Init

Caddyfile

@@ -0,0 +1,57 @@
+{
+	#debug
+	order replace after encode
+}
+
+(log) {
+	log {
+		output file /log/{args[0]}/access.log {
+			roll_size 100MiB
+			roll_local_time
+			roll_keep 10
+			roll_keep_for 2160h
+		}
+	}
+}
+
+(common) {
+	header Host {host}
+	header X-Real-IP {remote_host}
+	header X-Forwarded-For {remote_host}
+	header X-Forwarded-Proto {scheme}
+
+	request_body {
+		max_size 10MB
+	}
+}
+
+(ratelimit) {
+	rate_limit {
+		zone dynamic_zone {
+			key {client_ip}
+			events 50
+			window 1s
+		}
+		log_key
+	}
+}
+
+(geoblock) {
+	@non_china_block {
+		not {
+			maxmind_geolocation {
+				db_path "/geodb/GeoLite2-Country.mmdb"
+				allow_countries CN
+			}
+		}
+	}
+
+	respond @non_china_block "You are blocked" 403
+}
+
+:443 {
+	tls internal
+	respond 404
+}
+
+import /conf/*

READMD.md

@@ -0,0 +1,13 @@
+## Github 镜像配置
+
+./conf/github.caddyfile
+
+## Google 镜像配置
+
+./conf/google.caddyfile
+
+## 使用的 Caddy 模块
+
+github.com/caddyserver/replace-response
+github.com/mholt/caddy-ratelimit
+github.com/porech/caddy-maxmind-geolocation

conf/github.caddyfile

@@ -0,0 +1,135 @@
+(communal) {
+	header_down -Strict-Transport-Security
+	header_down -Content-Security-Policy
+	header_down -Set-Cookie
+	header_down -x-pjax-url
+	header_down -Referrer-Policy
+	header_up Accept-Encoding identity
+}
+
+github.example.com {
+	import log github.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	replace {
+		https://raw.githubusercontent.com https://github-raw.example.com
+		https://github.com https://github.example.com
+		https://github.githubassets.com https://github-assets.example.com
+		https://api.github.com https://github-api.example.com
+	}
+
+	@downloads path_regexp ^/[^/]+/[^/]+/releases/download/.*$
+	redir @downloads https://github-download.example.com{re.0}
+
+	@archives path_regexp ^/[^/]+/[^/]+/archive/.*$
+	redir @archives https://github-archive.example.com{re.0}
+
+	@artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$
+	redir @artifacts https://github-download.example.com{re.0}
+
+	reverse_proxy https://github.com {
+		import communal
+		header_up Host github.com
+		header_up Referer https://github.com/
+		header_up Origin https://github.com
+	}
+}
+
+github-assets.example.com {
+	import log github-assets.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	reverse_proxy https://github.githubassets.com {
+		import communal
+		header_up Host github.githubassets.com
+	}
+}
+
+github-codeload.example.com {
+	import log github-codeload.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	reverse_proxy https://codeload.github.com {
+		import communal
+		header_up Host github.com
+	}
+}
+
+github-download.example.com {
+	import log github-download.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	@archives path_regexp ^/[^/]+/[^/]+/archive/.*$
+	redir @archives https://github-archive.example.com{re.0}
+
+	@downloads path_regexp ^/[^/]+/[^/]+/releases(/latest)?/download/.*$
+	reverse_proxy @downloads https://github.com {
+		import communal
+		header_up Host github.com
+	}
+
+	@artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$
+	reverse_proxy @artifacts https://github.com {
+		import communal
+		header_up Host github.com
+	}
+}
+
+github-raw.example.com {
+	import log github-raw.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	replace https://raw.githubusercontent.com https://github-raw.example.com
+
+	reverse_proxy https://raw.githubusercontent.com {
+		import communal
+		header_up Host raw.githubusercontent.com
+	}
+}
+
+github-api.example.com {
+	import log github-api.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	replace {
+		https://github.com https://github.example.com
+		https://raw.githubusercontent.com https://github-raw.example.com
+		https://api.github.com https://github-api.example.com
+	}
+
+	reverse_proxy https://api.github.com {
+		import communal
+		header_up Host api.github.com
+	}
+}
+
+github-archive.example.com {
+	import log github-archive.example.com
+	import common
+	import ratelimit
+	import geoblock
+
+	@downloads path_regexp ^/[^/]+/[^/]+/releases(/latest)?/download/.*$
+	redir @downloads https://github-download.example.com{re.0}
+
+	@artifacts path_regexp ^/[^/]+/[^/]+/suites/[^/]+/artifacts/.*$
+	redir @artifacts https://github-download.example.com{re.0}
+
+	@archives path_regexp ^/[^/]+/[^/]+/archive/.*$
+	reverse_proxy @archives https://github.com {
+		import communal
+		header_up Host github.com
+	}
+}

conf/google.caddyfile

@@ -0,0 +1,28 @@
+google.example.com {
+	import log google.example.com
+	import common
+	import ratelimit
+	import geoblock
+	replace http://www.google.com http://google.example.com
+	replace https://www.google.com http://google.example.com
+
+	reverse_proxy https://www.google.com {
+		header_up Host www.google.com
+		header_down Set-Cookie google.com google.example.com
+	}
+}
+
+google-scholar.example.com {
+	import log google-scholar.example.com
+	import common
+	import ratelimit
+	import geoblock
+	replace http://www.google.com http://google.example.com
+	replace https://www.google.com http://google.example.com
+	replace https://scholar.google.com http://google-scholar.example.com
+
+	reverse_proxy https://scholar.google.com {
+		header_up Host scholar.google.com
+		header_down Set-Cookie google.com google-scholar.example.com
+	}
+}