阻止扫描

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;

ssl_certificate /etc/nginx/certs/default_server.crt;
ssl_certificate_key /etc/nginx/certs/default_server.key;

return 444;
}

功能:主要功能是将所有没有匹配到特定域名的请求直接拒绝,不提供任何服务。

server_name _; 的设置会将这个 server 块视为默认服务器,用来处理所有未在其他 server 块中定义的域名请求。

在这个配置中,所有未明确定义的域名请求都会被引导到这个默认的 server 块,然后立即返回状态码 444,断开连接。

使用

Nginx proxy manage配置使用

docker-compose文件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
environment:
- TZ=Asia/Shanghai # 设置为 CST 时区
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./nginx/block_scanners.conf:/etc/nginx/conf.d/block_scanners.conf # 映射拦截配置文件
- ./nginx/certs:/etc/nginx/certs # 映射证书文件目录
  1. 移动到docker-compose.yml文件所在的目录,在此目录下创建/nginx/block_scanners.conf文件

  2. 把阻止扫描的配置复制到block_scanners.conf这个文件中

  3. 申请自签证书

先安装openssl

1
2
sudo apt update
sudo apt install openssl -y

再执行(确保当前在docker-compose.yml文件所在的目录)

1
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./data/nginx/certs/default_server.key -out ./data/nginx/certs/default_server.crt

在生成过程中,会被提示输入一些信息,如国家、省份和组织。可以随意填写,或者直接回车,生成证书和密钥文件即可。

最后执行:

1
docker-compose up -d

验证方法

使用 curl 命令: 在服务器上,使用 curl 命令发送请求到 Nginx Proxy Manager 容器,指定一个不存在的域名(未在 Nginx Proxy Manager 中配置的域名),例如:

1
curl -I http://localhost -H "Host: nonexisting.domain.com"

当收到 curl: (52) Empty reply from server 表示服务器没有返回任何内容,这正是 return 444; 配置的预期结果。

代理docker hub pull

https://blog.0031400.xyz/p/5

配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
server {
listen [::]:80;
server_name docker.yourdomain.com;
location = / {
return 404;
}
location /v2/ {
proxy_pass https://registry-1.docker.io/v2/;
proxy_set_header Host registry-1.docker.io;
more_set_headers 'WWW-Authenticate: Bearer realm="https://docker.yourdomain.com/auth/token", service="registry.docker.io"';
proxy_redirect https://production.cloudflare.docker.com/ https://docker.yourdomain.com/production-cloudflare/;
}
location /auth/ {
proxy_pass https://auth.docker.io/;
proxy_set_header Host auth.docker.io;
}
location /production-cloudflare/ {
proxy_pass https://production.cloudflare.docker.com/;
proxy_set_header Host production.cloudflare.docker.com;
}
}

使用方法

1
2
3
4
/etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.yourdomain.com"]
}

代理github下载和git clone

https://blog.0031400.xyz/p/4

nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
server {
listen [::]:80;
server_name gh.yourdomain.com;
location = / {
return 404;
}
location /codeload/ {
proxy_pass https://codeload.github.com/;
proxy_set_header Host codeload.github.com;
}
location /objects-githubusercontent/ {
proxy_pass https://objects.githubusercontent.com/;
proxy_set_header Host objects.githubusercontent.com;
}
location /raw-githubusercontent/ {
proxy_pass https://raw.githubusercontent.com/;
proxy_set_header Host raw.githubusercontent.com;
}
location /gist/ {
proxy_pass https://gist.github.com/;
proxy_set_header Host gist.github.com;
proxy_redirect https://gist.githubusercontent.com/ https://gh.yourdomain.com/gist-githubusercontent/;
proxy_redirect https://codeload.github.com/ https://gh.yourdomain.com/codeload/;
}
location /gist-githubusercontent/ {
proxy_pass https://gist.githubusercontent.com/;
proxy_set_header Host gist.githubusercontent.com;
}
location / {
proxy_pass https://github.com/;
proxy_set_header Host github.com;
proxy_redirect https://codeload.github.com/ https://gh.yourdomain.com/codeload/;
proxy_redirect https://objects.githubusercontent.com/ https://gh.yourdomain.com/objects-githubusercontent/;
proxy_redirect https://raw.githubusercontent.com/ https://gh.yourdomain.com/raw-githubusercontent/;
}
}

使用方法

  • 项目分支源码
    https://github.com/gohugoio/hugo/archive/refs/heads/master.zip
    https://gh.yourdomain.com/gohugoio/hugo/archive/refs/heads/master.zip
  • 项目具体raw文件
    https://github.com/gohugoio/hugo/raw/refs/heads/master/README.md
    https://gh.yourdomain.com/gohugoio/hugo/raw/refs/heads/master/README.md
  • release文件
    https://github.com/gohugoio/hugo/releases/download/v0.145.0/hugo_0.145.0_linux-amd64.tar.gz
    https://gh.yourdomain.com/gohugoio/hugo/releases/download/v0.145.0/hugo_0.145.0_linux-amd64.tar.gz
  • release代码
    https://github.com/gohugoio/hugo/archive/refs/tags/v0.145.0.tar.gz
    https://gh.yourdomain.com/gohugoio/hugo/archive/refs/tags/v0.145.0.tar.gz
  • git clone https
    git clone https://github.com/gohugoio/hugo.git
    git clone https://gh.yourdomain.com/gohugoio/hugo.git
  • gist raw
    https://gist.github.com/imba-tjd/d73258f0817255dbe77d64d40d985e76/raw/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a/.Cloud.md
    https://gh.yourdomain.com/gist/imba-tjd/d73258f0817255dbe77d64d40d985e76/raw/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a/.Cloud.md
  • gist打包
    https://gist.github.com/imba-tjd/d73258f0817255dbe77d64d40d985e76/archive/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a.zip
    https://gh.yourdomain.com/gist/imba-tjd/d73258f0817255dbe77d64d40d985e76/archive/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a.zip

代理civitai

https://blog.0031400.xyz/p/6

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server {
listen [::]:80;
server_name civitai.yourdomain.com;
location = / {
return 404;
}
location / {
proxy_pass https://civitai.com/;
proxy_set_header Host civitai.com;
proxy_ssl_server_name on;
proxy_redirect https://civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com/ https://civitai.yourdomain.com/civitai-delivery-worker-prod-5ac0637cfd0766c97916cefa3764fbdf-r2/;
}
location /civitai-delivery-worker-prod-5ac0637cfd0766c97916cefa3764fbdf-r2/ {
proxy_pass https://civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com/;
proxy_set_header Host civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com;
proxy_ssl_server_name on;
}
}

使用方法

https://civitai.com/api/download/models/5581?type=Model&format=PickleTensor&size=full&fp=fp16

https://civitai.yourdomain.com/api/download/models/5581?type=Model&format=PickleTensor&size=full&fp=fp16

代理zilibrary

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

keepalive_timeout 65;

#gzip on;
include /etc/nginx/conf.d/*.conf;

server {
listen 8543;
listen [::]:8543;
resolver 8.8.8.8 ipv6=off; # 关闭 IPv6 DNS 解析,防止网络不可达错误
location / {
resolver 8.8.8.8; # 使用公共 DNS
proxy_pass https://z-library.sk;
proxy_ssl_server_name on;
proxy_set_header Host z-library.sk;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect https://z-library.sk/ https://你的代理域名/;
# 允许 Cookie 透传
proxy_cookie_domain z-library.sk $host;
proxy_cookie_path / /;

# 允许 WebSocket 连接
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";

# 代理 WebSockets
proxy_buffering off;

# 解决 CORS 跨域问题
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Content-Type, Authorization, Cookie';
add_header Access-Control-Allow-Credentials true;

# 取消安全限制,防止某些页面无法加载
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
proxy_hide_header X-XSS-Protection;

# 允许 Set-Cookie 头透传
proxy_pass_header Set-Cookie;
}

}
}

谷歌

翻译

1
2
3
4
5
6
7
8
9
10
11
12
13
location / {
proxy_pass https://translate.google.com/;
proxy_redirect https://translate.google.com/ /;
proxy_cookie_domain translate.google.com 你的域名;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding "";
sub_filter_once off;
add_header Cache-Control no-cache;
sub_filter "http://translate.google.com" "http://你的域名";
sub_filter "https://translate.google.com" "https://你的域名";
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Accept-Language "zh-CN";
}

翻译API

1
2
3
4
5
6
7
8
9
10
11
12
13
location / {
proxy_pass https://translate.googleapis.com/;
proxy_redirect https://translate.googleapis.com/ /;
proxy_cookie_domain translate.googleapis.com 你的域名;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding "";
sub_filter_once off;
add_header Cache-Control no-cache;
sub_filter "http://translate.googleapis.com" "http://你的域名";
sub_filter "https://translate.googleapis.com" "https://你的域名";
add_header Strict-Transport-Security "max-age=31536000";
proxy_set_header Accept-Language "zh-CN";
}