使用 Caddy 部署 Github 镜像

# 基础代理头设置
(proxy_defaults) {
	# 伪装主机头，通过 upstream_hostport 自动获取反代目标的主机名
	header_up Host {upstream_hostport}

	# 传递真实客户端信息
	header_up X-Real-IP {remote}

	# 关键：禁用上游压缩，以便 replace 模块能修改响应体
	header_up Accept-Encoding identity
}

# 隐私与安全头
(security_headers) {
	header X-Robots-Tag "noindex, nofollow, noarchive"
	header X-Content-Type-Options "nosniff"
	# 移除 CSP 以防止域名不匹配导致的脚本拦截
	header -Content-Security-Policy
}

# 1. 主域名: github.my-gh-proxy.com
github.my-gh-proxy.com {
	# 代理端开启压缩，提升客户端加载速度
	encode zstd gzip

	import security_headers

	reverse_proxy https://github.com {
		import proxy_defaults

		# 重定向重写
		header_down Location https://github.com https://github.my-gh-proxy.com
		header_down Location https://objects.githubusercontent.com https://objects.my-gh-proxy.com
		header_down Location https://raw.githubusercontent.com https://raw.my-gh-proxy.com

		# Cookie 域名重写 (正则匹配)
		header_down Set-Cookie "(.*)Domain=\.github\.com(.*)" "$1Domain=.my-gh-proxy.com$2"
	}

	# 内容替换规则
	replace {
		stream
		"https://github.com" "https://github.my-gh-proxy.com"
		"https://github.githubassets.com" "https://assets.my-gh-proxy.com"
		"https://avatars.githubusercontent.com" "https://avatars.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
		"https://api.github.com" "https://api.my-gh-proxy.com"
		"https://codeload.github.com" "https://codeload.my-gh-proxy.com"
		"https://objects.githubusercontent.com" "https://objects.my-gh-proxy.com"
		"https://gist.github.com" "https://gist.my-gh-proxy.com"
	}
}

# 2. 静态资源: assets.my-gh-proxy.com
assets.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://github.githubassets.com {
		import proxy_defaults
		header_down Access-Control-Allow-Origin "*"
	}
}

# 3. 头像服务: avatars.my-gh-proxy.com
avatars.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://avatars.githubusercontent.com {
		import proxy_defaults
		header_down Access-Control-Allow-Origin "*"
	}
}

# 4. 原始文件: raw.my-gh-proxy.com
raw.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://raw.githubusercontent.com {
		import proxy_defaults
		header_down Access-Control-Allow-Origin "*"
	}

	replace {
		stream
		"https://github.com" "https://github.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
	}
}

# 5. API 服务: api.my-gh-proxy.com
api.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://api.github.com {
		import proxy_defaults
		# 修复分页链接
		header_down Link "https://api.github.com" "https://api.my-gh-proxy.com"
		header_down Location https://api.github.com https://api.my-gh-proxy.com
	}

	# 替换 JSON 响应中的 URL
	replace {
		stream
		"https://api.github.com" "https://api.my-gh-proxy.com"
		"https://github.com" "https://github.my-gh-proxy.com"
		"https://raw.githubusercontent.com" "https://raw.my-gh-proxy.com"
	}
}

# 6. 代码下载 (Zip): codeload.my-gh-proxy.com
codeload.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://codeload.github.com {
		import proxy_defaults
	}
}

# 7. 对象存储 (LFS/Releases): objects.my-gh-proxy.com
objects.my-gh-proxy.com {
	# 禁用压缩以提高传输大文件的效率（避免 CPU 浪费）
	# import security_headers # 对象存储通常不需要过多的安全头干扰

	reverse_proxy https://objects.githubusercontent.com {
		import proxy_defaults
		# 确保不修改 Authorization 头，透传 S3 签名
	}
}

# 8. Gist 服务: gist.my-gh-proxy.com
gist.my-gh-proxy.com {
	encode zstd gzip
	import security_headers

	reverse_proxy https://gist.github.com {
		import proxy_defaults
		header_down Location https://gist.github.com https://gist.my-gh-proxy.com
		header_down Set-Cookie "(.*)Domain=\.github\.com(.*)" "$1Domain=.my-gh-proxy.com$2"
	}

	replace {
		stream
		"https://gist.github.com" "https://gist.my-gh-proxy.com"
		"https://github.com" "https://github.my-gh-proxy.com"
		"https://github.githubassets.com" "https://assets.my-gh-proxy.com"
		"https://avatars.githubusercontent.com" "https://avatars.my-gh-proxy.com"
	}
}