caddy nginx 对比

Caddy 是什么? Caddy 是一个多功能的 HTTP web服务器,并且使用Let’s Encrypt提供的免费证书,自动让网站升级到HTTPS

Every Site on HTTPS Caddy is a general-purpose HTTP/2 web server that serves HTTPS by default. Fork Caddy On Github

为什么要使用 Caddy 安全 Caddy 是一个默认使用https协议的web服务器 无依赖 Caddy 使用 Go 语言编写,编译好的二进制文件能够运行在任何支持Go语言的平台,不需要自己安装任何库。 使用简单 Caddy 的配置简单,不管你是新的web开发者,还是专业人士,都能够快速上手

Caddy 一键安装脚本

wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/caddy_install.sh && chmod +x caddy_install.sh && bash caddy_install.sh
这里我们看一下官网的例子说明 Caddy Documentation

:2015 # Host: (any), Port: 2015 localhost # Host: localhost; Port: 2015 localhost:8080 # Host: localhost; Port: 8080 example.com # Host: example.com; Ports: 80->443 http://example.com # Host: example.com; Port: 80 https://example.com # Host: example.com; Ports: 80->443 http://example.com:1234 # Host: example.com; Port: 1234 https://example.com:80 # Error! HTTPS on port 80 *.example.com # Hosts: *.example.com; Port: 2015 example.com/foo/ # Host: example.com; Ports: 80, 443; Path: /foo/ /foo/ # Host: (any), Port: 2015, Path: /foo/ 通过上面这些例子,就可以大概了解到Caddy的域名适配规则。

这个是我的所有站点的配置,可以看出来相比Nginx简单了很多: log 用于记录访问日志 gzip 用于启用gzip压缩 proxy 用于支持反向代理 websocket 用于支持websocket协议 所有的插件文档,可以 Caddy Documentation 从官方文档上看到,都有详细的配置说明,简单易上手。 使用 caddy -conf Caddyfile 就可以使用配置文件来启动,确保80和443端口没有被服务占用。 Caddyfile 文件:

diamondfsd.com {  # 启动 http 和 https,访问 http 会自动转跳到 https
        log access_log.log  # 日志
        gzip  # 使用gzip压缩
        proxy / http://127.0.0.1:3999 { # 路径转发
                header_upstream Host {host}
                header_upstream X-Real-IP {remote}
                header_upstream X-Forwarded-For {remote}
                header_upstream X-Forwarded-Proto {scheme}
        }
}


http://api.diamondfsd.com https://api.diamondfsd.com {  # 同时启用 http 和 https 不会自动转跳
        gzip
        proxy / http://127.0.0.1:4999 {
                header_upstream Host {host}
                header_upstream X-Real-IP {remote}
                header_upstream X-Forwarded-For {remote}
                header_upstream X-Forwarded-Proto {scheme}
        }
}

hook.diamondfsd.com {
        proxy / http://127.0.0.1:9000 {
                header_upstream Host {host}
                header_upstream X-Real-IP {remote}
                header_upstream X-Forwarded-For {remote}
                header_upstream X-Forwarded-Proto {scheme}
        }
}

http://file.diamondfsd.com {
        proxy / http://127.0.0.1:22222
}

https://file.diamondfsd.com {  
        root /data/file-upload  # 指定静态文件根目录
}

yd.diamondfsd.com { 
        gzip
        root /data/ydig
        proxy /ws http://127.0.0.1:9001 {  # 转发所有 /ws 为 websocket
                websocket
        }
}

8.diamondfsd.com {
        gzip
        root /data/quaver
}
在对比同等情况下 nginx 的配置:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 16 64k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_types application/json application/xml text/plain application/javascript text/css image/jpeg image/gif image/png text/javascript;
    gzip_vary on;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    
    server {
        listen 80;
        server_name diamondfsd.com www.diamondfsd.com;
        rewrite ^(.*) https://$server_name$1 permanent;
    }

    server {
		server_name diamondfsd.com www.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/diamondfsd.com/privkey.pem;
		
		location / {
		   proxy_pass http://127.0.0.1:3999;
		   proxy_http_version 1.1;
		   proxy_set_header X_FORWARDED_PROTO https;
		   proxy_set_header X-Real-IP $remote_addr;
			   proxy_set_header X-Forwarded-For $remote_addr;
		   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			   proxy_set_header Host $host;
		}
    }



    server {
		server_name api.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/api.diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/api.diamondfsd.com/privkey.pem;
		
		location / {
		   proxy_pass http://127.0.0.1:4999;
		   proxy_http_version 1.1;
		   proxy_set_header X_FORWARDED_PROTO https;
			   proxy_set_header X-Real-IP $remote_addr;
			   proxy_set_header X-Forwarded-For $remote_addr;
			   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			   proxy_set_header Host $host;

		}
    }

    server {
     	server_name api.diamondfsd.com;
		listen 80;
        location / {
           proxy_pass http://127.0.0.1:4999;
           proxy_http_version 1.1;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
        }
    }
  
    server {
        server_name hook.diamondfsd.com;
        listen 80;
        location / {
           proxy_pass http://127.0.0.1:9000;
           proxy_http_version 1.1;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
        }

    } 

    server {
       server_name file.diamondfsd.com;
       listen 80;
       location / {
           proxy_pass http://127.0.0.1:22222;
           proxy_http_version 1.1;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
       }
    }
 
    server {
		server_name file.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/file.diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/file.diamondfsd.com/privkey.pem;
		
		root /data/file-upload; 
		expires max;
        access_log /data/file-domain.log;
    }

    server {
        listen 80;
        server_name yd.diamondfsd.com;
        rewrite ^(.*) https://$server_name$1 permanent;
    } 
    
    server {
		server_name yd.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/yd.diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/yd.diamondfsd.com/privkey.pem;
		   
		location /ws/ {
		   proxy_pass http://127.0.0.1:9001;
		   proxy_http_version 1.1;
		   proxy_set_header Host $host;
		   proxy_set_header Upgrade $http_upgrade;
		   proxy_set_header Connection "upgrade";
		}

		root /data/ydig;
		expires max;
		access_log /data/ydig-domain.log;
    } 

    server {
        listen 80;
        server_name about.diamondfsd.com;
        rewrite ^(.*) https://$server_name$1 permanent;
    }

    server {
		server_name about.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/about.diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/about.diamondfsd.com/privkey.pem;

		root /data/about-me;
		expires max;
		access_log /data/about-me-domain.log;
    }
    server {
        server_name 8.diamondfsd.com;
		listen 80;
        rewrite ^(.*) https://$server_name$1 permanent;
    }
    server {
		server_name 8.diamondfsd.com;
		listen 443;
		ssl on;
		ssl_certificate /etc/letsencrypt/live/8.diamondfsd.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/8.diamondfsd.com/privkey.pem;

		root /data/quaver;
		expires max;
		access_log /data/quaver-domain.log;
    }
}