在 RHEL 上使用 Caddy 配置反向代理¶
简介¶
本文介绍在 RHEL 上使用 Caddy Web Server 配置反向代理的方法。
1. 安装 Caddy¶
2. 编辑 /etc/nginx/nginx.conf 中的 Caddy 配置文件¶
{
email email@example.com
}
(tls) {
tls {
dns cloudflare {env.CF_DNS_API_TOKEN}
protocols tls1.2 tls1.3
}
}
(common_headers) {
encode gzip
}
(secure_headers) {
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
}
}
xxx.example.com {
import tls
import common_headers
import secure_headers
reverse_proxy localhost:80
}
3. 编辑 /usr/lib/systemd/system/caddy.service 中的 Systemd 服务文件¶
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
Environment="CF_DNS_API_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
ProtectHome=read-only
ReadWritePaths=/usr/share/caddy
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
REF¶
[1]. https://caddyserver.com/docs/
[2]. https://catcat.cc/post/h9bti/
[3]. RHEL9-Activation