惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Attack and Defense Labs
Attack and Defense Labs
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
H
Hackread – Cybersecurity News, Data Breaches, AI and More
I
Intezer
C
Cyber Attacks, Cyber Crime and Cyber Security
The Register - Security
The Register - Security
量子位
Security Latest
Security Latest
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
MyScale Blog
MyScale Blog
J
Java Code Geeks
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
Spread Privacy
Spread Privacy
Jina AI
Jina AI
博客园 - 【当耐特】
P
Palo Alto Networks Blog
Last Week in AI
Last Week in AI
SecWiki News
SecWiki News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
G
GRAHAM CLULEY
宝玉的分享
宝玉的分享
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
The Blog of Author Tim Ferriss
V
Vulnerabilities – Threatpost
有赞技术团队
有赞技术团队
T
Tor Project blog
H
Hacker News: Front Page
A
Arctic Wolf
NISL@THU
NISL@THU
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
Engineering at Meta
Engineering at Meta
V
V2EX
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
Know Your Adversary
Know Your Adversary
P
Privacy International News Feed
I
InfoQ
D
Docker
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
U
Unit 42

筑语日志

nginx 升级至1.31.0 - 筑语日志 被百度收录 - 筑语日志 已删除评论bug修复 - 筑语日志 mini的nginx代理bug修复 - 筑语日志 修复CMYK色彩传图失败的bug - 筑语日志 个人主页可以通过用户名访问了 - 筑语日志 增设换图功能 - 筑语日志 增设删图功能 - 筑语日志 首页动态页码更新、增设link预览 - 筑语日志 从foreverblog.cn来访的客人 - 筑语日志 还得是打球 - 筑语日志 记录的动力 - 筑语日志 内容长度限制 - 筑语日志 手动换屏幕记录 - 筑语日志 《禅与摩托车维修艺术》节选 - 筑语日志
Gravatar头像代理 - 筑语日志
mgt · 2025-11-14 · via 筑语日志

RT。第二层代理解决连通性问题,第一层代理缓存解决速度问题:

针对代理gravatar.com的302调整,需要在第二层nginx代理中配置proxy_redirect https://secure.gravtar.com /avatar/;
同理,第一层nginx代理中需要配置proxy_redirect https://B.xyz /avatar/;(假设第二层代理的server块为B.xyz)
最后还需要注意一下缓存问题。

最后附上完整配置:

第二层代理(解决连通性问题):

server {
        listen       80;
        server_name B.xyz;
        rewrite ^(.*) https://B.xyz$1;
        }    
server {
    listen 443 ssl;
    server_name B.xyz;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    #ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_buffer_size 1400;
    #https证书配置
    include         ssl/https.conf;

    location ~ ^/avatar/([a-fA-F0-9]+)$ {
        set $hash $1;
        # 强制使用ipv4(如果不设置似乎默认返回ipv6的地址,但该层服务区不支持ipv6网络……)
        resolver 8.8.8.8 ipv6=off;
        resolver_timeout 10s;
        # 模拟真实浏览器的请求头(加一层“烟雾弹”避免强制跳转到www.gravatar.com)
    proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36";
    proxy_set_header Accept "image/webp,image/apng,image/*,*/*;q=0.8";
    proxy_set_header Accept-Language "en-US,en;q=0.9";
    proxy_set_header Accept-Encoding "gzip, deflate, br";
    proxy_set_header Referer "https://wordpress.org/";
    proxy_set_header DNT "1";
    proxy_set_header Connection "keep-alive";
    proxy_set_header Sec-Fetch-Dest "image";
    proxy_set_header Sec-Fetch-Mode "no-cors";
    proxy_set_header Sec-Fetch-Site "cross-site";
        # 向源站传送主机头、客户端真实 IP 等特定信息。
        proxy_set_header Host secure.gravatar.com;
        # 处理参数,带默认值(这里是自定义的参数)
        set $size "32";
        if ($arg_s ~* "^\d+$") {
            set $size $arg_s;
        }
        proxy_pass https://secure.gravatar.com/avatar/$hash?s=$size;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Accept-Encoding "";

        # 处理重定向 - 关键!
        proxy_redirect https://secure.gravatar.com/ /avatar/;
        # 指定缓存使用的空间。
        proxy_cache gravatar;
        # 指定缓存使用的 key 值,方便定位清除缓存。
        proxy_cache_key $scheme$host$request_uri;
        add_header X-Cache-Status $upstream_cache_status;
        # 指定对 200、301 或者 302 等有效代码缓存的时间长度,特定参数 any 表示对任何响应都缓存一定时间长>度。
        proxy_cache_valid 200 304 7d;
        proxy_cache_valid 301 24h;
        proxy_cache_valid 500 502 503 504 0s;
        proxy_cache_valid any 1d;
        # 超时设置
        proxy_connect_timeout 5s;
        proxy_read_timeout 5s;
    }
}

第一层代理(解决速度问题):

server {
        listen       80;
        server_name A.xyz;
        rewrite ^(.*) https://A.xyz$1;
        }    
server {
    listen 443 ssl;
    server_name A.xyz;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 10m;
    #ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_buffer_size 1400;
    #https证书配置
    include         ssl/https.conf;
 
    location /avatar/ {
    # 向源站传送主机头、客户端真实 IP 等特定信息。
        proxy_set_header Host B.xyz;#注意这里需要明确配置到第二层代理的server块B.xyz,否则很可能会去访问ip进而404
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Accept-Encoding "";

        proxy_pass https://B.xyz:443;
        proxy_redirect https://B.xyz/ /avatar/;
 
    # 指定缓存使用的空间。
        proxy_cache avatar;
        # 指定缓存使用的 key 值,方便定位清除缓存。
        proxy_cache_key $scheme$host$request_uri;
 
        # 指定对 200、301 或者 302 等有效代码缓存的时间长度,特定参数 any 表示对任何响应都缓存一定时间长度。
        proxy_cache_valid 200 304 7d;
        proxy_cache_valid 301 24h;
        proxy_cache_valid 500 502 503 504 0s;
        proxy_cache_valid any 1d;
    }
 
}

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。