使用Cloudflare Workers创建DockerHub镜像加速
项目地址: Github:jonssonyan/cf-workers-proxy
部署
- Workers 方式: 复制 _worker.js ,在 Cloudflare 保存并部署
| 名称 | 文件 |
|---|---|
| 通用 | _worker.js |
| Docker | docker.js |
环境变量
| 变量名 | 必填 | 默认值 | 示例 | 备注 |
|---|---|---|---|---|
| PROXY_HOSTNAME | √ | github.com | 代理地址 hostname | |
| PROXY_PROTOCOL | × | https | https | 代理地址协议 |
| PATHNAME_REGEX | × | ^/jonssonyan/ | 代理地址路径正则表达式 | |
| UA_WHITELIST_REGEX | × | (curl) | User-Agent 白名单正则表达式 | |
| UA_BLACKLIST_REGEX | × | (curl) | User-Agent 黑名单正则表达式 | |
| IP_WHITELIST_REGEX | × | (192.168.0.1) | IP 白名单正则表达式 | |
| IP_BLACKLIST_REGEX | × | (192.168.0.1) | IP 黑名单正则表达式 | |
| REGION_WHITELIST_REGEX | × | (JP) | 地区白名单正则表达式 | |
| REGION_BLACKLIST_REGEX | × | (JP) | 地区黑名单正则表达式 | |
| URL302 | × | https://github.com/jonssonyan/cf-workers-proxy | 302 跳转地址 | |
| DEBUG | × | false | false | 开启调试 |
镜像仓库加速
- 将环境变量 PROXY_HOSTNAME 设置为以镜像仓库地址即可
| 镜像仓库 | 地址 |
|---|---|
| docker | registry-1.docker.io |
| k8s-gcr | k8s.gcr.io |
| k8s | registry.k8s.io |
| quay | quay.io |
| gcr | gcr.io |
| ghcr | ghcr.io |
| cloudsmith | docker.cloudsmith.io |
| ecr | public.ecr.aws |
设置 Docker 镜像仓库加速
将 https://dockerhub.xxx.com 替换为你的 worker 自定义域名
mkdir -p /etc/docker cat >/etc/docker/daemon.json <<EOF { "registry-mirrors":["https://dockerhub.xxx.com"] } EOF systemctl daemon-reload systemctl restart docker查询镜像
docker search dockerhub.xxx.com/image_name- dockerhub.xxx.com:你的 worker 自定义域名
- image_name:镜像名称
_worker.js
function logError(request, message) {
console.error(
`${message}, clientIp: ${request.headers.get(
"cf-connecting-ip"
)}, user-agent: ${request.headers.get("user-agent")}, url: ${request.url}`
);
}
function createNewRequest(request, url, proxyHostname, originHostname) {
const newRequestHeaders = new Headers(request.headers);
for (const [key, value] of newRequestHeaders) {
if (value.includes(originHostname)) {
newRequestHeaders.set(
key,
value.replace(
new RegExp(`(?<!\\.)\\b${originHostname}\\b`, "g"),
proxyHostname
)
);
}
}
return new Request(url.toString(), {
method: request.method,
headers: newRequestHeaders,
body: request.body,
});
}
function setResponseHeaders(
originalResponse,
proxyHostname,
originHostname,
DEBUG
) {
const newResponseHeaders = new Headers(originalResponse.headers);
for (const [key, value] of newResponseHeaders) {
if (value.includes(proxyHostname)) {
newResponseHeaders.set(
key,
value.replace(
new RegExp(`(?<!\\.)\\b${proxyHostname}\\b`, "g"),
originHostname
)
);
}
}
if (DEBUG) {
newResponseHeaders.delete("content-security-policy");
}
return newResponseHeaders;
}
/**
* 替换内容
* @param originalResponse 响应
* @param proxyHostname 代理地址 hostname
* @param pathnameRegex 代理地址路径匹配的正则表达式
* @param originHostname 替换的字符串
* @returns {Promise<*>}
*/
async function replaceResponseText(
originalResponse,
proxyHostname,
pathnameRegex,
originHostname
) {
let text = await originalResponse.text();
if (pathnameRegex) {
pathnameRegex = pathnameRegex.replace(/^\^/, "");
return text.replace(
new RegExp(`((?<!\\.)\\b${proxyHostname}\\b)(${pathnameRegex})`, "g"),
`${originHostname}$2`
);
} else {
return text.replace(
new RegExp(`(?<!\\.)\\b${proxyHostname}\\b`, "g"),
originHostname
);
}
}
async function nginx() {
