bash-script/naivesetup.sh

#!/bin/bash
# Naive setup

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/local:~/bin
export PATH

# 安装 GO 升级时直接运行会覆盖
wget "https://go.dev/dl/$(curl https://go.dev/VERSION?m=text).linux-amd64.tar.gz"  && tar -xf go*.linux-amd64.tar.gz -C /usr/local/
echo 'export GOROOT=/usr/local/go' >> /etc/profile
echo 'export PATH=$GOROOT/bin:$PATH' >> /etc/profile
source /etc/profile
echo $(go version) && rm go*.linux-amd64.tar.gz  # 移除为了不影响将来升级

# 编译安装caddy+naive
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest && \
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive

chmod +x caddy
cp caddy /usr/bin/
echo $(/usr/bin/caddy version) && rm -r go  # 移除go为了不影响将来升级
setcap cap_net_bind_service=+ep /usr/bin/caddy

# 添加配置文件
mkdir /etc/caddy/
cat > /etc/caddy/Caddyfile <<EOF
:443, ${1} # 域名
tls ${2} # 你的邮箱
route {
 forward_proxy {
   basic_auth ${3} ${4} # 用户名和密码
   hide_ip
   hide_via
   probe_resistance
  }
 reverse_proxy  ${5}  { # 伪装网址
   header_up  Host  {upstream_hostport}
   header_up  X-Forwarded-Host  {host}
  }
}
EOF

groupadd --system caddy && useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy

cat > /etc/systemd/system/naiveCaddy.service <<EOF
[Unit]
Description=Caddy with Naive
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now naiveCaddy
ss -tulpn | grep caddy
systemctl status naiveCaddy