Vultr VPS安装和配置Caddy教程(基于CentOS 7系统)

Caddy是一个新兴的web服务器程序,本机支持HTTP / 2和自动HTTPS。随着使用的易用性和安全性,Caddy可以使用一个配置文件快速部署一个启用http的站点。今天和大家一起学习在Vultr VPS上Vultr VPS的CentOS 7系统商安装和配置Caddy。

步骤1:安装最新的Caddy稳定版本

在Linux、Mac或BSD操作系统上,使用以下命令安装最新的稳定系统特定版本的Caddy:

curl https://getcaddy.com | bash

在提示时,输入您的sudo密码来完成安装。

Caddy二进制文件将安装到/usr/local/bin目录。使用以下命令确认:

which caddy

输出应该是:

/usr/local/bin/caddy

出于安全考虑,不要将Caddy二进制文件作为根运行。为了给Caddy绑定特权端口(例如,80,443)作为非根用户的能力,您需要运行setcap命令如下:

sudo setcap ‘cap_net_bind_service=+ep’ /usr/local/bin/caddy

步骤2:配置caddy

为caddy:创建一个专用系统用户: caddy

sudo useradd -r -d /var/www -M -s /sbin/nologin caddy

注意:这里创建的用户caddy只能用于管理caddy服务,不能用于登录。

为Caddy web服务器创建主目录/ var/www,并为您的站点创建主目录/ var/www/example.com:

sudo mkdir -p /var/www/example.comsudo chown -R caddy:caddy /var/www

创建一个目录来存储SSL证书:

sudo mkdir /etc/ssl/caddysudo chown -R caddy:root /etc/ssl/caddysudo chmod 0770 /etc/ssl/caddy

创建一个专用目录来存储Caddy配置文件Caddyfile:

sudo mkdir /etc/caddysudo chown -R root:caddy /etc/caddy

创建名为 Caddyfile:的Caddy配置文件:

sudo touch /etc/caddy/Caddyfilesudo chown caddy:caddy /etc/caddy/Caddyfilesudo chmod 444 /etc/caddy/Caddyfilecat <<EOF | sudo tee -a /etc/caddy/Caddyfileexample.com {    root /var/www/example.com    gzip    tls admin@example.com}EOF

注意:上面创建的Caddyfile文件只是一个运行静态网站的基本配置。你可以在这里学到更多关于如何写Caddyfile的知识。

为了便于Caddy的操作,您可以为Caddy设置一个systemd单元文件,然后使用systemd管理Caddy。

使用vi编辑器创建Caddy systemd单位文件:

sudo vi /etc/systemd/system/caddy.service

填充文件:

[Unit]Description=Caddy HTTP/2 web serverDocumentation=https://caddyserver.com/docsAfter=network-online.targetWants=network-online.target systemd-networkd-wait-online.service [Service]Restart=on-abnormal ; User and group the process will run as.User=caddyGroup=caddy ; Letsencrypt-issued certificates will be written to this directory.Environment=CADDYPATH=/etc/ssl/caddy ; Always set “-root” to something safe in case it gets forgotten in the Caddyfile.ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmpExecReload=/bin/kill -USR1 $MAINPID ; Use graceful shutdown with a reasonable timeoutKillMode=mixedKillSignal=SIGQUITTimeoutStopSec=5s ; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.LimitNOFILE=1048576; Unmodified caddy is not expected to use more than that.LimitNPROC=512 ; Use private /tmp and /var/tmp, which are discarded after caddy stops.PrivateTmp=true; Use a minimal /devPrivateDevices=true; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.ProtectHome=true; Make /usr, /boot, /etc and possibly some more folders read-only.ProtectSystem=full; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!ReadWriteDirectories=/etc/ssl/caddy ; The following additional security directives only work with systemd v229 or later.; They further retrict privileges that can be gained by caddy. Uncomment if you like.; Note that you may have to add capabilities required by any plugins in use.;CapabilityBoundingSet=CAP_NET_BIND_SERVICE;AmbientCapabilities=CAP_NET_BIND_SERVICE;NoNewPrivileges=true [Install]WantedBy=multi-user.target

保存并退出

:wq!

启动Caddy服务,并使其自动启动系统启动:

sudo systemctl daemon-reloadsudo systemctl start caddy.servicesudo systemctl enable caddy.service

步骤3:修改防火墙规则

为了让访问者访问您的Caddy站点,您需要打开端口80和443:

sudo firewall-cmd –permanent –zone=public –add-service=http sudo firewall-cmd –permanent –zone=public –add-service=httpssudo firewall-cmd –reload

步骤4:为您的站点创建一个测试页面

使用以下命令创建一个名为index的文件。html在您的Caddy网站主目录:

echo ‘<h1>Hello World!</h1>’ | sudo tee /var/www/example.com/index.html

重新启动Caddy服务来加载新内容:

sudo systemctl restart caddy.service

最后,将您的web浏览器指向http://example.com或https://example.com。

您应该像预期的那样看到消息Hello World!。

Vultr 新用户直送 50-100 美元活动再次开启,社交 转发再领 3 美元

未经允许不得转载:Vultr中文网 » Vultr VPS安装和配置Caddy教程(基于CentOS 7系统)