BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.0, r23497-6637af95aa
-----------------------------------------------------
root@OpenWrt:~# uname -a
Linux OpenWrt 5.15.134 #0 SMP Mon Oct 9 21:45:35 2023 aarch64 GNU/Linux
root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 102.3M 16.8M 83.5M 17% /
tmpfs 245.2M 92.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 104M 0 part /
root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.0/targets/sunxi/cortexa53/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/23.05.0/targets/sunxi/cortexa53/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# opkg install parted losetup resize2fs
Installing parted (3.6-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/parted_3.6-1_aarch64_cortex-a53.ipk
Installing libparted (3.6-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/packages/libparted_3.6-1_aarch64_cortex-a53.ipk
Installing libreadline8 (8.2-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/libreadline8_8.2-1_aarch64_cortex-a53.ipk
Installing losetup (2.39-2) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/losetup_2.39-2_aarch64_cortex-a53.ipk
Installing resize2fs (1.47.0-2) to root...
Downloading https://downloads.openwrt.org/releases/23.05.0/packages/aarch64_cortex-a53/base/resize2fs_1.47.0-2_aarch64_cortex-a53.ipk
Configuring resize2fs.
Configuring losetup.
Configuring libparted.
Configuring libreadline8.
Configuring parted.
root@OpenWrt:~# echo -e "ok\nfix" | parted -l ---pretend-input-tty
Model: SD SD16G (sd/mmc)
Disk /dev/mmcblk0: 15.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 22.0MB 21.0MB primary fat16 boot, lba
2 23.1MB 132MB 109MB primary ext2
root@OpenWrt:~# parted -s /dev/mmcblk0 resizepart 2 100%
root@OpenWrt:~# reboot
root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 14.4G 0 part / #这里可以看到分区2已经被扩容了
root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 102.3M 20.0M 80.3M 20% /
tmpfs 245.2M 88.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# losetup /dev/loop1 /dev/mmcblk0p2
root@OpenWrt:~# resize2fs -f /dev/loop1
resize2fs 1.47.0 (5-Feb-2023)
Resizing the filesystem on /dev/loop1 to 3779072 (4k) blocks.
The filesystem on /dev/loop1 is now 3779072 (4k) blocks long.
root@OpenWrt:~# reboot
root@OpenWrt:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 14.2G 20.0M 14.2G 0% / #文件也已经被扩容
tmpfs 245.2M 84.0K 245.1M 0% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
root@OpenWrt:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mmcblk0 179:0 0 14.4G 0 disk
├─mmcblk0p1 179:1 0 20M 0 part
└─mmcblk0p2 179:2 0 14.4G 0 part /
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
[Unit]
Description=OpenVPN service for %I
After=network-online.target
Wants=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
[Service]
Type=notify
PrivateTmp=true
WorkingDirectory=/etc/openvpn/server
ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf --management 127.0.0.1 8989
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
ProtectHome=true
KillMode=process
RestartSec=5s
Restart=on-failure
[Install]
WantedBy=multi-user.target
root@ip:~# systemctl daemon-reload
root@ip:~# systemctl restart openvpn-server@server.service
root@ip:~# netstat -nlp | grep openvpn
tcp 0 0 172.31.35.111:12345 0.0.0.0:* LISTEN 19285/openvpn
tcp 0 0 127.0.0.1:8989 0.0.0.0:* LISTEN 19285/openvpn
root@ip:~# wget https://github.com/sharljimhtsin/ovpn-admin/releases/download/v3/ovpn-admin-linux-amd64.tar.gz
root@ip:~# cp /etc/openvpn/server/easy-rsa/easyrsa /usr/local/bin/
root@ip:~# ls -lh /usr/local/bin/
