https://hub.docker.com/r/hunsh/gh-proxy-py
https://github.com/hunshcn/gh-proxy
docker run -d --name="github" -p 9095:80 --restart=always hunsh/gh-proxy-py:latest
docker run -d --name github --hostname github -p 9992:80 --restart always --restart=always --network mgr --ip 172.18.0.192 -v /etc/localtime:/etc/localtime:ro hunsh/gh-proxy-py:latest
cd /data/site/htmltoo.opt
git clone https://github.htmltoo.com/https://github.com/hunshcn/gh-proxy
git clone https://user:TOKEN@ghproxy.com/https://github.com/xxxx/xxxx
docker pull hunsh/gh-proxy-py:latest
docker save hunsh/gh-proxy-py:latest | gzip > /data/site/htmltoo.f/htmltoo.up/soft/docker.tar/github.tar.gz
以下都是合法输入(仅示例,文件不存在):
release源码:https://github.com/hunshcn/project/archive/v0.1.0.tar.gz
release文件:https://github.com/hunshcn/project/releases/download/v0.1.0/example.zip
分支文件:https://github.com/hunshcn/project/blob/master/filename
commit文件:https://github.com/hunshcn/project/blob/1111111111111111111111111111/filename
Dockerfile
FROM tiangolo/uwsgi-nginx:python3.7 LABEL maintainer="Sebastian Ramirez <tiangolo@gmail.com>" RUN pip install flask requests COPY ./app /app WORKDIR /app # Make /app/* available to be imported by Python globally to better support several use cases like Alembic migrations. ENV PYTHONPATH=/app # Move the base entrypoint to reuse it RUN mv /entrypoint.sh /uwsgi-nginx-entrypoint.sh # Copy the entrypoint that will generate Nginx additional configs COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] # Run the start script provided by the parent image tiangolo/uwsgi-nginx. # It will check for an /app/prestart.sh script (e.g. for migrations) # And then will start Supervisor, which in turn will start Nginx and uWSGI EXPOSE 80 CMD ["/start.sh"]
entrypoint.sh
#! /usr/bin/env bash
set -e
/uwsgi-nginx-entrypoint.sh
# Get the listen port for Nginx, default to 80
USE_LISTEN_PORT=${LISTEN_PORT:-80}
if [ -f /app/nginx.conf ]; then
cp /app/nginx.conf /etc/nginx/nginx.conf
else
content_server='server {\n'
content_server=$content_server" listen ${USE_LISTEN_PORT};\n"
content_server=$content_server' location / {\n'
content_server=$content_server' try_files $uri @app;\n'
content_server=$content_server' }\n'
content_server=$content_server' location @app {\n'
content_server=$content_server' include uwsgi_params;\n'
content_server=$content_server' uwsgi_pass unix:///tmp/uwsgi.sock;\n'
content_server=$content_server' }\n'
content_server=$content_server'}\n'
# Save generated server /etc/nginx/conf.d/nginx.conf
printf "$content_server" > /etc/nginx/conf.d/nginx.conf
fi
exec "$@"index.js
'use strict'
/**
* static files (404.html, sw.js, conf.js)
*/
const ASSET_URL = 'https://hunshcn.github.io/gh-proxy'
// 前缀,如果自定义路由为example.com/gh/*,将PREFIX改为 '/gh/',注意,少一个杠都会错!
const PREFIX = '/'
// git使用cnpmjs镜像、分支文件使用jsDelivr镜像的开关,0为关闭,默认开启
const Config = {
jsdelivr: 1,
cnpmjs: 1
}
/** @type {RequestInit} */
const PREFLIGHT_INIT = {
status: 204,
headers: new Headers({
'access-control-allow-origin': '*',
'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
'access-control-max-age': '1728000',
}),
}
/**
* @param {any} body
* @param {number} status
* @param {Object<string, string>} headers
*/
function makeRes(body, status = 200, headers = {}) {
headers['access-control-allow-origin'] = '*'
return new Response(body, {status, headers})
}
/**
* @param {string} urlStr
*/
function newUrl(urlStr) {
try {
return new URL(urlStr)
} catch (err) {
return null
}
}
addEventListener('fetch', e => {
const ret = fetchHandler(e)
.catch(err => makeRes('cfworker error:\n' + err.stack, 502))
e.respondWith(ret)
})
/**
* @param {FetchEvent} e
*/
async function fetchHandler(e) {
const req = e.request
const urlStr = req.url
const urlObj = new URL(urlStr)
let path = urlObj.searchParams.get('q')
if (path) {
return Response.redirect('https://' + urlObj.host + PREFIX + path, 301)
}
// cfworker 会把路径中的 `//` 合并成 `/`
path = urlObj.href.substr(urlObj.origin.length + PREFIX.length).replace(/^https?:\/+/, 'https://')
const exp1 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:releases|archive)\/.*$/i
const exp2 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:blob)\/.*$/i
const exp3 = /^(?:https?:\/\/)?github\.com\/.+?\/.+?\/(?:info|git-).*$/i
const exp4 = /^(?:https?:\/\/)?raw\.githubusercontent\.com\/.+?\/.+?\/.+?\/.+$/i
if (path.search(exp1) === 0 || !Config.cnpmjs && (path.search(exp3) === 0 || path.search(exp4) === 0)) {
return httpHandler(req, path)
} else if (path.search(exp2) === 0) {
if (Config.jsdelivr){
const newUrl = path.replace('/blob/', '@').replace(/^(?:https?:\/\/)?github\.com/, 'https://cdn.jsdelivr.net/gh')
return Response.redirect(newUrl, 302)
}else{
path = path.replace('/blob/', '/raw/')
return httpHandler(req, path)
}
} else if (path.search(exp3) === 0) {
const newUrl = path.replace(/^(?:https?:\/\/)?github\.com/, 'https://github.com.cnpmjs.org')
return Response.redirect(newUrl, 302)
} else if (path.search(exp4) === 0) {
const newUrl = path.replace(/(?<=com\/.+?\/.+?)\/(.+?\/)/, '@$1').replace(/^(?:https?:\/\/)?raw\.githubusercontent\.com/, 'https://cdn.jsdelivr.net/gh')
return Response.redirect(newUrl, 302)
} else {
return fetch(ASSET_URL + path)
}
}
/**
* @param {Request} req
* @param {string} pathname
*/
function httpHandler(req, pathname) {
const reqHdrRaw = req.headers
// preflight
if (req.method === 'OPTIONS' &&
reqHdrRaw.has('access-control-request-headers')
) {
return new Response(null, PREFLIGHT_INIT)
}
let rawLen = ''
const reqHdrNew = new Headers(reqHdrRaw)
let urlStr = pathname
if (urlStr.startsWith('github')) {
urlStr = 'https://' + urlStr
}
const urlObj = newUrl(urlStr)
/** @type {RequestInit} */
const reqInit = {
method: req.method,
headers: reqHdrNew,
redirect: 'follow',
body: req.body
}
return proxy(urlObj, reqInit, rawLen, 0)
}
/**
*
* @param {URL} urlObj
* @param {RequestInit} reqInit
*/
async function proxy(urlObj, reqInit, rawLen) {
const res = await fetch(urlObj.href, reqInit)
const resHdrOld = res.headers
const resHdrNew = new Headers(resHdrOld)
// verify
if (rawLen) {
const newLen = resHdrOld.get('content-length') || ''
const badLen = (rawLen !== newLen)
if (badLen) {
return makeRes(res.body, 400, {
'--error': `bad len: ${newLen}, except: ${rawLen}`,
'access-control-expose-headers': '--error',
})
}
}
const status = res.status
resHdrNew.set('access-control-expose-headers', '*')
resHdrNew.set('access-control-allow-origin', '*')
resHdrNew.delete('content-security-policy')
resHdrNew.delete('content-security-policy-report-only')
resHdrNew.delete('clear-site-data')
return new Response(res.body, {
status,
headers: resHdrNew,
})
}app/main.py
# -*- coding: utf-8 -*-
import re
import requests
from flask import Flask, Response, redirect, request
# config
# git使用cnpmjs镜像、分支文件使用jsDelivr镜像的开关,0为关闭,默认开启
jsdelivr = 1
cnpmjs = 1
size_limit = 1024 * 1024 * 1024 * 999 # 允许的文件大小,默认999GB,相当于无限制了 https://github.com/hunshcn/gh-proxy/issues/8
HOST = '127.0.0.1' # 监听地址,建议监听本地然后由web服务器反代
PORT = 80 # 监听端口
ASSET_URL = 'https://hunshcn.github.io/gh-proxy' # 主页
app = Flask(__name__)
CHUNK_SIZE = 1024 * 10
index_html = requests.get(ASSET_URL, timeout=10).text
exp1 = re.compile(r'^(?:https?://)?github\.com/.+?/.+?/(?:releases|archive)/.*$')
exp2 = re.compile(r'^(?:https?://)?github\.com/.+?/.+?/(?:blob)/.*$')
exp3 = re.compile(r'^(?:https?://)?github\.com/.+?/.+?/(?:info|git-).*$')
exp4 = re.compile(r'^(?:https?://)?raw\.githubusercontent\.com/.+?/.+?/.+?/.+$')
@app.route('/')
def index():
if 'q' in request.args:
return redirect('/' + request.args.get('q'))
return index_html
@app.route('/<path:u>', methods=['GET', 'POST'])
def proxy(u):
u = u if u.startswith('http') else 'https://' + u
u = u.replace(':/g', '://g', 1) # uwsgi会将//传递为/
if jsdelivr and exp2.match(u):
u = u.replace('/blob/', '@', 1).replace('github.com', 'cdn.jsdelivr.net/gh', 1)
return redirect(u)
elif cnpmjs and exp3.match(u):
u = u.replace('github.com', 'github.com.cnpmjs.org', 1) + request.url.replace(request.base_url, '', 1)
return redirect(u)
elif jsdelivr and exp4.match(u):
u = re.sub(r'(\.com/.*?/.+?)/(.+?/)', r'\1@\2', u, 1)
u = u.replace('raw.githubusercontent.com', 'cdn.jsdelivr.net/gh', 1)
return redirect(u)
else:
if exp2.match(u):
u = u.replace('/blob/', '/raw/', 1)
headers = {}
r_headers = {}
for i in ['Range', 'User-Agent']:
if i in request.headers:
r_headers[i] = request.headers.get(i)
try:
url = u + request.url.replace(request.base_url, '', 1)
if url.startswith('https:/') and not url.startswith('https://'):
url = 'https://' + url[7:]
r = requests.request(method=request.method, url=url, data=request.data, headers=r_headers, stream=True)
for i in ['Content-Type']:
if i in r.headers:
headers[i] = r.headers.get(i)
if r.status_code == 200:
headers = dict(r.headers)
try:
headers.pop('Transfer-Encoding')
except KeyError:
pass
if 'Content-length' in r.headers and int(r.headers['Content-length']) > size_limit:
return redirect(u + request.url.replace(request.base_url, '', 1))
def generate():
for chunk in r.iter_content(chunk_size=CHUNK_SIZE):
yield chunk
return Response(generate(), headers=headers, status=r.status_code)
except Exception as e:
headers['content-type'] = 'text/html; charset=UTF-8'
return Response('server error ' + str(e), status=500, headers=headers)
# else:
# return Response('Illegal input', status=403, mimetype='text/html; charset=UTF-8')
if __name__ == '__main__':
app.run(host=HOST, port=PORT)app/uwsgi.ini
[uwsgi] module = main callable = app