74 lines
1.8 KiB
Markdown
74 lines
1.8 KiB
Markdown
# Caddy 反向代理 — 操作参考
|
||
|
||
> 部署:2026-06-12 | 替代:Lucky
|
||
|
||
## 配置文件
|
||
|
||
```
|
||
路径: /etc/caddy/Caddyfile
|
||
编辑后: sudo caddy fmt --overwrite /etc/caddy/Caddyfile
|
||
重载: sudo systemctl restart caddy
|
||
```
|
||
|
||
## 当前管理的域名
|
||
|
||
```
|
||
www.xybkwd.top, xybkwd.top → localhost:8090 (Halo 博客)
|
||
gitea.xybkwd.top → localhost:3000 (Gitea)
|
||
dashboard.xybkwd.top → localhost:9000 (Beast Trader Dashboard)
|
||
```
|
||
|
||
## 常用命令
|
||
|
||
```bash
|
||
# 查看状态
|
||
sudo systemctl status caddy
|
||
|
||
# 查看日志
|
||
sudo journalctl -u caddy -n 50 --no-pager
|
||
|
||
# 实时日志
|
||
sudo journalctl -u caddy -f
|
||
|
||
# 重启
|
||
sudo systemctl restart caddy
|
||
|
||
# 测试配置
|
||
sudo caddy validate --config /etc/caddy/Caddyfile
|
||
|
||
# 格式化配置
|
||
sudo caddy fmt --overwrite /etc/caddy/Caddyfile
|
||
|
||
# 查看证书
|
||
sudo caddy cert-info # 或直接访问 https://域名 看浏览器锁
|
||
```
|
||
|
||
## 添加新服务
|
||
|
||
在 `/etc/caddy/Caddyfile` 里加一行 block:
|
||
|
||
```
|
||
你的子域名.xybkwd.top {
|
||
reverse_proxy localhost:服务端口
|
||
}
|
||
```
|
||
|
||
然后 `sudo caddy fmt --overwrite /etc/caddy/Caddyfile && sudo systemctl restart caddy`
|
||
|
||
Let's Encrypt 会在第一次 HTTPS 请求时自动签发证书,续期也是全自动的。
|
||
|
||
## 故障排查
|
||
|
||
| 现象 | 排查 |
|
||
|:---|:---|
|
||
| 域名无法访问 | `curl -sk https://localhost:443 -H "Host: 域名"` |
|
||
| 证书错误 | `echo \| openssl s_client -connect localhost:443 -servername 域名` |
|
||
| Caddy 启动失败 | `sudo journalctl -u caddy --no-pager -n 30` |
|
||
| 端口被占 | `sudo ss -tlnp \| grep ":80\|:443"` |
|
||
|
||
## 安全说明
|
||
|
||
- Caddy 管理 API 只在 `localhost:2019`,外网不可达
|
||
- 所有证书使用 Let's Encrypt,自动续期(3个月)
|
||
- 后端服务(Gitea:3000, Dashboard:9000)已绑定 `127.0.0.1`,只能通过 Caddy 访问
|