我选择使用 caddy 来自动续期证书, 丢掉烦人的 acme.sh
安装 Caddy
Arch Linux
- # xcaddy 在 aur 源
yay -Sy caddy xcaddy-bin go
其他发行版
go 安装: https://go.dev/doc/install
Caddy 安装: https://caddyserver.com/docs/install
xCaddy安装: https://github.com/caddyserver/xcaddy
编译 Caddy
Caddy 默认的 Proxy 无法对回落的流量进行 SNI 分流
- # caddy 编译
xcaddy build --with github.com/mastercactapus/caddy2-proxyprotocol
# 可以先看看运行的是哪个caddy
systemctl cat caddy
# 替换原版 caddy
mv caddy /usr/bin/caddy
# 查看是否编译成功
caddy list-modules
# 结尾几行
.......
Standard modules: 100
caddy.listeners.proxy_protocol
Non-standard modules: 1
Unknown modules: 0
配置 Caddy
Caddyfile 一般默认路径 /etc/caddy/Caddyfile
- {
servers :8080 {
listener_wrappers {
proxy_protocol {
timeout 2s
allow 0.0.0.0/0
}
tls
}
protocols h1 h2 h2c h3
}
}
:80 {
redir https://{host}{url}
}
import /etc/caddy/conf.d/*
在 /etc/caddy/conf.d 中任意起一个文件
- # vim /etc/caddy/conf.d/example.com
http://example.com:8080 {
reverse_proxy https://bing.com {
header_up Host {upstream_hostport}
transport http {
tls
}
}
}
example.com:8443 {
reverse_proxy https://bing.com {
header_up Host {upstream_hostport}
transport http {
tls
}
}
}
Caddy 启动前请确认 /etc/hosts 不为空
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- # 启动 Caddy
systemctl start caddy
# 开机启动
systemctl enable caddy
查看 /var/lib/caddy/certificates 下是否有证书, 保存你证书的完整路径
- # 查看路径
ls /var/lib/caddy/certificates
# 例子
/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt
/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key
配置 Xray
Archlinux
- # 安装 Xray
pacman -Sy xray
其他发行版: https://github.com/XTLS/Xray-install
修改 systemd 配置
- # 查看路径
systemctl cat xray
# 修改配置
vim /usr/lib/systemd/system/xray.service
# 修改用户组
[Service]User=xray
# 修改后
[Service]User=caddy
# 重载 systemd
systemctl daemon-reload
修改 xray 配置 /etc/xray/config.json, 脚本安装用户路径 (状态: 待补充)
- {
"log": {
"loglevel": "debug"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:google"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "4ee9ae2b-fad5-4083-a036-b7e44bbc09f0",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "8080",
"xver": 1
}
] },
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"rejectUnknownSni": true,
"minVersion": "1.3",
"certificates": [
{
"certificateFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.crt",
"keyFile": "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/example.com/example.com.key"
}
] }
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
] }
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
],
"policy": {
"levels": {
"0": {
"handshake": 2,
"connIdle": 120
}
}
}
}
启动 Xray
- # 启动
systemctl start xray
# 开启基地
systemctl enable xray
参考资料
https://xtls.github.io/document/level-1/fallbacks-with-sni.html#caddy-%E9%85%8D%E7%BD%AE
原创文章, 如需转载请注明出处
https://qiedd.com/1819.html
热议
2楼 wvps 昨天21:28
太复杂了,直接vmess+tcp,反正都一样被识别
3楼 moue 昨天21:29
技术贴,收藏了
4楼 野驴 昨天21:37
教程很好,不过对不是计算机专业,也没有从事相关行业的人可能有点难。期待大佬写个 一键复制粘贴,然后选序号 按回车,就行的那种脚本。
5楼 DogeLee2 昨天21:40
有没有一键脚本啊
我懒啊
6楼 jiashencha 昨天21:41
期待大佬写个 一键复制粘贴,然后选序号 按回车,就行的那种脚本。
7楼 爱你一生1024 昨天21:51
太长不看
8楼 钱宗鑫 昨天21:56
顶,支持百花齐放
9楼 FranzkafkaYu 昨天23:25
X-UI直接用不好吗
10楼 猎户星座 昨天23:31
xray+xtls-rprx-vision目前用着挺稳的,之前就简单的vmess tcp用了好多年都没事,自从流量多了就不行了
12楼 面包狗 昨天23:50
不用caddy-l4么?
不支持Caddyfile吧,而且配置文件给我看傻了
13楼 SKIDROW 昨天23:57
不支持Caddyfile吧,而且配置文件给我看傻了
是的,那个文档很多空白的。
14楼 Function 6小时前
顶大佬
15楼 h1xy 6小时前
伸手党求一键脚本
申明:本文内容由网友收集分享,仅供学习参考使用。如文中内容侵犯到您的利益,请在文章下方留言,本站会第一时间进行处理。