技术宅改变世界 技术宅改变世界

使用nginx反向代理github

in Dev read (9586) 文章转载请注明来源!

每次从github上拉东西,速度都奇慢无比,本地的时候可以设置代理,但是一些特殊场合并不是特别方便,所以就写了下面的反向代理。

建议直接看这个

设置upstream(上游),ip地址可以通过dig github.com获取,或者比较懒的,直接server github.com:443,它会自动解析。

upstream github {
    server 192.30.253.112:443;
    server 192.30.253.113:443;
    keepalive 16;#设置连接池加快访问速度。
}

配置https,也可以直接使用http,将listen 443 ssl http2 reuseport;替换成listen 80;就可以。

server
{
    listen 443 ssl http2 reuseport;

    ssl_certificate ssl/p.run.la.pem;
    ssl_certificate_key ssl/p.run.la.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_timeout      1d;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;

    ssl_session_cache        shared:SSL:50m;

    ssl_session_tickets      on;

    ssl_stapling             on;

    server_name p.run.la; #绑定的域名

屏蔽搜索引擎

    if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") #防止搜索引擎收录
    {
        return 403;
    }

配置反向代理

    location / {
        proxy_set_header Accept-Encoding ""; #不使用压缩,如gzip
        proxy_set_header Connection "";
        proxy_http_version 1.1; #使用http1.1长连接
        proxy_connect_timeout    10s; #设置连接超时
        proxy_read_timeout       10s; #设置读取超时
        proxy_set_header Host github.com;
        proxy_hide_header Strict-Transport-Security; #隐藏协议头,避免因为反向代理开启hsts
        proxy_pass https://github;
    }
}

最后贴一下完整规则

upstream github {
    server 192.30.253.112:443;
    server 192.30.253.113:443;
}

server
{
    listen 443 ssl http2 reuseport;

    ssl_certificate ssl/p.run.la.pem;
    ssl_certificate_key ssl/p.run.la.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_timeout      1d;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;

    ssl_session_cache        shared:SSL:50m;

    ssl_session_tickets      on;

    ssl_stapling             on;

    server_name p.run.la; #绑定的域名

    if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") #防止搜索引擎收录
    {
        return 403;
    }

    location / {
        proxy_set_header Accept-Encoding "";
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        proxy_connect_timeout    10s;
        proxy_read_timeout       10s;
        proxy_set_header Host github.com;

        proxy_hide_header Strict-Transport-Security; #隐藏协议头,避免因为反向代理开启hsts

        proxy_pass https://github;
    }
}
nginxgithub反向代理
发表新评论
已有 2 条评论
  1. pikula
    pikulaChrome 123
    回复

    好像不太行,因为现在浏览器都支持CSP了,直接把静态资源都干掉了,似乎应该在proxy_set_header里加CSP设置?

  2. likeitachi
    likeitachiChrome 76
    回复

    我想要你这个微博模版啊,喂

博客已萌萌哒运行
© 2024 • Powered by Typecho • Theme for yotu
PREVIOUS NEXT
雷姆
拉姆