114 lines
3.4 KiB
Caddyfile
114 lines
3.4 KiB
Caddyfile
|
# 修改为你的域名
|
|||
|
|
api.sub2api.com {
|
|||
|
|
# =========================================================================
|
|||
|
|
# 静态资源长期缓存(高优先级,放在最前面)
|
|||
|
|
# 带 hash 的文件可以永久缓存,浏览器和 CDN 都会缓存
|
|||
|
|
# =========================================================================
|
|||
|
|
@static {
|
|||
|
|
path /assets/*
|
|||
|
|
path /logo.png
|
|||
|
|
path /favicon.ico
|
|||
|
|
}
|
|||
|
|
header @static {
|
|||
|
|
Cache-Control "public, max-age=31536000, immutable"
|
|||
|
|
# 移除可能干扰缓存的头
|
|||
|
|
-Pragma
|
|||
|
|
-Expires
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# TLS 安全配置
|
|||
|
|
# =========================================================================
|
|||
|
|
tls {
|
|||
|
|
# 仅使用 TLS 1.2 和 1.3
|
|||
|
|
protocols tls1.2 tls1.3
|
|||
|
|
|
|||
|
|
# 优先使用的加密套件
|
|||
|
|
ciphers TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# 反向代理配置
|
|||
|
|
# =========================================================================
|
|||
|
|
reverse_proxy localhost:8080 {
|
|||
|
|
# 健康检查
|
|||
|
|
health_uri /health
|
|||
|
|
health_interval 30s
|
|||
|
|
health_timeout 10s
|
|||
|
|
health_status 200
|
|||
|
|
|
|||
|
|
# 负载均衡策略(单节点可忽略,多节点时有用)
|
|||
|
|
lb_policy round_robin
|
|||
|
|
lb_try_duration 5s
|
|||
|
|
lb_try_interval 250ms
|
|||
|
|
|
|||
|
|
# 传递真实客户端信息
|
|||
|
|
# 兼容 Cloudflare 和直连:后端应优先读取 CF-Connecting-IP,其次 X-Real-IP
|
|||
|
|
header_up X-Real-IP {remote_host}
|
|||
|
|
header_up X-Forwarded-For {remote_host}
|
|||
|
|
header_up X-Forwarded-Proto {scheme}
|
|||
|
|
header_up X-Forwarded-Host {host}
|
|||
|
|
# 保留 Cloudflare 原始头(如果存在)
|
|||
|
|
# 后端获取 IP 的优先级建议: CF-Connecting-IP → X-Real-IP → X-Forwarded-For
|
|||
|
|
header_up CF-Connecting-IP {http.request.header.CF-Connecting-IP}
|
|||
|
|
|
|||
|
|
# 连接池优化
|
|||
|
|
transport http {
|
|||
|
|
keepalive 120s
|
|||
|
|
keepalive_idle_conns 256
|
|||
|
|
read_buffer 16KB
|
|||
|
|
write_buffer 16KB
|
|||
|
|
compression off
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# 故障转移
|
|||
|
|
fail_duration 30s
|
|||
|
|
max_fails 3
|
|||
|
|
unhealthy_status 500 502 503 504
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# 压缩配置
|
|||
|
|
# =========================================================================
|
|||
|
|
encode {
|
|||
|
|
zstd
|
|||
|
|
gzip 6
|
|||
|
|
minimum_length 256
|
|||
|
|
match {
|
|||
|
|
header Content-Type text/*
|
|||
|
|
header Content-Type application/json*
|
|||
|
|
header Content-Type application/javascript*
|
|||
|
|
header Content-Type application/xml*
|
|||
|
|
header Content-Type application/rss+xml*
|
|||
|
|
header Content-Type image/svg+xml*
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# 请求大小限制 (防止大文件攻击)
|
|||
|
|
# =========================================================================
|
|||
|
|
request_body {
|
|||
|
|
max_size 100MB
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# 日志配置
|
|||
|
|
# =========================================================================
|
|||
|
|
log {
|
|||
|
|
output file /var/log/caddy/sub2api.log {
|
|||
|
|
roll_size 50mb
|
|||
|
|
roll_keep 10
|
|||
|
|
roll_keep_for 720h
|
|||
|
|
}
|
|||
|
|
format json
|
|||
|
|
level INFO
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# =========================================================================
|
|||
|
|
# 错误处理
|
|||
|
|
# =========================================================================
|
|||
|
|
handle_errors {
|
|||
|
|
respond "{err.status_code} {err.status_text}"
|
|||
|
|
}
|
|||
|
|
}
|