total 172K
-rwxr-xr-x 1 root root 170K Jul 14 02:45 easyrsa
root@ip:~# EASYRSA_BATCH=1 ./ovpn-admin --listen.host="0.0.0.0" --listen.port="8080" --ovpn.network="TUN网卡IP/24" --ovpn.server=WANIP:12345:tcp --easyrsa.path=/etc/openvpn/server/easy-rsa/ --easyrsa.index-path=/etc/openvpn/server/easy-rsa/pki/index.txt --log.level=trace
--web.basic-auth.user=admin --web.basic-auth.password=12345
DEBU[0000] mgmtStatusTimeFormat: 2006-01-02 15:04:05
DEBU[0000] mgmtSetTimeFormat: successful connection to main/127.0.0.1:8989
TRAC[0000] OpenVPN Version: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Management Version: 3
ND
INFO[0000] Bind: http://0.0.0.0:8080
root@ip:~# netstat -nlp | grep vpn
tcp 0 0 172.31.35.111:12345 0.0.0.0:* LISTEN 19285/openvpn
tcp 0 0 127.0.0.1:8989 0.0.0.0:* LISTEN 19285/openvpn
tcp6 0 0 :::8080 :::* LISTEN 19300/./ovpn-admin
http://debug.xzx.im:80 https://debug.xzx.im {
root * /var/www
file_server
}
[root@VM-4-3-centos ~]# curl http://debug.xzx.im -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 6841
Content-Type: text/html; charset=utf-8
Etag: "qz7q685a1"
Last-Modified: Fri, 10 Sep 2021 09:54:08 GMT
Server: Caddy
Date: Sat, 11 Sep 2021 13:44:55 GMT
[root@VM-4-3-centos ~]# curl https://debug.xzx.im -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 6841
Content-Type: text/html; charset=utf-8
Etag: "qz7q685a1"
Last-Modified: Fri, 10 Sep 2021 09:54:08 GMT
Server: Caddy
Date: Sat, 11 Sep 2021 13:45:00 GMT
[root@VM-4-3-centos ~]# curl http://us.xzx.im -I
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://us.xzx.im/
Server: Caddy
Date: Sat, 11 Sep 2021 13:46:55 GMT
[root@VM-4-3-centos ~]# curl https://us.xzx.im -I
HTTP/1.1 200 OK
Content-Length: 5514
Content-Type: text/html; charset=utf-8
Date: Sat, 11 Sep 2021 13:46:58 GMT
Server: Caddy
Server: swoole-http-server
Set-Cookie: SWOFT_SESSION_ID=eo0e72sbt0kqiqvco1kkflfqc6; expires=Sun, 12-Sep-2021 01:46:58 GMT; path=/; httponly
# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core.
nohup go-shadowsocks2 -password ****** -plugin v2ray-plugin -plugin-opts "server;tls;host=kr.xzx.im;key=/path/to/kr.xzx.im.key;cert=/path/to/kr.xzx.im.crt;mux=0" -s ":####" -verbose &
shadowsocks=kr.xzx.im:####,method=chacha20-ietf-poly1305,password=******,obfs=wss,obfs-uri=/,obfs-host=kr.xzx.im,tls13=false,fast-open=false,udp-relay=false,tag=ss-v2ray-plugin
sgp.xzx.im
root /home/admin/http
proxy /caonima 127.0.0.1:9700 {
websocket
header_upstream -Origin
}
browse /
status 403 /forbidden
basicauth "username" password{
realm "password plz"
/rinima
}
rewrite {
# if {file} starts_with .
r ^/\..*
to /forbidden
}
fastcgi / /run/php-fpm/www.sock php
sgp.xzx.im {
root * /home/admin/http
reverse_proxy /caonima 127.0.0.1:9700
respond /forbidden 403
basicauth /pdf/* {
username JDJhJDEwJEhrMGVjT2s1ZWNoSnM1VUFhUThnV090dUttU3ZYc1kyZGVTLmhoNGVVZUVtY0lwcXRuRG1T
}
basicauth /rinima/* {
username JDJhJDEwJEhrMGVjT2s1ZWNoSnM1VUFhUThnV090dUttU3ZYc1kyZGVTLmhoNGVVZUVtY0lwcXRuRG1T
}
@dotFiles {
path_regexp ^/\..*
}
rewrite @dotFiles /forbidden
# Proxy PHP files to the FastCGI responder
@phpFiles {
path *.php
}
reverse_proxy @phpFiles unix//var/run/php-fpm-www.sock {
transport fastcgi {
split .php
}
}
#php_fastcgi unix//var/run/php-fpm-www.sock #这个应该是有用的,之前忘了加 unix:// 前缀,还以为没作用
file_server /* browse
}
root@iZt4nbvac3vpa6uqd0l17kZ:~ # caddy help hash-password
Convenient way to hash a plaintext password. The resulting
hash is written to stdout as a base64 string.
--algorithm may be bcrypt or scrypt. If script, the default
parameters are used.
