├── .gitignore
├── letsencrypt.conf
├── nginx_http_only.conf
├── ssl.conf
├── README.md
├── nginx.conf
├── start.sh
└── Dockerfile


/.gitignore:
--------------------------------------------------------------------------------
1 | tags
2 | 


--------------------------------------------------------------------------------
/letsencrypt.conf:
--------------------------------------------------------------------------------
1 | location ^~ /.well-known/acme-challenge/ {
2 |     default_type "text/plain";
3 |     root /opt/nginx/html;
4 | }
5 | 


--------------------------------------------------------------------------------
/nginx_http_only.conf:
--------------------------------------------------------------------------------
 1 | worker_processes 1;
 2 | 
 3 | events {
 4 |     worker_connections  1024;
 5 | }
 6 | 
 7 | http {
 8 |     server {
 9 |         listen 80 default_server;
10 |         #listen [::]:80 default_server ipv6only=on;
11 |         server_name g.yifei.me;
12 |         root /opt/nginx/html;
13 |         include /opt/nginx/conf/letsencrypt.conf;
14 |         location / {
15 |             return 301 https://$server_name$request_uri;
16 |         }
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/ssl.conf:
--------------------------------------------------------------------------------
 1 | ssl_session_timeout 1d;
 2 | ssl_session_cache shared:SSL:50m;
 3 | ssl_session_tickets off;
 4 | 
 5 | ssl_protocols TLSv1.2;
 6 | ssl_ciphers EECDH+AESGCM:EECDH+AES;
 7 | ssl_ecdh_curve secp384r1;
 8 | ssl_prefer_server_ciphers on;
 9 | 
10 | ssl_stapling on;
11 | ssl_stapling_verify on;
12 | 
13 | add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
14 | add_header X-Frame-Options DENY;
15 | add_header X-Content-Type-Options nosniff;
16 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 跑在 docker 里的 google 镜像
 2 | ======
 3 | 
 4 | 简单两步获得 Google 镜像，使用方法：
 5 | 
 6 | ```
 7 | git clone https://github.com/yifeikong/docker_google_mirror
 8 | # 需要把所有用到的域名替换成你自己的域名
 9 | cd docker_google_mirror
10 | docker build -t google_mirror .
11 | docker run -d --rm -p 80:80 -p 443:443 google_mirror
12 | ```
13 | 
14 | 使用了letsencrypt的免费https证书. 注意每次run都会去申请新的证书,
15 | 而letsencrypt是有频次限制的, 所以不要过度频繁生成container
16 | 
17 | 
18 | 致谢
19 | ------
20 | 
21 | 其实这只是强大的[Google Filter Module](https://github.com/cuber/ngx_http_google_filter_module)的一个容器而已啦
22 | 


--------------------------------------------------------------------------------
/nginx.conf:
--------------------------------------------------------------------------------
 1 | worker_processes 1;
 2 | 
 3 | events {
 4 |     worker_connections  1024;
 5 | }
 6 | 
 7 | http {
 8 |     server {
 9 |         listen 80 default_server;
10 |         #listen [::]:80 default_server ipv6only=on;
11 |         server_name gg.yifei.me;
12 |         include /opt/nginx/conf/letsencrypt.conf;
13 |         root /opt/nginx/html;
14 |         location / {
15 |             return 301 https://$server_name$request_uri;
16 |         }
17 |     }
18 |     server {
19 |         server_name gg.yifei.me;
20 |         listen 443 ssl default_server;
21 |         #listen [::]:443 ssl ipv6only=on;
22 | 
23 |         ssl_certificate /etc/letsencrypt/live/gg.yifei.me/fullchain.pem;
24 |         ssl_certificate_key /etc/letsencrypt/live/gg.yifei.me/privkey.pem;
25 |         ssl_trusted_certificate /etc/letsencrypt/live/gg.yifei.me/fullchain.pem;
26 |         include /opt/nginx/conf/ssl.conf;
27 | 
28 |         root /opt/nginx/html;
29 | 
30 |         resolver 8.8.8.8;
31 | 
32 |         location / {
33 |             google on;
34 |         }
35 |     }
36 | }
37 | 


--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | if [ ! -d /etc/letsencrypt/live/g.yifei.me/ ]; then
 4 |     /opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx_http_only.conf
 5 |     mkdir -p /opt/nginx/html/.well-known/acme-challenge
 6 |     certbot certonly --webroot --agree-tos --no-eff-email --email kongyifei@gmail.com \
 7 |     -w /opt/nginx/html -d gg.yifei.me
 8 |     /opt/nginx/sbin/nginx -s quit
 9 | fi
10 | 
11 | # start nginx
12 | /opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
13 | status=$?
14 | if [ $status -ne 0 ]; then
15 |   echo "Failed to start nginx: $status"
16 |   exit $status
17 | fi
18 | 
19 | # start certbot cron
20 | crond
21 | status=$?
22 | if [ $status -ne 0 ]; then
23 |   echo "Failed to start crond: $status"
24 |   exit $status
25 | fi
26 | 
27 | while true; do
28 |   #ps aux |grep nginx |grep -q -v grep
29 |   #PROCESS_1_STATUS=$?
30 |   #ps aux |grep crond |grep -q -v grep
31 |   #PROCESS_2_STATUS=$?
32 |   ## If the greps above find anything, they will exit with 0 status
33 |   ## If they are not both 0, then something is wrong
34 |   #if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
35 |   #  echo "One of the processes has already exited."
36 |   #  exit -1
37 |   #fi
38 |   sleep 60
39 | done
40 | 
41 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM alpine:3.6
 2 | MAINTAINER Yifei Kong <kong@yifei.me>
 3 | 
 4 | ENV NGINX_VER 1.10.0
 5 | 
 6 | # install nginx with google mirror module
 7 | RUN apk add --update git openssl-dev pcre-dev zlib-dev wget build-base certbot && \
 8 |     mkdir src && cd src && \
 9 |     wget http://nginx.org/download/nginx-${NGINX_VER}.tar.gz && \
10 |     tar xzf nginx-${NGINX_VER}.tar.gz && \
11 |     git clone https://github.com/cuber/ngx_http_google_filter_module && \
12 |     git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module && \
13 |     cd nginx-${NGINX_VER} && \
14 |     ./configure --prefix=/opt/nginx \
15 |         --with-http_ssl_module \
16 |         --add-module=../ngx_http_google_filter_module \
17 |         --add-module=../ngx_http_substitutions_filter_module && \
18 |     make && make install && \
19 |     apk del git build-base && \
20 |     rm -rf /src && \
21 |     rm -rf /var/cache/apk/*
22 | 
23 | # add config files
24 | COPY ssl.conf /opt/nginx/conf/ssl.conf
25 | COPY letsencrypt.conf /opt/nginx/conf/letsencrypt.conf
26 | COPY nginx_http_only.conf /opt/nginx/conf/nginx_http_only.conf
27 | COPY nginx.conf /opt/nginx/conf/nginx.conf
28 | COPY start.sh /start.sh
29 | 
30 | # set up renew cron jobs
31 | RUN echo '8 0 * * * certbot renew --noninteractive --renew-hook "/opt/nginx/sbin/nginx -s reload" > /dev/null 2>&1' > /etc/crontabs/root
32 | 
33 | EXPOSE 80 443
34 | 
35 | # start nginx and cron in the background
36 | CMD ["/start.sh"]
37 | 


--------------------------------------------------------------------------------