今天介绍的是使用Caddy来反代网站,需要的可以试试。Caddy是用Go语言编写的,占用资源小,上手简单。(支持SSL证书自动申请)

使用步骤

部署Caddy

apt-get install -y libcap2-bin \
&& curl https://getcaddy.com | bash -s personal dns,http.cache,http.filter,http.git,http.ipfilter,http.realip && chown root:root /usr/local/bin/caddy && chmod 755 /usr/local/bin/caddy && setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy \
&& curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /etc/systemd/system/caddy.service && chmod 644 /etc/systemd/system/caddy.service \
&& mkdir /etc/caddy && chown -R root:www-data /etc/caddy && touch /etc/caddy/Caddyfile && mkdir /etc/ssl/caddy && chown -R www-data:www-data /etc/ssl/caddy && chmod 0770 /etc/ssl/caddy \
&& mkdir /var/log/caddy && chown -R www-data:www-data /var/log/caddy

配置方法

Caddy 支持自动申请 SSL 证书好域名的ssl证书,把下面一段中的mail@gmial.com换成自己的邮箱就好了,脚本会自动申请好Lets encrypt的 SSL 证书。申请 SSL证书前,请务必提前解析好域名记录(可以在使用前 Ping 一下域名看一下是否生效),否则 Caddy 会申请失败!

echo "https://abc.com {
 gzip
 tls mail@gmail.com
 log / /var/log/caddy/abc_com.log "{remote} - {user} [{when}] {when_unix} \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\""
 proxy / https://www.google.com.hk
}" > /etc/caddy/Caddyfile

如果一切正常,那么Caddy会自动帮你申请好 SSL 证书,且会定时续约 SSL 证书!如果你的网站不想公开分享需要加密码的话可以在邮箱下面一行加上basicauth / user passwd。(user和passwd分别改成你的用户名和密码)

使用说明

启动:systemctl start caddy
停止:systemctl stop caddy
重启:systemctl restart caddy
查看状态:systemctl status caddy

查看Caddy启动日志: tail -f /var/log/caddy/abc_com.log
Caddy配置文件位置:/etc/caddy/Caddyfile