国内对github等网站的干扰是越来越严重了,部分服务器上也不合适安装转发流量的工具,遇到拷贝克隆github的库真是一头包
于是考虑使用nginx反代来加速仓库克隆,也顺带支持一些常见的如debian源的更新
nginx反代配置文件参考如下
server {
server_name proxy.chancel.me;
access_log /var/log/nginx/proxy.log;
error_log /var/log/nginx/proxy.log;
location / {
return 404;
}
# 禁止访问配置文件
location ~* .(conf|sql|bak|ini|yaml)$ {
deny all;
}
# 指定允许的http method
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
# 排除机器人访问
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot"){
return 403;
}
# 正则匹配需要反向代理的网站
location ~ ^/(www\.debian\.org|deb\.debian\.org|security\.debian\.org|github\.com)(/.*)$ {
resolver 8.8.8.8 8.8.4.4 valid=600s;
resolver_timeout 10s;
proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Strict-Transport-Security;
set $query_mark "";
if ($query_string != "") {
set $query_mark "?${query_string}";
}
proxy_pass $scheme://$1$2$query_mark;
}
# 引入https设置
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/chancel.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chancel.me/privkey.pem; # managed by Certbot
}
server{
if ($host = proxy.chancel.me) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name proxy.chancel.me;
return 404; # managed by Certbot
}
设置完成后,如克隆cefsharp的github仓库,原本是
git clone https://github.com/cefsharp/CefSharp.git
只需要改成以下的形式(替换域名,其他的不变)
git clone https://proxy.chancel.me/github.com/cefsharp/CefSharp.git