Caddy 配置模板集合
模板 1: .NET Web 应用(单域名)
/etc/caddy/Caddyfile
{
email admin@example.com
}
example.com {
reverse_proxy localhost:5000
}
模板 2: .NET Web 应用 + API(多域名)
{
email admin@example.com
}
# 前端应用
example.com {
reverse_proxy localhost:5000
}
# API 服务(带 CORS)
api.example.com {
reverse_proxy localhost:5001
@cors_preflight method OPTIONS
handle @cors_preflight {
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
header Access-Control-Allow-Headers "Content-Type, Authorization"
respond 204
}
header Access-Control-Allow-Origin "*"
}
# www 重定向
www.example.com {
redir https://example.com{uri} permanent
}
模板 3: SPA 应用(React/Vue/Angular)
{
email admin@example.com
}
example.com {
root * /var/www/html
encode gzip
# 所有路由都返回 index.html(支持前端路由)
try_files {path} /index.html
file_server
# 静态资源缓存
@static {
path .js .css .png .jpg .gif .ico .woff .woff2
}
header @static Cache-Control "public, max-age=31536000, immutable"
}
模板 4: 静态网站 + API
{
email admin@example.com
}
example.com {
root * /var/www/html
encode gzip zstd
file_server
# API 路由代理到后端
handle_path /api/* {
reverse_proxy localhost:5000
}
# 健康检查端点
handle /health {
respond "OK" 200
}
}
模板 5: 微服务架构
{
email admin@example.com
}
# 主站
example.com {
root * /var/www/html
file_server
}
# 用户服务
user.example.com {
reverse_proxy localhost:5001
}
# 订单服务
order.example.com {
reverse_proxy localhost:5002
}
# 支付服务
payment.example.com {
reverse_proxy localhost:5003
}
# API 网关
api.example.com {
# 用户相关
handle_path /user/* {
reverse_proxy localhost:5001
}
# 订单相关
handle_path /order/* {
reverse_proxy localhost:5002
}
# 支付相关
handle_path /payment/* {
reverse_proxy localhost:5003
}
}模板 6: WebSocket 支持
{
email admin@example.com
}
example.com {
# WebSocket 代理
reverse_proxy localhost:5000 {
header_up Upgrade {http.request.header.Upgrade}
header_up Connection {http.request.header.Connection}
}
}模板 7: 负载均衡
{
email admin@example.com
}
example.com {
reverse_proxy localhost:5000 localhost:5001 localhost:5002 {
# 负载均衡策略
lb_policy round_robin
# 健康检查
health_uri /health
health_interval 10s
health_timeout 5s
health_status 200
# 失败重试
lb_try_duration 5s
lb_try_interval 500ms
}
}模板 8: 带身份验证的管理后台
{
email admin@example.com
}
# 公开的前端
example.com {
reverse_proxy localhost:5000
}
# 需要认证的管理后台
admin.example.com {
# 基本身份验证
basicauth {
# 用户名: admin, 密码: SecurePassword123
# 使用命令生成: caddy hash-password --plaintext 'SecurePassword123'
admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx7wHAiHS9DOm
}
reverse_proxy localhost:5001
}模板 9: 文件服务器(带目录浏览)
{
email admin@example.com
}
files.example.com {
root * /var/www/files
file_server browse {
hide .git .env
}
}模板 10: CDN + 缓存优化
{
email admin@example.com
}
cdn.example.com {
root * /var/www/cdn
encode gzip zstd
file_server
# 图片资源
@images {
path .jpg .jpeg .png .gif .webp .svg
}
header @images {
Cache-Control "public, max-age=31536000, immutable"
Access-Control-Allow-Origin "*"
}
# CSS/JS 资源
@assets {
path .css .js
}
header @assets {
Cache-Control "public, max-age=31536000, immutable"
Access-Control-Allow-Origin "*"
}
# 字体文件
@fonts {
path .woff .woff2 .ttf .otf
}
header @fonts {
Cache-Control "public, max-age=31536000, immutable"
Access-Control-Allow-Origin "*"
}
}模板 11: 完整生产环境配置
{
# 管理员邮箱(Let's Encrypt 通知)
email admin@example.com
# 默认 SNI(可选)
default_sni example.com
# 全局日志
log {
output file /var/log/caddy/access.log {
roll_size 100mb
roll_keep 5
}
format json
}
}
# ===== 主站 =====
example.com {
# 压缩
encode gzip zstd
# 日志
log {
output file /var/log/caddy/example.com.log {
roll_size 50mb
roll_keep 3
}
}
# 反向代理
reverse_proxy localhost:5000 {
