如何在Ubuntu 18.04上使用Caddy托管网站

介绍 (Introduction)

Caddy is a web server designed around simplicity and security that comes with a number of features that are useful for hosting websites. For example, it can automatically obtain and manage TLS certificates from Let’s Encrypt to enable HTTPS, and includes support for HTTP/2. HTTPS is a system for securing traffic between your users and your server, and is quickly becoming a basic expectation of any website running in production — without it, Chrome and Firefox will warn that your website is “Not Secure” if users try to submit login information.

Caddy是一款基于简单性和安全性而设计的Web服务器，具有许多可用于托管网站的功能。 例如，它可以从Let's Encrypt自动获取和管理TLS证书以启用HTTPS，并包括对HTTP / 2的支持。 HTTPS是一种用于保护用户与服务器之间的流量的系统，并且正Swift成为生产环境中运行的任何网站的基本要求-如果没有HTTPS，Chrome和Firefox将警告用户如果您尝试提交登录名，则您的网站“不安全”信息。

Previously, the recommended method for installing Caddy was to download pre-built binaries from the Caddy project website. However, changes in how Caddy’s licensing works means that you’re no longer allowed to use these pre-built binaries for commercial purposes unless you pay a license fee, even if you’re just using Caddy internally within a business. Luckily, the Caddy source code is still fully open-source and you can build Caddy yourself to avoid running into licensing issues.

以前，推荐的安装Caddy的方法是从Caddy项目网站下载预构建的二进制文件。 但是，Caddy许可工作方式的变化意味着，除非您支付许可费，否则就不再允许将这些预制的二进制文件用于商业目的，即使您只是在企业内部使用Caddy也不例外。 幸运的是，Caddy源代码仍然是完全开源的，您可以自己构建Caddy以避免遇到许可问题。

In this tutorial, you’ll build Caddy from source and use it to host a website secured with HTTPS. This entails compiling it, configuring it using a Caddyfile and installing plugins. In the end, you’ll learn how to upgrade your installation when a new version is released.

在本教程中，您将从源代码构建Caddy，并将其用于托管使用HTTPS保护的网站。 这需要对其进行编译，使用Caddyfile对其进行配置并安装插件。 最后，您将学习在发布新版本时如何升级安装。

先决条件 (Prerequisites)

• An Ubuntu 18.04 server with root privileges, and a secondary, non-root account. You can set this up by following our Initial Server Setup Guide for Ubuntu 18.04. For this tutorial the non-root user is sammy.

  具有root用户特权的Ubuntu 18.04服务器和一个非root用户辅助帐户。 您可以按照我们的Ubuntu 18.04初始服务器安装指南进行设置 。 在本教程中，非root用户是sammy 。

• A fully registered domain name. This tutorial will use your_domain throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.

  完全注册的域名。 本教程将整个使用your_domain 。 你可以购买一个域名Namecheap ，免费获得一个在Freenom ，或使用你选择的域名注册商。

• An A DNS record with your_domain pointing to your server’s public IP address. You can follow this introduction to DigitalOcean DNS for details on how to add them.

  一个DNS记录，其中your_domain指向服务器的公共IP地址。 您可以按照DigitalOcean DNS简介进行操作，以获取有关如何添加它们的详细信息。

• The Go language toolchain installed on your server. Follow our guide on How To Install Go and Set Up a Local Programming Environment on Ubuntu 18.04 to set up Go. You don’t need to create any example projects.

  服务器上安装的Go语言工具链。 请遵循我们的有关如何在Ubuntu 18.04上安装Go并设置本地编程环境的指南来设置Go。 您无需创建任何示例项目。

• A personal access token (API key) with read and write permissions for your DigitalOcean account. Visit How to Create a Personal Access Token to create one.

  具有对DigitalOcean帐户的读写权限的个人访问令牌(API密钥)。 访问如何创建个人访问令牌以创建一个。

第1步-建立球童 (Step 1 — Building Caddy)

In this step, you’ll build Caddy from source with the ability to later add plugins, all without changing Caddy’s source code.

