Last active
June 19, 2023 10:48
-
-
Save flxxyz/b338666ba7e8cd040b78e667976bf34a to your computer and use it in GitHub Desktop.
mirror.flxxyz.com nginx反代配置(gist.github.com & open.douyucdn.cn & raw.githubusercontent.com & gist.githubusercontent.com)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta name="content-type" content="text/html;charset=utf-8" /> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, viewport-fit=cover" /> | |
<title>hello mirror</title> | |
</head> | |
<body> | |
<h1>Hello Mirror</h1> | |
<h2>Support Server</h2> | |
<ul> | |
<li><a href="/douyu/api/RoomApi/room/452628" rel="nofollow">mirror.flxxyz.com/douyu/<replace_path></a> example: open.douyucdn.cn/<replace_path></li> | |
<li><a href="/githubraw/golang/go/master/README.md" rel="nofollow">mirror.flxxyz.com/githubraw/<replace_path></a> exmaple: raw.githubusercontent.com/<replace_path></li> | |
<li><a href="/githubassets/apple-touch-icon-144x144.png" rel="nofollow">mirror.flxxyz.com/githubassets/<replace_path></a> exmaple: github.githubassets.com/<replace_path></li> | |
<li><a href="/gist/flxxyz" rel="nofollow">mirror.flxxyz.com/gist/<replace_path></a> exmaple: gist.github.com/<replace_path></li> | |
<li><a href="/gistraw/flxxyz/b7ec986055f06269960c1bdf7af66bec/raw/ce7a4ab952d67a13f8bd7c35ede4dfebb9219b9b/CheckIPvNSupport.go" rel="nofollow">mirror.flxxyz.com/gistraw/<replace_path></a> exmaple: gist.githubusercontent.com/<replace_path></li> | |
</ul> | |
<p>power by <a href="https://github.com/flxxyz">flxxyz</a>.</p> | |
</body> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream raw-github { | |
server raw.githubusercontent.com:443; | |
keepalive 32; | |
} | |
upstream raw-gist-github { | |
server gist.githubusercontent.com:443; | |
keepalive 32; | |
} | |
upstream assets-github { | |
server github.githubassets.com:443; | |
keepalive 32; | |
} | |
upstream open-douyu { | |
server open.douyucdn.cn:443; | |
keepalive 32; | |
} | |
server { | |
listen [::]:80; | |
listen 80; | |
server_name mirror.flxxyz.com; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen [::]:443 ssl http2; | |
listen 443 ssl http2; | |
server_name mirror.flxxyz.com; | |
index index.html; | |
root /www/wwwroot/mirror_flxxyz_com; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /home/someone/.acme.sh/mirror.flxxyz.com/fullchain.cer; | |
ssl_certificate /home/someone/.acme.sh/mirror.flxxyz.com/fullchain.cer; | |
ssl_certificate_key /home/someone/.acme.sh/mirror.flxxyz.com/mirror.flxxyz.com.key; | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
ssl_prefer_server_ciphers off; | |
ssl_early_data on; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_session_tickets off; | |
error_page 497 https://$host$request_uri; | |
location ^~ /githubraw/ { | |
if ($invalid_referer){ | |
return 403; | |
} | |
proxy_hide_header content-security-policy; | |
proxy_hide_header strict-transport-security; | |
proxy_hide_header set-cookie; | |
proxy_hide_header x-pjax-url; | |
proxy_buffering off; | |
proxy_buffer_size 4k; | |
proxy_buffers 4 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_set_header Early-Data $ssl_early_data; | |
proxy_set_header User-Agent $http_user_agent; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host raw.githubusercontent.com; | |
proxy_cache_valid 200 302 1h; | |
proxy_cache_valid 404 1m; | |
proxy_cache_use_stale error timeout invalid_header updating | |
http_500 http_502 http_503 http_504; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 60s; | |
proxy_read_timeout 60s; | |
proxy_redirect off; | |
client_max_body_size 20m; | |
proxy_pass https://raw-github/; | |
} | |
location ^~ /gist/ { | |
proxy_hide_header referrer-policy; | |
proxy_hide_header content-security-policy; | |
proxy_hide_header strict-transport-security; | |
