Nginx配置

阻止扫描

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;

    ssl_certificate /etc/nginx/certs/default_server.crt;
    ssl_certificate_key /etc/nginx/certs/default_server.key;

    return 444;
}

功能：主要功能是将所有没有匹配到特定域名的请求直接拒绝，不提供任何服务。

server_name _; 的设置会将这个 server 块视为默认服务器，用来处理所有未在其他 server 块中定义的域名请求。

在这个配置中，所有未明确定义的域名请求都会被引导到这个默认的 server 块，然后立即返回状态码 444，断开连接。

使用

Nginx proxy manage配置使用

docker-compose文件：

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    environment:
      - TZ=Asia/Shanghai  # 设置为 CST 时区
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
      - ./nginx/block_scanners.conf:/etc/nginx/conf.d/block_scanners.conf  # 映射拦截配置文件
      - ./nginx/certs:/etc/nginx/certs  # 映射证书文件目录

移动到docker-compose.yml文件所在的目录，在此目录下创建/nginx/block_scanners.conf文件
把阻止扫描的配置复制到block_scanners.conf这个文件中
申请自签证书

先安装openssl

1 2	sudo apt update sudo apt install openssl -y

再执行(确保当前在docker-compose.yml文件所在的目录)

1	openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./data/nginx/certs/default_server.key -out ./data/nginx/certs/default_server.crt

在生成过程中，会被提示输入一些信息，如国家、省份和组织。可以随意填写，或者直接回车，生成证书和密钥文件即可。

最后执行：

1	docker-compose up -d

验证方法

使用 curl 命令：在服务器上，使用 curl 命令发送请求到 Nginx Proxy Manager 容器，指定一个不存在的域名（未在 Nginx Proxy Manager 中配置的域名），例如：

1	curl -I http://localhost -H "Host: nonexisting.domain.com"

当收到 curl: (52) Empty reply from server 表示服务器没有返回任何内容，这正是 return 444; 配置的预期结果。

代理docker hub pull

https://blog.0031400.xyz/p/5

配置文件

server {
    listen [::]:80;
    server_name docker.yourdomain.com;
    location = / {
        return 404;
    }
    location /v2/ {
        proxy_pass https://registry-1.docker.io/v2/;
        proxy_set_header Host registry-1.docker.io;
        more_set_headers 'WWW-Authenticate: Bearer realm="https://docker.yourdomain.com/auth/token", service="registry.docker.io"';
        proxy_redirect https://production.cloudflare.docker.com/ https://docker.yourdomain.com/production-cloudflare/;
    }
    location /auth/ {
        proxy_pass https://auth.docker.io/;
        proxy_set_header Host auth.docker.io;
    }
    location /production-cloudflare/ {
        proxy_pass https://production.cloudflare.docker.com/;
        proxy_set_header Host production.cloudflare.docker.com;
    }
}

使用方法

/etc/docker/daemon.json
{
  "registry-mirrors": ["https://docker.yourdomain.com"]
}

代理github下载和git clone

https://blog.0031400.xyz/p/4

nginx配置文件

server {
    listen [::]:80;
    server_name gh.yourdomain.com;
    location = / {
        return 404;
    }
    location /codeload/ {
        proxy_pass https://codeload.github.com/;
        proxy_set_header Host codeload.github.com;
    }
    location /objects-githubusercontent/ {
        proxy_pass https://objects.githubusercontent.com/;
        proxy_set_header Host objects.githubusercontent.com;
    }
    location /raw-githubusercontent/ {
        proxy_pass https://raw.githubusercontent.com/;
        proxy_set_header Host raw.githubusercontent.com;
    }
    location /gist/ {
        proxy_pass https://gist.github.com/;
        proxy_set_header Host gist.github.com;
        proxy_redirect https://gist.githubusercontent.com/ https://gh.yourdomain.com/gist-githubusercontent/;
        proxy_redirect https://codeload.github.com/ https://gh.yourdomain.com/codeload/;
    }
    location /gist-githubusercontent/ {
        proxy_pass https://gist.githubusercontent.com/;
        proxy_set_header Host gist.githubusercontent.com;
    }
    location / {
        proxy_pass https://github.com/;
        proxy_set_header Host github.com;
        proxy_redirect https://codeload.github.com/ https://gh.yourdomain.com/codeload/;
        proxy_redirect https://objects.githubusercontent.com/ https://gh.yourdomain.com/objects-githubusercontent/;
        proxy_redirect https://raw.githubusercontent.com/ https://gh.yourdomain.com/raw-githubusercontent/;
    }
}

