Caddy2 反向代理WebSocket
使用Caddy2 反向代理本地的 WebSocket+TLS网站(WSS)
- 在某些需要WebSocket实时连接的场景下,我们希望实现反向代理。
在Caddy2下的反向代理
proxy🔗
The v2 equivalent is reverse_proxy.
One other significant difference is that the v2 proxy passes all incoming headers thru by default (including the Host header) and sets the X-Forwarded-For header. In other words, v1's "transparent" mode is basically the default in v2 (but if you need other headers like X-Real-IP you have to set those yourself). You can still override/customize the Host header using the header_up subdirective.
Websocket proxying "just works" in v2; there is no need to "enable" websockets like in v1.
The without subdirective has been removed because rewrite hacks are no longer necessary in v2 thanks to improved matcher support.
v2等效为reverse_proxy。
V2值得注意的变化是,header_aupstream和header_downstream分别变为header_up和header_down;并且设置了X-Forwarded-For
另一个重要区别是,v2代理默认情况下会通过所有传入的标头(包括Host标头),并设置X-Forwarded-For标头。换句话说,v1的“透明”模式基本上是v2中的默认模式(但如果您需要X-Real-IP等其他标头,则必须自己设置)。您仍然可以使用header_up子指令覆盖/自定义Host标头。Websocket代理在v2中默认工作;没有必要像v1中那样“启用”websocket。
配置
- 反向代理
www.baidu.com {
handle {
reverse_proxy https://websocket.com { #反代对应的websocket网站
header_up X-Forwarded-Host {host}
header_up X-Real-IP {remote_host}
header_up Host {upstream_hostport} #header_up Host {host}
}
}
}
- 反向代理+忽略本地证书验证
www.baidu.com {
reverse_proxy {
to https://localhost:8443
transport http {
tls
tls_insecure_skip_verify #跳过证书验证
}
}
}
