update readme

2026-01-22 16:43:35 +00:00 · 2025-07-16 18:33:28 +08:00
parent a64ced0e36
commit f9bf2d544e
2 changed files with 107 additions and 127 deletions
--- a/README.md
+++ b/README.md
@@ -305,80 +305,69 @@ redis-cli ping
 ### 生产环境部署建议（重要！）
-**强烈建议使用nginx反向代理 + SSL证书**
+**强烈建议使用Caddy反向代理（自动HTTPS）**
-建议使用nginx反向代理并配置SSL证书：（以下为Nginx示例，如不想折腾可以选择安装面板进行操作，比如宝塔、1panel等）
+推荐使用Caddy作为反向代理，它会自动申请和更新SSL证书，配置更简单：
-**1. 安装nginx和获取SSL证书**
+**1. 安装Caddy**
 ```bash
 # Ubuntu/Debian
-sudo apt install nginx
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
 sudo apt update
 sudo apt install caddy
-# 安装 acme.sh
+# CentOS/RHEL/Fedora
-curl https://get.acme.sh | sh
+sudo yum install yum-plugin-copr
-source ~/.bashrc
+sudo yum copr enable @caddy/caddy
-
+sudo yum install caddy
 # 获取免费SSL证书（以Let's Encrypt为例）
 acme.sh --issue -d your-domain.com --nginx
 # 或者使用 standalone 模式
 # acme.sh --issue -d your-domain.com --standalone
 ```
-**2. nginx配置示例**
+**2. Caddy配置（超简单！）**
-创建 `/etc/nginx/sites-available/claude-relay` 配置文件：
+编辑 `/etc/caddy/Caddyfile`：
-```nginx
+```
-server {
+your-domain.com {
-    listen 80;
+    # 反向代理到本地服务
-    server_name your-domain.com;
+    reverse_proxy 127.0.0.1:3000 {
-    return 301 https://$server_name$request_uri;
+        # 支持流式响应（SSE）
-}
+        flush_interval -1
-server {
+        # 传递真实IP
-    listen 443 ssl http2;
+        header_up X-Real-IP {remote_host}
-    server_name your-domain.com;
+        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Proto {scheme}
-    # SSL配置
+        # 超时设置（适合长连接）
-    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+        transport http {
-    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+            read_timeout 300s
-    ssl_protocols TLSv1.2 TLSv1.3;
+            write_timeout 300s
-    ssl_ciphers HIGH:!aNULL:!MD5;
+            dial_timeout 30s
        }
    }
-    # 安全头
+    # 安全头部
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    header {
-    add_header X-Frame-Options DENY;
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-    add_header X-Content-Type-Options nosniff;
+        X-Frame-Options "DENY"
-    
+        X-Content-Type-Options "nosniff"
-    # 反向代理配置
+        -Server
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        # 超时设置
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
 }
 ```
-**3. 启用配置**
+**3. 启动Caddy**
 ```bash
 # 启用站点
 sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
 # 测试配置
-sudo nginx -t
+sudo caddy validate --config /etc/caddy/Caddyfile
-# 重启nginx
+# 启动服务
-sudo systemctl restart nginx
+sudo systemctl start caddy
 sudo systemctl enable caddy
 # 查看状态
 sudo systemctl status caddy
 ```
 **4. 更新服务配置**
@@ -395,11 +384,12 @@ module.exports = {
 }
 ```
-**安全优势：**
+**Caddy优势：**
- 🔒 **数据加密**: 所有API请求都通过HTTPS加密传输
+- 🔒 **自动HTTPS**: 自动申请和续期Let's Encrypt证书，零配置
- 🛡️ **隐藏端口**: 不直接暴露服务端口，降低攻击面
+- 🛡️ **安全默认**: 默认启用现代安全协议和加密套件
- 🚀 **更好性能**: nginx的静态文件服务和缓存能力
+- 🚀 **流式支持**: 原生支持SSE/WebSocket等流式传输
- 📊 **访问日志**: nginx提供详细的访问日志和监控
+- 📊 **简单配置**: 配置文件极其简洁，易于维护
 - ⚡ **HTTP/2**: 默认启用HTTP/2，提升传输性能
 ---
@@ -411,7 +401,7 @@ module.exports = {
 - **合理分配**: 可以给不同的人分配不同的apikey，可以根据不同的apikey来分析用量
 ### 安全建议
- **使用HTTPS**: 强烈建议配置nginx反向代理和SSL证书，确保数据传输安全
+- **使用HTTPS**: 强烈建议使用Caddy反向代理（自动HTTPS），确保数据传输安全
 - **定期备份**: 重要配置和数据要备份
 - **监控日志**: 定期查看异常日志
 - **更新密钥**: 定期更换JWT和加密密钥
--- a/README_EN.md
+++ b/README_EN.md
@@ -303,80 +303,69 @@ redis-cli ping
 ### Production Deployment Recommendations (Important!)
-**Strongly recommend using nginx reverse proxy + SSL certificate**
+**Strongly recommend using Caddy reverse proxy (Automatic HTTPS)**
-It's recommended to use nginx reverse proxy and configure SSL certificate: (The following is an nginx example, if you don't want to fiddle with it, you can choose to install a panel for operation, such as Baota, 1panel, etc.)
