forked from lxhao61/integrated-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
1_caddy.json
157 lines (157 loc) · 5.37 KB
/
1_caddy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
{
"admin": {
"disabled": true
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/error.log"
},
"level": "ERROR"
}
}
},
"storage": {
"module": "file_system",
"root": "/home/tls" //存放TLS证书的基本路径
},
"apps": {
"http": {
"servers": {
"h1": {
"listen": [":80"], //HTTP默认监听端口
"routes": [{
"handle": [{
"handler": "static_response",
"headers": {
"Location": ["https://{http.request.host}{http.request.uri}"] //HTTP自动跳转HTTPS,让网站看起来更真实。
},
"status_code": 301
}]
}]
},
"h1h2c": {
"listen": ["127.0.0.1:88"], //HTTP/1.1 server及H2C server本地监听端口
"listener_wrappers": [{
"wrapper": "proxy_protocol" //开启PROXY protocol接收
},
{
"wrapper": "trojan" //caddy-trojan插件应用必须配置
}],
"routes": [{
"match": [{
"path": ["/SeuW56Es"] //与vless+h2c应用中path对应
}],
"handle": [{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"versions": ["h2c","2"]
},
"upstreams": [{
"dial": "127.0.0.1:2005" //转发给本机vless+h2c监听端口
}]
}]
},
{
"match": [{
"protocol": "grpc",
"path": ["/SALdGZ9k/*"] //与shadowsocks+grpc应用中serviceName对应
}],
"handle": [{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"versions": ["h2c","2"]
},
"upstreams": [{
"dial": "127.0.0.1:2011" //转发给本机shadowsocks+grpc监听端口
}],
"flush_interval": -1,
"headers": {
"request": {
"set": {
"X-Real-Ip": ["{http.request.remote.host}"]
}
}
}
}]
},
{
"handle": [{
"handler": "forward_proxy",
"auth_user_deprecated": "user", //NaïveProxy用户,修改为自己的。
"auth_pass_deprecated": "pass", //NaïveProxy密码,修改为自己的。
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
}]
},
{
"handle": [{
"handler": "trojan",
"connect_method": true,
"websocket": true //开启WebSocket支持
}]
}, //此部分配置为caddy-trojan插件的WebSocket应用,若删除就仅支持Trojan应用。
{
"match": [{
"host": ["xx.yy"] //限定域名访问(禁止以IP方式访问网站),修改为自己的域名。
}],
"handle": [{
"handler": "subroute",
"routes": [{
"handle": [{
"handler": "headers",
"response": {
"set": {
"Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"] //启用HSTS
}
}
}]
},
{
"handle": [{
"handler": "file_server",
"root": "/var/www/html" //修改为自己存放的WEB文件路径
}]
}]
}]
}],
"protocols": ["h1","h2c"], //开启HTTP/1.1 server与H2C server支持
"automatic_https": {
"disable": true //禁用自动https
}
}
}
},
"trojan": {
"upstream": {
"upstream": "caddy"
},
"proxy": {
"proxy": "no_proxy"
},
"users": ["diy443"] //修改为自己的密码。密码可多组("password"),用逗号隔开。
},
"tls": {
"certificates": {
"automate": ["xx.yy"] //自动化管理TLS证书(包括获取、更新及加载证书)。修改为自己的域名。
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme", //acme表示从Let's Encrypt申请TLS证书,zerossl表示从ZeroSSL申请TLS证书。必须acme与zerossl二选一(固定TLS证书的目录便于引用)。
"email": "[email protected]" //电子邮件地址。选配,推荐。
}]
}]
}
}
}
}
//备注:
//1、从Let's Encrypt申请的普通TLS证书在‘/home/tls/certificates/acme-v02.api.letsencrypt.org-directory/xx.yy’目录中。/home/tls为存放TLS证书的基本路径,xx.yy为域名,目录根据域名变化。
//2、从ZeroSSL申请的普通TLS证书在‘/home/tls/certificates/acme.zerossl.com-v2-dv90/xx.yy’目录中。/home/tls为存放TLS证书的基本路径,xx.yy为域名,目录根据域名变化。
//3、本配置仅支持申请普通TLS证书,若要申请通配符TLS证书请参考‘caddy(other configuration) (Caddy的特殊应用配置方法。)’中对应介绍及对应配置示例。