基于nginx搭建github加速服务,nginx配置代码如下
hub
location / { proxy_hide_header referrer-policy; proxy_hide_header content-security-policy; proxy_hide_header Strict-Transport-Security; proxy_hide_header x-pjax-url; proxy_set_header Host github.com; proxy_set_header Accept-Encoding ""; proxy_set_header Referer https://github.com/; proxy_set_header Origin https://github.com; #proxy_set_header Connection ""; add_header x-pjax-url "https://hub.fastgit.ixmu.net$request_uri"; add_header X-FastGit-Node "azure-ea-0"; proxy_http_version 1.1; proxy_connect_timeout 10s; proxy_read_timeout 10s; # Not supported when installed from Debian source # proxy_socket_keepalive on; proxy_ssl_server_name on; sub_filter "\"https://raw.githubusercontent.com" "\"https://raw.fastgit.ixmu.net"; sub_filter "\"https://github.com" "\"https://hub.fastgit.ixmu.net"; sub_filter "\"https://github.githubassets.com" "\"https://assets.fastgit.ixmu.net"; sub_filter "\"https://github.githubassets.com" "\"https://assets.fastgit.ixmu.net"; sub_filter "https://customer-stories-feed.github.com" "https://customer-stories-feed.fastgit.org"; sub_filter_once off; proxy_cookie_domain github.com hub.fastgit.ixmu.net; proxy_redirect https://github.com https://hub.fastgit.ixmu.net; proxy_redirect https://raw.githubusercontent.com https://raw.fastgit.ixmu.net; proxy_redirect https://github.githubassets.com https://assets.fastgit.ixmu.net; proxy_redirect https://customer-stories-feed.github.com https://customer-stories-feed.fastgit.org; proxy_redirect https://codeload.github.com https://codeload.fastgit.org; proxy_pass https://github.com; } Block search engine if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } Anti Agent Bot DDoS If behind CDN, use folloing commented code if ($http_x_forwarded_for != $remote_addr) { return 503; } if ($proxy_add_x_forwarded_for != $remote_addr) { return 503; }
Archive
location / { } location ~ ^/[^/]+/[^/]+/releases(/latest)?/download/ { return 301 https://download.fastgit.ixmu.net$request_uri; } location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ { return 301 https://download.fastgit.ixmu.net$request_uri; } location ~ ^/[^/]+/[^/]+/archive/ { recursive_error_pages on; proxy_pass https://github.com; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } location @handle_redirect { resolver 8.8.8.8; recursive_error_pages on; set $saved_redirect_location '$upstream_http_location'; proxy_pass $saved_redirect_location; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } # Block search engine if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; }
Download
upstream GithubDownload { server github.com:443; keepalive 32; } server { listen 443 ssl http2; server_name fastdownload.ixnic.net; root /home/wwwroot/fastdownload.ixnic.net; index index.html; ssl_stapling on; ssl_stapling_verify on; ssl_certificate /usr/local/nginx/conf/ssl/fastdownload.ixnic.net/fullchain.cer; ssl_certificate_key /usr/local/nginx/conf/ssl/fastdownload.ixnic.net/fastdownload.ixnic.net.key; # Run following command & set permission before configuring # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/nginx/conf/ssl/dhparam.pem ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; error_page 497 https://$host$request_uri; # include /etc/nginx/snippets/anti-floc.conf; add_header Permissions-Policy interest-cohort=(); # SSL location ~ \.well-known{ allow all; } location / { } location ~ ^/[^/]+/[^/]+/releases(/latest)?/download/ { proxy_cache_valid 206 120m; proxy_cache_valid 200 120m; recursive_error_pages on; proxy_pass https://GithubDownload; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } location ~ ^/[^/]+/[^/]+/suites/[^/]+/artifacts/ { proxy_cache_valid 206 120m; proxy_cache_valid 200 120m; recursive_error_pages on; proxy_pass https://GithubDownload; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } location ~ ^/[^/]+/[^/]+/archive/ { return 301 https://fastarchive.ixnic.net$request_uri; } location @handle_redirect { resolver 8.8.8.8; recursive_error_pages on; set $saved_redirect_location '$upstream_http_location'; proxy_pass $saved_redirect_location; proxy_intercept_errors on; error_page 301 302 307 = @handle_redirect; } # Block search engine if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } access_log /home/wwwlogs/fastdownload.ixnic.net.log; error_log /home/wwwlogs/erroe.log; }
Assets
# Fuck Search Engine location /robots.txt { allow all; } #PROXY-START/ location ~* \.(php|jsp|cgi|asp|aspx)$ { proxy_pass https://github.githubassets.com; proxy_set_header Host github.githubassets.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; } location / { proxy_pass https://github.githubassets.com; proxy_set_header Host github.githubassets.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; add_header X-Cache $upstream_cache_status; proxy_ignore_headers Set-Cookie Cache-Control expires; # proxy_cache cache_one; proxy_cache_key $host$uri$is_args$args; proxy_cache_valid 200 304 301 302 480m; expires 12h; } # Block search engine if ($http_user_agent ~* "qihoobot|Baiduspider|Bingbot|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } Anti Agent Bot DDoS If behind CDN, use folloing commented code if ($http_x_forwarded_for != $remote_addr) { return 503; } if ($proxy_add_x_forwarded_for != $remote_addr) { return 503; }
Raw
# Fuck Search Engine location /robots.txt { allow all; } location / { valid_referers none blocked *.fastgit.ixmu.net raw.githubusercontent.com github.com; if ($invalid_referer){ return 403; } proxy_hide_header content-security-policy; proxy_hide_header Strict-Transport-Security; proxy_hide_header set-cookie; proxy_hide_header x-pjax-url; proxy_set_header Host raw.githubusercontent.com; # proxy_set_header Connection ""; add_header X-FastGit-Node "dogyun-de-1"; proxy_http_version 1.1; proxy_connect_timeout 5s; proxy_read_timeout 5s; proxy_pass https://raw.githubusercontent.com; } location ~ .*\.(jpg|jpeg|gif|png|js|css)$ { valid_referers none blocked *.fastgit.org raw.githubusercontent.com github.com; if ($invalid_referer){ return 403; } proxy_hide_header content-security-policy; proxy_hide_header Strict-Transport-Security; proxy_hide_header set-cookie; proxy_hide_header x-pjax-url; proxy_set_header Host raw.githubusercontent.com; proxy_set_header Accept-Encoding ""; proxy_set_header Connection ""; add_header x-fastgit-node "dogyun-de-1"; proxy_http_version 1.1; proxy_connect_timeout 5s; proxy_read_timeout 5s; proxy_pass https://rawgithub; } Block search engine if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; }
robots.txt
User-Agent: * Disallow: /
文章末尾固定信息
我的微信
我的微信
微信扫一扫
评论