什么是 Caddy？

此技能为在 Openclaw Skills 生态系统中管理 Caddy 服务器提供了一个强大的框架。它专注于通过利用 Caddy 的自动 SSL 证书配置和易于阅读的 Caddyfile 语法来简化 Web 服务器编排。通过集成此技能，开发人员可以消除管理 Let's Encrypt 证书和复杂 Nginx 配置的手动开销。

此 Openclaw Skills 实用程序的核心重点是确保默认安全部署。它处理从 WebSocket 支持到自动 X-Forwarded 标头的所有内容，使其成为现代 Web 开发和微服务管理的重要工具。

下载入口:https://github.com/openclaw/skills/tree/main/skills/ivangdavila/caddy

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

2. 手动安装

将技能文件夹复制到以下位置之一

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

Caddy 应用场景

• 自动化面向公共域名的 SSL 证书配置和续订。
• 为本地或基于 Docker 的应用程序设置安全的反向代理。
• 在生产环境中实施零停机配置更新。
• 创建具有内置健康检查的高可用负载均衡器。
• 使用 Openclaw Skills 标准将旧版 Web 服务器配置迁移到现代自动化堆栈。

1. 验证主机环境中的必要二进制依赖项，并确保 80 和 443 端口可访问。
2. 使用特定的缩进规则和站点块构建 Caddyfile，以实现整洁、可读的配置。
3. 自动启动 ACME 挑战过程，从 Let's Encrypt 或 ZeroSSL 获取 SSL 证书。
4. 配置 Docker 网络逻辑，允许代理通过服务名称与容器化后端通信。
5. 使用 reload 命令执行原子配置重载，以确保更新期间流量永不丢失。

Caddy 配置指南

要开始在您的服务器上使用此技能，请按照以下安装和验证步骤操作：

# 在您的主要系统中安装 Caddy
sudo apt install caddy

# 格式化并验证您的 Caddyfile 以确保语法合规
caddy fmt --overwrite
caddy validate --config /etc/caddy/Caddyfile

# 在不中断服务的情况下应用配置更改
caddy reload

在启动 Openclaw Skills 工作流程之前，请确保您的域名 DNS 正确指向服务器的 IP 地址，以避免 SSL 证书频率限制。

Caddy 数据架构与分类体系

该技能跨多个关键位置和格式管理配置和敏感数据：

name: Caddy
description: Configure Caddy as a reverse proxy with automatic HTTPS and simple Caddyfile syntax.
metadata: {"clawdbot":{"emoji":"??","requires":{"bins":["caddy"]},"os":["linux","darwin","win32"]}}

Caddy Configuration Rules

Automatic HTTPS

• Caddy provisions SSL certificates automatically — don't manually configure Let's Encrypt unless you have specific needs
• Domain must resolve to the server publicly for HTTP challenge — use DNS challenge for internal/wildcard certs
• Ports 80 and 443 must be free — Caddy needs both even for HTTPS-only (80 handles ACME challenges and redirects)
• Let's Encrypt has rate limits — use staging CA during testing to avoid hitting production limits

Caddyfile Syntax

• Indentation is significant — blocks are defined by indentation, not braces in shorthand
• Site blocks need a space before the opening brace: example.com { not example.com{
• Use caddy fmt --overwrite to fix formatting — catches most syntax issues
• Validate before applying: caddy validate --config /etc/caddy/Caddyfile

Reverse Proxy

• Caddy adds X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host automatically — don't add them manually
• WebSocket works out of the box — no special configuration needed
• Load balancing is automatic with multiple backends — default is random, use lb_policy to change
• Passive health checks remove failed backends automatically

Docker Networking

• Use container names as hostnames: reverse_proxy container_name:3000
• Caddy and backends must share a Docker network — default bridge doesn't support DNS resolution
• For Docker Compose, service names work as hostnames when on the same network

Configuration Management

• Use caddy reload not restart — reload applies changes without dropping connections
• Config changes are atomic — if new config fails validation, old config stays active
• Test without applying: caddy adapt --config Caddyfile shows parsed JSON output

Certificate Storage

• Certificates stored in ~/.local/share/caddy by default — preserve this across reinstalls
• For Docker, mount volumes for /data and /config — losing these means re-requesting all certificates
• Multiple Caddy instances need shared storage or will fight over certificates

Debugging

• Enable debug logging: add debug as first line in global options block
• Check certificate status in /data/caddy/certificates/ directory
• Common issue: DNS not pointing to server yet — certificates fail silently until domain resolves

Security Headers

• Caddy doesn't add security headers by default — add X-Frame-Options, X-Content-Type-Options explicitly
• HSTS is automatic when serving HTTPS — no manual configuration needed

Performance

• Handles thousands of concurrent connections without tuning
• HTTP/3 available with servers { protocols h1 h2 h3 }
• Compression automatic for text content