forked from lxhao61/integrated-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
//caddy自动申请与更新证书配置(供Xray\v2ray使用) | ||
//一、单一域名申请普通证书配置 | ||
//原配置参数: | ||
//.........<省略>........ | ||
"allow_h2c": true //开启h2c server支持 | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
//以上参数修改如下: | ||
"allow_h2c": true //开启h2c server支持 | ||
} | ||
} | ||
}, | ||
"tls": { | ||
"certificates": { | ||
"automate": ["xx.yy"] //自动化管理域名证书(包括获取、更新证书及加载证书)。更改为自己的域名。 | ||
}, | ||
"automation": { | ||
"policies": [{ | ||
"storage": { | ||
"module": "file_system", | ||
"root": "/home/tls" //存放证书及密钥的基本路径 | ||
}, | ||
"issuers": [{ | ||
"module": "acme" //必须acme与zerossl二选一(固定证书及密钥的绝对路径便于引用)。acme表示从Let's Encrypt申请证书及密钥,zerossl表示从ZeroSSL申请证书及密钥。 | ||
}] | ||
}] | ||
} | ||
} | ||
} | ||
} | ||
//备注: | ||
//1、acme申请的普通证书及密钥在“/home/tls/certificates/acme-v02.api.letsencrypt.org-directory/xx.yy”目录中。xx.yy为域名,根据自己域名变化。 | ||
//2、zerossl申请的普通证书及密钥在“/home/tls/certificates/acme.zerossl.com-v2-dv90/xx.yy”目录中。xx.yy为域名,根据自己域名变化。 | ||
//3、推荐Xray使用,配合Xray(版本必须不低于v1.3.0)自动重载证书及密钥(OCSP Stapling),实现Xray所需证书及密钥申请与更新全自动化。 | ||
//4、v2ray不支持自动重载证书及密钥,证书及密钥到期更新(证书有效期90天,默认60天后开始更新。)后需手动重启v2ray来重新加载更新后的证书及密钥。 | ||
|
||
|
||
//二、多个域名申请普通证书配置(在上更改完成的基础上修改) | ||
//原配置参数: | ||
//.........<省略>........ | ||
"match": [{ | ||
"host": ["xx.yy"] //限定域名访问(禁止以ip方式访问网站),更改为自己的域名。 | ||
}], | ||
//.........<省略>........ | ||
"certificates": { | ||
"automate": ["xx.yy"] //自动化管理域名证书(包括获取、更新证书及加载证书)。更改为自己的域名。 | ||
}, | ||
//.........<省略>........ | ||
|
||
//以上参数修改如下: | ||
//.........<省略>........ | ||
"match": [{ | ||
"host": ["z1.xx.yy","z2.xx.yy"] //限定域名访问(禁止以ip方式访问网站),更改为自己的域名。z1.xx.yy与z2.xx.yy表示两个不同域名(推荐采用根域名相同的两个二级域名即可)。 | ||
}], | ||
//.........<省略>........ | ||
"certificates": { | ||
"automate": ["z1.xx.yy","z2.xx.yy"] //自动化管理域名证书(包括获取、更新证书及加载证书)。更改为自己的域名。z1.xx.yy与z2.xx.yy表示两个不同域名(推荐采用根域名相同的两个二级域名即可)。 | ||
}, | ||
//.........<省略>........ | ||
//备注: | ||
//1、申请普通证书的域名(免费模式)不要超过五个,否则更新无法进行。 | ||
|
||
|
||
//三、申请通配符证书配置 | ||
//详见“caddy(other configuration) (caddy的特殊应用配置方法。)”。 |