数据源来自Hackl0us/GeoIP2-CN

构建方式:

xcaddy build --with github.com/ysicing/caddy2-geocn 

使用方式;

 @geofilter { geocn { db_file "./Country.mmdb" } } file_server @geofilter { # 大陆 ip } file_server { # 大陆 ip 非大陆 ip } 

测试:

docker run -itd 80:80 ghcr.io/ysicing/caddy2-geocn:latest 

应用实例 我的博客, 具体博客配置可以看github

话说 caddy2 真的很难用相比较 v1 版本, 而且插件文档少的可怜。

使用 caddy 的原因是有自动更新 https 证书。

网络结构很简单，前面有一个域名，caddy 反向代理转给响应程序。

1.

先是使用七牛，然后发现半天过不了校验，一直在部署中，我们以为是七牛不行。

加上七牛的自定义配置选项很少，于是换腾讯云 CDN 。

然后又试，发现要么不行(403)，要么重定向到了服务器内部域名(这个域名可以直接 ping 到服务器 IP)。

2.

随后，我们关闭了自动 https 重定向，终于不会暴露内部域名了。

但现在会稳定得到一个 403 。

3.

把回源请求方式改为“始终使用 HTTP”，并且写了一个小服务脚本测试。

发现了这样的问题：

Caddy 获得了 CDN 转发来的请求之后，没有转发给上游，直接返回了 403

随后就是 apt install nginx，10 分钟之后就正常工作了。

虽然不排除可能是腾讯云和七牛的问题，但我还是对 caddy 感到费解，包括要求配置项的顺序要求也是，让人一头雾水的配置错误提示也是。

PS. 附上配置和日志，以供参考：

配置：

http://xxx.q2test.cn, https://xxx.q2test.cn { reverse_proxy localhost:3000 } 

请求失败，返回 403：

Mar 18 18:26:40 iZbp1a0zoyd681g7u3kpzsZ caddy[522704]: {"level":"error","ts":1616063200.543761,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"220.194.88.217:21901","proto":"HTTP/1.1","method":"GET","host":"xxx.q2test.cn","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"X-Nws-Log-Uuid":["18288152216455359445"],"X-Tencent-Ua":["Qcloud"],"X-Forwarded-Proto":["http"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Accept-Language":["zh-CN,zh;q=0.9"],"D541340abd8120abcb55ffb8fc48b3ce":["tag"],"X-Forwarded-For":["118.113.4.159"],"X-Daa-Tunnel":["hop_count=1"]}},"common_log":"220.194.88.217 - - [18/Mar/2021:18:26:40 +0800] \"GET / HTTP/1.1\" 403 0","duration":0.000036437,"size":0,"status":403,"resp_headers":{"Server":["Caddy"]}} 

不通过 cdn 请求成功：

Mar 18 18:26:59 iZbp1a0zoyd681g7u3kpzsZ caddy[522704]: {"level":"info","ts":1616063219.6977851,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"117.113.2.139:57097","proto":"HTTP/1.1","method":"GET","host":"xxx.q2test.cn","uri":"/","headers":{"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Accept-Language":["zh-CN,zh;q=0.9"],"If-None-Match":["\"e02aa1b106d5c7c6a98def2b13005d5b84fd8dc8\""],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate"]}},"common_log":"117.113.2.139 - - [18/Mar/2021:18:26:59 +0800] \"GET / HTTP/1.1\" 304 0","duration":0.001917656,"size":0,"status":304,"resp_headers":{"Server":["Caddy","TornadoServer/6.1"],"Date":["Thu, 18 Mar 2021 10:26:59 GMT"],"Etag":["\"e02aa1b106d5c7c6a98def2b13005d5b84fd8dc8\""]}} 

我像这样写好像不太行

 "apps": { "http": { "servers": { "static": { "idle_timeout": 30000000000, "listen": [ ":80" ], "max_header_bytes": 10240, "read_header_timeout": 10000000000, "routes": [ { "handle": [ { "browse": {}, "handler": "file_server", "root": "e:" } ], "match": [ { "path": [ "/e/*" ] } ] } ] } } } } 

https://github.com/mholt/caddy

博文地址 https://emiria.io/post/CaddyServer/

诺，就是这货 https://caddyserver.com Orz..