1. Caddy简介与版本说明
Caddy是一个现代化的、开源的Web服务器,由Go语言编写。它以简单易用、自动HTTPS和强大的功能而著称。更多学习教程www.fgedu.net.cn。Caddy的设计理念是让Web服务器的配置和管理变得简单直观,无需复杂的配置文件即可实现生产级部署。
Caddy最大的特色是自动HTTPS功能,能够自动获取和续期SSL/TLS证书,支持Let’s Encrypt和ZeroSSL等ACME提供商。学习交流加群风哥微信: itpux-com。这使得开发者可以零配置实现HTTPS部署,大大降低了安全部署的门槛。
Caddy核心特性:
– 简单配置:人性化的Caddyfile配置语法
– HTTP/3支持:原生支持HTTP/3和QUIC协议
– 反向代理:强大的反向代理和负载均衡功能
– 静态文件服务:高效的静态文件处理能力
– 模板引擎:内置Go模板引擎支持
– 模块化设计:丰富的插件生态系统
– API配置:支持通过API动态配置
– 零停机重载:配置更改无需重启服务
Caddy与其他Web服务器对比:
配置复杂度 简单 中等 复杂
自动HTTPS 支持 不支持 不支持
HTTP/2支持 支持 支持 支持
HTTP/3支持 支持 支持 不支持
内存占用 低 低 中等
学习曲线 平缓 陡峭 陡峭
插件生态 中等 丰富 丰富
动态配置 API支持 有限支持 有限支持
2. Caddy版本选择与下载地址
Caddy采用语义化版本号,当前主要版本为2.x系列。
Caddy版本状态:
v2.11.2 2026-03-06 最新稳定版,安全修复
v2.11.1 2026-02-23 稳定版,新功能增强
v2.10.0 2025-XX-XX 稳定版
v2.9.1 2025-XX-XX 维护版
v2.8.4 2025-XX-XX 旧版支持
Caddy 2.11.2主要更新:
– 修复forward_auth身份注入漏洞
– 修复vars_regexp双重展开漏洞
– 反向代理健康检查增强
– 支持zstd日志压缩
– 新增tls_resolvers全局选项
– 性能优化和bug修复
官方下载地址:
下载页面:https://caddyserver.com/download
GitHub发布:https://github.com/caddyserver/caddy/releases
文档中心:https://caddyserver.com/docs/
Docker镜像:https://hub.docker.com/_/caddy
3. Caddy下载方式详解
方式一:官方仓库安装(推荐)
# apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
# curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | gpg –dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
# curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | tee /etc/apt/sources.list.d/caddy-stable.list
# chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
# chmod o+r /etc/apt/sources.list.d/caddy-stable.list
# apt update
# apt install -y caddy
输出示例如下:
Reading package lists… Done
Building dependency tree… Done
The following NEW packages will be installed:
caddy
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 15.2 MB of archives.
After this operation, 45.6 MB of additional disk space will be used.
Get:1 https://dl.cloudsmith.io/public/caddy/stable/debian bullseye/main amd64 caddy amd64 2.11.2 [15.2 MB]
Fetched 15.2 MB in 3s (5,067 kB/s)
Selecting previously unselected package caddy…
(Reading database … 123456 files and directories currently installed.)
Preparing to unpack …/caddy_2.11.2_amd64.deb …
Unpacking caddy (2.11.2) …
Setting up caddy (2.11.2) …
Fedora/RHEL/CentOS安装:
# dnf install -y dnf-plugins-core
# dnf copr enable @caddy/caddy
# dnf install -y caddy
输出示例如下:
Enabling a Copr repository using the @caddy/caddy project.
…
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
caddy x86_64 2.11.2-1 copr:copr.fedorainfracloud.org:@caddy:caddy 15 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 15 M
Installed size: 45 M
Downloading Packages:
caddy-2.11.2-1.x86_64.rpm | 15 MB 00:00:03
——————————————————————————–
Total 5.0 MB/s | 15 MB 00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Preparing : 1/1
Installing : caddy-2.11.2-1.x86_64 1/1
Verifying : caddy-2.11.2-1.x86_64 1/1
Installed:
caddy-2.11.2-1.x86_64
Complete!
方式二:下载二进制文件
$ cd /fgeudb/software
$ wget https://github.com/caddyserver/caddy/releases/download/v2.11.2/caddy_2.11.2_linux_amd64.tar.gz
输出示例如下:
–2026-04-04 10:00:00– https://github.com/caddyserver/caddy/releases/download/v2.11.2/caddy_2.11.2_linux_amd64.tar.gz
Resolving github.com (github.com)… 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset… [following]
–2026-04-04 10:00:01– https://objects.githubusercontent.com/…
Length: 15234567 (15M) [application/octet-stream]
Saving to: ‘caddy_2.11.2_linux_amd64.tar.gz’
caddy_2.11.2_linux_amd64.tar.gz 100%[======================================================================>] 14.53M 8.2MB/s in 1.8s
2026-04-04 10:00:03 (8.2 MB/s) – ‘caddy_2.11.2_linux_amd64.tar.gz’ saved [15234567/15234567]
下载校验和文件:
$ wget https://github.com/caddyserver/caddy/releases/download/v2.11.2/caddy_2.11.2_checksums.txt
验证校验和:
$ sha512sum –ignore-missing -c caddy_2.11.2_checksums.txt
输出示例如下:
caddy_2.11.2_linux_amd64.tar.gz: OK
解压并安装:
$ tar -xzf caddy_2.11.2_linux_amd64.tar.gz
# install -v caddy /usr/local/bin/
输出示例如下:
‘caddy’ -> ‘/usr/local/bin/caddy’
方式三:Docker容器部署
$ docker pull caddy:2.11.2
输出示例如下:
2.11.2: Pulling from library/caddy
Digest: sha256:abc123def456…
Status: Downloaded newer image for caddy:2.11.2
启动Caddy容器:
$ docker run –name caddy-web \
-p 80:80 \
-p 443:443 \
-p 443:443/udp \
-v /fgeudb/caddy/Caddyfile:/etc/caddy/Caddyfile:ro \
-v /fgeudb/caddy/data:/data \
-v /fgeudb/caddy/config:/config \
-v /fgeudb/caddy/www:/var/www/html:ro \
-d caddy:2.11.2
输出示例如下:
abc123def456789…
查看容器状态:
$ docker ps | grep caddy
输出示例如下:
abc123def456 caddy:2.11.2 “caddy run –config …” 10 seconds ago Up 9 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:443->443/udp caddy-web
使用Docker Compose部署:
$ vi docker-compose.yml
version: “3.8”
services:
caddy:
image: caddy:2.11.2
container_name: caddy-web
restart: unless-stopped
ports:
– “80:80”
– “443:443”
– “443:443/udp”
volumes:
– ./Caddyfile:/etc/caddy/Caddyfile:ro
– ./data:/data
– ./config:/config
– ./www:/var/www/html:ro
启动服务:
$ docker-compose up -d
方式四:使用xcaddy自定义编译
# wget https://go.dev/dl/go1.24.1.linux-amd64.tar.gz
# tar -C /usr/local -xzf go1.24.1.linux-amd64.tar.gz
# export PATH=$PATH:/usr/local/go/bin
安装xcaddy:
$ go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
编译Caddy(带插件):
$ xcaddy build v2.11.2 \
–with github.com/caddyserver/nginx-adapter \
–with github.com/caddyserver/ntlm-transport@v0.1.1
输出示例如下:
2026/04/04 10:05:00 [INFO] Resolved relative placement of “github.com/caddyserver/ntlm-transport@v0.1.1” module location: github.com/caddyserver/ntlm-transport v0.1.1
2026/04/04 10:05:00 [INFO] Resolved relative placement of “github.com/caddyserver/nginx-adapter” module location: github.com/caddyserver/nginx-adapter v0.3.0
…
2026/04/04 10:05:30 [INFO] Build complete: ./caddy
安装编译后的二进制:
# install -v caddy /usr/local/bin/
4. Caddy安装部署实战
步骤1:创建Caddy用户和目录
# groupadd –system caddy
# useradd –system –gid caddy –create-home –home-dir /var/lib/caddy –shell /usr/sbin/nologin –comment ‘Caddy web server’ caddy
创建必要目录:
# mkdir -p /fgeudb/caddy/{www,data,config,logs}
# chown -R caddy:caddy /fgeudb/caddy
# chmod -R 755 /fgeudb/caddy
步骤2:配置systemd服务
# vi /etc/systemd/system/caddy.service
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run –environ –config /fgeudb/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload –config /fgeudb/caddy/Caddyfile –force
ExecStop=/usr/local/bin/caddy stop –config /fgeudb/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
重载服务配置:
# systemctl daemon-reload
启动服务:
# systemctl start caddy
设置开机自启:
# systemctl enable caddy
查看服务状态:
# systemctl status caddy
输出示例如下:
● caddy.service – Caddy Web Server
Loaded: loaded (/etc/systemd/system/caddy.service; enabled)
Active: active (running) since Fri 2026-04-04 10:10:00 CST; 10s ago
Main PID: 12345 (caddy)
Tasks: 8 (limit: 512)
Memory: 25.6M
CGroup: /system.slice/caddy.service
└─12345 /usr/local/bin/caddy run –environ –config /fgeudb/caddy/Caddyfile
5. Caddyfile配置详解
步骤1:创建基础Caddyfile
# vi /fgeudb/caddy/Caddyfile
基础静态网站配置:
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server browse
encode gzip zstd
log {
output file /fgeudb/caddy/logs/access.log {
roll_size 100mb
roll_keep 10
roll_keep_for 720h
}
format console
}
}
多站点配置:
www.fgedu.net.cn {
redir https://fgedu.net.cn{uri}
}
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
encode gzip
log {
output file /fgeudb/caddy/logs/fgedu.log
}
}
api.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080
}
步骤2:配置全局选项
{
admin off
email admin@fgedu.net.cn
acme_ca https://acme-v02.api.letsencrypt.org/directory
acme_ca_root /etc/ssl/certs/ca-certificates.crt
log {
output file /fgeudb/caddy/logs/global.log {
roll_size 50mb
roll_keep 5
}
format json
level INFO
}
servers :443 {
protocols h1 h2a h2c h3
}
}
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
}
步骤3:配置指令详解
root – 设置网站根目录:
root * /var/www/html
file_server – 静态文件服务:
file_server
file_server browse 启用目录浏览
file_server {
browse
index index.html index.htm
}
encode – 响应压缩:
encode gzip zstd
encode gzip 6 设置压缩级别
log – 日志配置:
log {
output file /var/log/caddy/access.log
format json
level INFO
}
reverse_proxy – 反向代理:
reverse_proxy localhost:8080
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
lb_policy round_robin
health_path /health
health_interval 10s
}
redir – 重定向:
redir https://example.com{uri}
redir https://example.com{uri} 301
rewrite – URL重写:
rewrite /old/* /new/{path}
6. Caddy自动HTTPS配置
步骤1:自动证书获取
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
}
Caddy会自动:
1. 检测域名是否公网可访问
2. 向Let’s Encrypt申请证书
3. 配置HTTPS监听
4. 自动续期证书
指定邮箱接收证书通知:
{
email admin@fgedu.net.cn
}
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
}
步骤2:手动证书配置
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
tls /fgeudb/caddy/ssl/fgedu.crt /fgeudb/caddy/ssl/fgedu.key
}
使用DNS验证(适用于内网环境):
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
禁用自动HTTPS(测试环境):
http://fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
}
或使用local_https:
fgedu.net.cn {
root * /fgeudb/caddy/www
file_server
tls internal
}
步骤3:证书管理
$ caddy list-certificates
输出示例如下:
fgedu.net.cn
Issuer: Let’s Encrypt Authority X3
Not Before: 2026-04-04 00:00:00 UTC
Not After: 2026-07-03 00:00:00 UTC
Auto-renewal: enabled
证书存储位置:
/fgeudb/caddy/data/caddy/certificates/
手动续期证书:
$ caddy renew –config /fgeudb/caddy/Caddyfile
输出示例如下:
2026/04/04 10:15:00 [INFO] [fgedu.net.cn] Renewing certificate
2026/04/04 10:15:02 [INFO] [fgedu.net.cn] Certificate renewed successfully
7. Caddy反向代理配置
步骤1:基础反向代理
api.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080
}
多后端负载均衡:
api.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
to 192.168.1.53:8080
lb_policy round_robin
lb_try_duration 5s
}
}
负载均衡策略:
– round_robin:轮询(默认)
– least_conn:最少连接
– ip_hash:IP哈希
– random:随机
– first:选择第一个可用
least_conn负载均衡:
api.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
lb_policy least_conn
}
}
步骤2:健康检查配置
api.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
health_path /health
health_interval 10s
health_timeout 5s
health_status 200
health_body “ok”
}
}
被动健康检查:
api.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
fail_duration 30s
max_fails 3
unhealthy_status 500 502 503 504
unhealthy_latency 5s
}
}
步骤3:请求头和超时配置
api.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Custom-Header “custom-value”
header_down -Server
header_down X-Powered-By
}
}
超时配置:
api.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080 {
transport http {
read_timeout 300s
write_timeout 300s
dial_timeout 30s
}
}
}
WebSocket代理:
ws.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080 {
header_up Upgrade {http.request.header.Upgrade}
header_up Connection {http.request.header.Connection}
}
}
8. 安装验证与测试
查看Caddy状态
$ ps -ef | grep caddy
输出示例如下:
caddy 12345 1 0 10:10 ? 00:00:00 /usr/local/bin/caddy run –environ –config /fgeudb/caddy/Caddyfile
查看端口监听:
$ netstat -tlnp | grep caddy
输出示例如下:
tcp6 0 0 :::80 :::* LISTEN 12345/caddy
tcp6 0 0 :::443 :::* LISTEN 12345/caddy
udp6 0 0 :::443 :::* 12345/caddy
查看Caddy版本:
$ caddy version
输出示例如下:
v2.11.2 h1:abc123def456…
验证配置文件:
$ caddy validate –config /fgeudb/caddy/Caddyfile
输出示例如下:
Valid configuration
访问测试
$ curl -I http://192.168.1.51
输出示例如下:
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://192.168.1.51/
Server: Caddy
Date: Fri, 04 Apr 2026 10:20:00 GMT
测试HTTPS访问:
$ curl -I -k https://fgedu.net.cn
输出示例如下:
HTTP/2 200
alt-svc: h3=”:443″; ma=2592000
content-type: text/html; charset=utf-8
server: Caddy
content-length: 1234
date: Fri, 04 Apr 2026 10:20:00 GMT
测试反向代理:
$ curl -I https://api.fgedu.net.cn/health
输出示例如下:
HTTP/2 200
content-type: application/json
server: Caddy
date: Fri, 04 Apr 2026 10:20:00 GMT
性能测试
$ ab -n 10000 -c 100 http://192.168.1.51/
输出示例如下:
This is ApacheBench, Version 2.3 <$Revision: 1879490 $>
…
Complete requests: 10000
Failed requests: 0
Total transferred: 12340000 bytes
HTML transferred: 6170000 bytes
Requests per second: 35421.32 [#/sec] (mean)
Time per request: 2.823 [ms] (mean)
Time per request: 0.028 [ms] (mean, across all concurrent requests)
Transfer rate: 4270.45 [Kbytes/sec] received
使用wrk进行压力测试:
$ wrk -t4 -c100 -d30s http://192.168.1.51/
输出示例如下:
Running 30s test @ http://192.168.1.51/
4 threads and 100 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 2.85ms 0.98ms 22.34ms 82.15%
Req/Sec 8.92k 567.23 10.12k 71.50%
1067892 requests in 30.02s, 1.45GB read
Requests/sec: 35574.21
Transfer/sec: 49.45MB
9. 常见问题与解决方案
问题1:证书获取失败
解决方案:
1. 检查域名DNS解析:
$ dig fgedu.net.cn +short
2. 检查防火墙是否开放80和443端口:
# firewall-cmd –list-ports
# firewall-cmd –add-port=80/tcp –permanent
# firewall-cmd –add-port=443/tcp –permanent
# firewall-cmd –reload
3. 检查域名是否公网可访问:
$ curl -I http://fgedu.net.cn
4. 使用DNS验证:
fgedu.net.cn {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
5. 使用内部证书:
fgedu.net.cn {
tls internal
}
问题2:权限不足
解决方案:
1. 检查文件权限:
$ ls -la /fgeudb/caddy/
2. 修改目录所有者:
# chown -R caddy:caddy /fgeudb/caddy
3. 检查SELinux:
# getenforce
# setenforce 0
4. 检查端口绑定权限:
# setcap ‘cap_net_bind_service=+ep’ /usr/local/bin/caddy
问题3:配置语法错误
解决方案:
1. 验证配置文件:
$ caddy validate –config /fgeudb/caddy/Caddyfile
2. 检查常见语法错误:
– 花括号不匹配
– 指令拼写错误
– 缩进不正确
– 缺少必要的参数
3. 使用格式化工具:
$ caddy fmt –overwrite /fgeudb/caddy/Caddyfile
4. 查看详细错误:
$ caddy run –config /fgeudb/caddy/Caddyfile
问题4:反向代理超时
解决方案:
1. 增加超时时间:
reverse_proxy 192.168.1.51:8080 {
transport http {
read_timeout 600s
write_timeout 600s
}
}
2. 检查后端服务状态:
$ curl http://192.168.1.51:8080/health
3. 配置健康检查:
reverse_proxy {
to 192.168.1.51:8080
health_path /health
health_interval 10s
}
4. 检查网络连接:
$ telnet 192.168.1.51 8080
Caddy服务管理命令
# systemctl start caddy
或
$ caddy run –config /fgeudb/caddy/Caddyfile
后台运行:
$ caddy start –config /fgeudb/caddy/Caddyfile
停止服务:
# systemctl stop caddy
或
$ caddy stop –config /fgeudb/caddy/Caddyfile
重载配置:
# systemctl reload caddy
或
$ caddy reload –config /fgeudb/caddy/Caddyfile
验证配置:
$ caddy validate –config /fgeudb/caddy/Caddyfile
格式化配置:
$ caddy fmt /fgeudb/caddy/Caddyfile
查看版本:
$ caddy version
查看帮助:
$ caddy help
1. 使用Caddy 2.11.x最新稳定版本;2. 配置systemd服务实现自动重启;3. 使用自动HTTPS功能简化证书管理;4. 配置合理的日志滚动策略;5. 使用反向代理实现负载均衡;6. 配置健康检查确保服务可用性;7. 启用响应压缩减少传输流量;8. 使用API实现动态配置管理;9. 定期更新版本修复安全漏洞;10. 配置监控和告警机制。
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
