使用caddy 快速部署多个https 网站

caddy 是用go实现的轻便web部署工具,其功能nginx类似,比它轻量、方便。特别是方便使用免费的 Let's Encrypt https 证书。下面是以ubuntu/debian 环境介绍实际的部署过程。

部署的程序实例

  • caddy (前端入口)
  • 网站1、网站2 (网站应用)
  • supervisor (进程守护)

caddy 可以认为是一个Web 服务,可以把它放在与网站相同的目录,如 /srv/www/

安装caddy

caddy 是绿色的软件,到官方github 上下载最新版本 https://github.com/mholt/caddy/releases 3,我这里下载的是caddy_v0.11.0_linux_amd64.tar.gz。下载之后解压

mkdir -p /srv/www/caddy
cd /srv/www/caddy
wget https://github.com/mholt/caddy/releases/download/v0.11.0/caddy_v0.11.0_linux_amd64.tar.gz
tar -xzvf caddy_v0.11.0_linux_amd64.tar.gz

添加配置文件 Caddyfile,注意,第一个字母要大写,输入配置的内容,例如:

example.com {
    gzip
    root /srv/www/example
    log /srv/logs/example_access.log
    tls example@gmail.com
    proxy  / 127.0.0.1:8082
}

www.example.com {
    root /srv/www/example
    tls example@gmail.com
    redir / https://example.com{uri} 301
}

以上是一个基本配置,主要包括反向代理到应用实例和域名重定向。tls 是申请https 所需要的邮箱。一个域名用一个大括号包起来。

caddy 部署web程序

caddy 配置就是这样简单。

安装supervisor

supervisor 是python 实现的已经很成熟的进程守护程序,个人习惯用它来开启、守护某些应用进程。

apt-get 安装很方便

apt-get install supervisor

默认配置文件 /etc/supervisor/supervisord.conf,这个文件最后显示配置文件的路径。

cat /etc/supervisor/supervisord.conf

[include]
files = /etc/supervisor/conf.d/*.conf

默认配置文件所在文件夹 /etc/supervisor/conf.d/,可以使用命令 echo_supervisord_conf 查看配置参考。关于程序的配置参考:

;[program:theprogramname]
;command=/bin/cat              ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1                    ; number of processes copies to start (def 1)
;directory=/tmp                ; directory to cwd to before exec (def no cwd)
;umask=022                     ; umask for process (default None)
;priority=999                  ; the relative start priority (default 999)
;autostart=true                ; start at supervisord start (default: true)
;startsecs=1                   ; # of secs prog must stay up to be running (def. 1)
;startretries=3                ; max # of serial start failures when starting (default 3)
;autorestart=unexpected        ; when to restart if exited after running (def: unexpected)
;exitcodes=0,2                 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT               ; signal used to kill process (default TERM)
;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
;killasgroup=false             ; SIGKILL the UNIX process group (def false)
;user=chrism                   ; setuid to this UNIX account to run the program
;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false   ; emit events on stdout writes (default false)
;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false   ; emit events on stderr writes (default false)
;environment=A="1",B="2"       ; process environment additions (def no adds)
;serverurl=AUTO                ; override serverurl computation (childutils)

上面那么多一般保留默认,下面是两个示例,控制caddy 和一个网站实例 以文件名examp.conf 保存:

[program:caddy]
command = /srv/www/caddy/caddy -agree
process_name = caddy
stopwaitsecs = 11
directory = /srv/www/caddy
stdout_logfile = /srv/logs/caddy_out.log
stderr_logfile = /srv/logs/caddy_err.log
redirect_stderr=true
autostart=true
autorestart=true
stopwaitsecs = 11

[program:mysite1]
command = /srv/www/mysite1/mysite1
process_name = mysite1
stopwaitsecs = 11
directory = /srv/www/mysite1
stdout_logfile = /srv/logs/mysite1_out.log
stderr_logfile = /srv/logs/mysite1_err.log
redirect_stderr=true
autostart=true
autorestart=true
stopwaitsecs = 11

注意caddy 的参数 -agree 很重要,需要同意协议条款

Agree to the CA's Subscriber Agreement

如果不包含这个参数,则会出现下面提示并中断。

Activating privacy features... 

Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
  https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the terms? (y/n):

重载配置文件:

supervisorctl reload

就可以看到管理的实例已经在后台运行。这时就可以在浏览器打开网站的https网址,https://example.com