return `<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>`;
}
export default {
async fetch(request, env, ctx) {
try {
const {
PROXY_HOSTNAME,
PROXY_PROTOCOL = "https",
PATHNAME_REGEX,
UA_WHITELIST_REGEX,
UA_BLACKLIST_REGEX,
URL302,
IP_WHITELIST_REGEX,
IP_BLACKLIST_REGEX,
REGION_WHITELIST_REGEX,
REGION_BLACKLIST_REGEX,
DEBUG = false,
} = env;
const url = new URL(request.url);
const originHostname = url.hostname;
if (
!PROXY_HOSTNAME ||
(PATHNAME_REGEX && !new RegExp(PATHNAME_REGEX).test(url.pathname)) ||
(UA_WHITELIST_REGEX &&
!new RegExp(UA_WHITELIST_REGEX).test(
request.headers.get("user-agent").toLowerCase()
)) ||
(UA_BLACKLIST_REGEX &&
new RegExp(UA_BLACKLIST_REGEX).test(
request.headers.get("user-agent").toLowerCase()
)) ||
(IP_WHITELIST_REGEX &&
!new RegExp(IP_WHITELIST_REGEX).test(
request.headers.get("cf-connecting-ip")
)) ||
(IP_BLACKLIST_REGEX &&
new RegExp(IP_BLACKLIST_REGEX).test(
request.headers.get("cf-connecting-ip")
)) ||
(REGION_WHITELIST_REGEX &&
!new RegExp(REGION_WHITELIST_REGEX).test(
request.headers.get("cf-ipcountry")
)) ||
(REGION_BLACKLIST_REGEX &&
new RegExp(REGION_BLACKLIST_REGEX).test(
request.headers.get("cf-ipcountry")
))
) {
logError(request, "Invalid");
return URL302
? Response.redirect(URL302, 302)
: new Response(await nginx(), {
headers: {
"Content-Type": "text/html; charset=utf-8",
},
});
}
url.host = PROXY_HOSTNAME;
url.protocol = PROXY_PROTOCOL;
const newRequest = createNewRequest(
request,
url,
PROXY_HOSTNAME,
originHostname
);
const originalResponse = await fetch(newRequest);
const newResponseHeaders = setResponseHeaders(
originalResponse,
PROXY_HOSTNAME,
originHostname,
DEBUG
);
const contentType = newResponseHeaders.get("content-type") || "";
let body;
if (contentType.includes("text/")) {
body = await replaceResponseText(
originalResponse,
PROXY_HOSTNAME,
PATHNAME_REGEX,
originHostname
);
} else {
body = originalResponse.body;
}
return new Response(body, {
status: originalResponse.status,
headers: newResponseHeaders,
});
} catch (error) {
logError(request, `Fetch error: ${error.message}`);
return new Response("Internal Server Error", { status: 500 });
}
},
};docker.js
function logError(request, message) {
console.error(
`${message}, clientIp: ${request.headers.get(
"cf-connecting-ip"
)}, user-agent: ${request.headers.get("user-agent")}, url: ${request.url}`
);
}
function createNewRequest(request, url, proxyHostname, originHostname) {
const newRequestHeaders = new Headers(request.headers);
for (const [key, value] of newRequestHeaders) {
if (value.includes(originHostname)) {
newRequestHeaders.set(
key,
value.replace(
new RegExp(`(?<!\\.)\\b${originHostname}\\b`, "g"),
proxyHostname
)
);
}
}
return new Request(url.toString(), {
method: request.method,
headers: newRequestHeaders,
body: request.body,
});
}
function setResponseHeaders(
originalResponse,
proxyHostname,
originHostname,
DEBUG
) {
const newResponseHeaders = new Headers(originalResponse.headers);
for (const [key, value] of newResponseHeaders) {
if (value.includes(proxyHostname)) {
newResponseHeaders.set(
key,
value.replace(
new RegExp(`(?<!\\.)\\b${proxyHostname}\\b`, "g"),
originHostname
)
);
}
}
if (DEBUG) {
newResponseHeaders.delete("content-security-policy");
}
