使用 caddy 的原因是有自动更新 https 证书。
网络结构很简单,前面有一个域名,caddy 反向代理转给响应程序。
先是使用七牛,然后发现半天过不了校验,一直在部署中,我们以为是七牛不行。
加上七牛的自定义配置选项很少,于是换腾讯云 CDN 。
然后又试,发现要么不行(403),要么重定向到了服务器内部域名(这个域名可以直接 ping 到服务器 IP)。
随后,我们关闭了自动 https 重定向,终于不会暴露内部域名了。
但现在会稳定得到一个 403 。
把回源请求方式改为“始终使用 HTTP”,并且写了一个小服务脚本测试。
发现了这样的问题:
Caddy 获得了 CDN 转发来的请求之后,没有转发给上游,直接返回了 403
随后就是 apt install nginx,10 分钟之后就正常工作了。
虽然不排除可能是腾讯云和七牛的问题,但我还是对 caddy 感到费解,包括要求配置项的顺序要求也是,让人一头雾水的配置错误提示也是。
配置:
http://xxx.q2test.cn, https://xxx.q2test.cn {
reverse_proxy localhost:3000
}
请求失败,返回 403:
Mar 18 18:26:40 iZbp1a0zoyd681g7u3kpzsZ caddy[522704]: {"level":"error","ts":1616063200.543761,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"220.194.88.217:21901","proto":"HTTP/1.1","method":"GET","host":"xxx.q2test.cn","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"X-Nws-Log-Uuid":["18288152216455359445"],"X-Tencent-Ua":["Qcloud"],"X-Forwarded-Proto":["http"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Accept-Language":["zh-CN,zh;q=0.9"],"D541340abd8120abcb55ffb8fc48b3ce":["tag"],"X-Forwarded-For":["118.113.4.159"],"X-Daa-Tunnel":["hop_count=1"]}},"common_log":"220.194.88.217 - - [18/Mar/2021:18:26:40 +0800] \"GET / HTTP/1.1\" 403 0","duration":0.000036437,"size":0,"status":403,"resp_headers":{"Server":["Caddy"]}}
不通过 cdn 请求成功:
Mar 18 18:26:59 iZbp1a0zoyd681g7u3kpzsZ caddy[522704]: {"level":"info","ts":1616063219.6977851,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"117.113.2.139:57097","proto":"HTTP/1.1","method":"GET","host":"xxx.q2test.cn","uri":"/","headers":{"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Accept-Language":["zh-CN,zh;q=0.9"],"If-None-Match":["\"e02aa1b106d5c7c6a98def2b13005d5b84fd8dc8\""],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate"]}},"common_log":"117.113.2.139 - - [18/Mar/2021:18:26:59 +0800] \"GET / HTTP/1.1\" 304 0","duration":0.001917656,"size":0,"status":304,"resp_headers":{"Server":["Caddy","TornadoServer/6.1"],"Date":["Thu, 18 Mar 2021 10:26:59 GMT"],"Etag":["\"e02aa1b106d5c7c6a98def2b13005d5b84fd8dc8\""]}}
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.