| # 修改为你的域名 | |
| api.sub2api.com { | |
| # ========================================================================= | |
| # 静态资源长期缓存(高优先级,放在最前面) | |
| # 带 hash 的文件可以永久缓存,浏览器和 CDN 都会缓存 | |
| # ========================================================================= | |
| @static { | |
| path /assets/* | |
| path /logo.png | |
| path /favicon.ico | |
| } | |
| header @static { | |
| Cache-Control "public, max-age=31536000, immutable" | |
| # 移除可能干扰缓存的头 | |
| -Pragma | |
| -Expires | |
| } | |
| # ========================================================================= | |
| # TLS 安全配置 | |
| # ========================================================================= | |
| tls { | |
| # 仅使用 TLS 1.2 和 1.3 | |
| protocols tls1.2 tls1.3 | |
| # 优先使用的加密套件 | |
| ciphers TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
| } | |
| # ========================================================================= | |
| # 反向代理配置 | |
| # ========================================================================= | |
| reverse_proxy localhost:8080 { | |
| # 健康检查 | |
| health_uri /health | |
| health_interval 30s | |
| health_timeout 10s | |
| health_status 200 | |
| # 负载均衡策略(单节点可忽略,多节点时有用) | |
| lb_policy round_robin | |
| lb_try_duration 5s | |
| lb_try_interval 250ms | |
| # 传递真实客户端信息 | |
| # 兼容 Cloudflare 和直连:后端应优先读取 CF-Connecting-IP,其次 X-Real-IP | |
| header_up X-Real-IP {remote_host} | |
| header_up X-Forwarded-For {remote_host} | |
| header_up X-Forwarded-Proto {scheme} | |
| header_up X-Forwarded-Host {host} | |
| # 保留 Cloudflare 原始头(如果存在) | |
| # 后端获取 IP 的优先级建议: CF-Connecting-IP → X-Real-IP → X-Forwarded-For | |
| header_up CF-Connecting-IP {http.request.header.CF-Connecting-IP} | |
| # 连接池优化 | |
| transport http { | |
| keepalive 120s | |
| keepalive_idle_conns 256 | |
| read_buffer 16KB | |
| write_buffer 16KB | |
| compression off | |
| } | |
| # 故障转移 | |
| fail_duration 30s | |
| max_fails 3 | |
| unhealthy_status 500 502 503 504 | |
| } | |
| # ========================================================================= | |
| # 压缩配置 | |
| # ========================================================================= | |
| encode { | |
| zstd | |
| gzip 6 | |
| minimum_length 256 | |
| match { | |
| header Content-Type text/* | |
| header Content-Type application/json* | |
| header Content-Type application/javascript* | |
| header Content-Type application/xml* | |
| header Content-Type application/rss+xml* | |
| header Content-Type image/svg+xml* | |
| } | |
| } | |
| # ========================================================================= | |
| # 请求大小限制 (防止大文件攻击) | |
| # ========================================================================= | |
| request_body { | |
| max_size 100MB | |
| } | |
| # ========================================================================= | |
| # 日志配置 | |
| # ========================================================================= | |
| log { | |
| output file /var/log/caddy/sub2api.log { | |
| roll_size 50mb | |
| roll_keep 10 | |
| roll_keep_for 720h | |
| } | |
| format json | |
| level INFO | |
| } | |
| # ========================================================================= | |
| # 错误处理 | |
| # ========================================================================= | |
| handle_errors { | |
| respond "{err.status_code} {err.status_text}" | |
| } | |
| } | |