let docker_auth_url = newResponseHeaders.get("www-authenticate");
if (docker_auth_url && docker_auth_url.includes("auth.docker.io/token")) {
newResponseHeaders.set(
"www-authenticate",
docker_auth_url.replace("auth.docker.io/token", originHostname + "/token")
);
}
return newResponseHeaders;
}
/**
* 替换内容
* @param originalResponse 响应
* @param proxyHostname 代理地址 hostname
* @param pathnameRegex 代理地址路径匹配的正则表达式
* @param originHostname 替换的字符串
* @returns {Promise<*>}
*/
async function replaceResponseText(
originalResponse,
proxyHostname,
pathnameRegex,
originHostname
) {
let text = await originalResponse.text();
if (pathnameRegex) {
pathnameRegex = pathnameRegex.replace(/^\^/, "");
return text.replace(
new RegExp(`((?<!\\.)\\b${proxyHostname}\\b)(${pathnameRegex})`, "g"),
`${originHostname}$2`
);
} else {
return text.replace(
new RegExp(`(?<!\\.)\\b${proxyHostname}\\b`, "g"),
originHostname
);
}
}
async function nginx() {
return `<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>`;
}
export default {
async fetch(request, env, ctx) {
try {
let {
PROXY_HOSTNAME = "registry-1.docker.io",
PROXY_PROTOCOL = "https",
PATHNAME_REGEX,
UA_WHITELIST_REGEX,
UA_BLACKLIST_REGEX,
URL302,
IP_WHITELIST_REGEX,
IP_BLACKLIST_REGEX,
REGION_WHITELIST_REGEX,
REGION_BLACKLIST_REGEX,
DEBUG = false,
} = env;
const url = new URL(request.url);
const originHostname = url.hostname;
if (url.pathname.includes("/token")) {
PROXY_HOSTNAME = "auth.docker.io";
} else if (url.pathname.includes("/search")) {
PROXY_HOSTNAME = "index.docker.io";
}
if (
!PROXY_HOSTNAME ||
(PATHNAME_REGEX && !new RegExp(PATHNAME_REGEX).test(url.pathname)) ||
(UA_WHITELIST_REGEX &&
!new RegExp(UA_WHITELIST_REGEX).test(
request.headers.get("user-agent").toLowerCase()
)) ||
(UA_BLACKLIST_REGEX &&
new RegExp(UA_BLACKLIST_REGEX).test(
request.headers.get("user-agent").toLowerCase()
)) ||
(IP_WHITELIST_REGEX &&
!new RegExp(IP_WHITELIST_REGEX).test(
request.headers.get("cf-connecting-ip")
)) ||
(IP_BLACKLIST_REGEX &&
new RegExp(IP_BLACKLIST_REGEX).test(
request.headers.get("cf-connecting-ip")
)) ||
(REGION_WHITELIST_REGEX &&
!new RegExp(REGION_WHITELIST_REGEX).test(
request.headers.get("cf-ipcountry")
)) ||
(REGION_BLACKLIST_REGEX &&
new RegExp(REGION_BLACKLIST_REGEX).test(
request.headers.get("cf-ipcountry")
))
) {
logError(request, "Invalid");
return URL302
? Response.redirect(URL302, 302)
: new Response(await nginx(), {
headers: {
"Content-Type": "text/html; charset=utf-8",
},
});
}
url.host = PROXY_HOSTNAME;
url.protocol = PROXY_PROTOCOL;
const newRequest = createNewRequest(
request,
url,
PROXY_HOSTNAME,
originHostname
);
const originalResponse = await fetch(newRequest);
const newResponseHeaders = setResponseHeaders(
originalResponse,
PROXY_HOSTNAME,
originHostname,
DEBUG
);
const contentType = newResponseHeaders.get("content-type") || "";
let body;
if (contentType.includes("text/")) {
body = await replaceResponseText(
originalResponse,
PROXY_HOSTNAME,
PATHNAME_REGEX,
originHostname
);
} else {
body = originalResponse.body;
}
return new Response(body, {
status: originalResponse.status,
headers: newResponseHeaders,
});
} catch (error) {
logError(request, `Fetch error: ${error.message}`);
return new Response("Internal Server Error", { status: 500 });
}
},
};
评论已关闭