forked from lxhao61/integrated-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
2_caddy.json
101 lines (101 loc) · 3.61 KB
/
2_caddy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
"admin": {
"disabled": true,
"config": {
"persist": false
}
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/default.log"
},
"encoder": {
"format": "console"
},
"level": "WARN"
}
}
},
"apps": {
"http": {
"servers": {
"srvh3": {
"listen": [":443"],
"routes": [{
"match": [{
"path": ["/AhttpZ9k"], //与 VMess+HttpUpgrade 应用中 path 对应
"header": {
"Upgrade": ["websocket"]
}
}],
"handle": [{
"handler": "reverse_proxy",
"upstreams": [{
"dial": "unix/@uds2021.sock" //转发给本机 VMess+HttpUpgrade 监听进程
}]
}]
},
{
"handle": [{
"handler": "headers",
"response": {
"set": {
"Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"] //启用 HSTS
}
}
},
{
"handler": "file_server",
"root": "/var/www/html" //修改为自己存放的 WEB 文件路径
}]
}],
"tls_connection_policies": [{
"match": {
"sni": ["z1.xx.yy"] //限定域名连接(包括禁止以 IP 方式访问网站),修改为自己的域名。
},
"protocol_max": "tls1.2",
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"] //非 AES 算法的密码套件
},
{
"match": {
"sni": ["z2.xx.yy"] //限定域名连接(包括禁止以 IP 方式访问网站),修改为自己的域名。
},
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"],
"curves": ["x25519","secp521r1","secp384r1","secp256r1"]
}],
"trusted_proxies": {
"source": "cloudflare", //cloudflare 为使用 cloudflare ips,由 caddy-cloudflare-ip 插件提供。
"interval": "12h",
"timeout": "15s"
}, //配置可信代理服务器的 IP 范围,实现获取客户端真实 IP。若使用非 Cloudflare CDN,需自己调整 trusted_proxies 配置。
"protocols": ["h1","h2","h3"] //默认配置。(可省略)
}
}
},
"tls": {
"certificates": {
"automate": ["z1.xx.yy","z2.xx.yy"] //自动化管理 TLS 证书(包括获取与更新证书)。修改为自己的域名。
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"email": "[email protected]" //修改为自己的电子邮箱,与下一致。(选配)
},
{
"module": "acme",
"ca": "https://acme.zerossl.com/v2/DV90",
"email": "[email protected]" //修改为自己的电子邮箱,与上一致。(选配)
}]
}]
}
}
}
}
//备注:
//1、申请免费 TLS 证书的域名不要超过五个,否则影响 TLS 证书的更新。
//2、本配置仅支持申请普通 TLS 证书,若要申请通配符 TLS 证书请参考 ‘Caddy(Other Configuration) (Caddy 的特殊应用配置方法。)’ 中对应介绍及对应配置示例。
//3、本示例使用非 AES 算法的密码套件配置(z1.xx.yy)、CDN 流量中转(z2.xx.yy) 来避免被封。