# 传递真实 IP
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
# 健康检查
health_uri /health
health_interval 30s
health_timeout 10s
}
# 安全头
header {
# HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# 防止 XSS
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
# 推荐人策略
Referrer-Policy "strict-origin-when-cross-origin"
# 权限策略
Permissions-Policy "geolocation=(), microphone=(), camera=()"
# 隐藏服务器信息
-Server
-X-Powered-By
}
}
# ===== API 服务 =====
api.example.com {
encode gzip
reverse_proxy localhost:5001 {
header_up X-Real-IP {remote_host}
}
# CORS 配置
@cors_preflight method OPTIONS
handle @cors_preflight {
header {
Access-Control-Allow-Origin "https://example.com"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
Access-Control-Allow-Credentials "true"
Access-Control-Max-Age "3600"
}
respond 204
}
header {
Access-Control-Allow-Origin "https://example.com"
Access-Control-Allow-Credentials "true"
}
}
# ===== 静态资源 CDN =====
static.example.com {
root * /var/www/static
encode gzip zstd
file_server
@static {
path *
}
header @static {
Cache-Control "public, max-age=31536000, immutable"
Access-Control-Allow-Origin "*"
}
}
# ===== 管理后台 =====
admin.example.com {
# IP 白名单(可选)
@allowed {
remote_ip 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
}
# 基本身份验证
basicauth {
admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx7wHAiHS9DOm
}
reverse_proxy localhost:5002
}
# ===== WWW 重定向 =====
www.example.com {
redir https://example.com{uri} permanent
}
# ===== 健康检查端点 =====
health.example.com {
respond /health "OK" 200
respond /ping "pong" 200
}模板 12: Docker 容器代理
{
email admin@example.com
}
# Web 应用容器
app.example.com {
reverse_proxy web-app:80
}
# API 容器
api.example.com {
reverse_proxy api-service:8080
}
# 数据库管理工具
dbadmin.example.com {
basicauth {
admin $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx7wHAiHS9DOm
}
reverse_proxy phpmyadmin:80
}
```
---
## 模板 13: 多环境配置
```caddyfile
{
email admin@example.com
}
# 生产环境
example.com {
reverse_proxy prod-server:5000
}
# 预发布环境
staging.example.com {
reverse_proxy staging-server:5000
}
# 开发环境
dev.example.com {
reverse_proxy dev-server:5000
}
# 测试环境
test.example.com {
basicauth {
tester $2a$14$Zkx19XLiW6VYouLHR5NmfOFU0z2GTNmpkT/5qqR7hx7wHAiHS9DOm
}
reverse_proxy test-server:5000
}模板 14: 限流保护
{
email admin@example.com
}
example.com {
# 限流配置(需要安装 rate-limit 插件)
rate_limit {
zone dynamic {
key {remote_host}
events 100
window 1m
}
}
reverse_proxy localhost:5000
}模板 15: 自定义错误页面
{
email admin@example.com
}
example.com {
reverse_proxy localhost:5000
# 自定义错误页面
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
@5xx {
expression {http.error.status_code} >= 500 && {http.error.status_code} < 600
}
rewrite @404 /404.html
rewrite @5xx /500.html
root * /var/www/errors
file_server
}
}快速应用模板
1. 选择合适的模板
根据你的需求选择对应的模板
2. 修改配置
编辑配置文件
sudo vim /etc/caddy/Caddyfile
替换 example.com 为你的域名
替换端口号为你的应用端口
替换邮箱地址
3. 验证配置
sudo caddy validate --config /etc/caddy/Caddyfile
4. 应用配置
sudo systemctl reload caddy
5. 查看状态
sudo systemctl status caddy
sudo journalctl -u caddy -f
常用命令速查
# 生成密码哈希(用于 basicauth)
caddy hash-password --plaintext 'your-password'
# 验证配置
caddy validate --config /etc/caddy/Caddyfile
# 格式化配置
caddy fmt --overwrite /etc/caddy/Caddyfile
# 查看证书列表
caddy list-certificates
# 重新加载配置(零停机)
systemctl reload caddy
# 重启服务
systemctl restart caddy
# 查看日志
journalctl -u caddy -f
# 查看配置
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
注意事项
1. 域名解析:确保域名正确解析到服务器 IP
2. 防火墙:开放 80 和 443 端口
3. 邮箱:配置正确的邮箱用于证书通知
4. 端口占用:确保配置的端口没有被其他服务占用
5. 权限:Caddy 需要读取配置文件的权限
6. SELinux:如果启用 SELinux,可能需要额外配置
评论区