🌑

帮帮技术站

Home Product Archives Tags About Email

caddy 阿里云/腾讯云https签发

Caddyfile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# build
# xcaddy build  master --output caddy --with  github.com/caddy-dns/alidns --with github.com/greenpau/caddy-security  
# root: setcap cap_net_bind_service=+ep /home/deployer/caddy/caddy

# 全局设置
# https://caddy2.dengxiaolong.com/docs/caddyfile/options
{
	#debug
	http_port 80
	https_port 443
	grace_period 30s
	#auto_https disable_redirects # auto_https off|disable_redirects|ignore_loaded_certs|disable_certs
	email fukua@gmail.com
}

# 日志

(log) {
	log {
		output file logs/{args[0]}_access.log {
			roll_size 100MiB
			roll_local_time
			roll_keep 10
			roll_keep_for 2400h
			roll_compressed
		}
	}
}

# 缓存
(cache) {
	@assets {
		path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js
	}
	@content {
		not {
			path *.bmp *.jpg *.png *.svg *.gif *.pdf *.css *.js
		}
	}
	header @assets cache-control max-age=31536000
	header @content cache-control max-age=0
}

#tls
(tls) {
	tls {
		dns alidns {
			access_key_id {env.ALIYUN_ACCESS_KEY_ID}
			access_key_secret {env.ALIYUN_ACCESS_KEY_SECRET}
		}
		on_demand
	}
}

# 安全

api.abc.cn {
	import log api.abc.cn
	import cache
	import tls
	# authenticate with myportal

	reverse_proxy /* {
		to 127.0.0.1:2020 # 127.0.0.1:2021 127.0.0.1:2022
		lb_policy random # first random least_conn ip_hash random_choose  header uri_hash round_robin cookie 
		lb_try_duration 10s
		lb_try_interval 5s

		header_up Host {upstream_hostport}
		header_up X-Real-IP {http.request.header.X-Forwarded-For}
		# 这里取header里面的值 发送 X-Real-IP
		#  header_up X-Forwarded-For {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
		#  header_up X-Forwarded-Proto {http.request.scheme}
	}
}

http://oauth2.abc.cn {
	import log oauth2.abc.cn
	import cache
	# import tls
	# authenticate with myportal

	reverse_proxy /* {
		to 127.0.0.1:8080 # 127.0.0.1:2021 127.0.0.1:2022
		lb_policy random # first random least_conn ip_hash random_choose  header uri_hash round_robin cookie 
		lb_try_duration 12s
		lb_try_interval 4s

		header_up Host {upstream_hostport}
		header_up X-Real-IP {http.request.header.X-Forwarded-For}
		# 这里取header里面的值 发送 X-Real-IP
		#  header_up X-Forwarded-For {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
		#  header_up X-Forwarded-Proto {http.request.scheme}
	}
}

consul.abc.cn {
	import log consul.abc.cn
	import cache
	import tls

	reverse_proxy /* {
		to 127.0.0.1:8500 # 127.0.0.1:2021 127.0.0.1:2022
		lb_policy random # first random least_conn ip_hash random_choose  header uri_hash round_robin cookie 
		lb_try_duration 12s
		lb_try_interval 4s

		header_up Host {upstream_hostport}
		header_up X-Real-IP {http.request.header.X-Forwarded-For}
		# 这里取header里面的值 发送 X-Real-IP
		#  header_up X-Forwarded-For {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
		#  header_up X-Forwarded-Proto {http.request.scheme}
	}
}



windows环境变量设置:

  1. 阿里云
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

 xcaddy build  master --output caddy --with  github.com/caddy-dns/alidns --with github.com/greenpau/caddy-security  


(tls) {
	tls {
		dns alidns {
			access_key_id {env.ALIYUN_ACCESS_KEY_ID}
			access_key_secret {env.ALIYUN_ACCESS_KEY_SECRET}
		}
		on_demand
	}
}

# https://www.aliyun.com/
# 重启生效
#  [environment]::SetEnvironmentvariable("ALIYUN_ACCESS_KEY_ID", "LTAI5tDc21111111111111111", "User")
#  [environment]::SetEnvironmentvariable("ALIYUN_ACCESS_KEY_SECRET", "S3Daw8Bxn2222222222222222", "User")
# echo $env:ALIYUN_ACCESS_KEY_SECRET
  1. 腾讯云
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

xcaddy build  master --output caddy --with  github.com/caddy-dns/tencentcloud --with github.com/greenpau/caddy-security

(tls) {
	tls {
		dns tencentcloud {
			secret_id {env.TENCENTCLOUD_SECRET_ID}
			secret_key {env.TENCENTCLOUD_SECRET_KEY}
		}
		on_demand
	}
}

# https://console.dnspod.cn/account/token/apikey 
# 重启生效
# [environment]::SetEnvironmentvariable("TENCENTCLOUD_SECRET_ID", "AKIDELH1Zt1yiEXdWBgw1111111111111111111I", "User")
# [environment]::SetEnvironmentvariable("TENCENTCLOUD_SECRET_KEY", "qTr1zmMispY3MYDm22222222222222222222h", "User")

# echo $env:TENCENTCLOUD_SECRET_ID
  1. godaddy
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14

       xcaddy build  master --output caddy --with  github.com/caddy-dns/godaddy --with github.com/greenpau/caddy-security  

        (tls) {
            tls {
                dns godaddy {env.GODADDY_TOKEN}
                on_demand
            }
        }

    # 重启生效(主语环境变量中间的 `:` )
    # [environment]::SetEnvironmentvariable("GODADDY_TOKEN", "gHVQQbNTMix11111111111111111:Rb2222222222222222222", "User")
    # echo $env:ALIYUN_ACCESS_KEY_SECRET

**** 注意 ****

1
2
3
4
1. xcaddy需要设置代理:
 export GOPROXY=https://proxy.golang.com.cn,direct 
2. 运行xcaddy还需要git/golang

— Jul 13, 2023

Search

    Made with Hexo.js at jiliapp.     蜀ICP备2023017116号-1

    GitHub