caddy https正向代理的方法
apt install -y golang
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
xcaddy build --with github.com/caddyserver/forwardproxy
mv caddy /usr/bin/caddy
chmod +x /usr/bin/caddy
caddyfile配置文件:
{
admin off
auto_https disable_redirects
storage file_system /opt/ss/ssl #如果使用caddy自动签发的证书可以自定义保存证书路径
}
# acme-challenge handle 必须在 redir 之前,否则验证请求会被重定向
:80 {
handle /.well-known/acme-challenge/* {
root * /opt/ss/acme
file_server
}
handle {
redir https://{host}{uri} 308
}
log {
output file /opt/ss/logs/caddy_access.log {
roll_size 10mb
roll_keep 3
}
level ERROR
}
}
# ── HTTPS :443 ────────────────────────────────────────────────
:443 {
tls /opt/ss/ssl/server.crt /opt/ss/ssl/server.key
route {
forward_proxy {
basic_auth user passwd
hide_ip
hide_via
probe_resistance
}
root * /var/www/sss
file_server
}
log {
output file /opt/ss/logs/caddy_access.log {
roll_size 10mb
roll_keep 3
}
level ERROR
}
}
如果使用自定义证书一定要注意证书和文件夹路径的权限,比如caddy使用的是caddy用户运行
caddy如果使用自定义证书路径,记住证书在前面,证书密钥在后面,否则caddy会报错,无法启动。