在此步骤中，您将从源代码构建Caddy，并具有以后添加插件的能力，而无需更改Caddy的源代码。

For the purposes of this tutorial, you’ll store the source code under ~/caddy. Create that directory by running the following command:

就本教程而言，您会将源代码存储在~/caddy 。 通过运行以下命令来创建该目录：

Navigate to it:

导航到它：

You’ll store the source code for running and customizing Caddy in a file named caddy.go. Create it using the following command:

您会将用于运行和自定义Caddy的源代码存储在名为caddy.go的文件中。 使用以下命令创建它：

Add the following lines:

添加以下行：

package main

import (
    "github.com/caddyserver/caddy/caddy/caddymain"
)

func main() {
    // caddymain.EnableTelemetry = false
    caddymain.Run()
}

This code imports Caddy directly from Github (using Git) and starts it from the entrance main function. If you wish to enable telemetry, uncomment the caddymain.EnableTelemetry line and set the value to true. When you are done, save and close the file.

该代码直接从Github导入Caddy(使用Git)，并从入口main函数启动它。 如果要启用遥测，请取消注释caddymain.EnableTelemetry行并将其值设置为true 。 完成后，保存并关闭文件。

For caddy.go to be able to use the imported dependencies, you’ll need to initialize it as a module:

为了使caddy.go能够使用导入的依赖项，您需要将其初始化为模块：

   
   

    
    Output
   
   
go: creating new go.mod: module caddy

At this point, you’re all set to build the stock version of Caddy from the above source code by running:

至此，您都可以通过运行以下代码从上述源代码构建Caddy的普通版：

There will be a lot of output, detailing what libraries Go downloaded as dependencies necessary for compiling. The resulting executable is stored under $GOPATH/bin, as explained in the prerequisites.

将有很多输出，详细说明了哪些库要下载作为编译所需的依赖项。 如前提条件中所述，生成的可执行文件存储在$GOPATH/bin下。

When it finishes, try running Caddy:

完成后，请尝试运行Caddy：

You’ll see output similar to the following:

您将看到类似于以下内容的输出：

   
   

    
    Output
   
   
Activating privacy features... done.

Serving HTTP on port 2015
http://:2015

WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with `ulimit -n 8192`.

This means that Caddy started successfully, and is available on the 2015 port. You can ignore the warning message, because that limit will be adjusted in later steps without your intervention. To exit, press CTRL + C.

这意味着Caddy已成功启动，并且可在2015端口上使用。 您可以忽略警告消息，因为该限制将在以后的步骤中进行调整，而无需您进行干预。 要退出，请按CTRL + C

You have now built and executed Caddy. In the next step, you’ll install Caddy as a service so that it starts automatically at boot, and then adjust its ownership and permissions settings to ensure the server’s security.

您现在已经构建并执行了Caddy。 在下一步中，您将安装Caddy作为服务，以便它在启动时自动启动，然后调整其所有权和权限设置以确保服务器的安全性。

第2步-安装球童 (Step 2 — Installing Caddy)

Now that you’ve verified you’re able to build and run Caddy, it’s time to configure a systemd service so that Caddy can be launched automatically on system startup. To understand more about systemd, visit our Systemd Essentials tutorial.

既然您已经确认可以构建和运行Caddy，那么现在该配置systemd服务了，以便在系统启动时自动启动Caddy。 要了解有关systemd的更多信息，请访问我们的Systemd Essentials教程 。

To begin, move the Caddy binary to /usr/local/bin, the standard location for binaries that are not managed by Ubuntu’s package manager and aren’t key to system operation:

首先，将Caddy二进制文件移至/usr/local/bin ，这是不受Ubuntu软件包管理器管理且不是系统操作关键的二进制文件的标准位置：

Next, change ownership of the Caddy binary over to the root user:

接下来，将Caddy二进制文件的所有权更改为root用户：

This will prevent other accounts from modifying the executable. However, even while the root user will own Caddy, it’s advised to execute it only using other, non-root accounts present on the system. This makes sure that in the event of Caddy (or another program) being compromised, the attacker won’t be able to modify the binary, or execute commands as root.

这将防止其他帐户修改可执行文件。 但是，即使root用户将拥有Caddy，也建议仅使用系统上存在的其他非root用户帐户执行Caddy。 这样可以确保在Caddy(或其他程序)遭到破坏的情况下，攻击者将无法修改二进制文件或以root用户身份执行命令。

Next, set the binary file’s permissions to 755 — this gives root full read/write/execute permissions for the file, while other users will only be able to read and execute it:

接下来，将二进制文件的权限设置为755这将为root用户提供对该文件的完全读取/写入/执行权限，而其他用户将只能读取和执行该文件：

Since the Caddy process will not be running as root, Linux will prevent it from binding to ports 80 and 443 (the standard ports for HTTP and HTTPS, respectively), as these are privileged operations. In order to be easily accessible at your domain, Caddy needs to be bound to one of these ports, depending on the protocol. Otherwise, you would need to add a specific port number to the domain URL in your browser to view the content it will serve.

由于Caddy进程不会以root身份运行，因此Linux将阻止它绑定到端口80和443 (分别是HTTP和HTTPS的标准端口)，因为这些是特权操作。 为了在您的域中轻松访问，根据协议，Caddy必须绑定到这些端口之一。 否则，您需要在浏览器中的域URL中添加一个特定的端口号，以查看它将提供的内容。

To allow Caddy to bind to low ports without running as root, run the following command:

要允许Caddy绑定到低端端口而不以root用户身份运行，请运行以下命令：

The setcap utility sets file capabilities. In this command it assigns the CAP_NET_BIND_SERVICE capability to the Caddy binary, which allows an executable to bind to a port lower than 1024.

setcap实用程序设置文件功能。 在此命令中，它将CAP_NET_BIND_SERVICE功能分配给Caddy二进制文件，从而允许可执行文件绑定到低于1024的端口。

You have now finished setting up the Caddy binary, and are ready to start writing Caddy configuration. Create a directory where you’ll store Caddy’s configuration files by running the following command:

现在，您已经完成了Caddy二进制文件的设置，并准备开始编写Caddy配置。 通过运行以下命令，创建一个目录，用于存储Caddy的配置文件：

Then, set the correct user and group permissions for it:

然后，为其设置正确的用户和组权限：

Setting the user as root and the group as www-data ensures that Caddy will have read and write access to the folder (via the www-data group) and that only the superuser account will have the same rights to read and modify. www-data is the default user and group for web servers on Ubuntu.

将用户设置为root并将组设置为www-data可以确保Caddy将拥有对文件夹的读取和写入访问权限(通过www-data组)，并且只有超级用户帐户才具有相同的读取和修改权限。 www-data是Ubuntu上Web服务器的默认用户和组。

In a later step, you’ll enable automatic TLS certificate provisioning from Let’s Encrypt. In preparation for that, make a directory to store any TLS certificates that Caddy will obtain and give it the same ownership rules as the /etc/caddy directory:

在随后的步骤中，您将通过Let's Encrypt启用自动TLS证书设置。 为此，请创建一个目录来存储Caddy将获得的所有TLS证书，并为其赋予与/etc/caddy目录相同的所有权规则：

Caddy must be able to write certificates to this directory and read from it in order to encrypt requests. For this reason, modify the permissions for the /etc/ssl/caddy directory so that it’s only accessible by root and www-data:

Caddy必须能够将证书写入此目录并从中读取以便加密请求。 因此，请修改/etc/ssl/caddy目录的权限，以便只能由root和www-data访问 ：

Next, create a directory to store the files that Caddy will host:

接下来，创建一个目录来存储Caddy将托管的文件：

Then, set the directory’s owner and group to www-data:

然后，将目录的所有者和组设置为www-data ：

Caddy reads its configuration from a file called Caddyfile, stored under /etc/caddy. Create the file on disk by running:

Caddy从存储在/etc/caddy下的名为Caddyfile的文件中读取其配置。 通过运行以下命令在磁盘上创建文件：

To install the Caddy service, download the systemd unit file from the Caddy Github repository to /etc/systemd/system by running:

要安装Caddy服务，请通过运行以下命令从Caddy Github存储库中将systemd单元文件下载到/etc/systemd/system ：

Modify the service file’s permissions so it can only be modified by its owner, root:

修改服务文件的权限，以便只能由其所有者root修改：

Then, reload systemd to detect the Caddy service:

然后，重新加载systemd以检测Caddy服务：

Check whether systemd has detected the Caddy service by running systemctl status:

通过运行systemctl status检查systemd是否已检测到Caddy服务：

You’ll see output similar to:

您将看到类似于以下内容的输出：

   
   

    
    Output
   
   
● caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: e
   Active: inactive (dead)
     Docs: https://caddyserver.com/docs

If you see this same output, then the new service was correctly detected by systemd.

如果看到相同的输出，则说明systemd正确检测到新服务。

As part of the initial server setup prerequisite, you enabled ufw, the uncomplicated firewall, and allowed SSH connections. For Caddy to be able to serve HTTP and HTTPS traffic from your server, you’ll need to allow them in ufw by running the following command:

作为初始服务器设置先决条件的一部分，您启用了ufw ，简单的防火墙并允许SSH连接。 为了使Caddy能够从您的服务器提供HTTP和HTTPS流量，您需要通过运行以下命令在ufw允许它们：

The output will be:

输出将是：

   
   

    
    Output
   
   
Rule added
Rule added (v6)

Use ufw status to check whether your changes worked:

使用ufw status检查您的更改是否有效：

You’ll see the following output:

您将看到以下输出：

   
   

    
    Output
   
   
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80,443/tcp                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80,443/tcp (v6)            ALLOW       Anywhere (v6)

Your installation of Caddy is now complete, but it isn’t configured to serve anything. In the next step, you’ll configure Caddy to serve files from the /var/www directory.

Caddy的安装现已完成，但未配置为可提供任何服务。 在下一步中，您将配置Caddy以提供/var/www目录中的文件。

第3步-配置球童 (Step 3 — Configuring Caddy)

In this section, you’ll write basic Caddy configuration for serving static files from your server.

在本节中，您将编写基本的Caddy配置，用于从服务器提供静态文件。

Start by creating a basic HTML file in /var/www, called index.html:

首先在/var/www创建一个基本HTML文件，称为index.html ：

Add the following lines:

添加以下行：

<!DOCTYPE html>
<html>
<head>
  <title>Hello from Caddy!</title>
</head>
<body>
  <h1 style="font-family: sans-serif">This page is being served via Caddy</h1>
</body>
</html>

When shown in a web browser, this file will display a heading with the text This page is being served via Caddy. Save and close the file.

当在网络浏览器中显示时，此文件将显示带有文本的标题， 该页面通过Caddy提供 。 保存并关闭文件。

Open the Caddyfile configuration file you created earlier for editing:

打开您先前创建的Caddyfile配置文件以进行编辑：

Add the following lines:

添加以下行：

:80 {
  root /var/www
  gzip
}

This is a basic Caddy config, and declares that the port 80 of your server should be served with files from /var/www and compressed using gzip to reduce page loading times on the client side.

这是一个基本的Caddy配置，它声明服务器的端口80应该与/var/www文件一起使用，并使用gzip压缩以减少客户端上的页面加载时间。

In a majority of cases, Caddy allows you to further customize the config directives. For instance, you can limit gzip compression to only HTML and PHP files and set the compression level to 6 (1 being the lowest and 9 being the highest) by extending the directive with curly braces and listing sub-directives underneath:

在大多数情况下，Caddy允许您进一步自定义config指令。 例如，您可以将gzip压缩限制为仅HTML和PHP文件，并通过使用花括号扩展指令并在下面列出子指令来将压缩级别设置为6(最低为1，最高为9)：

:80 {
  root /var/www
  gzip {
      ext .html .htm .php
      level 6
  }
}

When you are done, save and close the file.

完成后，保存并关闭文件。

Caddy has a huge number of different directives for many use cases. For example, the fastcgi directive could be useful for enabling PHP. The markdown directive could be used to automatically convert Markdown files to HTML before serving them, which could be useful for creating a simple blog.

对于许多用例，Caddy有大量不同的指令。 例如， fastcgi指令对于启用PHP可能很有用。 markdown指令可用于在将Markdown文件提供服务之前自动将Markdown文件转换为HTML，这对于创建简单的博客很有用。

To test that everything is working correctly, start the Caddy service:

要测试一切正常，请启动Caddy服务：

Next, run systemctl status to find information about the status of the Caddy service:

接下来，运行systemctl status以查找有关Caddy服务状态的信息：

You’ll see the following:

您会看到以下内容：

   
   

    
    Output
   
   
● caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-03-12 11:17:49 UTC; 11s ago
     Docs: https://caddyserver.com/docs
 Main PID: 3893 (caddy)
    Tasks: 7 (limit: 1152)
   CGroup: /system.slice/caddy.service
           └─3893 /usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp

Mar 12 11:17:49 caddy-article-update systemd[1]: Started Caddy HTTP/2 web server.
Mar 12 11:17:49 caddy-article-update caddy[3893]: [INFO] Caddy version: v1.0.5
Mar 12 11:17:49 caddy-article-update caddy[3893]: Activating privacy features... done.
Mar 12 11:17:49 caddy-article-update caddy[3893]: Serving HTTP on port 80
Mar 12 11:17:49 caddy-article-update caddy[3893]: http://
Mar 12 11:17:49 caddy-article-update caddy[3893]: [INFO] Serving http://
Mar 12 11:17:49 caddy-article-update caddy[3893]: [INFO][cache:0xc00007a7d0] Started certificate maintenance routine
Mar 12 11:17:49 caddy-article-update caddy[3893]: [WARNING] Sending telemetry (attempt 1): Post "https://telemetry.caddyserver.com/v1/update/6a8159c4-3427-42
Mar 12 11:17:57 caddy-article-update caddy[3893]: [WARNING] Sending telemetry (attempt 2): Post "https://telemetry.caddyserver.com/v1/update/6a8159c4-3427-42
...

You can now browse to your server’s IP in a web browser. Your sample web page will display:

现在，您可以在Web浏览器中浏览到服务器的IP。 您的示例网页将显示：

You have now configured Caddy to serve static files from your server. In the next step, you’ll extend Caddy’s functionality through the use of plugins.

现在，您已将Caddy配置为从服务器提供静态文件。 在下一步中，您将通过使用插件扩展Caddy的功能。

第4步-使用插件 (Step 4 — Using Plugins)

Plugins offer a way of changing and extending Caddy’s behavior. Generally, they offer more config directives for you to use, according to your use case. In this section, you’ll add and use plugins by installing the minify plugin, which removes excess whitespace and tidies up the code that will be sent to the client, further reducing footprint and loading times.

插件提供了一种更改和扩展Caddy行为的方式。 通常，它们会根据您的用例提供更多的配置指令供您使用。 在本节中，您将通过安装minify插件来添加和使用插件，该插件将删除多余的空格并整理将发送给客户端的代码，从而进一步减少占用空间和加载时间。

The minify plugin’s GitHub repository is hacdias/caddy-minify.

该minify插件的GitHub的仓库是hacdias /球童-缩小 。

Navigate to the directory with the source code you created in step one:

导航到您在第一步中创建的源代码的目录：

To add a plugin to Caddy, you’ll need to import it in the caddy.go file you used to build Caddy. Open caddy.go for editing:

要将插件添加到Caddy，您需要将其导入用于构建Caddy的caddy.go文件中。 打开caddy.go进行编辑：

Import the minify plugin by adding the highlighted line, like so:

通过添加突出显示的行来导入minify插件，如下所示：

package main

import (
    "github.com/caddyserver/caddy/caddy/caddymain"

    _ "github.com/hacdias/caddy-minify"
)

func main() {
    // caddymain.EnableTelemetry = false
    caddymain.Run()
}

Save and close the file.

保存并关闭文件。

Some plugins may require some slight configuration tweaks, so be sure to read the documentation for whatever ones you install. You can find a list of popular plugins in the left pane of the Caddy documentation, under Plugins.

有些插件可能需要一些细微的配置调整，因此请务必阅读文档以了解安装的所有插件。 您可以在Caddy文档的左窗格中的Plugins下找到流行的插件列表。

Any time you add a new plugin, you have to rebuild Caddy. This is because Go is a compiled programming language, meaning the source code is transformed into machine code before execution. Your change to the import declaration has altered the source code, but won’t affect the binary until it’s compiled.