Use the --salt flag for algorithms which require a salt to
be provided (scrypt).
usage:
caddy hash-password --plaintext <password> [--salt <string>] [--algorithm <name>]
flags:
-algorithm string
Name of the hash algorithm (default "bcrypt")
-plaintext string
The plaintext password
-salt string
The password salt
Full documentation is available at:
https://caddyserver.com/docs/command-line
root@iZt4nbvac3vpa6uqd0l17kZ:~ # caddy hash-password --plaintext "caonima"
JDJhJDEwJEV1VTFDbk94WnJFaEZJZndMb0tob081U01JOEtVTEpuMW1tbGZRNW16QXJFb3gubm8yM2RX #生成的密文
echo "start caddy"
nohup go/bin/caddy -agree -log log/web.log -conf cfg/Caddyfile >& log/caddy.log &
\--- 17397 root caddy run --pingback 127.0.0.1:26860 --config cfg/Caddyfile
# start Starts the Caddy process in the background and then returns
默认后台运行,不需要再用 nohup 了
[root@hk_uc ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.unknown_nmi_panic = 0
kernel.sysrq = 1
fs.file-max = 1000000
vm.swappiness = 10
fs.inotify.max_user_watches = 10000000
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
fs.inotify.max_queued_events = 327679
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv4.ip_forward = 1 //开启端口转发 1=>开启 0=>关闭
[root@hk_uc ~]# sysctl -p
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.unknown_nmi_panic = 0
kernel.sysrq = 1
fs.file-max = 1000000
vm.swappiness = 10
fs.inotify.max_user_watches = 10000000
net.core.wmem_max = 327679
net.core.rmem_max = 327679
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
fs.inotify.max_queued_events = 327679
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.neigh.default.gc_thresh1 = 2048
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv4.ip_forward = 1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 9800 -j DNAT --to-destination 210.203.57.103:19600
iptables -t nat -A POSTROUTING -d 210.203.57.103 -p tcp -m tcp --dport 19600 -j SNAT --to-source 10.8.32.28
[root@hk_uc ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1454
inet 10.8.32.28 netmask 255.255.0.0 broadcast 10.8.255.255
ether 52:54:00:1a:5d:55 txqueuelen 1000 (Ethernet)
RX packets 83091504 bytes 30721120125 (28.6 GiB)
RX errors 0 dropped 891 overruns 0 frame 0
TX packets 98367783 bytes 33007019179 (30.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 14612734 bytes 19897570061 (18.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14612734 bytes 19897570061 (18.5 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@hk_uc ~]# iptables-save
# Generated by iptables-save v1.4.21 on Fri Jan 3 11:52:32 2020
*nat
:PREROUTING ACCEPT [7618:365173]
:INPUT ACCEPT [7618:365173]
:OUTPUT ACCEPT [1727:118684]
:POSTROUTING ACCEPT [1727:118684]
-A PREROUTING -p tcp -m tcp --dport 9800 -j DNAT --to-destination 210.203.57.103:19600
-A PREROUTING -p tcp -m tcp --dport 9900 -j DNAT --to-destination 140.238.11.39:9600
-A POSTROUTING -d 210.203.57.103/32 -p tcp -m tcp --dport 19600 -j SNAT --to-source 10.8.32.28
-A POSTROUTING -d 140.238.11.39/32 -p tcp -m tcp --dport 9600 -j SNAT --to-source 10.8.32.28
COMMIT
# Completed on Fri Jan 3 11:52:32 2020
# Generated by iptables-save v1.4.21 on Fri Jan 3 11:52:32 2020
*filter
:INPUT ACCEPT [433680:111523114]
:FORWARD ACCEPT [360898:155486678]
:OUTPUT ACCEPT [476261:116542832]
COMMIT
# Completed on Fri Jan 3 11:52:32 2020
go get -u -v github.com/shadowsocks/go-shadowsocks2
git clone https://github.com/shadowsocks/v2ray-plugin.git
mv v2ray-plugin_linux_amd64 ~/go/bin/v2ray-plugin
git clone https://github.com/Neilpang/acme.sh
./acme.sh --issue --dns -d tw.xzx.im --yes-I-know-dns-manual-mode-enough-go-ahead-please
