1. Caddy概述与环境规划
Caddy是一款现代化的Web服务器,以自动HTTPS著称。它使用Go语言编写,配置简单,自动获取和续期SSL证书,支持HTTP/2和HTTP/3,是Nginx的有力替代品。更多学习教程www.fgedu.net.cn
1.1 Caddy版本说明
Caddy目前主要版本为2.8,本教程以Caddy 2.8为例进行详细讲解。
$ caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYN=
# 查看Caddy环境信息
$ caddy environ
# 输出示例:
caddy.HomeDir=/var/lib/caddy
caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
caddy.DataDir=/var/lib/caddy/.local/share/caddy
caddy.LogsDir=/var/log/caddy
# 验证配置
$ caddy validate –config /etc/caddy/Caddyfile
Valid configuration
1.2 环境规划
本次安装环境规划如下:
IP地址:192.168.1.51
HTTP端口:80
HTTPS端口:443
安装目录:/usr/bin/caddy
配置目录:/etc/caddy
日志目录:/var/log/caddy
数据目录:/var/lib/caddy
网站根目录:/data/caddy/html
Caddy版本:2.8.4
Go版本:1.22
1.3 Caddy核心特性
1. 自动HTTPS:自动获取和续期Let’s Encrypt证书
2. 配置简单:使用Caddyfile配置,语法简洁
3. HTTP/3:原生支持HTTP/3和QUIC
4. 零停机重载:配置更改无需重启
5. 反向代理:支持负载均衡和健康检查
6. 模块化:丰富的插件和模块支持
7. API管理:支持API动态配置
8. 跨平台:支持Linux、Windows、macOS
2. 硬件环境要求与检查
在安装Caddy之前,需要对服务器硬件环境进行全面检查。学习交流加群风哥微信: itpux-com
2.1 最低硬件要求
CPU:1核心
内存:256MB
磁盘:2GB
推荐配置(生产环境):
CPU:2核心以上
内存:2GB以上
磁盘:20GB以上
高并发配置:
CPU:4核心以上
内存:8GB以上
磁盘:50GB以上(SSD)
2.2 系统环境检查
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 (Ootpa)
# 检查内核版本
# uname -r
4.18.0-477.27.1.el8_8.x86_64
# 检查内存信息
# free -h
total used free shared buff/cache available
Mem: 15Gi 1.0Gi 13Gi 256Mi 1.0Gi 14Gi
Swap: 7Gi 0B 7Gi
# 检查磁盘空间
# df -h
文件系统 容量 已用 可用 已用% 挂载点
/dev/mapper/vg_system-lv_root 100G 5.0G 95G 5% /
/dev/mapper/vg_data-lv_data 500G 50G 450G 10% /data
2.3 依赖包检查
# 检查系统库
# ldd /usr/bin/caddy
not a dynamic executable
# 检查SELinux状态
# getenforce
Enforcing
# 临时关闭SELinux(可选)
# setenforce 0
# 永久关闭SELinux(可选)
# vi /etc/selinux/config
SELINUX=disabled
3. Caddy安装步骤
本节详细介绍Caddy 2.8的安装过程。学习交流加群风哥QQ113257174
3.1 创建用户和目录
# groupadd -g 82 caddy
# useradd -u 82 -g caddy -d /var/lib/caddy -s /sbin/nologin -M caddy
# 创建目录
# mkdir -p /etc/caddy
# mkdir -p /var/log/caddy
# mkdir -p /var/lib/caddy/.local/share/caddy
# mkdir -p /data/caddy/{html,ssl}
# 设置目录权限
# chown -R caddy:caddy /var/log/caddy
# chown -R caddy:caddy /var/lib/caddy
# chown -R caddy:caddy /data/caddy
3.2 安装Caddy
# yum install -y yum-utils
# yum-config-manager –add-repo https://dl.cloudsmith.io/public/caddy/stable/rpm/caddy.repo
# 输出示例:
Adding repo from: https://dl.cloudsmith.io/public/caddy/stable/rpm/caddy.repo
# 安装Caddy
# yum install -y caddy
# 输出示例:
Installed:
caddy-2.8.4-1.x86_64
Complete!
