虽然caddy托管的所有网站配置都可以写在同一个Caddyfile中,不过为了便于维护,当它变得越来越臃肿时,还是有必要进行拆分。以下是拆分后的文件目录和内容。
# /etc/caddy/Caddyfile , 通过import命令引入各个站点配置和代码片段
{
order cgi before respond
order file_server last
email [email protected]
}
# 导入所有片段
import /etc/caddy/snippets/*.conf
# 导入启用的站点
import /etc/caddy/sites-enabled/*.conf
# HTTP 重定向配置(保持不变)
:80 {
handle /.well-known/acme-challenge/* {
root * /var/www/caddy-acme-challenges
file_server
}
redir https://{host}{uri} permanent
}# /etc/caddy/sites-available/blog.tccmu.com.conf , 本站的配置文件
blog.tccmu.com {
encode gzip
reverse_proxy 127.0.0.1:8002 {
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-For {remote}
header_up X-Real-IP {remote}
header_up Host {host}
health_uri /actuator/health/readiness
health_interval 30s
health_timeout 5s
}
import common_log blog.tccmu.com
}# /etc/caddy/sites-available/lab.tccmu.com.conf , immortalwrt luci页面
lab.tccmu.com {
import security_headers
import internal_access_control
import luci
import common_log lab.tccmu.com
}# /etc/caddy/sites-available/s.tccmu.com.conf , 提供DoH服务
s.tccmu.com {
@doh path /dns-query
handle @doh {
reverse_proxy https://127.0.0.1:8053 {
header_up Host {http.request.host}
flush_interval -1
transport http {
tls_insecure_skip_verify
}
}
}
# 处理其他所有请求,返回 HTML 页面
handle {
# 设置根目录
root * /etc/caddy/sites-available
# 重写所有请求到 HTML 文件
rewrite * /s.tccmu.com.html
# 文件服务
file_server
# 确保正确的 Content-Type
header Content-Type "text/html; charset=utf-8"
}
import extended_log s.tccmu.com
}# /etc/caddy/snippets/luci.conf
# LuCI 配置片段
(luci) {
root * /www
route /cgi-bin* {
@exists {
file cgi-bin/{path.1} =404
}
handle @exists {
uri strip_prefix {file_match.relative}
cgi * /www/{file_match.relative} {
script_name {file_match.relative}
}
}
}
cgi /ubus* ubus.sh {
script_name /ubus
}
file_server
redir / /cgi-bin/luci
}# /etc/caddy/snippets/logging.conf``
# 通用日志配置片段 - 移除占位符,在具体站点中指定文件名
(common_log) {
log {
output file /var/log/caddy/{args.0}.access.log
format json
}
}
(extended_log) {
log {
output file /var/log/caddy/{args.0}.access.log {
roll_size 10mb
roll_keep 5
roll_keep_for 720h
}
format json
}
}# /etc/caddy/snippets/security.conf
# 安全相关配置片段
(security_headers) {
header {
X-Frame-Options DENY
X-Content-Type-Options nosniff
Referrer-Policy strict-origin-when-cross-origin
Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
}
(internal_access_control) {
@not_allowed_ips {
not remote_ip 10.89.2.0/24 192.168.20.0/24 2408:9b2c:8100:f123::/60
}
handle @not_allowed_ips {
respond "Access Denied from your IP address. Your IP: {http.request.remote}" 403
}
}创建 /etc/caddy/sites-enabled 目录,在这里创建指向实际网站配置的符号链接,就可以启用相应网站。例如:
ln -s /etc/caddy/sites-available/blog.tccmu.com.conf /etc/caddy/sites-enabled/然后重启caddy服务,blog.tccmu.com 就上线了。反之亦然,删掉符号链接再重启服务,对应网站即下线。相比之前删改或注释方式便利很多。