+Recommend using Caddy as reverse proxy, it will automatically apply and renew SSL certificates with simpler configuration:
-**1. Install nginx and obtain SSL certificate**
+**1. Install Caddy**
 ```bash
 # Ubuntu/Debian
-sudo apt install nginx
+sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
 curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
 sudo apt update
 sudo apt install caddy
-# Install acme.sh
+# CentOS/RHEL/Fedora
-curl https://get.acme.sh | sh
+sudo yum install yum-plugin-copr
-source ~/.bashrc
+sudo yum copr enable @caddy/caddy
-
+sudo yum install caddy
 # Get free SSL certificate (using Let's Encrypt as example)
 acme.sh --issue -d your-domain.com --nginx
 # Or use standalone mode
 # acme.sh --issue -d your-domain.com --standalone
 ```
-**2. nginx configuration example**
+**2. Caddy Configuration (Super Simple!)**
-Create `/etc/nginx/sites-available/claude-relay` configuration file:
+Edit `/etc/caddy/Caddyfile`:
-```nginx
+```
-server {
+your-domain.com {
-    listen 80;
+    # Reverse proxy to local service
-    server_name your-domain.com;
+    reverse_proxy 127.0.0.1:3000 {
-    return 301 https://$server_name$request_uri;
+        # Support streaming responses (SSE)
-}
+        flush_interval -1
-server {
+        # Pass real IP
-    listen 443 ssl http2;
+        header_up X-Real-IP {remote_host}
-    server_name your-domain.com;
+        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Proto {scheme}
-    # SSL configuration
+        # Timeout settings (suitable for long connections)
-    ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
+        transport http {
-    ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
+            read_timeout 300s
-    ssl_protocols TLSv1.2 TLSv1.3;
+            write_timeout 300s
-    ssl_ciphers HIGH:!aNULL:!MD5;
+            dial_timeout 30s
        }
    }
    # Security headers
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    header {
-    add_header X-Frame-Options DENY;
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-    add_header X-Content-Type-Options nosniff;
+        X-Frame-Options "DENY"
-    
+        X-Content-Type-Options "nosniff"
-    # Reverse proxy configuration
+        -Server
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        # Timeout settings
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
 }
 ```
-**3. Enable configuration**
+**3. Start Caddy**
 ```bash
 # Enable site
 sudo ln -s /etc/nginx/sites-available/claude-relay /etc/nginx/sites-enabled/
 # Test configuration
-sudo nginx -t
+sudo caddy validate --config /etc/caddy/Caddyfile
-# Restart nginx
+# Start service
-sudo systemctl restart nginx
+sudo systemctl start caddy
 sudo systemctl enable caddy
 # Check status
 sudo systemctl status caddy
 ```
 **4. Update service configuration**
@@ -393,11 +382,12 @@ module.exports = {
 }
 ```
-**Security advantages:**
+**Caddy Advantages:**
- 🔒 **Data Encryption**: All API requests transmitted through HTTPS encryption
+- 🔒 **Automatic HTTPS**: Automatically apply and renew Let's Encrypt certificates, zero configuration
- 🛡️ **Hide Ports**: Don't directly expose service ports, reduce attack surface
+- 🛡️ **Secure by Default**: Modern security protocols and cipher suites enabled by default
- 🚀 **Better Performance**: nginx's static file serving and caching capabilities
+- 🚀 **Streaming Support**: Native support for SSE/WebSocket streaming
- 📊 **Access Logs**: nginx provides detailed access logs and monitoring
+- 📊 **Simple Configuration**: Extremely concise configuration files, easy to maintain
 - ⚡ **HTTP/2**: HTTP/2 enabled by default for improved performance
 ---
@@ -408,7 +398,7 @@ module.exports = {
 - **Reasonable Allocation**: Can assign different API keys to different people, analyze usage based on different API keys
 ### Security Recommendations
- **Use HTTPS**: Strongly recommend configuring nginx reverse proxy and SSL certificate to ensure secure data transmission
+- **Use HTTPS**: Strongly recommend using Caddy reverse proxy (automatic HTTPS) to ensure secure data transmission
 - **Regular Backups**: Back up important configurations and data
 - **Monitor Logs**: Regularly check exception logs
 - **Update Keys**: Regularly change JWT and encryption keys