传说安全性相对其他会好一些,搭建的同时做个记录.
yum install wget lrzsz vim tar -y
安装目录解压到常用的 /usr/local
wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gz
tar -zxvf go1.19.4.linux-amd64.tar.gz -C /usr/local
设置 GOROOT 和 GOPATH
# 编译位置 vim /etc/profile
export GOROOT=/usr/local/go
export GOPATH=/data/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
让配置生效 : source /etc/profile
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
# 开个快捷到执行目录
ln -s /usr/local/go/gopath/bin/xcaddy /usr/bin/xcaddy
xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive --with github.com/porech/caddy-maxmind-geolocation
等待几分钟当前目录会出现 caddy 文件,移动到执行目录
mv caddy /usr/bin/
# 查看caddy版本
caddy version
# 设置允许监听1024以下端口
setcap cap_net_bind_service=+ep /usr/bin/caddy
mkdir /etc/caddy
touch /etc/caddy/Caddyfile
写入如下内容,这里做了复合站点配置 。按实际情况修改名字和域名等.
:443 example1.com {
tls yourname@qq.com
route {
forward_proxy {
basic_auth username password
hide_ip
hide_via
probe_resistance
}
reverse_proxy https://cloudreve.org {
header_up Host {upstream_hostport}
}
}
}
example2.com {
redir https://baidu.com
}
example3.com {
tls yourname@qq.com
file_server {
root /var/www/html
}
}
测试配置文件是否正确
/usr/bin/caddy run --config /etc/caddy/Caddyfile
新建文件 : vim /etc/systemd/system/caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=root
Group=root
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
设置自启动等
systemctl daemon-reload # 重新加载配置文件
systemctl enable caddy # 设置启动
systemctl start caddy # 启动
平时操作命令
systemctl reload caddy
systemctl restart caddy
systemctl stop caddy
sudo sysctl -w net.ipv4.tcp_congestion_control=bbr
sudo sysctl -w net.ipv4.tcp_slow_start_after_idle=0
sudo sysctl -w net.ipv4.tcp_notsent_lowat=16384
需要重启 reboot
{
"listen": "socks://127.0.0.1:1080",
"concurrency":"2",
"proxy": "https://user:password@example.com"
}
备注: