├── .gitignore ├── README.md ├── cf-works.md ├── docker.md ├── docker ├── Dockerfile ├── config │ ├── nginx.conf │ └── start.sh └── docker-compose.yml ├── ds-nginx ├── docker-compose.yml └── ssl │ ├── cert.crt │ └── cert.key ├── image └── server.png └── ow.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | .idea -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # dev-sidecar-doc -------------------------------------------------------------------------------- /cf-works.md: -------------------------------------------------------------------------------- 1 | 2 | # 部署到cloudflare免费workers上 3 | 4 | ## 1、 注册cloudflare账号 5 | https://www.cloudflare.com/ 6 | 验证完邮箱 7 | ## 2、创建workers 8 | * 点击左侧Workers菜单 9 | * 点击右边创建服务按钮 10 | * 服务名称随意填写(YourWorkersName) 11 | * 点击右下角的创建服务,创建成功后会自动进入服务配置页面 12 | 13 | ## 3、部署代理脚本 14 | 15 | * 点击快速编辑按钮 16 | * 删除左侧原有的代码 17 | * 将下方代码粘贴进去 18 | * 按照代码中注释部分进行修改 19 | ```js 20 | 21 | addEventListener("fetch", event => { 22 | event.respondWith(eventHandler(event)) 23 | }) 24 | 25 | async function eventHandler(event) { 26 | const req = event.request 27 | const url = req.url 28 | // YourWorkersName.YourAccountName.修改为你的works地址 29 | // xxxxxxx改成任意一串字符,作为path,当做密码,不要公开 30 | const target = url.replace("https://YourWorkersName.YourAccountName.workers.dev/xxxxxxxx/","") 31 | req.url = target; 32 | if(target.startsWith("http")){ 33 | return new Response("500") 34 | } 35 | const resp = await fetch("https://"+target,req) 36 | return resp 37 | } 38 | ``` 39 | 40 | ## 4、 点击部署按钮 41 | 42 | ## 5、 配置DevSidecar功能增强的代理服务端 43 | 域名 = YourWorkersName.YourAccountName.workers.dev 44 | 路径 = xxxxxxxx 45 | 46 | 配置你代码中的域名和路径,点击应用即可 47 | 48 | ## 6、 测试访问 -------------------------------------------------------------------------------- /docker.md: -------------------------------------------------------------------------------- 1 | # docker镜像启动 2 | 安装步骤 3 | * 安装docker 4 | * 安装docker-compose 5 | * 启动nginx容器 6 | * 配置dev-sidecar 7 | * go 8 | 9 | ## 1、安装docker 10 | 11 | 如果你是centos8.x 12 | ```shell 13 | yum remove podman # 先卸载podman,docker-ce与podman有冲突 14 | # 如果你的系统已经有应用跑在podman上,就不要卸载了,请安装podman-compose,然后直接看第3步 15 | ``` 16 | 17 | 如果你是centos,执行如下命令即可 18 | ```shell 19 | sudo yum install -y yum-utils 20 | sudo yum-config-manager \ 21 | --add-repo \ 22 | https://download.docker.com/linux/centos/docker-ce.repo 23 | 24 | sudo yum install docker-ce docker-ce-cli containerd.io 25 | sudo systemctl enable docker.service 26 | sudo systemctl start docker 27 | ``` 28 | 29 | 如果不是centos,请按如下官方步骤安装好docker 30 | 31 | https://docs.docker.com/engine/install/centos/ 32 | 33 | 34 | ## 2、安装docker-compose 35 | 36 | ```shell 37 | sudo curl -L "https://github.com/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 38 | sudo chmod +x /usr/local/bin/docker-compose 39 | ``` 40 | 更多安装信息,请参考官方文档 41 | 42 | https://docs.docker.com/compose/install/ 43 | 44 | ## 3、启动nginx容器 45 | * 先 clone 本仓库到本地 46 | * 复制你的证书文件到`ds-nginx/ssl`目录下 47 | * 修改`ds-nginx`下的`docker-compose.yml`文件(按照里面的提示修改) 48 | * 将`ds-nginx`整个目录,上传到你服务器的`~/deploy/`目录下 49 | * 执行启动命令 50 | ```shell 51 | cd ~/deploy/ds-nginx/ 52 | docker-compose up -d 53 | ``` 54 | ## 4、修改dev-sidecar服务端配置 55 | 按如下设置 56 | 应用---> 功能增强 ---> 代理服务端 57 | 填上一步时配置的三个变量(域名、路径、密码),应用即可 58 | ![](./image/server.png) 59 | 60 | 61 | # 问题排查 62 | 打印nginx日志,看看有什么报错 63 | ```shell 64 | docker logs -f --tail 200 dev-sidecar-nginx 65 | ``` 66 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:1.19.4 2 | ENV TZ=Asia/Shanghai 3 | ENV PASSWORD='' 4 | COPY ./config/nginx.conf /etc/nginx/nginx-template.conf 5 | COPY ./config/start.sh /app/start.sh 6 | RUN chmod +x /app/start.sh 7 | 8 | CMD ["/app/start.sh"] 9 | -------------------------------------------------------------------------------- /docker/config/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | worker_rlimit_nofile 10000; 4 | 5 | error_log /var/log/nginx/error.log warn; 6 | pid /var/run/nginx.pid; 7 | 8 | events { 9 | use epoll; 10 | multi_accept on; 11 | worker_connections 10240; 12 | } 13 | 14 | http { 15 | 16 | 17 | 18 | include /etc/nginx/mime.types; 19 | default_type application/octet-stream; 20 | 21 | 22 | log_format main '[$time_local] $remote_addr "$request" ' 23 | '$status $body_bytes_sent "$http_referer" ' 24 | '"$http_user_agent" "$http_x_forwarded_for"'; 25 | 26 | access_log /var/log/nginx/access.log main; 27 | 28 | sendfile on; 29 | #tcp_nopush on; 30 | #gzip on; 31 | 32 | proxy_set_header X-Real-IP $remote_addr; 33 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 34 | 35 | 36 | keepalive_timeout 65; 37 | client_max_body_size 50m; 38 | 39 | server { 40 | 41 | listen 443 ssl; # 1.1版本后这样写 42 | server_name ${HOSTNAME} ; #填写绑定证书的域名 43 | ssl_certificate ${SSL_CERTIFICATE}; # 指定证书的位置,绝对路径 44 | ssl_certificate_key ${SSL_CERTIFICATE_KEY}; # 绝对路径,同上 45 | ssl_session_timeout 5m; 46 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #按照这个协议配置 47 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置 48 | ssl_prefer_server_ciphers on; 49 | 50 | client_max_body_size 50M; 51 | client_body_buffer_size 10M; 52 | 53 | location ^~/${CONTEXT_PATH}/ { 54 | resolver 1.1.1.1 ipv6=off; 55 | 56 | 57 | if ( $http_dspassword != '${PASSWORD}' ){ 58 | return 403; 59 | } 60 | 61 | set $_full_uri $uri$is_args$args; 62 | if ( $_full_uri ~ /${CONTEXT_PATH}/([^/]+)/(.*) ){ 63 | set $_host $1; 64 | set $_uri $2; 65 | } 66 | proxy_pass $scheme://$_host/$_uri; 67 | proxy_redirect https://${HOSTNAME}/${CONTEXT_PATH}/ /; 68 | proxy_buffer_size 64k; 69 | proxy_buffers 64 64k; 70 | proxy_busy_buffers_size 1m; 71 | proxy_temp_file_write_size 512k; 72 | proxy_max_temp_file_size 128m; 73 | # proxy_set_header referer $scheme://$_host; 要去掉 74 | proxy_set_header Host $_host; 75 | proxy_ssl_server_name on; 76 | proxy_set_header dspassword ''; 77 | } 78 | location /${CONTEXT_PATH}/robots.txt { 79 | resolver 1.1.1.1; 80 | deny all; 81 | } 82 | location / { 83 | resolver 1.1.1.1; 84 | deny all; 85 | } 86 | } 87 | include /etc/nginx/conf.d/*.conf; 88 | } 89 | 90 | 91 | -------------------------------------------------------------------------------- /docker/config/start.sh: -------------------------------------------------------------------------------- 1 | cp -f '/etc/nginx/nginx-template.conf' '/etc/nginx/nginx.conf' 2 | sed -i 's#${SSL_CERTIFICATE}#'"$SSL_CERTIFICATE"'#g' '/etc/nginx/nginx.conf' 3 | sed -i 's#${SSL_CERTIFICATE_KEY}#'"$SSL_CERTIFICATE_KEY"'#g' '/etc/nginx/nginx.conf' 4 | sed -i 's#${HOSTNAME}#'"$HOSTNAME"'#g' '/etc/nginx/nginx.conf' 5 | sed -i 's#${PASSWORD}#'"$PASSWORD"'#g' '/etc/nginx/nginx.conf' 6 | sed -i 's#${CONTEXT_PATH}#'"$CONTEXT_PATH"'#g' '/etc/nginx/nginx.conf' 7 | nginx -g 'daemon off;' 8 | -------------------------------------------------------------------------------- /docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2.4' 2 | services: 3 | nginx: 4 | container_name: dev-sidecar-nginx 5 | image: docmirror/dev-sidecar-nginx:1.3.0 6 | build: 7 | context: ./ 8 | dockerfile: Dockerfile 9 | restart: always 10 | ports: 11 | - 443:443 12 | volumes: 13 | - /disk02/www:/usr/share/nginx/html 14 | environment: 15 | - TZ=Asia/Shanghai 16 | - SSL_CERTIFICATE=/app/ssl/cert.crt 17 | - SSL_CERTIFICATE_KEY=/app/ssl/cert.key 18 | - HOSTNAME=yourdomain.com 19 | - PASSWORD=123456 20 | - CONTEXT_PATH=change_me 21 | -------------------------------------------------------------------------------- /ds-nginx/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2.4' 2 | services: 3 | nginx: 4 | container_name: dev-sidecar-nginx 5 | image: docmirror/dev-sidecar-nginx:1.3.0 6 | restart: always 7 | ports: 8 | - 443:443 9 | volumes: 10 | - ~/deploy/ds-nginx/ssl:/app/ssl/ # 证书目录映射,不用动 11 | environment: 12 | - TZ=Asia/Shanghai 13 | - SSL_CERTIFICATE=/app/ssl/cert.crt # 这里修改为 /app/ssl/你的证书名称 14 | - SSL_CERTIFICATE_KEY=/app/ssl/cert.key # 这里修改为 /app/ssl/你的证书私钥名称 15 | - HOSTNAME=yourdomain.com # 修改为你的域名 16 | - CONTEXT_PATH=ertccawe24234 # 路径,随便乱输入就行 17 | - PASSWORD=yourpassword # 密码 18 | 19 | -------------------------------------------------------------------------------- /ds-nginx/ssl/cert.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFIDCCBAigAwIBAgISBJrGhBBxZvgI/BOL+CjuGKe2MA0GCSqGSIb3DQEBCwUA 3 | MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD 4 | EwJSMzAeFw0yMTAyMDgwNDUyMTlaFw0yMTA1MDkwNDUyMTlaMBkxFzAVBgNVBAMM 5 | DiouZG9jbWlycm9yLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 6 | wgs/L3dz1lSCsPQ96G1+qlBKl0orJb9lu7DU5f/xSRQ+yguuzuKp81cswD5O8fl+ 7 | kBnHha9s83NtMovDRUtbg/wUnZnvYkIHwTR6keItTw632yFBD9ms3l+WBaINx1Xr 8 | o8CBYraUIEP+PNpNvEerPzxAj7Qd00Pg0w/zztLDfgrpgbSSJdX6LbYFJyQlj5bv 9 | j58hLAMQYayV9fjfbYnMWnsugjrdRzr3Jlv0cIC9fOOrrb0FaequPsfRT4rQpjfy 10 | phrO4KFziyLvYcjhC90GS38ff0Jl0Yritk9HgpYFOlhZZrhqJXsaIix6kwlU83sn 11 | TFQ3NexVoHjGmxOyTXEJVwIDAQABo4ICRzCCAkMwDgYDVR0PAQH/BAQDAgWgMB0G 12 | A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud 13 | DgQWBBS0hy/hOrr/zAqUbyKsy8JTU0tDlzAfBgNVHSMEGDAWgBQULrMXt1hWy65Q 14 | CUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9y 15 | My5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3Jn 16 | LzAZBgNVHREEEjAQgg4qLmRvY21pcnJvci5jbjBMBgNVHSAERTBDMAgGBmeBDAEC 17 | ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl 18 | bmNyeXB0Lm9yZzCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AJQgvB6O1Y1siHMf 19 | gosiLA3R2k1ebE+UPWHbTi9YTaLCAAABd4AyqGAAAAQDAEYwRAIgA3E2ZayN+1ib 20 | NcCj0IO8utCmiiOlH8Q9anUJRIKVKhQCIELac+SSuabDz4N3zShFE5Cl+Gx0VxmQ 21 | BULvE55PoFxsAHUAfT7y+I//iFVoJMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAF3 22 | gDKoUwAABAMARjBEAiA6uVlyVH6aLBaBXvj3ZHHIy7xg/Y7TOxuDhgEn56/fzwIg 23 | b+CT4OWHEHjdoQ4+sf7k+GoHBSYUfEPcKmgI2RqjfWkwDQYJKoZIhvcNAQELBQAD 24 | ggEBAJb8+tmI1UKuTkNgusbNWLm4IskCmBVkjU9WLuReZmu5eBWLV++y8nHzmwok 25 | fDqGXuIeVRYLVdXj5pquiaZxw7/KFP5FXDBh3RHQWwAINDKY1xilOoGDG6aVheBV 26 | zo5vTeyxs2VinMDP3exGwxDkuxiyT1OllXb2acTzV7BbH2YovdQKBKfkRbhWvTlp 27 | Zbr36/dYyixr6owWg4SH+TpUSfj2O7Hu7EvrY5u88HWbeD/mTz9AMtw2p/kQaET/ 28 | 1l+GAYV/u6etiSXsLf0xtiIlIgIA/w+VJGeeBtwQ5E4S9EWLDm7mo4HPx4UtCQ/+ 29 | CQlckuKGAH+G9zKM93vE68kXrLI= 30 | -----END CERTIFICATE----- 31 | -----BEGIN CERTIFICATE----- 32 | MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/ 33 | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT 34 | DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow 35 | MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT 36 | AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs 37 | jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp 38 | Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB 39 | U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7 40 | gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel 41 | /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R 42 | oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E 43 | BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p 44 | ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE 45 | p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE 46 | AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu 47 | Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0 48 | LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf 49 | r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B 50 | AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH 51 | ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8 52 | S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL 53 | qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p 54 | O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw 55 | UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg== 56 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /ds-nginx/ssl/cert.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | 3 | -----END RSA PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /image/server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/docmirror/dev-sidecar-doc/f1a9f8775d5e2b74cc6a9337c60a06550e9b69e2/image/server.png -------------------------------------------------------------------------------- /ow.md: -------------------------------------------------------------------------------- 1 | # 梯子原理 2 | 3 | 1. 通过两层代理,将目标请求链接隐藏在https之中被加密,规避GFW的https握手特征检查 4 | 2. 通过二级路径(下图的xxxxxxxx),规避GFW的试探性钓鱼检查 5 | 6 | 7 | ``` 8 | 浏览器访问: https://www.google.com 9 | | 10 | DevSidecar【第一层代理】: https://yourdomain.com/xxxxxxxx/www.google.com/ 11 | | 12 | GFW: GFW 13 | | 14 | 境外Nginx【第二层代理】: 获取到xxxxxxxx之后的域名和地址,代理到https://www.google.com 15 | | 16 | DevSidecar: 返回给DevSidecar 17 | | 18 | 浏览器访问: 返回给浏览器 19 | 20 | ``` 21 | 22 | 在GFW看来你的流量就是在访问`yourdomain.com`这个正常的网站而已 23 | 24 | 缺点: 25 | > 1、 仅支持HTTPS 26 | > 2、 只是简单的代理转发。 27 | > 所以服务端可以篡改内容,存在安全风险,为了安全,最好是自建服务端。 28 | > 理论上可以在`yourdomain.com/xxxxxxxx`的wss作为加密传输通道,通道内传输http访问请求,就可以不需要信任根证书了(有空再研究,现阶段的简单实现已经够用,不介意根证书的话) 29 | 30 | 总结两点: 31 | > 大道至简:做的越多,错的越多。简单最有效,大隐隐于市。 32 | > 降维打击:安全我都不要了。(自建服务器可以解决) 33 | 34 | ## 自建服务端步骤 35 | 配置非常简单,会搭nginx即可 36 | 37 | ### 1. 准备工作 38 | * 一台境外服务器 39 | * 一个域名,免费证书 40 | * 下载[DevSidecar](https://github.com/docmirror/dev-sidecar) 41 | 42 | 我的服务器是[1核1G的香港主机](https://www.ucloud.cn/site/active/kuaijie.html?invitation_code=C1xF886DAFF2658) 43 | 如果你没有合适的境外主机,可以点击链接去购买,新用户还是挺划算的 44 | 45 | > 另外感谢群友@#贡献的一台日本服务器 46 | 47 | ### 2. nginx配置 48 | 49 | ``` 50 | 你需要定义如下三个变量 51 | 域名:yourdomain.com 你注册域名,千万别跟google facebook github这些重点监控的域名相似 52 | 路径:xxxxxxxx 你随便乱敲一串字母就行 53 | 密码:yourpassword 同上 54 | 55 | 证书:/xx/ssl证书.crt 绝对路径 56 | /xx/ssl证书私钥.key 57 | ``` 58 | 59 | ``` 60 | server { 61 | listen 443 ssl; 62 | server_name yourdomain.com ; # 修改为你的域名 63 | ssl_certificate /app/ssl/ssl证书.crt; # 修改为你域名ssl证书的绝对路径 64 | ssl_certificate_key /app/ssl/ssl证书私钥.key; # 修改为ssl证书私钥绝对路径 65 | ssl_session_timeout 5m; 66 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; 67 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 68 | ssl_prefer_server_ciphers on; 69 | 70 | 71 | location ^~/xxxxxxxx/ { # xxxxxxxx 改成你自己随便任意的前缀地址 72 | resolver 1.1.1.1 ipv6=off; 73 | if ( $http_dspassword != 'your password' ){ # 校验密码,如果不配置密码,去掉它即可 74 | return 404; # 也可以改成403、502等其他错误,最好与下面的返回一致 75 | } 76 | set $_full_uri $uri$is_args$args; 77 | if ( $_full_uri ~ /xxxxxxxx/([^/]+)/(.*) ){ # 将xxxxxxxx修改为你路径前缀 78 | set $_host $1; # 获取路径后的目标网站的域名 79 | set $_uri $2; # 获取目标网站的请求地址 80 | } 81 | proxy_pass $scheme://$_host/$_uri; 82 | proxy_redirect https://yourdomain.com/xxxxxxxx/ /; # 修改为你的域名和路径前缀 83 | proxy_buffer_size 32k; 84 | proxy_buffers 64 32k; 85 | proxy_busy_buffers_size 1m; 86 | proxy_temp_file_write_size 512k; 87 | proxy_max_temp_file_size 128m; 88 | proxy_set_header Host $_host; 89 | proxy_ssl_server_name on; 90 | proxy_set_header dspassword ''; 91 | } 92 | location / { # 其他访问全部拒绝,规避GFW的钓鱼试探 93 | resolver 1.1.1.1; 94 | return 404; # 也可以改成403、502等其他错误,最好与上面的密码错误返回一致,或者返回一个伪装网站 95 | } 96 | } 97 | ``` 98 | ### 3. DevSidecar配置 99 | 按如下设置 100 | 应用---> 功能增强 ---> 代理服务端 101 | 填上nginx配置时用的那三个变量,应用即可 102 | ![](./image/server.png) 103 | 104 | > `xxxxxxxx`一定要修改成你自己的,你把它也当成是一个密码 105 | > 注意保护好 `域名、路径 和密码`,不要公开 106 | 107 | ## 其他部署方式 108 | ### 1、docker镜像启动 109 | 如果你不会安装nginx,推荐你按下面的docker镜像启动更方便 110 | [docker启动教程](./docker.md) 111 | 112 | ### 2、cf-workers 113 | 你也可以试试免费的[cf-workers](./cf-works.md) 114 | --------------------------------------------------------------------------------