每当您添加新插件时，都必须重建Caddy。 这是因为Go是一种编译的编程语言，这意味着在执行之前将源代码转换为机器代码。 您对import声明的更改已更改了源代码，但在编译之前不会影响二进制文件。

Use the go install command to compile Caddy:

使用go install命令编译Caddy：

When it finishes, move the generated binary to /usr/local/bin and set up permissions for the binary like you did previously. You must take these steps every time you rebuild Caddy to ensure its functionality and security:

完成后，将生成的二进制文件移动到/usr/local/bin并像以前一样为二进制文件设置权限。 每次重建Caddy时，都必须执行以下步骤以确保其功能和安全性：

To start using the minify plugin, you’ll need to add the minify directive to your Caddyfile. Open it for editing:

要开始使用minify的插件，您需要将添加minify指令您Caddyfile 。 打开它进行编辑：

Enable the plugin by adding the following line to the configuration block:

通过将以下行添加到配置块来启用插件：

:80 {
  root /var/www
  gzip
  minify
}

Now, restart your server using systemctl:

现在，使用systemctl重新启动服务器：

Caddy is now running and will minify any files that it serves, including the index.html file you created earlier. You can observe the ‘minification’ at work by fetching the contents of your domain using curl:

Caddy现在正在运行，并将最小化它提供的所有文件，包括您之前创建的index.html文件。 您可以通过使用curl获取域的内容来观察工作中的“最小化”：

You’ll see the following output. Notice that all unnecessary whitespace has been removed, showing that the minify plugin is working.

您将看到以下输出。 请注意，所有不必要的空格都已删除，这表明minify插件正在工作。

   
   

    
    Output
   
   
<!doctype html><title>Hello from Caddy!</title><h1 style=font-family:sans-serif>This page is being served via Caddy</h1>

In this step, you learned how to extend Caddy with plugins. Next, you’ll enable HTTPS by installing the tls.dns.digitalocean plugin.

在这一步中，您学习了如何使用插件扩展Caddy。 接下来，您将通过安装tls.dns.digitalocean插件来启用HTTPS。

第5步-使用“让我们加密”启用自动TLS (Step 5 — Enabling Automatic TLS with Let’s Encrypt)

In this section, you’ll enable automatic Let’s Encrypt certificate provisioning and renewal, using TXT DNS records for verification.

在本部分中，您将使用TXT DNS记录进行验证来启用自动的Let's Encrypt证书配置和续订。

To verify using TXT DNS records, you’ll install a plugin for interfacing with the DigitalOcean API, called tls.dns.digitalocean. The procedure for installing it is almost identical to how you installed the minify plugin in the previous step. To begin, open caddy.go:

要使用TXT DNS记录进行验证，您将安装用于与DigitalOcean API接口的插件tls.dns.digitalocean 。 安装它的过程与上一步中安装minify插件的过程几乎相同。 首先，打开caddy.go ：

Add the plugin’s repository to imports:

将插件的存储库添加到导入中：

package main

import (
    "github.com/caddyserver/caddy/caddy/caddymain"

    _ "github.com/hacdias/caddy-minify"

    _ "github.com/caddyserver/dnsproviders/digitalocean"
)

func main() {
    // caddymain.EnableTelemetry = false
    caddymain.Run()
}

Compile it by running:

通过运行以下命令进行编译：

Ensure Caddy is stopped via systemctl, then finish installing the plugin by copying the newly built Caddy binary and once more setting its ownership and permissions:

确保通过systemctl停止了Caddy，然后通过复制新建的Caddy二进制文件并再次设置其所有权和权限来完成插件的安装：

Next, configure Caddy to work with DigitalOcean’s API to set DNS records. Caddy needs to access this token as an environment variable to configure DigitalOcean’s DNS, so you’ll edit its systemd unit file:

接下来，将Caddy配置为与DigitalOcean的API一起使用以设置DNS记录。 Caddy需要访问此令牌作为环境变量来配置DigitalOcean的DNS，因此您将编辑其systemd单位文件：

Find the line beginning with Environment= in the [Service] section. This line defines the environment variables that should be passed to the Caddy process. Add a space at the end of this line, then add a DO_AUTH_TOKEN variable, followed by the token you just generated:

在[Service]部分中找到以Environment=开头的行。 该行定义了应该传递给Caddy进程的环境变量。 在此行的末尾添加一个空格，然后添加一个DO_AUTH_TOKEN变量，后跟刚刚生成的令牌：

[Service]
Restart=on-abnormal

; User and group the process will run as.
User=www-data
Group=www-data

; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy DO_AUTH_TOKEN=your_token_here

Save and close this file, then reload the systemd daemon as you did earlier to ensure the configuration is updated:

保存并关闭此文件，然后像之前一样重新加载systemd守护程序，以确保配置已更新：

Run systemctl status to check that your configuration changes were OK:

运行systemctl status来检查您的配置更改是否正确：

The output should look like this:

输出应如下所示：

   
   

    
    Output
   
   
● caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: https://caddyserver.com/docs
...

You’ll need to make a couple of slight changes to your Caddyfile, so open it up for editing:

您需要对Caddyfile进行一些小的更改，因此请打开它进行编辑：

Add the highlighted lines to the Caddyfile, making sure to replace your_domain with your domain (instead of just the port :80) and commenting gzip:

将突出显示的行添加到Caddyfile ，确保用您的域(而不是port :80 )替换your_domain并注释gzip ：

your_domain {
  root /var/www
  #gzip
  minify
  tls {
      dns digitalocean
  }
}

Using a domain rather than just a port for the hostname will cause Caddy to serve requests over HTTPS. The tls directive configures Caddy’s behavior when using TLS, and the dns subdirective specifies that Caddy should use the DNS-01 system, rather than HTTP-01.

使用域而不是主机名仅使用端口将导致Caddy通过HTTPS服务请求。 tls指令配置使用TLS时Caddy的行为，并且dns子伪指令指定Caddy应该使用DNS-01系统，而不是HTTP-01 。

With this, your website is ready to be deployed. Start Caddy with systemctl and then enable it, so it runs on boot:

这样，您的网站就可以部署了。 使用systemctl启动Caddy，然后enable它，使其在启动时运行：

If you browse to your domain, you’ll automatically be redirected to HTTPS, with the same message shown.

如果浏览到您的域，您将自动重定向到HTTPS，并显示相同的消息。

Your installation of Caddy is now complete and secured, and you can further customize according to your use case.

Caddy的安装现已完成并受到保护，您可以根据用例进一步自定义。

If you want to update Caddy when a new version comes out, you’ll need to update the go.mod file (stored in the same directory), which looks like this:

如果要在发布新版本时更新Caddy，则需要更新go.mod文件(存储在同一目录中)，该文件如下所示：

module caddy

go 1.14

require (
        github.com/caddyserver/caddy v1.0.5
        github.com/caddyserver/dnsproviders v0.4.0
        github.com/hacdias/caddy-minify v1.0.2
)

The highlighted part is the version of Caddy you are using. When a new version is released on Github (see the release tags page), you can replace the existing one in go.mod with it and compile Caddy according to the first two steps. You can do the same for all imported plugins.

突出显示的部分是您使用的Caddy版本。 在Github上发布新版本时(请参见发行标签页 )，您可以用go.mod替换现有go.mod ，并根据前两个步骤编译Caddy。 您可以对所有导入的插件执行相同的操作。

结论 (Conclusion)

You now have Caddy installed and configured on your server, serving static pages at your desired domain, secured with free Let’s Encrypt TLS certificates.

现在，您已经在服务器上安装并配置了Caddy，可以在所需域中提供静态页面，并使用免费的Let's Encrypt TLS证书进行保护。

A good next step would be to find a way of being notified when new versions of Caddy are released. For example, you could use the Atom feed for Caddy releases, or a dedicated service such as dependencies.io.

下一步不错的办法是找到一种方式，以便在发布新版本的Caddy时得到通知。 例如，您可以将Atom提要用于Caddy版本 ，或专用服务(例如dependencies.io) 。

You can explore Caddy’s documentation for more information on configuring Caddy.

您可以浏览Caddy的文档以获取有关配置Caddy的更多信息。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-host-a-website-with-caddy-on-ubuntu-18-04