部署navie
安装go
下载解压
# --------------AMD-----------------
# 下载
wget https://go.dev/dl/go1.20.3.linux-amd64.tar.gz
# 解压 -C 指定解压的目录
tar -zxvf go1.20.3.linux-amd64.tar.gz -C /usr/local
# --------------AMD-----------------
# --------------ARM-----------------
# 下载
wget https://go.dev/dl/go1.20.3.linux-arm64.tar.gz
# 解压 -C 指定解压的目录
tar -zxvf go1.20.3.linux-arm64.tar.gz -C /usr/local
# --------------ARM-----------------配置环境
# 创建工作目录
mkdir -p /data/gopath
# 编辑环境配置文件
vim /etc/profile
# 追加
--------------------------------------------
# golang config
export GOROOT=/usr/local/go
export GOPATH=/data/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
--------------------------------------------
# 使配置生效
source /etc/profile安装NaiveProxy
# 安装xcaddy
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
# 通过xcaddy构建带有naive插件的caddy,--with表示打包的插件,后面追加了一个maxmind-geolocation插件,可用来过滤ip
xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive --with github.com/porech/caddy-maxmind-geolocation@master
# 将caddy移动到用户可执行目录
mv caddy /usr/bin/
# 设置允许监听1024以下端口
setcap cap_net_bind_service=+ep /usr/bin/caddy
# 查看caddy版本
caddy version配置NaiveProxy
# 创建配置目录
mkdir /etc/caddy
# 新建配置文件
vi /etc/caddy/CaddyfileCaddyfile配置文件 - 注释
# 自定义日志配置代码块,名称为LOG
(LOG) {
log {
# 指定输出类型为file,并指定日志的输出文件路径
output file /var/log/caddy/access.log {
# 日志的滚动文件大小
roll_size 10mb
# 日志文件保存的最大数量
roll_keep 30
# 日志保存的时间
rool_keep_for 30d
}
# 日志格式化配置
format filter {
# 输出日志为json格式
wrap json {
# 时间格式化为 2006/01/02 15:04:05
time_format "wall"
# 修改时间的key,默认为ts
time_key "time"
# 日志的时间使用系统的时间,默认是UTC时间
time_local
}
# 日志字段处理,delete删除,replace为替换
fields {
user_id delete
duration delete
resp_headers delete
status delete
request>uri delete
request>remote_port delete
request>tls delete
request>method delete
request>headers>User-Agent delete
request>headers>Accept-Encoding delete
request>headers>Padding delete
# 可以删掉,我演示的时候为了隐藏我的IP
request>remote_ip replace "0.0.0.0"
}
}
# 日志输出级别
level INFO
}
}
# 下面的{}是全局配置,详细参数看官方文档
{
# HTTP处理链
order forward_proxy before reverse_proxy
# 服务参数,跨节点
servers {
# 允许日志输出授权信息
log_credentials
}
}
# 下面是代理的信息,域名自行修改
:443, demo.domain.com {
# 设置tls自动签证的邮箱,自行修改
tls 10086@qq.com
# 引入上面定义好的LOG配置块
import LOG
# 定义ip过滤
@geofilter {
maxmind_geolocation {
# geo的数据库,需要自己提前下载放在指定的目录下,下载的链接在文章下方
db_path "/data/GeoLite2-City.mmdb"
# allow_countries允许国家访问;deny_countries禁止国家访问,列表多个空格隔开,UNK为未知IP
# 下面配置为允许中国IP访问,禁止美国IP访问,deny_countries优先级比allow_countries高
allow_countries CN
deny_countries US UNK
}
}
# 定义forward_proxy,也就是naive的配置
# @geofilter 表示该配置使用ip过来
forward_proxy @geofilter {
# 自定义用户名和密码,自行修改
basic_auth admin admin
hide_ip
hide_via
probe_resistance
}
# 多个用户重复配置多个forward_proxy配置块
forward_proxy @geofilter {
basic_auth test test
hide_ip
hide_via
probe_resistance
}
# 最终流量使用反向代理到某个网站,下面使用的是clourdreve的demo网址
reverse_proxy @geofilter https://demo.cloudreve.org {
header_up Host {upstream_hostport}
}
}Caddyfile配置文件 - 无注释
(LOG) {
log {
output file /var/log/caddy/access.log {
roll_size 10mb
roll_keep 30
rool_keep_for 30d
}
format filter {
wrap json {
time_format "wall"
time_key "time"
time_local
}
fields {
user_id delete
duration delete
resp_headers delete
status delete
request>uri delete
request>remote_port delete
request>tls delete
request>method delete
request>headers>User-Agent delete
request>headers>Accept-Encoding delete
request>headers>Padding delete
}
}
level INFO
}
}
{
order forward_proxy before reverse_proxy
servers {
log_credentials
}
}
:443, demo.domain.com {
tls 10086@qq.com
import LOG
@geofilter {
maxmind_geolocation {
db_path "/data/GeoLite2-City.mmdb"
allow_countries CN
deny_countries US UNK
}
}
forward_proxy @geofilter {
basic_auth admin admin
hide_ip
hide_via
probe_resistance
}
forward_proxy @geofilter {
basic_auth test test
hide_ip
hide_via
probe_resistance
}
reverse_proxy @geofilter https://demo.cloudreve.org {
header_up Host {upstream_hostport}
}
}通过systemd管理caddy
vi /etc/systemd/system/caddy.service[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=root
Group=root
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target管理命令
# 重新加载`daemon`配置文件(修改daemon需要)
systemctl daemon-reload
# 设置caddy自启动
systemctl enable caddy
# 启动caddy
systemctl start caddy
# 重新加载`caddy`配置
systemctl reload caddy
# 重启caddy
systemctl restart caddy
# 停止caddy
systemctl stop caddy
官方客户端的配置说明
{
"listen": "socks://127.0.0.1:1080",
"proxy": "https://user:pass@domain.example",
"log": ""
}
// listen:监听的地址和端口,一般不需要修改
// proxy:代理的地址,协议可以是https或者quic,使用quic服务端需要放行tls的udp端口;需要修改用户名密码以及域名;
// 若使用的是非443端口,域名后面需要增加服务端绑定的tls端口,如,domain.example:1443