Deploying a Github Mirror Using Caddy

2025-12-05 About 400 words 2 minutes

Strings to replace:

github.my-gh-proxy.com
assets.my-gh-proxy.com
avatars.my-gh-proxy.com
raw.my-gh-proxy.com
api.my-gh-proxy.com
codeload.my-gh-proxy.com
objects.my-gh-proxy.com
gist.my-gh-proxy.com
.my-gh-proxy.com

# Basic proxy header configuration
(proxy_defaults) {
    # Spoof Host header; automatically fetches reverse proxy target hostname via upstream_hostport
    header_up Host {upstream_hostport}

    # Pass real client information
	header_up X-Real-IP {remote}

    # Critical: Disable upstream compression to allow the replace module to modify response bodies
    header_up Accept-Encoding identity
}

# Privacy and security headers
(security_headers) {
    header X-Robots-Tag "noindex, nofollow, noarchive"
    header X-Content-Type-Options "nosniff"
	# Remove CSP to prevent script blocking due to domain mismatches
    header -Content-Security-Policy
}

# 1. Primary domain: github.my-gh-proxy.com
github.my-gh-proxy.com {
    # Enable compression on proxy side to improve client loading speed
    encode zstd gzip

    import security_headers

	reverse_proxy https://github.com {
        import proxy_defaults

        # Redirect rewriting
        header_down Location https://github.com https://github.my-gh-proxy.com
        header_down Location https://objects.githubusercontent.com https://objects.my-gh-proxy.com
		header_down Location https://raw.githubusercontent.com https://raw.my-gh-proxy.com

        # Cookie domain rewrite (regular expression match)
        header_down Set-Cookie "(.*)Domain=\.github\.com(.*)" "$1Domain=.my-gh-proxy.com$2"
    }

	# Content Replacement Rules
    replace {
		stream
		"https://github.com" "https://github.my-gh-proxy.com"
		"https://github.githubassets.com" "https://assets.my-gh-proxy.com"
		"https://avatars.githubusercontent.com" "https://avatars.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
		"https://api.github.com" "https://api.my-gh-proxy.com"
		"https://codeload.github.com" "https://codeload.my-gh-proxy.com"
		"https://objects.githubusercontent.com" "https://objects.my-gh-proxy.com"
		"https://gist.github.com" "https://gist.my-gh-proxy.com"
	}
}

# 2. Static resources: assets.my-gh-proxy.com
assets.my-gh-proxy.com {
    encode zstd gzip
    import security_headers

    reverse_proxy https://github.githubassets.com {
        import proxy_defaults
		header_down Access-Control-Allow-Origin "*"
    }
}

# 3. Avatar Service: avatars.my-gh-proxy.com
avatars.my-gh-proxy.com {
    encode zstd gzip
    import security_headers

	reverse_proxy https://avatars.githubusercontent.com {
        import proxy_defaults
        header_down Access-Control-Allow-Origin "*"
    }
}

# 4. Raw Files: raw.my-gh-proxy.com
raw.my-gh-proxy.com {
    encode zstd gzip
	import security_headers

    reverse_proxy https://raw.githubusercontent.com {
        import proxy_defaults
        header_down Access-Control-Allow-Origin "*"
    }

    replace {
        stream
        "https://github.com" "https://github.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
    }
}

# 5. API Service: api.my-gh-proxy.com
api.my-gh-proxy.com {
    encode zstd gzip
    import security_headers

	reverse_proxy https://api.github.com {
        import proxy_defaults
        # Fix pagination links
        header_down Link "https://api.github.com" "https://api.my-gh-proxy.com"
        header_down Location https://api.github.com https://api.my-gh-proxy.com
	}

    # Replace URLs in JSON responses
    replace {
        stream
        "https://api.github.com" "https://api.my-gh-proxy.com"
        "https://github.com" "https://github.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
    }
}

# 6. Code Download (Zip): codeload.my-gh-proxy.com
codeload.my-gh-proxy.com {
    encode zstd gzip
    import security_headers

	reverse_proxy https://codeload.github.com {
        import proxy_defaults
    }
}

# 7. Object Storage (LFS/Releases): objects.my-gh-proxy.com
objects.my-gh-proxy.com {
    # Disable compression to improve large file transfer efficiency (avoid CPU waste)
	# import security_headers # Object storage typically doesn't require excessive security header interference

    reverse_proxy https://objects.githubusercontent.com {
        import proxy_defaults
        # Ensure Authorization header remains unmodified, pass-through S3 signature
    }
}

# 8. Gist Service: gist.my-gh-proxy.com
gist.my-gh-proxy.com {
    encode zstd gzip
    import security_headers

    reverse_proxy https://gist.github.com {
        import proxy_defaults
        header_down Location https://gist.github.com https://gist.my-gh-proxy.com
		header_down Set-Cookie "(.*)Domain=\.github\.com(.*)" "$1Domain=.my-gh-proxy.com$2"
    }

	replace {
        stream
        "https://gist.github.com" "https://gist.my-gh-proxy.com"
        "https://github.com" "https://github.my-gh-proxy.com"
		"https://github.githubassets.com" "https://assets.my-gh-proxy.com"
        "https://avatars.githubusercontent.com" "https://avatars.my-gh-proxy.com"
    }
}