# 方法2:下载二进制文件
# cd /usr/local/src
# wget https://github.com/caddyserver/caddy/releases/download/v2.8.4/caddy_2.8.4_linux_amd64.tar.gz
# tar -xzf caddy_2.8.4_linux_amd64.tar.gz
# mv caddy /usr/bin/
# chmod +x /usr/bin/caddy
# 验证安装
$ caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYN=
3.3 创建配置文件
# vi /etc/caddy/Caddyfile
# 基础配置
:80 {
root * /data/caddy/html
file_server browse
log {
output file /var/log/caddy/access.log
}
}
# 验证配置
$ caddy validate –config /etc/caddy/Caddyfile
Valid configuration
# 设置配置文件权限
# chown caddy:caddy /etc/caddy/Caddyfile
# chmod 644 /etc/caddy/Caddyfile
3.4 创建systemd服务
# vi /usr/lib/systemd/system/caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run –environ –config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload –config /etc/caddy/Caddyfile –force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
# 重载systemd
# systemctl daemon-reload
# 启动Caddy
# systemctl start caddy
# 设置开机自启
# systemctl enable caddy
# 检查状态
# systemctl status caddy
# 输出示例:
● caddy.service – Caddy
Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2026-04-04 10:00:00 CST; 1s ago
Main PID: 12345 (caddy)
Tasks: 8 (limit: 49134)
Memory: 20.5M
CGroup: /system.slice/caddy.service
└─12345 /usr/bin/caddy run –environ –config /etc/caddy/Caddyfile
3.5 配置防火墙
# firewall-cmd –permanent –add-service=http
success
# firewall-cmd –permanent –add-service=https
success
# firewall-cmd –reload
success
# 验证安装
$ curl -I http://192.168.1.51
# 输出示例:
HTTP/1.1 200 OK
Server: Caddy
Date: Sat, 04 Apr 2026 02:00:00 GMT
Content-Type: text/html
Content-Length: 0
# 创建测试页面
# echo “Welcome to Caddy on fgedudb01.fgedu.net.cn” > /data/caddy/html/index.html
4. Caddy参数配置
Caddy参数配置使用Caddyfile格式,语法简洁明了。更多学习教程公众号风哥教程itpux_com
4.1 全局配置
# vi /etc/caddy/Caddyfile
{
# 全局配置
admin off
log {
output file /var/log/caddy/caddy.log {
roll_size 100mb
roll_keep 10
}
level INFO
}
# 邮箱(用于Let’s Encrypt证书)
email admin@fgedu.net.cn
# HTTPS配置
acme_ca https://acme-v02.api.letsencrypt.org/directory
# 本地HTTPS(开发环境)
# local_certs
}
# 基础站点
:80 {
root * /data/caddy/html
file_server browse
log {
output file /var/log/caddy/access.log
}
}
# 验证配置
$ caddy validate –config /etc/caddy/Caddyfile
Valid configuration
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
4.2 性能优化配置
# vi /etc/caddy/Caddyfile
{
admin off
# 日志配置
log {
output file /var/log/caddy/caddy.log {
roll_size 100mb
roll_keep 30
}
level WARN
}
email admin@fgedu.net.cn
}
:80 {
root * /data/caddy/html
# 文件服务器
file_server {
browse
precompressed gzip br zstd
}
# 编码压缩
encode gzip zstd
# 模板
templates
# 缓存头
header {
Cache-Control “public, max-age=31536000”
X-Content-Type-Options “nosniff”
X-Frame-Options “SAMEORIGIN”
X-XSS-Protection “1; mode=block”
}
# 日志
log {
output file /var/log/caddy/access.log {
roll_size 50mb
roll_keep 10
}
format json
}
}
5. 网站配置
Caddy支持多种网站配置方式,本节介绍常用的配置方法。from:www.itpux.com
5.1 静态网站配置
# vi /etc/caddy/Caddyfile
www.fgedu.net.cn {
root * /data/caddy/html/fgedu
# 文件服务器
file_server {
browse
precompressed gzip br zstd
}
# 编码压缩
encode gzip zstd
# 日志
log {
output file /var/log/caddy/fgedu_access.log
}
# 自定义错误页面
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
}
# 创建网站目录
# mkdir -p /data/caddy/html/fgedu
# echo “Welcome to www.fgedu.net.cn” > /data/caddy/html/fgedu/index.html
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
