Caddy
跳至導覽
跳至搜尋
Caddy是一個HTTP伺服器,主打自動化HTTPS以及簡易的設定。
安裝
在Debian與Ubuntu上都可以使用官方的APT repository安裝:
curl -Lfs https://dl.cloudsmith.io/public/caddy/stable/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg; echo -e "deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main\ndeb-src [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main" | sudo tee /etc/apt/sources.list.d/caddy-stable.list; sudo apt update; sudo apt install -y caddy; sudo apt clean
另外下面的範例會用到transform,可以透過這個指令安裝:
sudo caddy add-package github.com/caddyserver/transform-encoder
build.sh
目前我在用的/etc/caddy/build.sh:
#!/bin/bash
xcaddy build \
--with github.com/caddyserver/transform-encoder \
--with github.com/jasonlovesdoggo/caddy-defender \
--with github.com/mholt/caddy-ratelimit \
--with github.com/shift72/caddy-geo-ip \
--with github.com/xcaddyplugins/caddy-trusted-cloudfront
cp -f caddy /usr/bin/caddy.custom
xcaddy
xcaddy是官方維護的module管理套件,有蠻多module會需要透過xcaddy安裝,通常需要搭配Golang一起裝:
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg; curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-xcaddy.list; sudo apt update; sudo apt install -y golang xcaddy; sudo apt clean
這邊建議安裝新版的Golang,LTS或是stable的系統所附的版本可能會太舊。
設定
Template
重複使用設定的方法:
(subdomain-log) {
log {
format transform `{request>client_ip} - {request>user_id} [{ts}] "{request>method} {request>uri} {request>proto}" {status} {size} "{request>headers>Referer>[0]}" "{request>headers>User-Agent>[0]}"` {
time_format "02/Jan/2006:15:04:05 +0000"
}
output file /var/log/caddy/{args[0]}_access.log {
mode 0640
}
}
}
bar.example.com {
# ...
import subdomain-log bar.example.com
# ...
}
foo.example.com {
# ...
import subdomain-log foo.example.com
# ...
}
Rate Limit
這邊搭配了geo_ip與rate_limit的外部套件處理,要注意這邊用到的/usr/share/GeoLite2-Country.mmdb需要寫程式自動更新:
geo_ip {
db_path /usr/share/GeoLite2-Country.mmdb
}
rate_limit {
zone nottw {
match expression `{geoip.country_code} != "TW"`
key {client_ip}
events 60
window 5m
}
}
相關連結
外部連結
- 官方網站 (英文)