caddy https正向代理的方法

Wednesday, Apr 1, 2026 | 1 minute read | Updated at Tuesday, Jun 16, 2026

@

caddy https正向代理的方法

apt install -y golang
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
 xcaddy build --with github.com/caddyserver/forwardproxy
mv caddy /usr/bin/caddy
 chmod +x /usr/bin/caddy

caddyfile配置文件
{
    admin off
    auto_https disable_redirects
    storage file_system /opt/ss/ssl  #如果使用caddy自动签发的证书可以自定义保存证书路径
}
# acme-challenge handle 必须在 redir 之前,否则验证请求会被重定向
:80 {
    handle /.well-known/acme-challenge/* {
        root * /opt/ss/acme
        file_server
    }

    handle {
        redir https://{host}{uri} 308
    }

    log {
        output file /opt/ss/logs/caddy_access.log {
            roll_size 10mb
            roll_keep 3
        }
        level ERROR
    }
}

# ── HTTPS :443 ────────────────────────────────────────────────
:443 {
    tls /opt/ss/ssl/server.crt /opt/ss/ssl/server.key

    route {
        forward_proxy {
            basic_auth user passwd
            hide_ip
            hide_via
            probe_resistance
        }

        root * /var/www/sss
        file_server
    }

    log {
        output file /opt/ss/logs/caddy_access.log {
            roll_size 10mb
            roll_keep 3
        }
        level ERROR
    }
}

如果使用自定义证书一定要注意证书和文件夹路径的权限,比如caddy使用的是caddy用户运行

caddy如果使用自定义证书路径,记住证书在前面,证书密钥在后面,否则caddy会报错,无法启动。

© 2018 - 2026 vpslala

🌱 Powered by Hugo with theme Dream.