commit e5e32c769ae6d1acc3bfcc9ecc40ce57d28b9fe9 Author: nite07 Date: Mon Oct 21 00:33:13 2024 +0800 Init diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..c9d08fb --- /dev/null +++ b/Caddyfile @@ -0,0 +1,57 @@ +{ + #debug + order replace after encode +} + +(log) { + log { + output file /log/{args[0]}/access.log { + roll_size 100MiB + roll_local_time + roll_keep 10 + roll_keep_for 2160h + } + } +} + +(common) { + header Host {host} + header X-Real-IP {remote_host} + header X-Forwarded-For {remote_host} + header X-Forwarded-Proto {scheme} + + request_body { + max_size 10MB + } +} + +(ratelimit) { + rate_limit { + zone dynamic_zone { + key {client_ip} + events 50 + window 1s + } + log_key + } +} + +(geoblock) { + @non_china_block { + not { + maxmind_geolocation { + db_path "/geodb/GeoLite2-Country.mmdb" + allow_countries CN + } + } + } + + respond @non_china_block "You are blocked" 403 +} + +:443 { + tls internal + respond 404 +} + +import /conf/* diff --git a/READMD.md b/READMD.md new file mode 100644 index 0000000..dea5706 --- /dev/null +++ b/READMD.md @@ -0,0 +1,13 @@ +## Github 镜像配置 + +./conf/github.caddyfile + +## Google 镜像配置 + +./conf/google.caddyfile + +## 使用的 Caddy 模块 + +github.com/caddyserver/replace-response +github.com/mholt/caddy-ratelimit +github.com/porech/caddy-maxmind-geolocation diff --git a/conf/github.caddyfile b/conf/github.caddyfile new file mode 100644 index 0000000..19e20cd --- /dev/null +++ b/conf/github.caddyfile @@ -0,0 +1,135 @@ +(communal) { + header_down -Strict-Transport-Security + header_down -Content-Security-Policy + header_down -Set-Cookie + header_down -x-pjax-url + header_down -Referrer-Policy + header_up Accept-Encoding identity +} + +github.example.com { + import log github.example.com + import common + import ratelimit + import geoblock + + replace { + https://raw.githubusercontent.com https://github-raw.example.com + https://github.com https://github.example.com + https://github.githubassets.com https://github-assets.example.com + https://api.github.com https://github-api.example.com + } + + @downloads path_regexp ^/[^/]+/[^/]+/releases/download/.*$ + redir @downloads https://github-download.example.com{re.0} + + @archives path_regexp ^/[^/]+/[^/]+/archive/.*$ + redir @archives https://github-archive.example.com{re.0} + + @artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$ + redir @artifacts https://github-download.example.com{re.0} + + reverse_proxy https://github.com { + import communal + header_up Host github.com + header_up Referer https://github.com/ + header_up Origin https://github.com + } +} + +github-assets.example.com { + import log github-assets.example.com + import common + import ratelimit + import geoblock + + reverse_proxy https://github.githubassets.com { + import communal + header_up Host github.githubassets.com + } +} + +github-codeload.example.com { + import log github-codeload.example.com + import common + import ratelimit + import geoblock + + reverse_proxy https://codeload.github.com { + import communal + header_up Host github.com + } +} + +github-download.example.com { + import log github-download.example.com + import common + import ratelimit + import geoblock + + @archives path_regexp ^/[^/]+/[^/]+/archive/.*$ + redir @archives https://github-archive.example.com{re.0} + + @downloads path_regexp ^/[^/]+/[^/]+/releases(/latest)?/download/.*$ + reverse_proxy @downloads https://github.com { + import communal + header_up Host github.com + } + + @artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$ + reverse_proxy @artifacts https://github.com { + import communal + header_up Host github.com + } +} + +github-raw.example.com { + import log github-raw.example.com + import common + import ratelimit + import geoblock + + replace https://raw.githubusercontent.com https://github-raw.example.com + + reverse_proxy https://raw.githubusercontent.com { + import communal + header_up Host raw.githubusercontent.com + } +} + +github-api.example.com { + import log github-api.example.com + import common + import ratelimit + import geoblock + + replace { + https://github.com https://github.example.com + https://raw.githubusercontent.com https://github-raw.example.com + https://api.github.com https://github-api.example.com + } + + reverse_proxy https://api.github.com { + import communal + header_up Host api.github.com + } +} + +github-archive.example.com { + import log github-archive.example.com + import common + import ratelimit + import geoblock + + @downloads path_regexp ^/[^/]+/[^/]+/releases(/latest)?/download/.*$ + redir @downloads https://github-download.example.com{re.0} + + @artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$ + redir @artifacts https://github-download.example.com{re.0} + + @archives path_regexp ^/[^/]+/[^/]+/archive/.*$ + reverse_proxy @archives https://github.com { + import communal + header_up Host github.com + } +} diff --git a/conf/google.caddyfile b/conf/google.caddyfile new file mode 100644 index 0000000..b818dc3 --- /dev/null +++ b/conf/google.caddyfile @@ -0,0 +1,28 @@ +google.example.com { + import log google.example.com + import common + import ratelimit + import geoblock + replace http://www.google.com http://google.example.com + replace https://www.google.com http://google.example.com + + reverse_proxy https://www.google.com { + header_up Host www.google.com + header_down Set-Cookie google.com google.example.com + } +} + +google-scholar.example.com { + import log google-scholar.example.com + import common + import ratelimit + import geoblock + replace http://www.google.com http://google.example.com + replace https://www.google.com http://google.example.com + replace https://scholar.google.com http://google-scholar.example.com + + reverse_proxy https://scholar.google.com { + header_up Host scholar.google.com + header_down Set-Cookie google.com google-scholar.example.com + } +} diff --git a/geodb/GeoLite2-Country.mmdb b/geodb/GeoLite2-Country.mmdb new file mode 100644 index 0000000..379e887 Binary files /dev/null and b/geodb/GeoLite2-Country.mmdb differ