群晖使用自建镜像反代域名拉取docker镜像

作者: E星期五分类: 自己写的日记发布时间: 2024-06-14 16:58 ė 1608 次浏览 6 没有评论

首先建立反代网站，应该有不少教程，我是在cf的work里弄的
cf workers自建域名等自己摸索
主要是将将 worker.js 的内容替换为下面内容

'use strict'

const hub_host = 'registry-1.docker.io'
const auth_url = 'https://auth.docker.io'
const workers_url = 'https://你的域名'
//const home_page_url = '远程html链接'

/** @type {RequestInit} */
const PREFLIGHT_INIT = {
    status: 204,
    headers: new Headers({
        'access-control-allow-origin': '*',
        'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
        'access-control-max-age': '1728000',
    }),
}

/**
 * @param {any} body
 * @param {number} status
 * @param {Object<string, string>} headers
 */
function makeRes(body, status = 200, headers = {}) {
    headers['access-control-allow-origin'] = '*'
    return new Response(body, {status, headers})
}


/**
 * @param {string} urlStr
 */
function newUrl(urlStr) {
    try {
        return new URL(urlStr)
    } catch (err) {
        return null
    }
}


addEventListener('fetch', e => {
    const ret = fetchHandler(e)
        .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
    e.respondWith(ret)
})


/**
 * @param {FetchEvent} e
 */
async function fetchHandler(e) {
    const getReqHeader = (key) => e.request.headers.get(key);

    let url = new URL(e.request.url);

    if (url.pathname === '/') {
        // Fetch and return the home page HTML content
        //return fetch(home_page_url);
        return new Response(indexHtml, {
            headers: {
              'Content-Type': 'text/html'
            }
          });
    }

    if (url.pathname === '/token') {
        let token_parameter = {
            headers: {
                'Host': 'auth.docker.io',
                'User-Agent': getReqHeader("User-Agent"),
                'Accept': getReqHeader("Accept"),
                'Accept-Language': getReqHeader("Accept-Language"),
                'Accept-Encoding': getReqHeader("Accept-Encoding"),
                'Connection': 'keep-alive',
                'Cache-Control': 'max-age=0'
            }
        };
        let token_url = auth_url + url.pathname + url.search
        return fetch(new Request(token_url, e.request), token_parameter)
    }

    url.hostname = hub_host;

    let parameter = {
        headers: {
            'Host': hub_host,
            'User-Agent': getReqHeader("User-Agent"),
            'Accept': getReqHeader("Accept"),
            'Accept-Language': getReqHeader("Accept-Language"),
            'Accept-Encoding': getReqHeader("Accept-Encoding"),
            'Connection': 'keep-alive',
            'Cache-Control': 'max-age=0'
        },
        cacheTtl: 3600
    };

    if (e.request.headers.has("Authorization")) {
        parameter.headers.Authorization = getReqHeader("Authorization");
    }

    let original_response = await fetch(new Request(url, e.request), parameter)
    let original_response_clone = original_response.clone();
    let original_text = original_response_clone.body;
    let response_headers = original_response.headers;
    let new_response_headers = new Headers(response_headers);
    let status = original_response.status;

    if (new_response_headers.get("Www-Authenticate")) {
        let auth = new_response_headers.get("Www-Authenticate");
        let re = new RegExp(auth_url, 'g');
        new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
    }

    if (new_response_headers.get("Location")) {
        return httpHandler(e.request, new_response_headers.get("Location"))
    }

    let response = new Response(original_text, {
        status,
        headers: new_response_headers
    })
    return response;

}


/**
 * @param {Request} req
 * @param {string} pathname
 */
function httpHandler(req, pathname) {
    const reqHdrRaw = req.headers

    // preflight
    if (req.method === 'OPTIONS' &&
        reqHdrRaw.has('access-control-request-headers')
    ) {
        return new Response(null, PREFLIGHT_INIT)
    }

    let rawLen = ''

    const reqHdrNew = new Headers(reqHdrRaw)

    const refer = reqHdrNew.get('referer')

    let urlStr = pathname

    const urlObj = newUrl(urlStr)

