-
Notifications
You must be signed in to change notification settings - Fork 480
求助Xray(M+F+H+K+G+B+A)+Caddy(N)的caddy json怎么加入反代端口的内容 #242
Answered
by
lxhao61
idavailable
asked this question in
Q&A
-
佬您好,我是用的是Xray(M+F+H+K+G+B+A)+Caddy(N),由于客户端限制以及地区限制,我只能使用reality,现在我想加一个功能,需要反代端口,它的caddyfile是这样的
怎么改写它加入caddy那个json里面,谢谢。
example.com {
reverse_proxy 127.0.0.1:8011 {
header_up Host {upstream_hostport}
header_up X-Real-IP {remote.host}
header_up X-Forwarded-For {remote.host}
header_up X-Forwarded-Port {port}
header_up X-Forwarded-Proto {scheme}
header_up Accept-Encoding identity
}
}
json如下
Beta Was this translation helpful? Give feedback.
All reactions
Answered by
lxhao61
May 18, 2025
我猜想如下共用 443 端口配置应完美满足你的需求:
{
"admin": {
"disabled": true, //禁用 admin API。(选配)
"config": {
"persist": false
}
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/error.log" //错误日志的文件地址
},
"encoder": {
"format": "console"
},
"level": "ERROR",
"exclude": ["http.log.access.log0"] //启用访问日志需要的配置,否则必须删除。
},
"log0": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/access.log" //访问日志的文件地址
},
"encoder": {
"format": "console"
},
"include": ["http.log.acc...Replies: 5 comments
-
佬您好,我是用的是Xray(M+F+H+K+G+B+A)+Caddy(N),由于客户端限制以及地区限制,我只能使用reality,现在我想加一个功能,需要反代端口,它的caddyfile是这样的 怎么改写它加入caddy那个json里面,谢谢。
example.com { reverse_proxy 127.0.0.1:8011 { header_up Host {upstream_hostport} header_up X-Real-IP {remote.host} header_up X-Forwarded-For {remote.host} header_up X-Forwarded-Port {port} header_up X-Forwarded-Proto {scheme} header_up Accept-Encoding identity } }json如下
不明白你到底想实现什么,你可使用 /usr/local/bin/caddy adapt --config /usr/local/etc/Caddyfile --pretty (路径根据实际调整)命令把 Caddyfile 配置转化为 JSON 配置后自己折腾。
Beta Was this translation helpful? Give feedback.
All reactions
0 replies
-
从你提供的有限及矛盾信息,不明白你为什么选择最复杂实例实现你需求?
客户端限制以及地区限制(只能使用 REALITY),参考 M、K 及 Xray(M+K) 示例即可,简单方便。
Beta Was this translation helpful? Give feedback.
All reactions
0 replies
-
感谢佬的回复!以前用复杂的是希望能一🐟多吃,但是xhttp+reality mihomo不支持,vmess+httpupgrade时常断流,ss+grpc ,naive很快被杀,然后配置就成了上面的那个样子。后来我发现了siteproxy想自己搭建一个,这样手机上就不用任何代理,直接浏览器访问了。siteproxy作者只给了nginx的,我在网上搜索了caddy版本的,但是他只有caddyfile那种的,所以就有了以上的需求。看看能不能小改一下。我按照上面的方法转换了caddyfile,在各个地方都插入试了一下。没搞定。算了。还是用caddyfile简单配置 加reality无域名吧再次感谢佬的指导
Beta Was this translation helpful? Give feedback.
All reactions
0 replies
-
我猜想如下共用 443 端口配置应完美满足你的需求:
{
"admin": {
"disabled": true, //禁用 admin API。(选配)
"config": {
"persist": false
}
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/error.log" //错误日志的文件地址
},
"encoder": {
"format": "console"
},
"level": "ERROR",
"exclude": ["http.log.access.log0"] //启用访问日志需要的配置,否则必须删除。
},
"log0": {
"writer": {
"output": "file",
"filename": "/var/log/caddy/access.log" //访问日志的文件地址
},
"encoder": {
"format": "console"
},
"include": ["http.log.access.log0"]
} //访问日志的输出配置。(选配)
}
},
"storage": {
"module": "file_system",
"root": "/caddy" //存放 TLS 证书的基本路径
},
"apps": {
"layer4": {
"servers": {
"tcpsni": {
"listen": [":443"],
"routes": [{
"match": [{
"tls": {
"sni": ["zz.example.com"] //VLESS+Vision+REALITY 所偷证书的网站域名(白名单域名),修改为自己的。
}
}],
"handle": [{
"handler": "proxy",
"proxy_protocol": "v1", //开启 PROXY protocol 发送。v1 或 v2 表示 PROXY protocol 版本。
"upstreams": [{
"dial": ["127.0.0.1:5443"] //转给 VLESS+Vision+REALITY 本地监听端口
}]
}]
},
{
"match": [{
"tls": {}
}],
"handle": [{
"handler": "proxy",
