使用场景

源站和反代分开,即源站和反代各一台服务器

系统:Debian12

安装caddy

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curlcurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpgcurl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.listchmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpgchmod o+r /etc/apt/sources.list.d/caddy-stable.listsudo apt updatesudo apt install caddy

检测是否安装成功

caddy -v

配置修改

nano /etc/caddy/Caddyfile

我的配置如下

2345.com {    redir https://www.2345.com{uri} permanent}www.2345.com {        reverse_proxy 源站服务器ip:80    tls {        protocols tls1.2 tls1.3    }    header {        Permissions-Policy interest-cohort=()        Strict-Transport-Security max-age=31536000;        X-Content-Type-Options nosniff        X-Frame-Options DENY        Referrer-Policy no-referrer-when-downgrade        -Via        -Alt-Svc    }    log {        output file /var/log/caddy/2345.com.log {            roll_size 10mb            roll_keep 5        }    }}

如果你的站点允许其他站点嵌入,例如播放器啥的,记得把以下配置注释掉

X-Frame-Options DENY

最后重启生效

systemctl restart caddy

将 Caddy 添加到开机自启

systemctl enable caddy

查看Caddy2运行状态

systemctl status caddy

多站点配置

修改配置

# 定义可复用的配置片段(common_config) {    reverse_proxy 源站服务器ip:80    tls {        protocols tls1.2 tls1.3    }    header {        Permissions-Policy interest-cohort=()        Strict-Transport-Security max-age=31536000;        X-Content-Type-Options nosniff        X-Frame-Options DENY        Referrer-Policy no-referrer-when-downgrade        -Via        -Alt-Svc    }}2345.com {    redir https://www.2345.com{uri} permanent}www.2345.com {    import common_config    log {        output file /var/log/caddy/2345.com.log {            roll_size 10mb            roll_keep 5        }    }}new.example.com {    import common_config    log {        output file /var/log/caddy/new-example.log {            roll_size 10mb            roll_keep 5        }    }}

然后重启

systemctl restart caddy

完结。