70 lines
2.0 KiB
Bash
70 lines
2.0 KiB
Bash
#!/bin/bash
|
|
# Naive setup
|
|
|
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local:~/bin
|
|
export PATH
|
|
|
|
# 安装 GO 升级时直接运行会覆盖
|
|
wget "https://go.dev/dl/$(curl https://go.dev/VERSION?m=text).linux-amd64.tar.gz" && tar -xf go*.linux-amd64.tar.gz -C /usr/local/
|
|
echo 'export GOROOT=/usr/local/go' >> /etc/profile
|
|
echo 'export PATH=$GOROOT/bin:$PATH' >> /etc/profile
|
|
source /etc/profile
|
|
echo $(go version) && rm go*.linux-amd64.tar.gz # 移除为了不影响将来升级
|
|
|
|
# 编译安装caddy+naive
|
|
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest && \
|
|
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
|
|
|
|
chmod +x caddy
|
|
cp caddy /usr/bin/
|
|
echo $(/usr/bin/caddy version) && rm -r go # 移除go为了不影响将来升级
|
|
setcap cap_net_bind_service=+ep /usr/bin/caddy
|
|
|
|
# 添加配置文件
|
|
mkdir /etc/caddy/
|
|
cat > /etc/caddy/Caddyfile <<EOF
|
|
:443, ${1} # 域名
|
|
tls ${2} # 你的邮箱
|
|
route {
|
|
forward_proxy {
|
|
basic_auth ${3} ${4} # 用户名和密码
|
|
hide_ip
|
|
hide_via
|
|
probe_resistance
|
|
}
|
|
reverse_proxy ${5} { # 伪装网址
|
|
header_up Host {upstream_hostport}
|
|
header_up X-Forwarded-Host {host}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
groupadd --system caddy && useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy
|
|
|
|
cat > /etc/systemd/system/naiveCaddy.service <<EOF
|
|
[Unit]
|
|
Description=Caddy with Naive
|
|
Documentation=https://caddyserver.com/docs/
|
|
After=network.target network-online.target
|
|
Requires=network-online.target
|
|
|
|
[Service]
|
|
User=caddy
|
|
Group=caddy
|
|
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
|
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
|
|
TimeoutStopSec=5s
|
|
LimitNOFILE=1048576
|
|
LimitNPROC=512
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable --now naiveCaddy
|
|
echo 'ss -tulpn | grep caddy'
|
|
systemctl status naiveCaddy |