使用方法

项目分支源码
https://github.com/gohugoio/hugo/archive/refs/heads/master.zip
https://gh.yourdomain.com/gohugoio/hugo/archive/refs/heads/master.zip
项目具体raw文件
https://github.com/gohugoio/hugo/raw/refs/heads/master/README.md
https://gh.yourdomain.com/gohugoio/hugo/raw/refs/heads/master/README.md
release文件
https://github.com/gohugoio/hugo/releases/download/v0.145.0/hugo_0.145.0_linux-amd64.tar.gz
https://gh.yourdomain.com/gohugoio/hugo/releases/download/v0.145.0/hugo_0.145.0_linux-amd64.tar.gz
release代码
https://github.com/gohugoio/hugo/archive/refs/tags/v0.145.0.tar.gz
https://gh.yourdomain.com/gohugoio/hugo/archive/refs/tags/v0.145.0.tar.gz
git clone https
git clone https://github.com/gohugoio/hugo.git
git clone https://gh.yourdomain.com/gohugoio/hugo.git
gist raw
https://gist.github.com/imba-tjd/d73258f0817255dbe77d64d40d985e76/raw/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a/.Cloud.md
https://gh.yourdomain.com/gist/imba-tjd/d73258f0817255dbe77d64d40d985e76/raw/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a/.Cloud.md
gist打包
https://gist.github.com/imba-tjd/d73258f0817255dbe77d64d40d985e76/archive/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a.zip
https://gh.yourdomain.com/gist/imba-tjd/d73258f0817255dbe77d64d40d985e76/archive/b7e9b1c0f86205ab4ebaab0ed652aa06e999075a.zip

代理civitai

https://blog.0031400.xyz/p/6

配置

server {
    listen [::]:80;
    server_name civitai.yourdomain.com;
    location = / {
        return 404;
    }
    location / {
        proxy_pass https://civitai.com/;
        proxy_set_header Host civitai.com;
        proxy_ssl_server_name on;
        proxy_redirect https://civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com/ https://civitai.yourdomain.com/civitai-delivery-worker-prod-5ac0637cfd0766c97916cefa3764fbdf-r2/;
    }
    location /civitai-delivery-worker-prod-5ac0637cfd0766c97916cefa3764fbdf-r2/ {
        proxy_pass https://civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com/;
        proxy_set_header Host civitai-delivery-worker-prod.5ac0637cfd0766c97916cefa3764fbdf.r2.cloudflarestorage.com;
        proxy_ssl_server_name on;
    }
}

使用方法

https://civitai.com/api/download/models/5581?type=Model&format=PickleTensor&size=full&fp=fp16

https://civitai.yourdomain.com/api/download/models/5581?type=Model&format=PickleTensor&size=full&fp=fp16

代理zilibrary

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;

    keepalive_timeout 65;

    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
    
    server {
        listen       8543;
        listen  [::]:8543;
        resolver 8.8.8.8 ipv6=off;  # 关闭 IPv6 DNS 解析，防止网络不可达错误
        location / {
            resolver 8.8.8.8;  # 使用公共 DNS
            proxy_pass https://z-library.sk;
            proxy_ssl_server_name on;
            proxy_set_header Host z-library.sk;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect https://z-library.sk/ https://你的代理域名/;
            # 允许 Cookie 透传
            proxy_cookie_domain z-library.sk $host;
            proxy_cookie_path / /;

            # 允许 WebSocket 连接
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";

            # 代理 WebSockets
            proxy_buffering off;

            # 解决 CORS 跨域问题
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
            add_header Access-Control-Allow-Headers 'Content-Type, Authorization, Cookie';
            add_header Access-Control-Allow-Credentials true;

            # 取消安全限制，防止某些页面无法加载
            proxy_hide_header X-Frame-Options;
            proxy_hide_header X-Content-Type-Options;
            proxy_hide_header X-XSS-Protection;

            # 允许 Set-Cookie 头透传
            proxy_pass_header Set-Cookie;
        }

    }
}

谷歌

翻译

location / {
        proxy_pass https://translate.google.com/; 
        proxy_redirect https://translate.google.com/ /; 
        proxy_cookie_domain translate.google.com 你的域名; 
        proxy_set_header User-Agent $http_user_agent; 
        proxy_set_header Accept-Encoding ""; 
        sub_filter_once off; 
        add_header Cache-Control no-cache; 
        sub_filter "http://translate.google.com" "http://你的域名"; 
        sub_filter "https://translate.google.com" "https://你的域名"; 
        add_header Strict-Transport-Security "max-age=31536000"; 
        proxy_set_header Accept-Language "zh-CN"; 
    }

翻译API

location / {
        proxy_pass https://translate.googleapis.com/; 
        proxy_redirect https://translate.googleapis.com/ /; 
        proxy_cookie_domain translate.googleapis.com 你的域名; 
        proxy_set_header User-Agent $http_user_agent; 
        proxy_set_header Accept-Encoding ""; 
        sub_filter_once off; 
        add_header Cache-Control no-cache; 
        sub_filter "http://translate.googleapis.com" "http://你的域名"; 
        sub_filter "https://translate.googleapis.com" "https://你的域名"; 
        add_header Strict-Transport-Security "max-age=31536000"; 
        proxy_set_header Accept-Language "zh-CN"; 
    }