由于无聊买的50vz的NAT OVZ机器被TCP阻断,也是研究怎么通过UDP来瞎搞,但是发现V2Ray w/ mKCP会有断流的情况,虽然我极度怀疑是运营商搞的鬼,但一搜却发现有人做内网测试也是会断流……即使我升级到最新的4.2也然并卵,不过这个过程中我发现有人用Caddy搭建ws代理……于是手痒的我也把Nginx换成Caddy。
现在大概记一下,
首先是去 Caddy获取一句话安装命令,大概类似这样:
|
1 |
$ curl https://getcaddy.com | bash -s personal hook.service,http.cgi,http.geoip |
然后在shell里面执行即可,简单的通过执行 caddy -version 就能看是否装上了;
之后根据各类教程和官方文档,建两个必须的目录:
|
1 2 3 4 5 6 7 8 9 |
$ mkdir /etc/caddy $ touch /etc/caddy/Caddyfile $ touch /var/log/caddy/caddy.log $ mkdir /etc/ssl/caddy $ mkdir /var/www $ mkdir /var/log/caddy $ chown www-data:www-data /etc/ssl/caddy -R $ chown www-data:www-data /var/log/caddy -R $ chown www-data:www-data /var/www -R |
写了一个很简单的配置,大概如下:
|
1 2 3 4 5 6 7 8 9 10 |
mr21.cc { tls email@admin.com root /path/to/21 gzip fastcgi / /run/php/php7.0-fpm.sock php rewrite { if {path} not_match ^\/wp-admin to {path} {path}/ /index.php?_url={uri} } } |
之后安装systemctl控制脚本:
|
1 2 3 4 5 6 |
$ curl -s https://raw.githubusercontent.com/mholt/caddy/master/dist/init/linux-systemd/caddy.service -o /lib/systemd/system/caddy.service $ sed -i "s/;CapabilityBoundingSet/CapabilityBoundingSet/g" /lib/systemd/system/caddy.service $ sed -i "s/;AmbientCapabilities/AmbientCapabilities/g" /lib/systemd/system/caddy.service $ systemctl daemon-reload $ systemctl enable caddy $ systemctl start caddy |
最后打开WP,登陆后台,发现古腾堡(Gutenberg)插件有报错:
|
1 2 3 4 5 6 7 8 9 10 11 |
TypeError: Cannot read property 'show_ui' of undefined at https://mr21.cc/wp-content/plugins/gutenberg/build/editor/index.js?ver=1541761675:50:249655 at i (https://mr21.cc/wp-content/plugins/gutenberg/vendor/lodash.min.59550321.js:6:91) at An.filter (https://mr21.cc/wp-content/plugins/gutenberg/vendor/lodash.min.59550321.js:99:338) at https://mr21.cc/wp-content/plugins/gutenberg/build/editor/index.js?ver=1541761675:50:249620 at yh (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:95:430) at lg (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:120:88) at mg (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:120:386) at gc (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:127:202) at vb (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:126:230) at ub (https://mr21.cc/wp-content/plugins/gutenberg/vendor/react-dom.min.82e21c65.js:126:65) |
一番搜索后找到解决方法,将Caddy官方建议配置中的:
|
1 2 3 4 |
rewrite { if {path} not_match ^\/wp-admin to {path} {path}/ /index.php?_url={uri} } |
换成
|
1 2 3 4 |
rewrite { if {path} not_match ^\/wp-admin to {path} {path}/ /index.php?{query} } |
就可以了。
最后,既然是HTTPS站点,就顺便跑了一下SSL Labs的测试,发现评分只有A,于是又搜了一下,找到Caddy社区的一篇问答解决,评分上到A+,只需要在站点配置里面加一句:
|
1 |
header / Strict-Transport-Security "max-age=31536000" |
这篇就是用古腾堡写的,感觉还是不太习惯用可视化编辑器,虽然说比自己写各种标签方便很多,但是还是觉得……少了点啥……哈哈😂
Update: May 10th, 2019
鉴于我自己设置了BWH的季付GIA机器到期不续费然后没有及时备份配置,所以突然间梯子就坏了……哈哈……真是尴尬
不过因为前阵子BWH补货入了一台年付GIA的机器正好派上用场,上次在老机器上搭的WS+v2ray的方式,这次也依样画葫芦,但是发现,用root排错完成后能运行的Caddy,通过systemctl就不行了,我当然想到了是1024端口以下的权限问题,但是为什么要专门Update一下呢?因为这个设置比较隐蔽……
|
1 |
# nano /etc/systemd/system/caddy.service |
把下面两句配置前的「分号」去掉后保存,再启动Caddy就可以顺利绑定1024以下端口了。
|
1 2 |
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE ;AmbientCapabilities=CAP_NET_BIND_SERVICE |
之所以不专门Po个文,主要是为了隐蔽……
——————–
引用参考/Reference:
- 怡红院落: 使用 CADDY 代替 NGINX
- NightFarmer’s Blog: 使用新一代的Web服务器Caddy代替Nginx
- Diamond-Blog: 使用 Caddy 替代 Nginx,全站升级 https,配置更加简单
- Gutenberg@Github: issue #8802
- Caddy FORUM: Anyone archived A+ rating on SSL Labs?
- 扉启博客: v2ray抗封锁最优配置
- V2Ray 配置指南: WebSocket+TLS+Web
