Build Caddy with trojan+naiveproxy+https support without affecting existing website.
Work as normal webserver with ability to cut across GFW.
With very low consumption of cpu and ram.
1, GO environment for building caddy with modules.
download go package
wget https://dl.google.com/go/go1.16.4.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.16.4.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
go env -w GO111MODULE="auto"
check go version
go version
install git
apt install git
get Xcaddy
go get -u github.com/caddyserver/xcaddy/cmd/xcaddy
start to build
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive --with github.com/imgk/caddy-trojan
Move caddy to exec path
cp caddy /usr/bin/
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/caddy
make caddy start with system boots
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Create user and group for caddy
sudo groupadd --system caddy
sudo useradd --system \
--gid caddy \
--create-home \
--home-dir /var/lib/caddy \
--shell /usr/sbin/nologin \
--comment "Caddy web server" \
caddy
enable caddy
systemctl daemon-reload
systemctl enable caddy
systemctl restart caddy
Caddyfile example
{
servers {
listener_wrappers {
trojan
}
protocol {
allow_h2c
strict_sni_host
}
}
}
:443, example.com {
tls admin@example.com
route {
trojan
forward_proxy {
basic_auth user password
hide_ip
hide_via
probe_resistance
}
file_server {
root /usr/share/caddy
}
}
}
add trojan user
curl -X POST -H "Content-Type: application/json" -d '{"password": "test1234"}' http://localhost:2019/trojan/users/add
useful command for troubleshooting with caddyfile
caddy validate --config /etc/caddy/Caddyfile
caddy adapt --config /etc/caddy/Caddyfile
caddy fmt /etc/caddy/Caddyfile --overwrite
done.
enjoy!