# 反代 docker hub 镜像源
server {
listen 443 ssl http2 ;
listen 80 ;
server_name docker.901020.xyz;
#ssl_certificate 证书地址;
#ssl_certificate_key 密钥地址;
ssl_session_timeout 10m;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
location / {
proxy_pass https://registry-1.docker.io; # Docker Hub 的官方镜像仓库
proxy_set_header Host registry-1.docker.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 关闭缓存
proxy_buffering off;
# 转发认证相关的头部
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
# 对 upstream 状态码检查,实现 error_page 错误重定向
proxy_intercept_errors on;
# error_page 指令默认只检查了第一次后端返回的状态码,开启后可以跟随多次重定向。recursive_error_pages on;
# 根据状态码执行对应操作,以下为 301、302、307 状态码都会触发
error_page 301 302 307 = @handle_redirect;
}
location @handle_redirect {
resolver 1.1.1.1;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
if ($scheme = http) {return 301 https://$host$request_uri;}
ssl_certificate /www/sites/docker.901020.xyz/ssl/fullchain.pem;
ssl_certificate_key /www/sites/docker.901020.xyz/ssl/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
ssl_stapling on;
ssl_stapling_verify on;
}
正文完
发表至: 开源脚本
2024-07-13