proxy_hide_header set-cookie; | |
proxy_set_header Early-Data $ssl_early_data; | |
proxy_set_header User-Agent $http_user_agent; | |
proxy_set_header Accept-Encoding ""; | |
proxy_cache_valid 200 302 1h; | |
proxy_cache_valid 404 1m; | |
proxy_cache_use_stale error timeout invalid_header updating | |
http_500 http_502 http_503 http_504; | |
proxy_redirect '//gist.github.com/' '//mirror.flxxyz.com/gist/'; | |
proxy_redirect '//gist.githubusercontent.com/' '//mirror.flxxyz.com/gistraw/'; | |
sub_filter '="/' '="https://mirror.flxxyz.com/gist/'; | |
sub_filter '//gist.github.com/' '//mirror.flxxyz.com/gist/'; | |
sub_filter '//github.githubassets.com/' '//mirror.flxxyz.com/githubassets/'; | |
sub_filter_once off; | |
sub_filter_last_modified on; | |
sub_filter_types *; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 60s; | |
proxy_read_timeout 60s; | |
client_max_body_size 5m; | |
proxy_pass https://gist.github.com/; | |
} | |
location ^~ /gistraw/ { | |
if ($invalid_referer){ | |
return 403; | |
} | |
proxy_hide_header content-security-policy; | |
proxy_hide_header strict-transport-security; | |
proxy_hide_header set-cookie; | |
proxy_hide_header x-pjax-url; | |
proxy_buffering off; | |
proxy_buffer_size 4k; | |
proxy_buffers 4 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_set_header Early-Data $ssl_early_data; | |
proxy_set_header User-Agent $http_user_agent; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host gist.githubusercontent.com; | |
proxy_cache_valid 200 302 1h; | |
proxy_cache_valid 404 1m; | |
proxy_cache_use_stale error timeout invalid_header updating | |
http_500 http_502 http_503 http_504; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 60s; | |
proxy_read_timeout 60s; | |
proxy_redirect off; | |
client_max_body_size 20m; | |
proxy_pass https://raw-gist-github/; | |
} | |
location ^~ /githubassets/ { | |
proxy_hide_header content-security-policy; | |
proxy_hide_header strict-transport-security; | |
proxy_buffering off; | |
proxy_buffer_size 4k; | |
proxy_buffers 4 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_set_header Early-Data $ssl_early_data; | |
proxy_set_header User-Agent $http_user_agent; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host github.githubassets.com; | |
proxy_set_header REMOTE-HOST $remote_addr; | |
proxy_ignore_headers set-cookie cache-control expires; | |
proxy_cache_key $host$uri$is_args$args; | |
proxy_cache_valid 200 304 301 302 480m; | |
proxy_cache_valid 404 1m; | |
expires 12h; | |
client_max_body_size 5m; | |
proxy_pass https://assets-github/; | |
} | |
location ^~ /douyu/ { | |
proxy_buffering off; | |
proxy_buffer_size 4k; | |
proxy_buffers 4 32k; | |
proxy_busy_buffers_size 64k; | |
proxy_set_header Early-Data $ssl_early_data; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host open.douyucdn.cn; | |
proxy_cache_valid 200 302 1h; | |
proxy_cache_valid 404 1m; | |
proxy_cache_use_stale error timeout invalid_header updating | |
http_500 http_502 http_503 http_504; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 30s; | |
proxy_send_timeout 60s; | |
proxy_read_timeout 60s; | |
proxy_redirect off; | |
client_max_body_size 5m; | |
proxy_pass https://open-douyu/; | |
} | |
location ~ \.well-known { | |
allow all; | |
} | |
location /robots.txt { | |
allow all; | |
} | |
# Block search engine | |
if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { | |
return 403; | |
} | |
access_log /www/wwwlogs/mirror_flxxyz_com.log; | |
error_log /www/wwwlogs/mirror_flxxyz_com.error.log; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
简单的 openssl 自签证书
生成证书密钥
生成证书请求
openssl req -new -key server.key -out server.csr \ -subj "/C=US/ST=Washington/L=Washington/CN=tiktok.com/subjectAltName=*.tiktok.com"
签发证书
把默认的 443 配置改掉
检查 nginx 配置是不是正常
重启 nginx