├── LICENSE ├── README.md ├── hub-nginx.conf └── hub-workers.js /LICENSE: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2004 Sam Hocevar 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Proxy Conf 2 | 3 | 一些树新蜂使用的反向代理配置 4 | 5 | ## 使用方法 6 | 7 | 自己研究,别忘了替换配置中的域名。 8 | 9 | ## License 10 | 11 | [WTFPL](http://www.wtfpl.net/) 12 | -------------------------------------------------------------------------------- /hub-nginx.conf: -------------------------------------------------------------------------------- 1 | # 伪静态 2 | set_real_ip_from 0.0.0.0/0; 3 | real_ip_header CF-Connecting-IP; 4 | client_max_body_size 2G; 5 | underscores_in_headers on; 6 | resolver 8.8.8.8 ipv6=off; 7 | resolver_timeout 10s; 8 | 9 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 10 | proxy_set_header Upgrade $http_upgrade; 11 | proxy_set_header Connection $http_connection; 12 | proxy_set_header Accept-Encoding ""; 13 | proxy_ssl_session_reuse off; 14 | proxy_ssl_server_name on; 15 | 16 | proxy_http_version 1.1; 17 | proxy_buffering off; 18 | proxy_request_buffering off; 19 | proxy_max_temp_file_size 0; 20 | 21 | proxy_connect_timeout 864000s; 22 | proxy_read_timeout 864000s; 23 | proxy_send_timeout 864000s; 24 | send_timeout 864000s; 25 | 26 | location /v2/ { 27 | proxy_pass https://registry-1.docker.io; 28 | proxy_set_header Host registry-1.docker.io; 29 | 30 | header_filter_by_lua_block { 31 | local www_auth = ngx.var.upstream_http_www_authenticate 32 | if www_auth then 33 | local new_www_auth = string.gsub(www_auth, "auth.docker.io", "hub.rat.dev") 34 | ngx.header['www-authenticate'] = new_www_auth 35 | end 36 | } 37 | 38 | proxy_intercept_errors on; 39 | recursive_error_pages on; 40 | error_page 301 302 307 = @handle_redirect; 41 | } 42 | 43 | location /token { 44 | proxy_pass https://auth.docker.io; 45 | proxy_set_header Host auth.docker.io; 46 | } 47 | 48 | location @handle_redirect { 49 | set $saved_redirect_location '$upstream_http_location'; 50 | proxy_pass $saved_redirect_location; 51 | } -------------------------------------------------------------------------------- /hub-workers.js: -------------------------------------------------------------------------------- 1 | const hub_host = "registry-1.docker.io"; 2 | const auth_url = "https://auth.docker.io"; 3 | const workers_url = "https://hub.rat.dev"; 4 | const banned_list = []; 5 | 6 | export default { 7 | async fetch(request) { 8 | const url = new URL(request.url); 9 | const getReqHeader = (key) => request.headers.get(key); 10 | 11 | if (url.pathname === '/') { 12 | return index(); 13 | } 14 | 15 | if (banned_list.some((word) => url.pathname.includes(word))) { 16 | return new Response("this image is not allowed", { status: 403 }); 17 | } 18 | 19 | if (url.pathname === '/token') { 20 | let token_parameter = { 21 | headers: { 22 | 'Host': 'auth.docker.io', 23 | 'User-Agent': getReqHeader("User-Agent"), 24 | 'Accept': getReqHeader("Accept"), 25 | 'Accept-Language': getReqHeader("Accept-Language"), 26 | 'Accept-Encoding': getReqHeader("Accept-Encoding"), 27 | 'Connection': 'keep-alive', 28 | 'Cache-Control': 'max-age=0' 29 | }, 30 | cf: { 31 | cacheTtlByStatus: { "200-299": 120, "404": 10, "500-599": 3 } 32 | } 33 | }; 34 | let token_url = auth_url + url.pathname + url.search 35 | return fetch(new Request(token_url, request), token_parameter) 36 | } 37 | 38 | url.hostname = hub_host; 39 | 40 | let parameter = { 41 | headers: { 42 | 'Host': hub_host, 43 | 'User-Agent': getReqHeader("User-Agent"), 44 | 'Accept': getReqHeader("Accept"), 45 | 'Accept-Language': getReqHeader("Accept-Language"), 46 | 'Accept-Encoding': getReqHeader("Accept-Encoding"), 47 | 'Connection': 'keep-alive', 48 | 'Cache-Control': 'max-age=0' 49 | }, 50 | redirect: "follow", 51 | cf: { 52 | cacheTtlByStatus: { "200-299": 2592000, 404: 10, "500-599": 3 }, 53 | }, 54 | }; 55 | 56 | if (request.headers.has("Authorization")) { 57 | parameter.headers.Authorization = getReqHeader("Authorization"); 58 | } 59 | 60 | let res = await fetch(new Request(url, request), parameter); 61 | res = new Response(res.body, res); 62 | 63 | if (res.headers.has("Www-Authenticate")) { 64 | let auth = res.headers.get("Www-Authenticate"); 65 | let re = new RegExp(auth_url, "g"); 66 | res.headers.set( 67 | "Www-Authenticate", 68 | res.headers.get("Www-Authenticate").replace(re, workers_url) 69 | ); 70 | } 71 | 72 | return res; 73 | }, 74 | }; 75 | 76 | async function index() { 77 | return new Response( 78 | ` 79 | 80 | 81 | 82 | Hub Proxy 83 | 125 | 126 | 127 |
128 |

Hub Proxy

129 |

130 | 由 131 | 耗子面板 132 | 强力驱动 133 |

134 |

本站开启 UA 白名单,如果您的客户端无法拉取镜像可向我们反馈

135 |

同时本站有一定速率限制,如需大量请求建议您 自建代理 使用

136 |

交流反馈群:12370907

137 |

138 |
139 | 176 | 177 | `, 178 | { 179 | headers: { 180 | "Content-Type": "text/html", 181 | "Cache-Control": "public, max-age=2592000", 182 | }, 183 | cf: { 184 | cacheTtl: 2592000, 185 | cacheEverything: true, 186 | }, 187 | } 188 | ); 189 | } 190 | --------------------------------------------------------------------------------