flyzy博客
我选择使用 caddy 来自动续期证书, 丢掉烦人的 acme.sh
安装 Caddy
Arch Linux
# xcaddy 在 aur 源 yay -Sy caddy xcaddy-bin go复制代码
其他发行版
go 安装: https://go.dev/doc/install
Caddy 安装: https://caddyserver.com/docs/install
xCaddy安装: https://github.com/caddyserver/xcaddy
编译 Caddy
Caddy 默认的 Proxy 无法对回落的流量进行 SNI 分流
# caddy 编译 xcaddy build –with github.com/mastercactapus/caddy2-proxyprotocol # 可以先看看运行的是哪个caddy systemctl cat caddy # 替换原版 caddy mv caddy /usr/bin/caddy # 查看是否编译成功 caddy list-modules # 结尾几行 ……. Standard modules: 100 caddy.listeners.proxy_protocol Non-standard modules: 1 Unknown modules: 0复制代码
配置 Caddy
Caddyfile 一般默认路径 /etc/caddy/Caddyfile
{ servers :8080 { listener_wrappers { proxy_protocol { timeout 2s allow 0.0.0.0/0 } tls } protocols h1 h2 h2c h3 } } :80 { redir https://{host}{url} } import /etc/caddy/conf.d/*复制代码
在 /etc/caddy/conf.d 中任意起一个文件
# vim /etc/caddy/conf.d/example.com http://example.com:8080 { reverse_proxy https://bing.com { header_up Host {upstream_hostport} transport http { tls } } } example.com:8443 { reverse_proxy https://bing.com { header_up Host {upstream_hostport} transport http { tls } } }复制代码
Caddy 启动前请确认 /etc/hosts 不为空
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6复制代码
# 启动 Caddy systemctl start caddy # 开机启动 systemctl enable caddy复制代码
查看 /var/lib/caddy/certificates 下是否有证书, 保存你证书的完整路径
# 查看路径 ls /var/lib/caddy/certificates # 例子 /var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt /var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key复制代码
配置 Xray
Archlinux
# 安装 Xray pacman -Sy xray复制代码
其他发行版: https://github.com/XTLS/Xray-install
修改 systemd 配置
# 查看路径 systemctl cat xray # 修改配置 vim /usr/lib/systemd/system/xray.service # 修改用户组 [Service] User=xray # 修改后 [Service] User=caddy # 重载 systemd systemctl daemon-reload复制代码
修改 xray 配置 /etc/xray/config.json, 脚本安装用户路径 (状态: 待补充)
{ “log”: { “loglevel”: “debug” }, “routing”: { “domainStrategy”: “IPIfNonMatch”, “rules”: [ { “type”: “field”, “domain”: [ “geosite:category-ads-all” ], “outboundTag”: “block” }, { “type”: “field”, “domain”: [ “geosite:google” ], “outboundTag”: “direct” }, { “type”: “field”, “ip”: [ “geoip:cn” ], “outboundTag”: “block” } ] }, “inbounds”: [ { “listen”: “0.0.0.0”, “port”: 443, “protocol”: “vless”, “settings”: { “clients”: [ { “id”: “4ee9ae2b-fad5-4083-a036-b7e44bbc09f0”, “flow”: “xtls-rprx-vision” } ], “decryption”: “none”, “fallbacks”: [ { “dest”: “8080”, “xver”: 1 } ] }, “streamSettings”: { “network”: “tcp”, “security”: “tls”, “tlsSettings”: { “rejectUnknownSni”: true, “minVersion”: “1.3”, “certificates”: [ { “certificateFile”: “/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt”, “keyFile”: “/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key” } ] } }, “sniffing”: { “enabled”: true, “destOverride”: [ “http”, “tls” ] } } ], “outbounds”: [ { “protocol”: “freedom”, “tag”: “direct” }, { “protocol”: “blackhole”, “tag”: “block” } ], “policy”: { “levels”: { “0”: { “handshake”: 2, “connIdle”: 120 } } } }复制代码
启动 Xray
# 启动 systemctl start xray # 开启基地 systemctl enable xray复制代码
参考资料
https://xtls.github.io/document/level-1/fallbacks-with-sni.html#caddy-%E9%85%8D%E7%BD%AE
原创文章, 如需转载请注明出处
https://qiedd.com/1819.html
青海省网友说:太复杂了,直接vmess+tcp,反正都一样被识别
海南省网友说:技术贴,收藏了
湖北省网友说:教程很好,不过对不是计算机专业,也没有从事相关行业的人可能有点难。期待大佬写个 一键复制粘贴,然后选序号 按回车,就行的那种脚本。
山西省网友说:有没有一键脚本啊
我懒啊
辽宁省网友说:期待大佬写个 一键复制粘贴,然后选序号 按回车,就行的那种脚本。
湖北省网友说:太长不看
贵州省网友说:顶,支持百花齐放
