据说安全性会比别人好,边建边做个记录吧。1、安装配置软件yuminstallwgetlrzszvimtar-y2。安装Golang安装目录,解压到常用的/usr/localwgethttps://go.dev/dl/go1.19.4.linux-amd64.tar.gztar-zxvfgo1.19.4.linux-amd64.tar.gz-C/usr/localsetGOROOTandGOPATH#编译位置vim/etc/profileexportGOROOT=/usr/local/goexportGOPATH=/data/gopathexportPATH=$PATH:$GOROOT/bin:$GOPATH/bin让配置走效果:来源/etc/profile3.安装NaiveProxygoinstallgithub.com/caddyserver/xcaddy/cmd/xcaddy@latest#打开执行目录的快捷方式ln-s/usr/local/go/gopath/bin/xcaddy/usr/bin/xcaddyxcaddybuild--withgithub.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive--和github.com/porech/caddy-maxmind-geolocation等几分钟当前目录出现caddy文件,移动到执行目录mvcaddy/usr/bin/#查看caddy版本caddyversion#设置允许监听1024以下端口setcapcap_net_bind_service=+ep/usr/bin/caddy4.配置NaiveProxymkdir/etc/caddytouch/etc/caddy/Caddyfile写入如下内容,这里是复合站点配置。根据实际情况修改名称和域名:443example1.com{tlsyourname@qq.comroute{forward_proxy{basic_auth用户名密码hide_iphide_viaprobe_resistance}reverse_proxyhttps://cloudreve.org{header_upHost{upstream_hostport}}}}example2.com{redirhttps://baidu.com}example3.com{tlsyourname@qq.comfile_server{root/var/www/html}}测试配置文件是否正确/usr/bin/caddyrun--config/etc/caddy/Caddyfile5.配置系统启动等新文件:vim/etc/systemd/system/caddy.service[Unit]Description=CaddyDocumentation=https://caddyserver.com/docs/After=network.targetnetwork-online.targetRequires=network-online.target[Service]Type=notifyUser=rootGroup=rootExecStart=/usr/bin/caddyrun--environ--config/etc/caddy/CaddyfileExecReload=/usr/bin/caddyreload--config/etc/caddy/Caddyfile--forceTimeoutStopSec=5sLimitNOFILE=1048576LimitNPROC=512PrivateTmp=trueProtectSystem=fullAmbientCapabilities=CAP_NET_BIND_SERVICE[Install=]multi-Buser.target设置自启动等systemctldaemon-reload#重新加载配置文件systemctlenablecaddy#设置并启动systemctlstartcaddy#启动正常运行命令重新加载caddysystemctlreloadcaddyrestartcaddysystemctlrestartcaddystopcaddysystemctlstopcaddy6.优化速度sudosysctl-wnet.ipv4.tcp_congestion_control=bbrsudosysctl-wnet.ipv4.tcp_slow_start_after_idle=0sudosysctl-wnet.ipv4.tcp_notsent_lowat=16384需要重启reboot7。客户端配置{"listen":"socks://127.0.0.1:1080","concurrency":"2","proxy":"https://user:password@example.com"}备注:listen:listen地址和端口,一般不需要修改需要修改用户名、密码和域名;如果端口不是443,需要在域名后加上服务器绑定的tls端口,例如domain.example:1443
