Caddy 部署静态网站 🌐

🚀 快速搭建高性能静态网站,支持HTTPS自动加密和现代化功能

📖 目录导航

📦 Caddy 安装与配置

🐧 Ubuntu 系统安装

1. 创建目录结构

1
2
3
# 创建Caddy主目录和SSL证书目录
sudo mkdir -p /usr/local/caddy/ssl
cd /usr/local/caddy

2. 下载Caddy服务器

推荐方法:使用官方脚本安装

1
2
3
4
5
6
7
8
9
10
# 使用官方安装脚本
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

# 或者手动下载特定版本(包含WebDAV插件)
wget "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddyserver%2Freplace-response&p=github.com%2Fcaddyserver%2Fwebdav" -O caddy
sudo chmod +x caddy

3. 验证安装

1
2
3
4
5
6
7
8
# 检查Caddy版本
caddy version

# 查看已安装的插件
caddy list-modules

# 检查Caddy运行状态
sudo systemctl status caddy

4. 创建系统服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 创建systemd服务文件
sudo tee /etc/systemd/system/caddy.service <<'EOF'
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=www-data
Group=www-data
ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

# 重新加载systemd配置
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy

🌐 域名静态站点部署

📁 创建网站目录结构

1
2
3
4
5
6
7
8
# 创建网站根目录
sudo mkdir -p /var/www/html/web
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

# 创建日志目录
sudo mkdir -p /var/log/caddy
sudo chown -R www-data:www-data /var/log/caddy

🎨 创建示例静态页面

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# 创建精美的首页
sudo tee /var/www/html/web/index.html <<'EOF'
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>🎯 墨不凡 - 静态网站示例</title>
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }
        
        body {
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            min-height: 100vh;
            display: flex;
            justify-content: center;
            align-items: center;
            color: #333;
        }
        
        .container {
            background: rgba(255, 255, 255, 0.95);
            padding: 3rem;
            border-radius: 15px;
            box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
            text-align: center;
            max-width: 600px;
            width: 90%;
            backdrop-filter: blur(10px);
        }
        
        h1 {
            color: #4a5568;
            margin-bottom: 1.5rem;
            font-size: 2.5rem;
        }
        
        .path-info {
            background: #f7fafc;
            padding: 1.5rem;
            border-radius: 8px;
            margin: 2rem 0;
            border-left: 4px solid #4299e1;
            font-family: 'Courier New', monospace;
            word-break: break-all;
        }
        
        .features {
            display: grid;
            grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
            gap: 1rem;
            margin: 2rem 0;
        }
        
        .feature {
            background: #ebf8ff;
            padding: 1rem;
            border-radius: 8px;
            font-size: 0.9rem;
        }
        
        .emoji {
            font-size: 2rem;
            margin-bottom: 0.5rem;
        }
    </style>
</head>
<body>
    <div class="container">
        <h1>🚀 欢迎访问静态网站</h1>
        
        <div class="path-info">
            <strong>📁 网站路径:</strong><br>
            /var/www/html/web/index.html
        </div>
        
        <div class="features">
            <div class="feature">
                <div class="emoji">⚡</div>
                <div>高性能</div>
            </div>
            <div class="feature">
                <div class="emoji">🔒</div>
                <div>HTTPS加密</div>
            </div>
            <div class="feature">
                <div class="emoji">📱</div>
                <div>响应式设计</div>
            </div>
            <div class="feature">
                <div class="emoji">🎨</div>
                <div>现代界面</div>
            </div>
        </div>
        
        <p>✨ 由 <strong>Caddy Server</strong> 提供支持</p>
    </div>
</body>
</html>
EOF

🔧 配置Caddy域名站点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# 创建Caddy配置目录
sudo mkdir -p /etc/caddy/conf.d

# 创建域名站点配置
sudo tee /etc/caddy/conf.d/jingtai.conf <<'EOF'
# 🎯 静态网站配置 - 带域名HTTPS
jingtai.meimolihan.eu.org:6663 {
    # 启用Gzip压缩
    encode gzip zstd
    
    # SSL证书配置(Caddy支持自动SSL)
    tls {
        ciphers TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        curves x25519 secp521r1 secp384r1
        alpn http/1.1 h2
    }
    
    # 设置网站根目录
    root * /var/www/html/web
    
    # 启用文件服务器和目录浏览
    file_server browse
    
    # 安全头部
    header {
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
        X-XSS-Protection "1; mode=block"
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        Referrer-Policy "strict-origin-when-cross-origin"
        Permissions-Policy "geolocation=(), microphone=(), camera=()"
    }
    
    # 日志配置
    log {
        output file /var/log/caddy/jingtai.access.log {
            roll_size 100MB
            roll_keep 10
            roll_keep_for 2160h
        }
        format json
    }
    
    # 错误处理
    handle_errors {
        @404 {
            expression {http.error.status_code} == 404
        }
        rewrite @404 /404.html
        file_server
    }
}
EOF

🔄 应用配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 创建主Caddyfile
sudo tee /etc/caddy/Caddyfile <<'EOF'
# 全局配置
{
    # 管理接口(可选)
    admin off
    
    # 自动HTTPS
    auto_https disable_redirects
    
    # 日志
    log {
        level INFO
    }
}

# 导入各个站点配置
import conf.d/*.conf
EOF

# 格式化配置文件
sudo caddy fmt --overwrite /etc/caddy/Caddyfile

# 重新加载Caddy配置
sudo systemctl reload caddy

# 检查配置语法
sudo caddy validate --config /etc/caddy/Caddyfile

🏠 内网静态站点部署

📂 创建内网站点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# 创建内网测试页面
sudo tee /var/www/html/web/internal.html <<'EOF'
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <title>🏠 内网测试页面</title>
    <style>
        body { font-family: Arial, sans-serif; margin: 40px; background: #f0f4f8; }
        .container { max-width: 800px; margin: 0 auto; background: white; padding: 20px; border-radius: 10px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
        h1 { color: #2c5282; }
        .info { background: #ebf8ff; padding: 15px; border-radius: 5px; margin: 15px 0; }
    </style>
</head>
<body>
    <div class="container">
        <h1>🏠 内网静态网站测试</h1>
        <div class="info">
            <strong>📍 访问地址:</strong> http://10.10.10.247:9300<br>
            <strong>📁 文件路径:</strong> /var/www/html/web/internal.html
        </div>
        <p>这是一个内网测试页面,仅在内网环境中可访问。</p>
    </div>
</body>
</html>
EOF

🔧 配置内网站点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# 创建内网站点配置
sudo tee /etc/caddy/conf.d/internal.conf <<'EOF'
# 🏠 内网静态网站配置
:9300 {
    # 启用Gzip压缩
    encode gzip
    
    # 设置网站根目录
    root * /var/www/html/web
    
    # 启用文件服务器
    file_server
    
    # 默认页面配置
    try_files {path} /internal.html
    
    # 内网访问限制
    @blocked {
        not remote_ip 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
    }
    respond @blocked 403 "Forbidden"
    
    # 安全头部
    header {
        X-Content-Type-Options nosniff
        X-Frame-Options DENY
    }
}
EOF

🚀 启动内网服务

1
2
3
4
5
6
7
8
9
10
11
# 重新加载配置
sudo systemctl reload caddy

# 检查服务状态
sudo systemctl status caddy

# 测试内网访问
curl -I http://10.10.10.247:9300

# 查看监听端口
sudo ss -tuln | grep 9300

🔧 高级配置技巧

🔄 多站点配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# 创建多个站点配置
sudo tee /etc/caddy/conf.d/multiple.conf <<'EOF'
# 站点1 - 主站点
site1.example.com {
    root * /var/www/site1
    file_server
    encode gzip
}

# 站点2 - 博客
blog.example.com {
    root * /var/www/blog
    file_server
    encode gzip
    
    # 重写规则
    try_files {path} /index.html
}

# 站点3 - API
api.example.com {
    reverse_proxy /api/* localhost:3000
    
    # 限制请求大小
    request_body {
        max_size 10MB
    }
}
EOF

🌐 虚拟主机配置

1
2
3
4
5
6
7
8
9
10
11
12
13
# 多个域名指向同一个网站
sudo tee /etc/caddy/conf.d/vhost.conf <<'EOF'
# 🌐 虚拟主机配置
site1.example.com, site2.example.com, www.site1.example.com {
    root * /var/www/html/sites
    file_server
    encode gzip
    
    # 重定向到主域名
    @primary host site1.example.com
    redir @primary https://site1.example.com{uri} permanent
}
EOF

📊 日志配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 详细日志配置
sudo tee /etc/caddy/conf.d/logging.conf <<'EOF'
# 📊 高级日志配置
:2015 {
    log {
        output file /var/log/caddy/access.log {
            roll_size 100MB
            roll_keep 10
            roll_keep_for 720h
        }
        format json {
            time_format "2006-01-02T15:04:05Z07:00"
        }
    }
}
EOF

⚡ 性能优化

🚀 启用HTTP/3

1
2
3
4
5
6
7
8
# 在全局配置中添加
{
    servers {
        protocol {
            experimental_http3
        }
    }
}

📦 静态资源缓存

1
2
3
4
5
6
7
8
9
10
11
12
13
# 添加缓存配置
@static {
    path *.css *.js *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
}

header @static Cache-Control "public, max-age=31536000, immutable"

# 压缩配置
encode {
    gzip
    zstd
    min_length 256
}

🔄 负载均衡配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 多服务器负载均衡
reverse_proxy /api/* {
    to server1:8080 server2:8080 server3:8080
    lb_policy round_robin
    health_check /health
    health_interval 30s
    health_timeout 5s
    
    # 保持连接
    transport http {
        keepalive 30s
        keepalive_interval 10s
        keepalive_idle_conns 100
    }
}

🔒 安全加固

🛡️ 安全头部

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# 增强安全头部
header {
    # 防止MIME类型混淆
    X-Content-Type-Options "nosniff"
    
    # 防止点击劫持
    X-Frame-Options "DENY"
    
    # XSS保护
    X-XSS-Protection "1; mode=block"
    
    # HSTS
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    
    # 引用策略
    Referrer-Policy "strict-origin-when-cross-origin"
    
    # 权限策略
    Permissions-Policy "geolocation=(), microphone=(), camera=()"
    
    # 内容安全策略
    Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.example.com; style-src 'self' 'unsafe-inline' https://cdn.example.com; img-src 'self' data: https:;"
}

🔐 访问控制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# IP访问限制
@blocked {
    not remote_ip 192.168.1.0/24 10.10.10.0/24
}

respond @blocked 403 "Forbidden"

# 基本认证
basicauth /admin/* {
    admin $2y$10$AbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUv
}

# 速率限制
@rate_limit {
    remote_ip 192.168.1.0/24
}
limit_rate @rate_limit 100k

🐛 故障排除

🔍 常见问题解决

  1. 端口被占用

    1
    2
    3
    4
    5
    # 检查端口占用
    sudo netstat -tulnp | grep :6663

    # 终止占用进程
    sudo fuser -k 6663/tcp

  2. 权限问题

    1
    2
    3
    4
    5
    6
    7
    8
    9
    # 修复文件权限
    sudo chown -R www-data:www-data /var/www/html
    sudo chmod -R 755 /var/www/html

    # 检查SELinux状态
    getenforce

    # 临时禁用SELinux(如需)
    sudo setenforce 0

  3. 配置错误

    1
    2
    3
    4
    5
    # 检查配置语法
    sudo caddy validate --config /etc/caddy/Caddyfile

    # 查看详细错误
    sudo caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

📋 日志检查

1
2
3
4
5
6
7
8
9
10
11
# 查看Caddy日志
sudo journalctl -u caddy -f

# 查看访问日志
sudo tail -f /var/log/caddy/access.log

# 实时监控错误
sudo tail -f /var/log/caddy/*.log | grep -i error

# 查看系统资源使用
sudo top -p $(pgrep caddy)

💡 实用技巧

🎯 一键部署脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
# 🚀 Caddy静态网站一键部署脚本

set -e

echo "开始部署静态网站..."

# 安装Caddy
echo "安装Caddy..."
sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

# 创建网站目录
echo "创建网站目录..."
sudo mkdir -p /var/www/html/web
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

# 创建示例页面
echo "创建示例页面..."
sudo tee /var/www/html/web/index.html <<'HTML'
<!DOCTYPE html>
<html>
<head>
    <title>Welcome</title>
    <style>body{font-family:Arial,sans-serif;margin:40px;text-align:center}</style>
</head>
<body>
    <h1>🚀 网站部署成功!</h1>
    <p>你的静态网站已经成功部署</p>
</body>
</html>
HTML

# 创建Caddy配置
echo "创建Caddy配置..."
sudo mkdir -p /etc/caddy/conf.d
sudo tee /etc/caddy/Caddyfile <<'EOF'
{
    admin off
    auto_https disable_redirects
}

:80 {
    root * /var/www/html/web
    file_server
    encode gzip
}
EOF

# 启动服务
echo "启动Caddy服务..."
sudo systemctl enable caddy
sudo systemctl start caddy

echo "✅ 部署完成! 网站已启动"

🔄 自动更新证书

1
2
3
4
5
6
7
8
# 使用Caddy内置的自动SSL
# Caddy会自动处理证书的获取和续期

# 手动续期检查
sudo caddy renew

# 查看证书状态
sudo caddy validate

📊 监控状态

1
2
3
4
5
6
7
8
9
10
11
# 查看Caddy状态
sudo systemctl status caddy

# 查看活动连接
sudo ss -tulpn | grep caddy

# 查看资源使用
sudo ps aux | grep caddy

# 监控访问日志
sudo tail -f /var/log/caddy/access.log | jq '.'

💡 专业提示: Caddy的自动HTTPS功能让它成为部署静态网站的绝佳选择。对于生产环境,建议使用完整的Caddyfile配置,并定期检查日志以确保服务稳定运行。