使用nginx反向代理github
每次从github上拉东西,速度都奇慢无比,本地的时候可以设置代理,但是一些特殊场合并不是特别方便,所以就写了下面的反向代理。
建议直接看这个
- https://run.la/s/169.html,通过一个域名加速各种网站
设置upstream(上游),ip地址可以通过dig github.com
获取,或者比较懒的,直接server github.com:443
,它会自动解析。
upstream github {
server 192.30.253.112:443;
server 192.30.253.113:443;
keepalive 16;#设置连接池加快访问速度。
}
配置https,也可以直接使用http,将listen 443 ssl http2 reuseport;
替换成listen 80;
就可以。
server
{
listen 443 ssl http2 reuseport;
ssl_certificate ssl/p.run.la.pem;
ssl_certificate_key ssl/p.run.la.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;
ssl_stapling on;
server_name p.run.la; #绑定的域名
屏蔽搜索引擎
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") #防止搜索引擎收录
{
return 403;
}
配置反向代理
location / {
proxy_set_header Accept-Encoding ""; #不使用压缩,如gzip
proxy_set_header Connection "";
proxy_http_version 1.1; #使用http1.1长连接
proxy_connect_timeout 10s; #设置连接超时
proxy_read_timeout 10s; #设置读取超时
proxy_set_header Host github.com;
proxy_hide_header Strict-Transport-Security; #隐藏协议头,避免因为反向代理开启hsts
proxy_pass https://github;
}
}
最后贴一下完整规则
upstream github {
server 192.30.253.112:443;
server 192.30.253.113:443;
}
server
{
listen 443 ssl http2 reuseport;
ssl_certificate ssl/p.run.la.pem;
ssl_certificate_key ssl/p.run.la.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;
ssl_stapling on;
server_name p.run.la; #绑定的域名
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") #防止搜索引擎收录
{
return 403;
}
location / {
proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_connect_timeout 10s;
proxy_read_timeout 10s;
proxy_set_header Host github.com;
proxy_hide_header Strict-Transport-Security; #隐藏协议头,避免因为反向代理开启hsts
proxy_pass https://github;
}
}
好像不太行,因为现在浏览器都支持CSP了,直接把静态资源都干掉了,似乎应该在proxy_set_header里加CSP设置?
我想要你这个微博模版啊,喂