前期准备
反代Google之前要准备的各种乱七八糟的包括但不限于一台国外的VPS、一个域名、SSL证书等等,请提前准备好。
Apache反代
Apache需安装开启proxy相关模块以及substitute模块。
Apache配置如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
| <VirtualHost ip_address:80> ServerAdmin admin@domain.name ServerName domain.name ServerAlias *.domain.name Redirect / https://domain.name </VirtualHost> <VirtualHost ip_address:443> ServerAdmin admin@domain.name ServerName domain.name ServerAlias *.domain.name #403跳转页面。 # ErrorDocument 403 https://www.bing.com/ SSLEngine on SSLCertificateFile /path/cert/pem.pem SSLCACertificateFile /path/cert/crt.crt SSLCertificateKeyFile /path/cert/key.key RewriteEngine On RewriteCond %{HTTP_HOST} !^domain.name$ [NC] RewriteRule ^(.*)$ https://domain.name$1 [L,R=301] #限制IP访问。 # <Location /> # Order Deny,Allow # Deny from all # Allow from 192.168.1.1 # Allow from 192.168.1.0/24 # </Location> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ProxyRequests Off SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://www.google.com/ ProxyPassReverse / https://www.google.com/ RequestHeader unset Accept-Encoding AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html text/xml #关键字符替换。 Substitute s|www.google.com|domain.name|in Header always set Strict-Transport-Security "max-age=31536000; preload" Header always edit Set-Cookie ^(.*)$ ;HttpOnly;Secure Header always set X-Content-Type-Options nosniff Header always set X-Frame-Options SAMEORIGIN </VirtualHost>
|
Nginx反代
Nginx需编译安装nginx_substitutions_filter模块。
Nginx配置如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
| server { listen 80; listen [::]:80; server_name domain.name; rewrite ^ https://$server_name$request_uri? permanent; }
server { listen 443 http2; listen [::]:443 http2; ssl on; server_name domain.name;
if ($host != 'domain.name' ) { rewrite ^/(.*)$ https://$server_name/$1 permanent; }
#403跳转页面。 # error_page 403 https://www.bing.com;
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!DSS; ssl_prefer_server_ciphers on; ssl_certificate /path/cert/pem.pem; ssl_certificate_key /path/cert/key.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
#防止网络爬虫。 if ($http_user_agent ~* "360Spider|qihoobot|Bingbot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|YandexBot|Yisouspider|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; }
resolver 1.1.1.1 [2606:4700:4700::1111] valid=30s;
location / { proxy_pass https://www.google.com; proxy_redirect off; proxy_cookie_domain google.com domain.name; proxy_connect_timeout 60s; proxy_read_timeout 5400s; proxy_send_timeout 5400s;
proxy_set_header Accept-Encoding ""; proxy_set_header Host "www.google.com"; proxy_set_header User-Agent $http_user_agent; proxy_set_header Referer https://www.google.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Accept-Language "zh-CN"; proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
subs_filter_types text/css text/xml text/javascript application/javascript application/json; #关键字符替换。 subs_filter www.google.com domain.name; subs_filter www.google.com.hk domain.name;
sub_filter_once off;
#限制IP访问。 # allow 192.168.1.1; # allow 192.168.1.0/24; # deny all; }
}
|
后记
domain.name替换成你自己的域名,建议为域名添加SSL证书,以及过滤IP访问。