Skip to main content

Caddy

概述#

  • #1806 - Watch Caddyfile for changes
# macOS 安装# 不会安装插件brew install caddy
# 直接启动, 会使用当前目录下的 Caddyfile 作为配置文件caddy# 查看安装的插件caddy -plugins# 验证配置caddy -validate -conf Caddyfile
# Docker 启动# 配置 /etc/Caddyfile# root /srv# cert /root/.caddy 或 CADDYPATH# 该镜像不包含插件, 插件需要自己构建docker run --rm -it -v $PWD:/srv -p 2015:2015 abiosoft/caddy# 包含所有插件# 其他标签: latest 基于 Alpine, php 添加了 PHP 支持docker run --rm -it -v $PWD:/srv -p 2015:2015 wener/caddy:full# 验证配置docker exec web caddy -validate -conf /caddy/Caddyfile
# 从命令行直接添加配置caddy -port 8080 browse markdown "log access.log"# 重载配置kill -USR1 PID# 使用 Docker 重载docker kill -s USR1 web
# 常用的配置mkdir rootcaddy -conf Caddyfile

信号量处理#

SignalBehavior
TERMForcefully exits the process without executing shutdown hooks.
INTForcefully exits the process after executing shutdown hooks. This is the only "signal" that works on Windows (Ctrl+C). A second SIGINT forces immediate termination, even if shutdown hooks are still running.
HUPGracefully stops the server, but does not execute shutdown hooks.
QUITGracefully stops the server after executing shutdown hooks.
USR1Reloads the configuration file, then gracefully restarts the server. This spins up a process with a different process ID.

日志配置#

  • 格式
    • {common} - {remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size}
    • {combined} - {common} \"{>Referer}\" \"{>User-Agent}\"
log requests.log {    rotate_size 50  # Rotate after 50 MB    rotate_age  90  # Keep rotated files for 90 days    rotate_keep 20  # Keep at most 20 log files    rotate_compress # Compress rotated log files in gzip format}

Example#

# 内部文件文档服务localhost:2016 {  gzip  log internal/access-2016.log  errors visible  browse  hugo  root files  bind 127.0.0.1  ext .html .htm .md}
:80 {  # startup echo started > start  gzip  internal /internal  log internal/access-8080.log
  # 在 localhost:9180/metrics 查看  prometheus
  tls {    max_certs 10  }
  # 授权  basicauth /files wener wener  # 转发到 /files  proxy /files http://localhost:2016 {    # policy round_robin    # health_check /health    without /files    # proxy_header X-Real-IP {remote}    proxy_header X-Forwarded-Proto {scheme}    proxy_header X-Forwarded-For {host}    proxy_header Host {host}  }
  # 转发远程服务到本地  proxy /api api.wener.me {    without /api  }  header /api {    # Access-Control-Allow-Origin  *    # Access-Control-Allow-Methods "GET, POST, OPTIONS"    X-Do-Proxy "true"    -Server  }  # 允许 CORS 避过无法直接访问远程的问题  cors /api http://editor.swagger.io  jsonp /api
  # 需要通过 JWT_SECRET 环境变量设置  jwt {    path /secret.md    allow role user  }}

CHANGELOG#

0.10.12#

// 1.*.example.comtls {    dns provider}
// 2. 使用 macro(wildcard_cert) {    tls {        dns provider        wildcard    }}sub1.example.com {    import wildcard_cert    ...}
sub1000000.example.com {    import wildcard_cert    ...}
*.example.comrewrite {    to /{label1}{uri}}

PDNS_API_KEY PDNS_API_URL 地址要以 / 结尾

https://github.com/xenolf/lego/blob/master/providers/dns/pdns/pdns.go

FAQ#

禁用重定向 http 到 https#

http://yousite.com {  log logs www.chinazs.gov.cn.log  proxy / upstream}
https://yousite.com {  proxy / localhost {    transparent  }}

在日志文件名中使用占位符#