./acme.sh --renew --dns -d tw.xzx.im --yes-I-know-dns-manual-mode-enough-go-ahead-please
nohup go-shadowsocks2 -password ***** -plugin v2ray-plugin -plugin-opts "server;tls;host=tw.xzx.im" -s ":9600" &
|-go-shadowsocks2,29874 -password ***** -plugin v2ray-plugin -plugin-opts server;tls;host=tw.xzx.im -s :9600
| |-v2ray-plugin,29879
| | |-{v2ray-plugin},29881
| | |-{v2ray-plugin},29882
| | |-{v2ray-plugin},29883
| | |-{v2ray-plugin},29884
| | |-{v2ray-plugin},29885
| | |-{v2ray-plugin},29886
| | |-{v2ray-plugin},30461
| | |-{v2ray-plugin},30462
| | `-{v2ray-plugin},30476
| |-{go-shadowsocks2},29875
| |-{go-shadowsocks2},29876
| |-{go-shadowsocks2},29877
| |-{go-shadowsocks2},29878
| |-{go-shadowsocks2},29880
| |-{go-shadowsocks2},30458
| |-{go-shadowsocks2},30459
| |-{go-shadowsocks2},30464
| |-{go-shadowsocks2},30477
| |-{go-shadowsocks2},30699
| |-{go-shadowsocks2},30701
| `-{go-shadowsocks2},30710
[root@vm1219610 ~]# netstat -nlp | grep 9600
tcp 0 0 0.0.0.0:9600 0.0.0.0:* LISTEN 29879/v2ray-plugin
udp 0 0 0.0.0.0:9600 0.0.0.0:* 29874/go-shadowsock
{
"Remark": "TW",
"Group": "None",
"Type": "SS",
"Rate": 1.0,
"Hostname": "tw.xzx.im",
"Port": 19600, #这里是NAT端口转发的外网开放端口
"Username": null,
"Password": "*******",
"UserID": "",
"AlterID": 0,
"EncryptMethod": "chacha20-ietf-poly1305",
"Plugin": "v2ray-plugin",
"PluginOption": "tls;host=tw.xzx.im",
"Protocol": null,
"ProtocolParam": null,
"OBFS": null,
"OBFSParam": null,
"TransferProtocol": "tcp",
"FakeType": "",
"Host": "",
"Path": "",
"QUICSecure": "none",
"QUICSecret": "",
"TLSSecure": false,
"Delay": 49
}
[root@HongKong ~]# cat /etc/v2ray/config.json
{
"inbounds": [{
"port": 9700,
"listen": "127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "UUID_STR***************",
"level": 1,
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"tlsSettingsOmit": {
"serverName": "hh.xzx.im",
"allowInsecure": false
},
"wsSettings": {
"path": "/caonima",
"headers": {
"Host": "hh.xzx.im"
}
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
}
]
}
}
[root@HongKong ~]# cat /etc/caddy/Caddyfile
hh.xzx.im {
root /root/ipa-server/upload
rewrite {
if {path} is /
# proxy v2ray first
if {path} not /caonima
to /proxy/{uri}
}
rewrite {
# proxy v2ray first
if {path} not /caonima
to {path} /proxy/{uri}
}
proxy /proxy 127.0.0.1:8080 {
#except /proxy
without /proxy
#transparent
}
proxy /caonima 127.0.0.1:9700 {
#preset websocket
websocket
header_upstream -Origin
}
}
xxx.domain.tld {
proxy / 127.0.0.1:PORT### {
websocket
header_upstream -Origin
}
}
{
"outbounds": [{
"sendThrough": "0.0.0.0",
"mux": {
"enabled": false,
"concurrency": 8
},
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "hh.xzx.im",
"users": [{
"id": "UUID_STR*********************",
"alterId": 64,
"security": "auto",
"level": 1
}],
"port": 443
}]
},
"tag": "HongKong",
"streamSettings": {
"wsSettings": {
"path": "\/caonima",
"headers": {
"Host": "hh.xzx.im"
}
},
"tlsSettings": {
"allowInsecure": true,
"alpn": [
"http\/1.1"
],
"serverName": "hh.xzx.im",
"allowInsecureCiphers": true
},
"security": "tls",
"network": "ws"
}
}]
}
[root@HongKong ~]# cat ipa-server/config.js
const path = require('path')
module.exports = {
debug: process.env.NODE_ENV !== 'production',
host: "0.0.0.0",//process.env.HOST || '0.0.0.0',
port: "8080",//process.env.PORT || 8080,
publicURL: "https://hh.xzx.im",//"process.env.PUBLIC_URL,
uploadDir: process.env.UPLOAD_DIR || path.resolve(__dirname, 'upload'),
}
[root@HongKong ~]# cat /etc/caddy/Caddyfile
hh.xzx.im
root /root/ipa-server/upload
rewrite {
if {path} is /
to /proxy/{uri}
}
rewrite {
to {path} /proxy/{uri}
}
proxy /proxy 127.0.0.1:8080 {
#except /proxy
without /proxy
#transparent
}