5.2 PHP网站配置
# vi /etc/caddy/Caddyfile
php.fgedu.net.cn {
root * /data/caddy/html/php
# PHP-FPM配置
php_fastcgi unix//run/php-fpm/www.sock {
index index.php
}
# 文件服务器
file_server
# 编码压缩
encode gzip zstd
# 日志
log {
output file /var/log/caddy/php_access.log
}
}
# 安装PHP-FPM
# yum install -y php-fpm php-mysqlnd php-gd php-xml php-mbstring
# 启动PHP-FPM
# systemctl start php-fpm
# systemctl enable php-fpm
# 创建PHP测试页面
# echo “” > /data/caddy/html/php/index.php
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
5.3 自动HTTPS配置
# vi /etc/caddy/Caddyfile
{
email admin@fgedu.net.cn
}
# 自动获取Let’s Encrypt证书
www.fgedu.net.cn {
root * /data/caddy/html/fgedu
file_server
}
# 使用自定义证书
secure.fgedu.net.cn {
root * /data/caddy/html/secure
file_server
tls /data/caddy/ssl/secure.crt /data/caddy/ssl/secure.key
}
# 内部测试使用自签名证书
internal.fgedu.net.cn {
root * /data/caddy/html/internal
file_server
tls internal
}
# HTTP重定向到HTTPS
http://fgedu.net.cn {
redir https://www.fgedu.net.cn{uri} permanent
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
# 查看证书状态
$ caddy list-certificates
# 输出示例:
Certificate for www.fgedu.net.cn:
Issuer: Let’s Encrypt
Not Before: 2026-04-04 00:00:00 UTC
Not After: 2026-07-03 00:00:00 UTC
6. 反向代理配置
Caddy支持强大的反向代理功能,本节介绍常用的配置方法。更多学习教程www.fgedu.net.cn
6.1 基本反向代理
# vi /etc/caddy/Caddyfile
api.fgedu.net.cn {
reverse_proxy 192.168.1.51:8080 {
# 健康检查
health_uri /health
health_interval 10s
health_timeout 5s
# 头部设置
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
# 超时设置
transport http {
read_timeout 60s
write_timeout 60s
dial_timeout 10s
}
}
log {
output file /var/log/caddy/api_access.log
}
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
# 测试代理
$ curl https://api.fgedu.net.cn/api/users
6.2 负载均衡配置
# vi /etc/caddy/Caddyfile
lb.fgedu.net.cn {
reverse_proxy {
# 后端服务器
to 192.168.1.51:8080
to 192.168.1.52:8080
to 192.168.1.53:8080
# 负载均衡策略
lb_policy round_robin
# lb_policy least_conn
# lb_policy random
# 健康检查
health_uri /health
health_interval 10s
health_timeout 5s
# 失败重试
fail_duration 30s
max_fails 3
# 头部设置
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
}
log {
output file /var/log/caddy/lb_access.log
}
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
6.3 路径路由配置
# vi /etc/caddy/Caddyfile
app.fgedu.net.cn {
# API路由
handle /api/* {
reverse_proxy 192.168.1.51:8080
}
# 静态资源
handle /static/* {
root * /data/caddy/html/static
file_server
}
# WebSocket代理
handle /ws/* {
reverse_proxy 192.168.1.51:9000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}
# 默认路由
handle {
reverse_proxy 192.168.1.51:3000
}
log {
output file /var/log/caddy/app_access.log
}
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
7. 安全配置
Caddy安全配置是保护Web服务的重要措施,本节介绍常用的安全配置方法。学习交流加群风哥微信: itpux-com
7.1 基本安全配置
# vi /etc/caddy/Caddyfile
secure.fgedu.net.cn {
root * /data/caddy/html/secure
file_server
# 安全头部
header {
# 隐藏服务器信息
-Server
# 安全头部
X-Content-Type-Options “nosniff”
X-Frame-Options “SAMEORIGIN”
X-XSS-Protection “1; mode=block”
Referrer-Policy “strict-origin-when-cross-origin”
Content-Security-Policy “default-src ‘self'”
# HSTS
Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”
}
# 禁止访问敏感文件
@blocked {
path *.git *.svn *.env *.htaccess *.htpasswd
}
respond @blocked “Access Denied” 403
# 速率限制
rate_limit {
zone dynamic {
key {remote_host}
events 100
window 1m
}
}
log {
output file /var/log/caddy/secure_access.log
}
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
7.2 访问控制
# vi /etc/caddy/Caddyfile
admin.fgedu.net.cn {
root * /data/caddy/html/admin
file_server
# IP白名单
@allowed {
remote_ip 192.168.1.0/24 10.0.0.0/8
}
@blocked not remote_ip 192.168.1.0/24 10.0.0.0/8
respond @blocked “Access Denied” 403
# 基本认证
basicauth * {
admin $2a$14$ZkD9hG8XZJYJL3kZvQmVxOxHJYJL3kZvQmVxOxHJYJL3kZvQmVxOxHJYJL3kZvQmV
}
log {
output file /var/log/caddy/admin_access.log
}
}
# 生成密码
$ caddy hash-password –plaintext ‘fgedu123’
# 输出示例:
$2a$14$ZkD9hG8XZJYJL3kZvQmVxOxHJYJL3kZvQmVxOxHJYJL3kZvQmVxOxHJYJL3kZvQmV
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
7.3 CORS配置
# vi /etc/caddy/Caddyfile
cors.fgedu.net.cn {
root * /data/caddy/html/cors
file_server
# CORS头部
@cors_preflight {
method OPTIONS
}
respond @cors_preflight “” 204 {
header Access-Control-Allow-Origin “*”
header Access-Control-Allow-Methods “GET, POST, PUT, DELETE, OPTIONS”
header Access-Control-Allow-Headers “Content-Type, Authorization”
header Access-Control-Max-Age “3600”
}
header {
Access-Control-Allow-Origin “*”
Access-Control-Allow-Methods “GET, POST, PUT, DELETE, OPTIONS”
Access-Control-Allow-Headers “Content-Type, Authorization”
}
log {
output file /var/log/caddy/cors_access.log
}
}
# 重载配置
$ caddy reload –config /etc/caddy/Caddyfile
8. 监控与日志
Caddy提供了完善的监控和日志功能,本节介绍常用的监控配置方法。更多学习教程公众号风哥教程itpux_com
8.1 Prometheus监控
# vi /etc/caddy/Caddyfile
{
admin 0.0.0.0:2019
}
:80 {
root * /data/caddy/html
file_server
}
# 访问管理API
$ curl http://192.168.1.51:2019/config/
# 输出示例:
{
“apps”: {
“http”: {
“servers”: {
“srv0”: {
“listen”: [“:80″]
}
}
}
}
}
# 访问Prometheus指标
$ curl http://192.168.1.51:2019/metrics
# 输出示例:
# HELP caddy_http_requests_total Total HTTP requests
# TYPE caddy_http_requests_total counter
caddy_http_requests_total{server=”srv0″,handler=”file_server”} 1000
# 配置Prometheus采集
# vi /etc/prometheus/prometheus.yml
scrape_configs:
– job_name: ‘caddy’
static_configs:
– targets: [‘192.168.1.51:2019’]
8.2 日志配置
# vi /etc/caddy/Caddyfile
www.fgedu.net.cn {
root * /data/caddy/html/fgedu
file_server
# JSON格式日志
log {
output file /var/log/caddy/fgedu_access.log {
roll_size 50mb
roll_keep 30
roll_keep_for 720h
}
format json {
time_format rfc3339
}
}
}
# 查看日志
$ tail -f /var/log/caddy/fgedu_access.log
# 输出示例:
{“level”:”info”,”ts”:1712205600,”logger”:”http.log.access”,”msg”:”handled request”,”request”:{“remote_ip”:”192.168.1.100″,”method”:”GET”,”uri”:”/”},”status”:200,”size”:615}
# 日志轮转配置
# vi /etc/logrotate.d/caddy
/var/log/caddy/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 0640 caddy caddy
postrotate
systemctl reload caddy > /dev/null 2>&1 || true
endscript
}
8.3 健康检查
# vi /etc/caddy/Caddyfile
:80 {
root * /data/caddy/html
# 健康检查
handle /health {
respond “OK” 200
}
file_server
}
# 测试健康检查
$ curl http://192.168.1.51/health
# 输出示例:
OK
# 使用管理API检查状态
$ curl http://192.168.1.51:2019/reverse_proxy/upstreams
# 输出示例:
[
{
“address”: “192.168.1.51:8080”,
“healthy”: true,
“requests”: 1000
}
]
9. 升级与迁移
Caddy升级和迁移是运维工作中的重要环节,需要仔细规划和执行。from:www.itpux.com
9.1 版本升级
$ caddy version
v2.7.6 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYN=
# 备份配置
# cp /etc/caddy/Caddyfile /etc/caddy/Caddyfile.bak
# 升级Caddy
# yum update caddy
# 输出示例:
Upgraded:
caddy-2.8.4-1.x86_64
Complete!
# 验证版本
$ caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYN=
# 验证配置
$ caddy validate –config /etc/caddy/Caddyfile
Valid configuration
# 重启服务
# systemctl restart caddy
9.2 配置迁移
# tar -czf caddy_backup_$(date +%Y%m%d).tar.gz /etc/caddy /var/log/caddy /var/lib/caddy
# 迁移到新服务器
# scp caddy_backup_*.tar.gz root@newserver:/backup/
# 在新服务器解压
# tar -xzf caddy_backup_*.tar.gz -C /
# 验证配置
$ caddy validate –config /etc/caddy/Caddyfile
Valid configuration
# 启动服务
# systemctl start caddy
# 检查证书
$ caddy list-certificates
10. 生产环境实战案例
本节提供一个完整的生产环境配置案例,帮助读者更好地理解Caddy的实际应用。更多学习教程www.fgedu.net.cn
10.1 生产环境完整配置
# vi /etc/caddy/Caddyfile
{
admin 0.0.0.0:2019
email admin@fgedu.net.cn
log {
output file /var/log/caddy/caddy.log {
roll_size 100mb
roll_keep 30
}
level WARN
}
}
# 主站点
www.fgedu.net.cn {
root * /data/caddy/html/fgedu
encode gzip zstd
file_server {
browse
precompressed gzip br zstd
}
header {
-Server
X-Content-Type-Options “nosniff”
X-Frame-Options “SAMEORIGIN”
Strict-Transport-Security “max-age=31536000”
}
log {
output file /var/log/caddy/fgedu_access.log {
roll_size 50mb
roll_keep 10
}
format json
}
}
# API网关
api.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:8080
to 192.168.1.52:8080
to 192.168.1.53:8080
lb_policy round_robin
health_uri /health
health_interval 10s
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
}
log {
output file /var/log/caddy/api_access.log
format json
}
}
# HTTP重定向
fgedu.net.cn {
redir https://www.fgedu.net.cn{uri} permanent
}
10.2 高可用负载均衡
# vi /etc/caddy/Caddyfile
lb.fgedu.net.cn {
reverse_proxy {
to 192.168.1.51:80 weight=3
to 192.168.1.52:80 weight=2
to 192.168.1.53:80 weight=1
lb_policy weighted_round_robin
health_uri /health
health_interval 10s
health_timeout 5s
fail_duration 30s
max_fails 3
unhealthy_status 500 502 503 504
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
log {
output file /var/log/caddy/lb_access.log
format json
}
}
10.3 性能调优实战
# vi /etc/sysctl.d/99-caddy.conf
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
fs.file-max = 2097152
# 使配置生效
# sysctl -p /etc/sysctl.d/99-caddy.conf
# 用户限制
# vi /etc/security/limits.d/caddy.conf
caddy soft nofile 65535
caddy hard nofile 65535
# 压力测试
$ ab -n 100000 -c 1000 https://www.fgedu.net.cn/
# 输出示例:
Server Software: Caddy
Server Hostname: www.fgedu.net.cn
Server Port: 443
Concurrency Level: 1000
Time taken for tests: 10.000 seconds
Complete requests: 100000
Failed requests: 0
Requests per second: 10000.00 [#/sec] (mean)
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
