Caddyfile 模板 #
概述 #
本文档提供常用的 Caddyfile 配置模板,可以直接复制使用或根据需要修改。
静态网站模板 #
基本静态网站 #
caddyfile
example.com {
root * /var/www/html
file_server
encode gzip
log {
output file /var/log/caddy/access.log
}
}
带安全头部的静态网站 #
caddyfile
example.com {
root * /var/www/html
file_server
encode gzip zstd
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
-Server
}
@static path *.css *.js *.png *.jpg *.svg *.woff *.woff2
header @static Cache-Control "public, max-age=31536000, immutable"
log {
output file /var/log/caddy/access.log
}
}
单页应用(SPA) #
caddyfile
app.example.com {
root * /var/www/app
encode gzip zstd
@assets path /assets/* *.js *.css *.png *.jpg *.svg *.woff *.woff2
header @assets Cache-Control "public, max-age=31536000, immutable"
file_server
try_files {path} /index.html
log {
output file /var/log/caddy/app.log
}
}
反向代理模板 #
简单反向代理 #
caddyfile
app.example.com {
reverse_proxy localhost:3000
}
带头部的反向代理 #
caddyfile
app.example.com {
reverse_proxy localhost:3000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Host {host}
}
encode gzip zstd
}
WebSocket 代理 #
caddyfile
ws.example.com {
reverse_proxy localhost:3000 {
transport http {
read_timeout 0
write_timeout 0
}
}
}
负载均衡 #
caddyfile
app.example.com {
reverse_proxy {
to server1:3000
to server2:3000
to server3:3000
lb_policy round_robin
health_uri /health
health_interval 10s
}
}
API 网关模板 #
微服务网关 #
caddyfile
api.example.com {
encode gzip zstd
handle /users/* {
reverse_proxy user-service:3000
}
handle /orders/* {
reverse_proxy order-service:3000
}
handle /products/* {
reverse_proxy product-service:3000
}
handle /payments/* {
reverse_proxy payment-service:3000
}
handle {
respond "Not Found" 404
}
header {
Access-Control-Allow-Origin "*"
Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
Access-Control-Allow-Headers "Content-Type, Authorization"
}
}
带认证的 API 网关 #
caddyfile
api.example.com {
encode gzip zstd
# 公共 API
handle /public/* {
reverse_proxy localhost:3000
}
# 私有 API - Basic 认证
handle /private/* {
basicauth {
api_user $2a$14$Zkx...
}
reverse_proxy localhost:3000
}
# 管理 API - IP 限制 + 认证
handle /admin/* {
@allowed remote_ip 10.0.0.0/8
respond @allowed "Forbidden" 403
basicauth {
admin $2a$14$Zkx...
}
reverse_proxy localhost:8080
}
}
PHP 应用模板 #
WordPress #
caddyfile
example.com {
root * /var/www/wordpress
php_fastcgi unix//var/run/php/php-fpm.sock
file_server
# WordPress 固定链接
@wp {
not {
path /wp-admin/*
path /wp-includes/*
path /wp-content/*
path *.php
path *.css
path *.js
path *.png
path *.jpg
}
}
rewrite @wp /index.php?{query}
encode gzip zstd
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
-Server
}
log {
output file /var/log/caddy/wordpress.log
}
}
Laravel #
caddyfile
example.com {
root * /var/www/laravel/public
php_fastcgi unix//var/run/php/php-fpm.sock
file_server
# Laravel 路由
@notStatic not path *.css *.js *.png *.jpg *.svg *.woff *.woff2
rewrite @notStatic /index.php?{query}
encode gzip zstd
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
}
}
Node.js 应用模板 #
Express/Koa 应用 #
caddyfile
app.example.com {
reverse_proxy localhost:3000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
encode gzip zstd
log {
output file /var/log/caddy/app.log
}
}
Next.js 应用 #
caddyfile
next.example.com {
reverse_proxy localhost:3000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
encode gzip zstd
# 静态资源缓存
@static path /_next/static/*
header @static Cache-Control "public, max-age=31536000, immutable"
}
Python 应用模板 #
Django 应用 #
caddyfile
django.example.com {
root * /var/www/django
# 静态文件
handle /static/* {
file_server
}
# 媒体文件
handle /media/* {
file_server
}
# Django 应用
handle {
reverse_proxy localhost:8000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
encode gzip zstd
}
Flask 应用 #
caddyfile
flask.example.com {
reverse_proxy localhost:5000 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
encode gzip zstd
}
Go 应用模板 #
caddyfile
go.example.com {
reverse_proxy localhost:8080 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
encode gzip zstd
}
Docker Compose 模板 #
完整 Docker Compose 配置 #
yaml
version: "3.8"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./site:/srv
- caddy_data:/data
- caddy_config:/config
environment:
- TZ=Asia/Shanghai
networks:
- web
volumes:
caddy_data:
caddy_config:
networks:
web:
driver: bridge
多站点模板 #
多站点配置 #
caddyfile
# 共享配置片段
(security) {
header {
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
-Server
}
}
(logging) {
log {
output file /var/log/caddy/{host}.log
}
}
(compression) {
encode gzip zstd
}
# 站点 1
site1.example.com {
import security
import logging
import compression
root * /var/www/site1
file_server
}
# 站点 2
site2.example.com {
import security
import logging
import compression
reverse_proxy localhost:3000
}
# 站点 3
site3.example.com {
import security
import logging
import compression
basicauth {
admin $2a$14$Zkx...
}
reverse_proxy localhost:8080
}
开发环境模板 #
本地开发配置 #
caddyfile
{
local_certs
admin localhost:2019
}
# 项目 1
project1.localhost {
tls internal
reverse_proxy localhost:3001
}
# 项目 2
project2.localhost {
tls internal
reverse_proxy localhost:3002
}
# 项目 3
project3.localhost {
tls internal
root * /var/www/project3
file_server
}
# API 网关
api.localhost {
tls internal
handle /users/* {
reverse_proxy localhost:4001
}
handle /orders/* {
reverse_proxy localhost:4002
}
}
安全配置模板 #
高安全配置 #
caddyfile
example.com {
root * /var/www/html
file_server
encode gzip zstd
# 安全头部
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
Referrer-Policy "strict-origin-when-cross-origin"
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
-Server
}
# 禁止访问敏感文件
@hidden path /.*/** *.env *.git/* *.htaccess
respond @hidden "Forbidden" 403
# TLS 配置
tls {
protocols tls1.2 tls1.3
}
log {
output file /var/log/caddy/access.log
}
}
重定向模板 #
www 重定向 #
caddyfile
# www 到非 www
www.example.com {
redir https://example.com{uri} permanent
}
example.com {
root * /var/www/html
file_server
}
域名迁移 #
caddyfile
old-domain.com {
redir https://new-domain.com{uri} permanent
}
*.old-domain.com {
redir https://{labels.0}.new-domain.com{uri} permanent
}
HTTP 到 HTTPS #
caddyfile
# Caddy 默认自动处理
# 手动配置:
http://example.com {
redir https://example.com{uri} permanent
}
监控模板 #
带监控的配置 #
caddyfile
{
servers {
metrics
}
}
example.com {
# 监控端点
handle /metrics {
metrics
}
# 健康检查
handle /health {
respond "OK" 200
}
# 主应用
handle {
reverse_proxy localhost:3000
}
}
下一步 #
现在你已经掌握了常用配置模板,接下来学习 故障排查 了解如何解决常见问题!
最后更新:2026-03-28