Caddy HTTPs WebServer配置简要记录

2025/04/20 共 740 字 3 分钟阅读

AI 摘要: Caddy是一款基于Go开源的自动配置HTTPs的Web服务器，相比Nginx，Caddy的配置更简单

1. Caddy 简介

Cadddy 是一款基于 Go 开源的自动配置 HTTPs 的开源 Web 服务器，相比 Nginx，胜在 HTTPs 非常容易配置（只需要域名解析后就可以实现自签名过程），无需使用acme.sh之类的工具向Let's Encrypt进行签发申请

网站: https://caddyserver.com/docs/caddyfile/concepts

1.1. Caddy 安装

直接 yum 安装

1
2
# 安装
yum install caddy -y

使用 go build 安装

1
2
3
git clone https://github.com/caddyserver/caddy.git
go build -o caddy cmd/caddy/main.go
caddy -h

1.2. Caddy Systemd 配置

使用了 Go Build 安装，则需要替换下 bin 二进制

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# /usr/lib/systemd/system/caddy.service
# caddy.service

[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

1.3. Caddy 配置说明

参考 https://caddyserver.com/docs/caddyfile/concepts

caddyfile配置

2. Caddy 运行

2.1. 操作命令

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
# 前台运行
caddy run --config /path/to/Caddyfile

# 检测日志
caddy run --config /etc/caddy/Caddyfile.d/helloworld.caddyfile --watch

# 后台运行
caddy start --config /etc/caddy/Caddyfile.d/helloworld.caddyfile

# 验证
caddy validate --config /path/to/Caddyfile

# 测试
dig archstat.com A
curl -Ivv http://www.archstat.com

2.2. 配置 Debug

journalctl 查看: journalctl -xeu caddy.service
validate 检测: caddy validate --config /etc/caddy/Caddyfile

3. Caddy 日志配置

参考: https://caddyserver.com/docs/logging

3.1. 服务器日志配置的观点

JSON 编码: 由于日志是结构化和强类型的，因此可以将其编码为任何格式。结构化日志和传统格式之间，存在性能损失的情况下，结构化日志可以转换为传统的通用日志格式，但反过来则不行
高效的、结构化日志通常推崇以下理念：
1. 日志越多越好
2. 过滤比丢弃更好
3. 延迟编码以获得更大的灵活性和互操作性

3.2. 全局块配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
  log {
    output file /var/log/caddy/error.log {
      roll_size 200mb
      roll_keep 5
    }
    format json {
      time_format rfc3339
    }
    level ERROR
  }
}

# 配置了一个access_log的 snippet，方便给其他host配置复用
(access_log) {
  log {
    output file /var/log/caddy/access.log {
      roll_size 1gb
      roll_keep 5
      roll_keep_for 720h
    }
    format json {
      time_format rfc3339
    }
  }
}

3.3. 具体 Host 配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
www.archstat.com {
    redir https://archstat.com{uri} permanent
}

archstat.com {
    # 复用snippet
    import access_log

    # 静态文件服务配置
    root * /data/www/archstat.com/dist
    file_server
    try_files {path} /index.html

    # STS配置
    header Strict-Transport-Security "max-age=31536000;"

    encode gzip
}

4. Docker Composer 配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
/data/docker/caddy 💰 22:47:47
$ tree -L 3
.
├── conf
│   ├── Caddyfile
│   ├── archstat.com.caddy
│   ├── sapaude.tech.caddy
│   └── tkstorm.com.caddy
├── docker-compose.yml
└── logs
    ├── access.log
    └── error.log

4.1. caddyfile

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ cat conf/Caddyfile
# Global 配置
{
    log {
        output file /var/log/caddy/error.log {
            roll_size 100mb
            roll_keep 5
        }
        level ERROR
        format json
    }
}

import ./*.caddy

4.2. docker-compose.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
services:
  caddy:
    image: caddy:latest
    container_name: caddy-httpd
    ports:
      - "8090:8090" # tkstorm.com
      - "8091:8091" # archstat.com
      - "8092:8092" # sapaude.tech
    volumes:
      - /data/projects/github.com/lupguo/tkstorm.com/public:/data/projects/github.com/lupguo/tkstorm.com/public:ro
      - /data/projects/github.com/lupguo/archstat.com/dist:/data/projects/github.com/lupguo/archstat.com/dist:ro
      - /data/projects/github.com/lupguo/sapadue.tech/dist:/data/projects/github.com/lupguo/sapadue.tech/dist:ro
      - ./conf:/etc/caddy
      - ./logs:/var/log/caddy

4.3. sapaude.tech示例

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# 配置信息
:8092 {
    root * /data/projects/github.com/lupguo/sapadue.tech/dist
    file_server {
        index index.html
    }
    try_files {path} {path}/index.html index.html
    encode gzip

    # 日志
    log {
        output file /var/log/caddy/access.log {
            roll_size 100mb
            roll_keep 10
            roll_keep_for 720h  # 30天
        }
        format json
    }
}

5. 一些配置示例

5.1. wisomd-httpd 反向代理配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
wisdom.sapaude.tech {
    # 日志
    import access_log

    # 静态资源配置
    root * /data/projects/github.com/lupguo/wisdom-httpd/dist/prod
    file_server {
        index index.html
    }

    # API 代理配置
    reverse_proxy /api/* 127.0.0.1:1666 {
        header_up Host {host}
        header_up X-Real-IP {remote}
    }
}

5.2. HTTP 自动 301 到 HTTPs 服务

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
www.archstat.com {
    redir https://archstat.com{uri} permanent
}

archstat.com {
    import access_log

    root * /data/www/archstat.com/dist
    file_server
    try_files {path} /index.html

    header Strict-Transport-Security "max-age=31536000;"
    encode gzip
}