by ywdjxyz Aug 08, 2019 PHP

使用Caddy 快速部署多个https 网站

        Caddy 是用GO实现的轻便Web部署工具,其功能Nginx类似,比它轻量、方便。特别是方便使用免费的 Let’s Encrypt https 证书。下面是以Ubuntu/Debian 环境介绍实际的部署过程。

一、部署流程

        Caddy部署主要分为下列3个环节:

        (1)、Caddy(前端入口);

        (2)、网站1、网站2(网站应用);

        (3)、Supervisor(进程守护)。

        Caddy 可以认为是一个Web 服务,可以把它放在与网站相同的目录,如 /srv/www/

 

二、安装Caddy

        (1)、Caddy 是绿色的软件,到Github 官方上下载最新版本。我这里下载的是caddy_v0.11.0_linux_amd64.tar.gz,下载之后解压;

mkdir -p /srv/www/caddy
cd /srv/www/caddy
wget https://github.com/mholt/caddy/releases/download/v0.11.0/caddy_v0.11.0_linux_amd64.tar.gz
tar -xzvf caddy_v0.11.0_linux_amd64.tar.gz

        (2)、添加配置文件 Caddyfile,注意,第一个字母要大写,输入配置的内容,例如:

example.com {
    gzip
    root /srv/www/example
    log /srv/logs/example_access.log
    tls example@gmail.com
    proxy  / 127.0.0.1:8082
}

www.example.com {
    root /srv/www/example
    tls example@gmail.com
    redir / https://example.com{uri} 301
}

        以上是一个基本配置,主要包括反向代理到应用实例和域名重定向。tls 是申请https 所需要的邮箱。一个域名用一个大括号包起来。Caddy 配置就是这样简单。

 

三、安装supervisor

        supervisor 是python 实现的已经很成熟的进程守护程序,个人习惯用它来开启、守护某些应用进程。

        (1)、用apt-get 安装很方便;

apt-get install supervisor

 

        (2)、默认配置文件 /etc/supervisor/supervisord.conf,这个文件最后显示配置文件的路径;

cat /etc/supervisor/supervisord.conf
[include]
files = /etc/supervisor/conf.d/*.conf

 

        (3)、默认配置文件所在文件夹 /etc/supervisor/conf.d/,可以使用命令 echo_supervisord_conf查看配置参考。关于程序的配置参考:

;[program:theprogramname]
;command=/bin/cat              ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=999                  ; the relative start priority (default 999)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; when to restart if exited after running (def: unexpected)
;exitcodes=0,2                 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A="1",B="2"       ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

 

        (4)、下面是两个示例,控制caddy 和一个网站实例。以文件名examp.conf 保存:

[program:caddy]
command = /srv/www/caddy/caddy -agree
process_name = caddy
stopwaitsecs = 11
directory = /srv/www/caddy
stdout_logfile = /srv/logs/caddy_out.log
stderr_logfile = /srv/logs/caddy_err.log
redirect_stderr=true
autostart=true
autorestart=true
stopwaitsecs = 11

[program:mysite1]
command = /srv/www/mysite1/mysite1
process_name = mysite1
stopwaitsecs = 11
directory = /srv/www/mysite1
stdout_logfile = /srv/logs/mysite1_out.log
stderr_logfile = /srv/logs/mysite1_err.log
redirect_stderr=true
autostart=true
autorestart=true
stopwaitsecs = 11

 

        (5)、注意caddy 的参数 -agree 很重要,需要同意协议条款。

Agree to the CA's Subscriber Agreement

 

        (6)、如果不包含这个参数,则会出现下面提示并中断;

Activating privacy features... 

Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the terms? (y/n):

 

        (7)、重载配置文件:

supervisorctl reload

        就可以看到管理的实例已经在后台运行。这时就可以在浏览器打开网站的https网址,https://example.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *