forked from lxhao61/integrated-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
2_caddy.json
111 lines (111 loc) · 3.96 KB
/
2_caddy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
{
"admin": {
"disabled": true,
"config": {
"persist": false
}
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/default.log"
},
"encoder": {
"format": "console"
},
"level": "WARN"
}
}
},
"apps": {
"http": {
"servers": {
"srvh3": {
"listen": [":443"],
"routes": [{
"match": [{
"protocol": "grpc",
"path": ["/VALdGZ9k/*"] //与 VMess+gRPC 应用中 serviceName 对应
}],
"handle": [{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"versions": ["h2c","2"]
},
"upstreams": [{
"dial": "unix/@vmessgrpc.sock" //转发给本机 VMess+gRPC 监听进程
}],
"headers": {
"request": {
"set": {
"X-Real-IP": ["{http.vars.client_ip}"]
}
}
}
}]
},
{
"handle": [{
"handler": "headers",
"response": {
"set": {
"Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"] //启用 HSTS
}
}
},
{
"handler": "file_server",
"root": "/var/www/html" //修改为自己存放的 WEB 文件路径
}]
}],
"tls_connection_policies": [{
"match": {
"sni": ["z1.xx.yy"] //限定域名连接(禁止以 IP 方式访问网站),修改为自己的域名。
},
"protocol_min": "tls1.2",
"protocol_max": "tls1.2",
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"], //非 AES 算法的密码套件
"curves": ["secp521r1","secp384r1","secp256r1"]
},
{
"match": {
"sni": ["z2.xx.yy"] //限定域名连接(禁止以 IP 方式访问网站),修改为自己的域名。
},
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"],
"curves": ["x25519","secp521r1","secp384r1","secp256r1"]
}],
"trusted_proxies": {
"source": "cloudflare", //cloudflare 为使用 cloudflare ips,由 caddy-cloudflare-ip 插件提供。
"interval": "12h",
"timeout": "15s"
}, //配置可信代理服务器的 IP 范围,以实现套 CDN 后服务端记录的客户端 IP 为真实来源 IP。若使用其它非 Cloudflare CDN,需调整 trusted_proxies 配置。(选配,套 CDN 配置。)
"protocols": ["h1","h2","h3"] //默认配置(可省略)
}
}
},
"tls": {
"certificates": {
"automate": ["z1.xx.yy","z2.xx.yy"] //自动化管理 TLS 证书(包括获取、更新及加载证书)。修改为自己的域名。
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"email": "[email protected]" //修改为自己的电子邮箱(选配),与下一致。
},
{
"module": "zerossl",
"email": "[email protected]" //修改为自己的电子邮箱(选配),与上一致。
}]
}]
}
}
}
}
//备注:
//1、申请免费 TLS 证书的域名不要超过五个,否则影响 TLS 证书的更新。
//2、本配置仅支持申请普通 TLS 证书,若要申请通配符 TLS 证书请参考‘Caddy(Other Configuration) (Caddy 的特殊应用配置方法。)’中对应介绍及对应配置示例。
//3、本示例使用非 AES 算法的密码套件配置(z1.xx.yy)、套 CDN(z2.xx.yy)来避免被封。