFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key"
}
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}启动 Xray
# 启动 systemctl start xray # 开启基地 systemctl enable xray
Client 端配置, 用 v2rayNG 为例
参考资料
https://xtls.github.io/document/level-1/fallbacks-with-sni.html#caddy-%E9%85%8D%E7%BD%AE
1 条评论
anonymous · 2024年7月2日 下午1:36
求教,请问Caddyfile中8443端口是起什么作用的?