Caddy Server
Caddy Server是一个开源的、使用 Go 语言编写的 HTTP/2 web 服务器,它使用简单易懂的配置文件,并且默认启用 HTTPS。Caddy 的一些主要特性包括:
- 自动 HTTPS:Caddy 会自动为你的站点获取和续期 SSL/TLS 证书。
- HTTP/2:Caddy 支持 HTTP/2 协议,可以提高网站的加载速度。
- 简单的配置:Caddy 的 Caddyfile 配置文件格式简单易懂。
- 插件支持:Caddy 支持通过插件来扩展其功能。
Caddy 可以用作静态网站的服务器,也可以用作反向代理服务器,支持负载均衡、基本认证、跨站请求伪造(CSRF)防护、gzip 压缩等功能。
快速开始
基于docker-compose部署caddy
version: "3.5"
services:
caddy-server:
image: caddy:2.5.2
restart: always
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data:/data
ports:
- "80:80"
- "80:80/udp"
- "443:443"
- "443:443/udp"
- "127.0.0.1:2019:2019"
# 默认CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
command: ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
Caddyfile 配置模板说明
# 返回ip
ip.test.work {
templates
header Content-Type text/plain
respond "{{.RemoteIP}}"
encode zstd gzip
}
file.test.work {
file_server {
root /www/html
}
}
# 返回json文本
test.test.com {
templates
header Content-Type application/json
respond {"name":"bryan","male":"yes","age":45}
}
# 代理 & 日志
vault.roky.work {
reverse_proxy vault:80
}
# 代理https & 白名单
test.domain.com {
@ip_whitelist {
remote_ip 6.6.6.6
}
route @ip_whitelist {
reverse_proxy 1.2.3.4:6666 {
transport http {
tls
tls_insecure_skip_verify
}
}
}
}
# 使用handle,类似nginx location的功能
http://127.0.0.1:7892 {
@api {
path /api /ping
method GET
}
handle @api {
route {
reverse_proxy host.docker.internal:1234
}
}
handle {
respond "not found" 404
}
}
# websocket配置
ws.roky.work {
@websockets {
header Connection Upgrade
header Upgrade websocket
}
reverse_proxy @websockets 127.0.0.1:7000
}
# 使用自有证书
test.roky.work {
tls test.roky.work.crt test.roky.work.key
reverse_proxy vault:80
}
basicauth /secret/* {
Bob $2a$14$UPT8R.QFnkMA6fRYetI.LeqMu.SyKpEcItP8pJdeM7rLQniefCDLG
}
常用命令
# 格式化配置文件
docker exec -ti caddy-server caddy fmt --overwrite /etc/caddy/Caddyfile
# 验证配置文件有效性
docker exec -ti caddy-server caddy validate --config /etc/caddy/Caddyfile
# reload配置
docker exec -ti caddy-server caddy reload --adapter caddyfile --config /etc/caddy/Caddyfile
# 创建hash密码
docker exec -ti caddy-server caddy hash-password
Metrics
开启metrics
{
servers {
metrics
}
}
假设在k8s的prom里来访问数据
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: caddy-service-1
namespace: kubesphere-monitoring-system
labels:
# 你应设置 "kubernetes.io/service-name" 标签。
# 设置其值以匹配服务的名称
kubernetes.io/service-name: caddy-service
addressType: IPv4
ports:
- name: '' # 留空,因为 port 9376 未被 IANA 分配为已注册端口
appProtocol: http
protocol: TCP
port: 2019
endpoints: # 此列表中的 IP 地址可以按任何顺序显示
- addresses:
- "10.1.2.3"
---
apiVersion: v1
kind: Service
metadata:
name: caddy-service
namespace: kubesphere-monitoring-system
labels:
app: caddy-service
spec:
ports:
- protocol: TCP
port: 2019
targetPort: 2019
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: caddy-servicemonitor
namespace: kubesphere-monitoring-system
spec:
selector:
matchLabels:
app: caddy-service
jobLabel: app
endpoints:
- targetPort: 2019
interval: 10s # 指定抓取频率为每 10 秒
Admin API
可以使用admin api来更改配置
- POST /load Sets or replaces the active configuration
- POST /stop Stops the active configuration and exits the process
- [GET /config/path] Exports the config at the named path
- [POST /config/path] Sets or replaces object; appends to array
- [PUT /config/path] Creates new object; inserts into array
- [PATCH /config/path] Replaces an existing object or array element
- [DELETE /config/path] Deletes the value at the named path
- Using
@idin JSON Easily traverse into the config structure - Concurrent config changes Avoid collisions when making unsynchronized changes to config
- POST /adapt Adapts a configuration to JSON without running it
- GET /pki/ca/ Returns information about a particular PKI app CA
- GET /pki/ca//certificates Returns the certificate chain of a particular PKI app CA
- GET /reverse_proxy/upstreams Returns the current status of the configured proxy upstreams
以下json可以通过admin来实现
{
"apps": {
"http": {
"servers": {
"srv0": {
"routes": [
{
"@id": "route0",
"match": [{"host": ["localhost"]}],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"@id": "handler0",
"handler": "static_response",
"body": "Hello, world!"
}
]
}
]
}
]
}
]
}
}
}
}
}
完整结构参考以下文档
自定义构建
使用特定版本的caddy和插件构建新的镜像
Dockerfile如下所示:
FROM caddy:2.6.2-builder AS builder
RUN xcaddy build \
--with github.com/caddyserver/nginx-adapter \
--with github.com/hairyhenderson/caddy-teapot-module@v0.0.3-0
FROM caddy:2.6.2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy