Caddy 反代内网 http https
一 、Caddy 反代内网 http
1
2
3
4
5
6
7
8
9
10
11
| mkdir -pm 755 /usr/local/caddy/conf.d && touch /usr/local/caddy/conf.d/xunlei.conf && chmod u+x /usr/local/caddy/conf.d/xunlei.conf && cat > /usr/local/caddy/conf.d/xunlei.conf <<'EOF'
https://xunlei.meimolihan.eu.org:6663 {
encode gzip
tls ssl/full_chain.pem ssl/private.key
reverse_proxy http://10.10.10.245:2345 {
header_up Host {http.reverse_proxy.upstream.hostport}
}
}
EOF
cd /usr/local/caddy && ./caddy fmt --overwrite && ./caddy reload
|
二 、Caddy 反代内网 https
测试网址:https://pve.meimolihan.eu.org:6663
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| mkdir -pm 755 /usr/local/caddy/conf.d && touch /usr/local/caddy/conf.d/pve.conf && chmod u+x /usr/local/caddy/conf.d/pve.conf && cat > /usr/local/caddy/conf.d/pve.conf <<'EOF'
https://pve.meimolihan.eu.org:6663 {
encode gzip
tls /usr/local/caddy/ssl/full_chain.pem /usr/local/caddy/ssl/private.key
reverse_proxy https://10.10.10.254:8006 {
transport http {
tls_insecure_skip_verify
}
}
handle_errors {
rewrite * /50x.html
root * /var/www/html
file_server
}
}
EOF
cd /usr/local/caddy && ./caddy fmt --overwrite && ./caddy reload
|
三 、Caddy 官方的办法(失败)
1
2
3
4
5
6
7
8
9
10
11
| mkdir -pm 755 /usr/local/caddy/conf.d && touch /usr/local/caddy/conf.d/pve.conf && chmod u+x /usr/local/caddy/conf.d/pve.conf && cat > /usr/local/caddy/conf.d/pve.conf <<'EOF'
https://pve.meimolihan.eu.org:6663 {
encode gzip
tls /usr/local/caddy/ssl/full_chain.pem /usr/local/caddy/ssl/private.key
reverse_proxy https://10.10.10.254:8006 {
header_up Host {upstream_hostport}
}
}
EOF
cd /usr/local/caddy && ./caddy fmt --overwrite && ./caddy reload
|
官方解释HTTPS
由于(大多数)标头在代理时保留其原始值,因此在代理到 HTTPS 时通常需要Host使用配置的上游地址覆盖标头,以便Host标头与 TLS ServerName 值匹配:
默认情况下X-Forwarded-Host仍会传递标头,因此如果上游需要知道原始标头值,则可能仍会使用该标头。Host
1
2
3
| reverse_proxy https:
header_up Host {upstream_hostport}
}
|
