Caddy 是什麼?
Caddy 是一個多功能的 HTTP web服務器,並且使用Let's Encrypt提供的免費證書,自動讓網站升級到HTTPS
Every Site on HTTPS Caddy is a general-purpose HTTP/2 web server that serves HTTPS by default. Fork Caddy On Github
爲什麼要使用 Caddy
- 安全 Caddy 是一個默認使用https協議的web服務器
- 無依賴 Caddy 使用 Go 語言編寫,編譯好的二進制文件能夠運行在任何支持Go語言的平臺,不需要自己安裝任何庫。
- 使用簡單 Caddy 的配置簡單,不管你是新的web開發者,還是專業人士,都能夠快速上手
安裝以及運行
- 下載 Caddy download
在官網上選擇指定的平臺,下載指定平臺的運行包。 這裏以 CentOS 7.0 x64 爲例。 選擇 Linux 64-bit,然後點 DOWNLOAD。
通過ftp將下載好的包上傳到服務器,或者複製出下載地址直接在服務端wget https://caddyserver.com/download/linux/amd64。
使用wget的模式下載下來的文件名是amd64。tar -xzvf amd64解壓, 解壓後文件如下。![alt]()
我們可以直接運行 ./caddy,這樣就啓動了一個靜態的web服務器,根目錄爲當前目錄,端口爲 2015,可以通過你服務器的ip地址加上:2015 進行訪問了。 如果你訪問的時候,報404異常,在你當前目錄下添加一個 index.html 文件即可。
我們可以直接運行 ./caddy,這樣就啓動了一個靜態的web服務器,根目錄爲當前目錄,端口爲 Caddyfile 配置
這裏我們看一下官網的例子說明 Caddy Documentation
:2015 # Host: (any), Port: 2015
localhost # Host: localhost; Port: 2015
localhost:8080 # Host: localhost; Port: 8080
example.com # Host: example.com; Ports: 80->443
http://example.com # Host: example.com; Port: 80
https://example.com # Host: example.com; Ports: 80->443
http://example.com:1234 # Host: example.com; Port: 1234
https://example.com:80 # Error! HTTPS on port 80
*.example.com # Hosts: *.example.com; Port: 2015
example.com/foo/ # Host: example.com; Ports: 80, 443; Path: /foo/
/foo/ # Host: (any), Port: 2015, Path: /foo/
通過上面這些例子,就可以大概瞭解到Caddy的域名適配規則。
這個是我的所有站點的配置,可以看出來相比Nginx簡單了很多:
log 用於記錄訪問日誌
gzip 用於啓用gzip壓縮
proxy 用於支持反向代理
websocket 用於支持websocket協議
所有的插件文檔,可以 Caddy Documentation 從官方文檔上看到,都有詳細的配置說明,簡單易上手。
使用 caddy -conf Caddyfile 就可以使用配置文件來啓動,確保80和443端口沒有被服務佔用。
Caddyfile 文件:
diamondfsd.com { # 啓動 http 和 https,訪問 http 會自動轉跳到 https
log access_log.log # 日誌
gzip # 使用gzip壓縮
proxy / http://127.0.0.1:3999 { # 路徑轉發
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
http://api.diamondfsd.com https://api.diamondfsd.com { # 同時啓用 http 和 https 不會自動轉跳
gzip
proxy / http://127.0.0.1:4999 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
hook.diamondfsd.com {
proxy / http://127.0.0.1:9000 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
}
}
http://file.diamondfsd.com {
proxy / http://127.0.0.1:22222
}
https://file.diamondfsd.com {
root /data/file-upload # 指定靜態文件根目錄
}
yd.diamondfsd.com {
gzip
root /data/ydig
proxy /ws http://127.0.0.1:9001 { # 轉發所有 /ws 爲 websocket
websocket
}
}
8.diamondfsd.com {
gzip
root /data/quaver
}
在對比同等情況下 nginx 的配置:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types application/json application/xml text/plain application/javascript text/css image/jpeg image/gif image/png text/javascript;
gzip_vary on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
server {
listen 80;
server_name diamondfsd.com www.diamondfsd.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
server_name diamondfsd.com www.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/diamondfsd.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3999;
proxy_http_version 1.1;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
server_name api.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/api.diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.diamondfsd.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:4999;
proxy_http_version 1.1;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
server_name api.diamondfsd.com;
listen 80;
location / {
proxy_pass http://127.0.0.1:4999;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
server_name hook.diamondfsd.com;
listen 80;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
server_name file.diamondfsd.com;
listen 80;
location / {
proxy_pass http://127.0.0.1:22222;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
server {
server_name file.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/file.diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/file.diamondfsd.com/privkey.pem;
root /data/file-upload;
expires max;
access_log /data/file-domain.log;
}
server {
listen 80;
server_name yd.diamondfsd.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
server_name yd.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/yd.diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yd.diamondfsd.com/privkey.pem;
location /ws/ {
proxy_pass http://127.0.0.1:9001;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
root /data/ydig;
expires max;
access_log /data/ydig-domain.log;
}
server {
listen 80;
server_name about.diamondfsd.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
server_name about.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/about.diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/about.diamondfsd.com/privkey.pem;
root /data/about-me;
expires max;
access_log /data/about-me-domain.log;
}
server {
server_name 8.diamondfsd.com;
listen 80;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
server_name 8.diamondfsd.com;
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/8.diamondfsd.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/8.diamondfsd.com/privkey.pem;
root /data/quaver;
expires max;
access_log /data/quaver-domain.log;
}
}
可以看出,相較於Nginx來說,Caddy 的配置簡單了很多,而且默認啓用了 https,更加的安全。
這篇文章也比較簡單,更高級的應用大家可以去閱讀官方文檔。
有什麼問題和簡介,歡迎大家相互討論。