-
Notifications
You must be signed in to change notification settings - Fork 11
Usage: server setup
The following describes the naïve fork of Caddy forwardproxy setup.
Download here or build from source:
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
Example Caddyfile (replace user
and pass
accordingly):
{
order forward_proxy before file_server
}
:443, example.com {
tls me@example.com
forward_proxy {
basic_auth user pass
hide_ip
hide_via
probe_resistance
acl {
allow 172.31.255.2
}
}
file_server {
root /var/www/html
}
}
:443
must appear first for this Caddyfile to work. See Caddyfile docs for customizing TLS certificates. For more advanced usage consider using JSON for
Caddy 2's config.
Run with the Caddyfile:
sudo setcap cap_net_bind_service=+ep ./caddy
./caddy start
See also Systemd unit example and HAProxy setup.
The window sizes should be tuned to the actual BDP = Link speed * RTT. Example: Assuming 1Gbps link with 256ms RTT, it's a 32MiB maximum window size requiring 64MiB maximum buffer size. Add to /etc/sysctl.d/99-network.conf
(create if not available) or /etc/sysctl.conf
(if present):
net.ipv4.tcp_rmem = 4096 131072 67108864
net.ipv4.tcp_wmem = 4096 131072 67108864
Reapplying sysctl rules after changes:
sudo systemctl restart systemd-sysctl.service
or
sudo sysctl -p
See also Performance-Tuning.
Add to /etc/sysctl.d/99-network.conf
(create if not available) or /etc/sysctl.conf
(if present):
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Reapplying sysctl rules after changes:
sudo systemctl restart systemd-sysctl.service
or
sudo sysctl -p
See also Performance-Tuning.
Add to Caddyfile
:
route {
forward_proxy {
...
acl {
allow 172.31.255.2
}
...
}
...
}
Restart or reload caddy service after configure changes:
caddy reload
caddy restart
See also at 使用naive节点无法访问ChatGPT的172.31.255.2代理