WeAir

反向代理Google

前期准备

反代Google之前要准备的各种乱七八糟的包括但不限于一台国外的VPS、一个域名、SSL证书等等,请提前准备好。

Apache反代

Apache需安装开启proxy相关模块以及substitute模块。

Apache配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<VirtualHost ip_address:80>
    ServerAdmin admin@domain.name
    ServerName domain.name
    ServerAlias *.domain.name
    Redirect / https://domain.name
</VirtualHost>
<VirtualHost ip_address:443>
    ServerAdmin admin@domain.name
    ServerName domain.name
    ServerAlias *.domain.name
#403跳转页面。
#    ErrorDocument 403 https://www.bing.com/
    SSLEngine on
    SSLCertificateFile /path/cert/pem.pem
    SSLCACertificateFile /path/cert/crt.crt
    SSLCertificateKeyFile /path/cert/key.key
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.name$ [NC]
    RewriteRule ^(.*)$ https://domain.name$1 [L,R=301]
#限制IP访问。
#    <Location />  
#        Order Deny,Allow
#        Deny from all
#        Allow from 192.168.1.1
#        Allow from 192.168.1.0/24
#    </Location>
        SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
        ProxyRequests Off
        SSLProxyEngine On
        RequestHeader set Front-End-Https "On"
        ProxyPass / https://www.google.com/
        ProxyPassReverse / https://www.google.com/
        RequestHeader unset Accept-Encoding
        AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html text/xml
#关键字符替换。
        Substitute s|www.google.com|domain.name|in
        Header always set Strict-Transport-Security "max-age=31536000; preload"
        Header always edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
        Header always set X-Content-Type-Options nosniff
        Header always set X-Frame-Options SAMEORIGIN
</VirtualHost>

Nginx反代

Nginx需编译安装nginx_substitutions_filter模块。

Nginx配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
server {
    listen 80;
    listen [::]:80;
    server_name domain.name;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 http2;
    listen [::]:443 http2;
    ssl on;
    server_name domain.name;

    if ($host != 'domain.name' ) {
        rewrite ^/(.*)$ https://$server_name/$1 permanent;
    }

#403跳转页面。
#    error_page   403   https://www.bing.com;

    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!DSS;
    ssl_prefer_server_ciphers on;
    ssl_certificate     /path/cert/pem.pem;
    ssl_certificate_key /path/cert/key.key;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

#防止网络爬虫。
    if ($http_user_agent ~* "360Spider|qihoobot|Bingbot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|YandexBot|Yisouspider|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
        return 403; 
    }

    resolver 1.1.1.1 [2606:4700:4700::1111] valid=30s;

    location / {
        proxy_pass https://www.google.com;
        proxy_redirect off;
        proxy_cookie_domain google.com domain.name; 
        proxy_connect_timeout 60s;
        proxy_read_timeout 5400s;
        proxy_send_timeout 5400s;

        proxy_set_header Accept-Encoding "";
        proxy_set_header Host "www.google.com";
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Referer https://www.google.com;
        proxy_set_header X-Real-IP $remote_addr; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Accept-Language "zh-CN";
        proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";

        subs_filter_types text/css text/xml text/javascript application/javascript application/json;
#关键字符替换。
        subs_filter www.google.com domain.name;
        subs_filter www.google.com.hk domain.name;

        sub_filter_once off;

#限制IP访问。
#        allow 192.168.1.1;
#        allow 192.168.1.0/24;
#        deny all;
    }

}

后记

domain.name替换成你自己的域名,建议为域名添加SSL证书,以及过滤IP访问。