"proxy_protocol": "v2", //开启 PROXY protocol 发送。v1 或 v2 表示 PROXY protocol 版本。
"upstreams": [{
"dial": ["127.0.0.1:8443"] //转给 HTTP/3 server 本地监听端口
}]
}]
}]
},
"udppy": {
"listen": ["udp/:443"],
"routes": [{
"handle": [{
"handler": "proxy",
"upstreams": [{
"dial": ["udp/127.0.0.1:8443"] //转给 HTTP/3 server 本地监听端口
}]
}]
}]
} //定向 UDP 转发配置
}
},
"http": {
"servers": {
"srvh1": {
"listen": [":80"],
"routes": [{
"handle": [{
"handler": "static_response",
"headers": {
"Location": ["https://{http.request.host}{http.request.uri}"] //HTTP 自动跳转 HTTPS,让网站看起来更真实。
},
"status_code": 301
}]
}],
"protocols": ["h1"] //仅开启 HTTP/1.1 server 支持
},
"srvh3": {
"listen": ["127.0.0.1:8443"], //HTTP/3 server 本地监听端口
"listener_wrappers": [{
"wrapper": "proxy_protocol", //开启 PROXY protocol 接收
"allow": ["127.0.0.1/32"]
},
{
"wrapper": "tls" //HTTP/3 server 开启 PROXY protocol 接收必须配置
}],
"routes": [{
"match": [{
"host": ["sy.example.com"] //siteproxy 应用域名,修改为自己的。
}],
"handle": [{
"handler": "reverse_proxy",
"upstreams": [{
"dial": "127.0.0.1:8011" //转发给本机 siteproxy 监听端口
}],
"headers": {
"request": {
"set": {
"Host": ["{http.reverse_proxy.upstream.hostport}"],
"X-Real-IP": ["{http.request.remote.host}"],
"X-Forwarded-Port": ["{http.request.port}"],
"Accept-Encoding": ["identity"]
}
}
}
}]
},
{
"match": [{
"path": ["/VLSpdG9k/*"] //与 VLESS+XHTTP 应用中 path 对应
}],
"handle": [{
"handler": "reverse_proxy",
"transport": {
"protocol": "http",
"versions": ["h2c","2"]
},
"upstreams": [{
"dial": "127.0.0.1:2023" //转发给本机 VLESS+XHTTP 监听端口
}]
}]
},
{
"match": [{
"header": {
"Upgrade": ["websocket"]
},
"path": ["/AhttpZ9k"] //与 VMess+HTTPUpgrade 应用中 path 对应
}],
"handle": [{
"handler": "reverse_proxy",
"upstreams": [{
"dial": "127.0.0.1:2021" //转发给本机 VMess+HTTPUpgrade 监听端口
}]
}]
},
{
"handle": [{
"handler": "headers",
"response": {
"set": {
"Alt-Svc": ["h3=\":443\"; ma=2592000"], //通告 HTTP/3 server 的可用性。(代理了 UDP 443 端口才需要配置)
"Strict-Transport-Security": ["max-age=31536000; includeSubDomains; preload"] //启用 HSTS
}
}
},
{
"handler": "file_server",
"root": "/var/www/html" //修改为自己存放的 WEB 文件路径
}]
}],
"tls_connection_policies": [{
"match": {
"sni": ["sy.example.com","cdn.example.com"] //限定域名连接(包括禁止以 IP 方式访问网站),修改为自己的域名。
},
"cipher_suites": ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"],
"alpn": ["h3","h2","http/1.1"]
}],
"trusted_proxies": {
"source": "cloudflare",
"interval": "12h",
"timeout": "15s"
}, //配置可信任 Cloudflare IPs,实现使用 Cloudflare CDN 后也能获取到客户端真实 IP。若使用非 Cloudflare CDN,需自己调整配置。
"logs": {
"logs": {
"default_logger_name": "log0"
}, //访问日志的启用配置。(选配)
"protocols": ["h1","h2","h3"] //默认配置。(可省略)
}
}
},
"tls": {
"certificates": {
"automate": ["sy.example.com","cdn.example.com"] //自动化管理 TLS 证书(包括获取与更新证书)。修改为自己的域名。
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"ca": "https://acme.zerossl.com/v2/DV90", //此项配置表示从 ZeroSSL 申请免费 TLS 证书,删除此项配置(默认)表示从 Let's Encrypt 申请免费 TLS 证书。
"email": "your@email.com" //修改为自己的电子邮箱。(选配)
}]
}]
}
}
}
}
//备注:
//1、zz.example.com 为所偷证书的网站域名,不需自备。
//2、sy.example.com 为 siteproxy 应用域名,需自备。
//3、cdn.example.com 为 CDN 流量中转域名,需自备。
Beta Was this translation helpful? Give feedback.
All reactions
0 replies
Answer selected by
idavailable
-
非常感谢大佬的回复,我完全照抄了上面的配置,一切都运行的非常好。太神奇了!这就是专业,大佬的古道热肠更是让人佩服的五体投地
Beta Was this translation helpful? Give feedback.
All reactions
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment