Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

由Caddy做SNI分流,REALITY(别人的网站) 和自建网站共存配置问题探讨。 #222

Answered by lxhao61
JKSTAFF asked this question in Q&A
Discussion options

我根据Xray(E+F+H+G+B+A)+Caddy(N)的模板修改了一个reality指向itunes(xray在5443口),同时服务器上还挂着一个网址是sub.mydomain.com的站(服务在8080口)。脱敏的全配置如下:

{
	"admin": {
		"disabled": true
	},
	"logging": {
		"logs": {
			"default": {
				"writer": {
					"filename": "/etc/caddy/error.log",
					"output": "file"
				},
				"encoder": {"format": "console"},
				"level": "error",
				"exclude": ["http.log.access.log0"]
			},
			"log0": {
				"writer": {
					"filename": "/etc/caddy/access.log",
					"output": "file"
				},
				"encoder": {
					"format": "transform",
					"template": "{common_log}"
				},
				"include": ["http.log.access.log0"]
			}
		}
	},
	"apps": {
		"layer4": {
 "servers": {
 "sni": {
 "listen": [":443"],
 "routes": [{
 "match": [{"tls": {"sni": ["itunes.apple.com"]}}],
 "handle": [{
 "handler": "proxy",
 "upstreams": [{"dial": ["127.0.0.1:5443"]}],
 "proxy_protocol": "v2"
 }]
 }]
 }
 }
 },
		"http": {
			"https_port": 443,
			"servers": {
				"srv0": {
					"listen": [":443"],
					"routes": [{
						"match": [{"host": ["*.mydomain.com"]}],
						"handle": [{
							"handler": "subroute",
							"routes": [
								{
									"handle": [{
										"encodings": {"gzip": {},"zstd": {}},
										"handler": "encode",
										"prefer": ["gzip","zstd"]
									}]
								},
								{
									"handle": [{
										"handler": "subroute",
										"routes": [
											{
												"handle": [{
													"handler": "reverse_proxy",
													"upstreams": [{"dial": "127.0.0.1:8080"}]
												}]
											}
										]
									}],
									"match": [{"host": ["sub.mydomain.com"]}]
								}
							]
						}],
						"terminal": true
					}],
					"logs": {"logger_names": {"*.mydomain.com": ["log0"]}}
				}
			}
		},
		"tls": {
			"automation": {
				"policies": [{
					"subjects": ["*.mydomain.com"],
					"issuers": [
						{
							"challenges": {
								"dns": {
									"provider": {
										"api_token": "my_api_token",
										"name": "cloudflare"
									}
								},
								"tls-alpn": {"alternate_port": 443}
							},
							"email": "my@email.com",
							"module": "acme"
						},
						{
							"ca": "https://acme.zerossl.com/v2/DV90",
							"challenges": {
								"dns": {
									"provider": {
										"api_token": "my_api_token",
										"name": "cloudflare"
									}
								},
								"tls-alpn": {"alternate_port": 443}
							},
							"email": "my@email.com",
							"module": "acme"
						}
					]
				}]
			}
		}
	}
}

搓出来的确能跑,通配符正常拿到手,梯子也是通的,但是网站时不时会加载不出来部分元素导致显示异常。请求指教该配置是否存在问题如何调整?
You must be logged in to vote

你参考对象弄错了!你应该以Xray(M+F+H+K+G+B+A)+Caddy(N) 示例进行修改,REALITY 所需证书改为别人的网站提供,通步修改 SNI 分流,其它应用删除仅保你需要的即可。

Replies: 1 comment 2 replies

Comment options

你参考对象弄错了!你应该以Xray(M+F+H+K+G+B+A)+Caddy(N) 示例进行修改,REALITY 所需证书改为别人的网站提供,通步修改 SNI 分流,其它应用删除仅保你需要的即可。
You must be logged in to vote
2 replies
Comment options

上面的实验性配置就是修改自Xray(E+F+H+G+B+A)+Caddy(N)。我未能在其中找到将 REALITY 所需证书改为外部网站提供 的样例,同时我也需要为服务器上的自建站保留自己的证书。您可以再多给一些提示吗。
Comment options

晕,以 Xray(M+F+H+K+G+B+A)+Caddy(N) 示例修改!Xray 配置中 8443 端口及域名等改为别人的网站域名,具体参考对应单一示例。 另外 SNI 分流配置中对应 REALITY 域名改为别人的网站域名。
Answer selected by lxhao61
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants

AltStyle によって変換されたページ (->オリジナル) /