    /** @type {RequestInit} */
    const reqInit = {
        method: req.method,
        headers: reqHdrNew,
        redirect: 'follow',
        body: req.body
    }
    return proxy(urlObj, reqInit, rawLen, 0)
}


/**
 *
 * @param {URL} urlObj
 * @param {RequestInit} reqInit
 */
async function proxy(urlObj, reqInit, rawLen) {
    const res = await fetch(urlObj.href, reqInit)
    const resHdrOld = res.headers
    const resHdrNew = new Headers(resHdrOld)

    // verify
    if (rawLen) {
        const newLen = resHdrOld.get('content-length') || ''
        const badLen = (rawLen !== newLen)

        if (badLen) {
            return makeRes(res.body, 400, {
                '--error': `bad len: ${newLen}, except: ${rawLen}`,
                'access-control-expose-headers': '--error',
            })
        }
    }
    const status = res.status
    resHdrNew.set('access-control-expose-headers', '*')
    resHdrNew.set('access-control-allow-origin', '*')
    resHdrNew.set('Cache-Control', 'max-age=1500')

    resHdrNew.delete('content-security-policy')
    resHdrNew.delete('content-security-policy-report-only')
    resHdrNew.delete('clear-site-data')

    return new Response(res.body, {
        status,
        headers: resHdrNew
    })
}

const indexHtml = `
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Dockerhub镜像加速说明</title>
    <style>
        body {
            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
            line-height: 1.6;
            color: #333;
            margin: 0;
            padding: 20px;
            background-image: url('https://cdn.jsdelivr.net/gh/fireinrain/picx-images-hosting@master/20240608/wp8114669-docker-wallpapers.5h6dvj56isg0.webp'); /* Replace with your image path */
            background-size: cover;
            background-position: center;
            background-repeat: no-repeat;
            background-attachment: fixed;
        }
        .container {
            max-width: 800px;
            margin: 0 auto;
            padding: 20px;
            background: rgba(255, 255, 255, 0.8);
            border-radius: 8px;
            box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
        }
        h1 {
            font-size: 2em;
            margin-bottom: 0.5em;
            color: #007aff;
        }
        p {
            margin-bottom: 1em;
        }
        pre {
            background: #2d2d2d;
            color: #f8f8f2;
            padding: 20px;
            border-radius: 8px;
            overflow-x: auto;
            position: relative;
        }
        pre::before {
            content: " ";
            display: block;
            position: absolute;
            top: 10px;
            left: 10px;
            width: 12px;
            height: 12px;
            background: #ff5f56;
            border-radius: 50%;
            box-shadow: 20px 0 0 #ffbd2e, 40px 0 0 #27c93f;
        }
        code {
            font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, Courier, monospace;
            font-size: 0.875em;
        }
        .copy-button {
            position: absolute;
            top: 10px;
            right: 10px;
            background: #007aff;
            color: white;
            border: none;
            padding: 5px 10px;
            border-radius: 5px;
            cursor: pointer;
            opacity: 0;
            transition: opacity 0.3s;
        }
        pre:hover .copy-button {
            opacity: 1;
        }
</style>
</head>
<body>
    <div class="container">
        <center><h1>镜像加速说明</h1></center>
        <h3>为了加速镜像拉取，你可以使用以下命令设置 registry mirror:</h3>
        <pre><code>
sudo tee /etc/docker/daemon.json &lt;&lt;EOF
{
    "registry-mirrors": ["https://你的域名"]
}
EOF</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>
        <h3>用法:</h3>
        <p>原拉取镜像命令</p>
        <pre><code>
docker pull library/alpine:latest</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>
        <h3>加速拉取镜像命令</h3>
        <pre><code>
docker pull 你的域名/library/alpine:latest</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>
    </div>
    <script>
        function copyCode(button) {
            const code = button.previousSibling;
            const textArea = document.createElement('textarea');
            textArea.value = code.textContent;
            document.body.appendChild(textArea);
            textArea.select();
            document.execCommand('copy');
            document.body.removeChild(textArea);
            button.textContent = '已复制';
            setTimeout(() => {
                button.textContent = '复制代码';
            }, 2000);
        }
</script>
</body>
</html>
`

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

'use strict'

const hub_host = 'registry-1.docker.io'

const auth_url = 'https://auth.docker.io'

const workers_url = 'https://你的域名'

//const home_page_url = '远程html链接'

/** @type {RequestInit} */

const PREFLIGHT_INIT = {

status: 204,

headers: new Headers({

'access-control-allow-origin': '*',

'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',

'access-control-max-age': '1728000',

}),

}

/**

* @param {any} body

* @param {number} status

* @param {Object<string, string>} headers

function makeRes(body, status = 200, headers = {}) {

headers['access-control-allow-origin'] = '*'

return new Response(body, {status, headers})

}

/**

* @param {string} urlStr

function newUrl(urlStr) {

try {

return new URL(urlStr)

} catch (err) {

return null

}

addEventListener('fetch', e => {

const ret = fetchHandler(e)

.catch(err => makeRes('cfworker error:\n' + err.stack, 502))

e.respondWith(ret)

})

/**

* @param {FetchEvent} e

async function fetchHandler(e) {

const getReqHeader = (key) => e.request.headers.get(key);

let url = new URL(e.request.url);

if (url.pathname === '/') {

// Fetch and return the home page HTML content

//return fetch(home_page_url);

return new Response(indexHtml, {

headers: {

'Content-Type': 'text/html'

}

});

}

if (url.pathname === '/token') {

let token_parameter = {

headers: {

'Host': 'auth.docker.io',

'User-Agent': getReqHeader("User-Agent"),

'Accept': getReqHeader("Accept"),

'Accept-Language': getReqHeader("Accept-Language"),

'Accept-Encoding': getReqHeader("Accept-Encoding"),

'Connection': 'keep-alive',

'Cache-Control': 'max-age=0'

}

};

let token_url = auth_url + url.pathname + url.search

return fetch(new Request(token_url, e.request), token_parameter)

}

url.hostname = hub_host;

let parameter = {

headers: {

'Host': hub_host,

'User-Agent': getReqHeader("User-Agent"),

'Accept': getReqHeader("Accept"),

'Accept-Language': getReqHeader("Accept-Language"),

'Accept-Encoding': getReqHeader("Accept-Encoding"),

'Connection': 'keep-alive',

'Cache-Control': 'max-age=0'

cacheTtl: 3600

};

if (e.request.headers.has("Authorization")) {

parameter.headers.Authorization = getReqHeader("Authorization");

}

let original_response = await fetch(new Request(url, e.request), parameter)

let original_response_clone = original_response.clone();

let original_text = original_response_clone.body;

let response_headers = original_response.headers;

let new_response_headers = new Headers(response_headers);

let status = original_response.status;

if (new_response_headers.get("Www-Authenticate")) {

let auth = new_response_headers.get("Www-Authenticate");

let re = new RegExp(auth_url, 'g');

new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));

}

if (new_response_headers.get("Location")) {

return httpHandler(e.request, new_response_headers.get("Location"))

}

let response = new Response(original_text, {

status,

headers: new_response_headers

})

return response;

}

/**

* @param {Request} req

* @param {string} pathname

function httpHandler(req, pathname) {

const reqHdrRaw = req.headers

// preflight

if (req.method === 'OPTIONS' &&

reqHdrRaw.has('access-control-request-headers')

) {

return new Response(null, PREFLIGHT_INIT)

}

let rawLen = ''

const reqHdrNew = new Headers(reqHdrRaw)

const refer = reqHdrNew.get('referer')

let urlStr = pathname

const urlObj = newUrl(urlStr)

/** @type {RequestInit} */

const reqInit = {

method: req.method,

headers: reqHdrNew,

redirect: 'follow',

body: req.body

}

return proxy(urlObj, reqInit, rawLen, 0)

}

/**

* @param {URL} urlObj

* @param {RequestInit} reqInit

async function proxy(urlObj, reqInit, rawLen) {

const res = await fetch(urlObj.href, reqInit)

const resHdrOld = res.headers

const resHdrNew = new Headers(resHdrOld)

// verify

if (rawLen) {

const newLen = resHdrOld.get('content-length') || ''

const badLen = (rawLen !== newLen)

if (badLen) {

return makeRes(res.body, 400, {

'--error': `bad len: ${newLen}, except: ${rawLen}`,

'access-control-expose-headers': '--error',

})

}

const status = res.status

resHdrNew.set('access-control-expose-headers', '*')

resHdrNew.set('access-control-allow-origin', '*')

resHdrNew.set('Cache-Control', 'max-age=1500')

resHdrNew.delete('content-security-policy')

resHdrNew.delete('content-security-policy-report-only')

resHdrNew.delete('clear-site-data')

return new Response(res.body, {

status,

headers: resHdrNew

})

}

const indexHtml = `

<!DOCTYPE html>

<head>

<title>Dockerhub镜像加速说明</title>

<style>

body {

font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;

line-height: 1.6;

color: #333;

margin: 0;

padding: 20px;

background-image: url('https://cdn.jsdelivr.net/gh/fireinrain/picx-images-hosting@master/20240608/wp8114669-docker-wallpapers.5h6dvj56isg0.webp'); /* Replace with your image path */

background-size: cover;

background-position: center;

background-repeat: no-repeat;

background-attachment: fixed;

}

.container {

max-width: 800px;

margin: 0 auto;

padding: 20px;

background: rgba(255, 255, 255, 0.8);

border-radius: 8px;

box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);

}

h1 {

font-size: 2em;

margin-bottom: 0.5em;

color: #007aff;

}

p {

margin-bottom: 1em;

}

pre {

background: #2d2d2d;

color: #f8f8f2;

padding: 20px;

border-radius: 8px;

overflow-x: auto;

position: relative;

}

pre::before {

content: " ";

display: block;

position: absolute;

top: 10px;

left: 10px;

width: 12px;

height: 12px;

background: #ff5f56;

border-radius: 50%;

box-shadow: 20px 0 0 #ffbd2e, 40px 0 0 #27c93f;

}

code {

font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, Courier, monospace;

font-size: 0.875em;

}

.copy-button {

position: absolute;

top: 10px;

right: 10px;

background: #007aff;

color: white;

border: none;

padding: 5px 10px;

border-radius: 5px;

cursor: pointer;

opacity: 0;

transition: opacity 0.3s;

}

pre:hover .copy-button {

opacity: 1;

}

</style>

</head>

<body>

<center><h1>镜像加速说明</h1></center>

<h3>为了加速镜像拉取，你可以使用以下命令设置 registry mirror:</h3>

sudo tee /etc/docker/daemon.json <<EOF

{

"registry-mirrors": ["https://你的域名"]

}

EOF</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>

<p>原拉取镜像命令</p>

docker pull library/alpine:latest</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>

<h3>加速拉取镜像命令</h3>

docker pull 你的域名/library/alpine:latest</code><button class="copy-button" onclick="copyCode(this)">复制代码</button></pre>

</div>

function copyCode(button) {

const code = button.previousSibling;

const textArea = document.createElement('textarea');

textArea.value = code.textContent;

document.body.appendChild(textArea);

textArea.select();

document.execCommand('copy');

document.body.removeChild(textArea);

button.textContent = '已复制';

setTimeout(() => {

button.textContent = '复制代码';

}, 2000);

}

</script>

</body>

</html>

然后进入群晖的container Manager–注册表，设置，https://index.docker.io/ 启用注册表镜像URL这里填入反代网站地址，勾选“信任的SSL自我签署证书”

本文出自E星期五的博客，转载时请注明出处及相应链接。

本文永久链接: https://exqw.com/archives/1952.html

« 上一篇文章

围着灶台转 »

发表回复取消回复

这个站点使用 Akismet 来减少垃圾评论。了解你的评论数据如何被处理。

群晖使用自建镜像反代域名拉取docker镜像

发表回复取消回复

分类目录

自己写的日记下的最新文章

随机文章

标签云

群晖使用自建镜像反代域名拉取docker镜像

发表回复 取消回复

分类目录

自己写的日记下的最新文章

随机文章

标签云

发表回复取消回复