LNMP环境下,利用Nginx反代Wikipedia

前记

之前一直使用ShadowsocksR代理网络,但是这需要安装软件,还是很麻烦的。

考虑到访问外网的主要需求为维基百科,所以就着手于制作一个维基镜像站。

了解到一共有两种方法,分别为通过Kiwix访问本地存储的ZIM文件通过Nginx反代wikipedia.org

前者不仅时效性差还需要占用大量空间,对于我寒酸的服务器来说是个大问题,因此采用了第二个方案。

特别感谢Johnson的指点、网上大佬们的教程,才有了如今这个维基镜像站。

准备

  1. 一台港澳台或国外的VPS
  2. Linux系统(笔者使用的是Ubuntu 18.04 LTS
  3. LNMP环境(笔者使用的是LNMP 1.6,安装详见LNMP官网

教程

1. 为已安装的LNMP编译ngx_http_substitutions_filter_module模块

下载ngx_http_substitutions_filter_module模块

cd /root
git clone "https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git"

编辑lnmp.conf文件

vim /root/lnmp1.6/lnmp.conf

Nginx_Modules_Options一项后的单引号间添加 --add-module=/root/ngx_http_substitutions_filter_module

查看Nginx版本号

nginx -V

安装ngx_http_substitutions_filter_module模块

cd /root/lnmp1.6
./upgrade.sh

选择Update Nginx

Current Nginx Version中输入你当前的Nginx版本号

不停回车即可

编译结束时,输入nginx -V检查编译

你将看到--add-module=/root/ngx_http_substitutions_filter_module

2.添加vhost

确保相关域名已添加至你的DNS解析服务商

以本站为例,分别为:

wiki.ericdrive.ml

*.wiki.ericdrive.ml

实际使用的为:

wiki.ericdrive.ml

lang.wiki.ericdrive.ml

lang.m.wiki.ericdrive.ml

up.wiki.ericdrive.ml

注意:

ericdrive.ml替换成你自己的域名

lang替换为你希望添加的维基语言,如enzh分别对应英文中文维基,下同

新建配置文件

lnmp vhost add

依次添加

wiki.ericdrive.ml
lang.wiki.ericdrive.ml
lang.m.wiki.ericdrive.ml
up.wiki.ericdrive.ml

路径默认即可

n直到出现Add SSL Certificate (y/n) 一项,选y

1: Use your Own SSL Certificate and Key 
2: Use Let's Encrypt to create SSL Certificate and Key 
Enter 1 or 2:

然后填2

完成配置即可

3.编辑配置文件

配置wiki.ericdrive.ml.conf

vim /usr/local/nginx/conf/vhost/wiki.ericdrive.ml.conf

用以下代码覆盖原文件

注意:

ericdrive.ml替换成你自己的域名

server {
    server_name up.wiki.ericdrive.ml;
    listen 80;
    listen 443 ssl http2;
    resolver 8.8.8.8;
#    resolver 127.0.0.1 valid=30s;

    ssl_certificate /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/wiki.ericdrive.ml.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
    if ($http_x_forwarded_proto = 'http')
    {
        return 301 $server_name$request_uri;
    }

    location / {
        proxy_pass https://upload.wikimedia.org;
        proxy_cookie_domain upload.wikimedia.org up.wiki.ericdrive.ml;
        proxy_buffering off;
        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header referer "https://upload.wikimedia.org$request_uri";
    }
}

server {
    server_name  wiki.ericdrive.ml;
    listen 80;
    listen 443 ssl http2;
    resolver 8.8.8.8;

    ssl_certificate /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/wiki.ericdrive.ml.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
    if ($http_x_forwarded_proto = 'http')
    {
        return 301 $server_name$request_uri;
    }

    location / {
        proxy_pass https://www.wikipedia.org;
        proxy_buffering off;

        proxy_redirect https://www.wikipedia.org/ http://wiki.ericdrive.ml/;
        proxy_cookie_domain www.wikipedia.org wiki.ericdrive.ml;
        proxy_redirect ~^https://([\w\.]+).wikipedia.org/(.*?)$ http://$1.wiki.ericdrive.ml/$2;

        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding '';
        proxy_set_header referer "https://$proxy_host$request_uri";

        subs_filter_types text/css text/xml text/javascript application/javascript application/json;
        subs_filter .wikipedia.org .wiki.ericdrive.ml;
        subs_filter //wikipedia.org //wiki.ericdrive.ml;
        subs_filter upload.wikimedia.org up.wiki.ericdrive.ml;
    }
}

server {
    server_name  ~^(?<subdomain>[^.]+)\.wiki\.ericdrive\.ml$;
    listen 80;
    listen 443 ssl http2;
    resolver 8.8.8.8;

    ssl_certificate /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/wiki.ericdrive.ml.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
    if ($http_x_forwarded_proto = 'http')
    {
        return 301 $subdomain.wiki.ericdrive.ml$request_uri;
    }

    location / {
        proxy_pass https://$subdomain.wikipedia.org;
        proxy_buffering off;

        proxy_redirect https://$subdomain.wikipedia.org/ http://$subdomain.wiki.ericdrive.ml/;
        proxy_redirect https://$subdomain.m.wikipedia.org/ http://$subdomain.m.wiki.ericdrive.ml/;
        proxy_cookie_domain $subdomain.wikipedia.org $subdomain.wiki.ericdrive.ml;
        proxy_redirect ~^https://([\w\.]+).wikipedia.org/(.*?)$ http://$1.wiki.ericdrive.ml/$2;

        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_set_header referer "https://$proxy_host$request_uri";

        subs_filter_types text/css text/xml text/javascript application/javascript application/json;
        subs_filter .wikipedia.org .wiki.ericdrive.ml;
        subs_filter //wikipedia.org //wiki.ericdrive.ml;
        subs_filter 'https://([^.]+).wiki' 'http://$1.wiki' igr; 
        subs_filter upload.wikimedia.org up.wiki.ericdrive.ml;
    }
}

server {
    server_name ~^(?<subdomain>[^.]+)\.m\.wiki\.ericdrive\.ml$;
    listen 80;
    listen 443 ssl http2;
    resolver 8.8.8.8;

    ssl_certificate /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/wiki.ericdrive.ml/wiki.ericdrive.ml.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
    if ($http_x_forwarded_proto = 'http')
    {
        return 301 $subdomain.m.wiki.ericdrive.ml$request_uri;
    }

    location / {
        proxy_pass https://$subdomain.m.wikipedia.org;
        proxy_buffering off;

        proxy_redirect https://$subdomain.m.wikipedia.org/ http://$subdomain.m.wiki.ericdrive.ml/;
        proxy_cookie_domain $subdomain.m.wikipedia.org $subdomain.m.wiki.ericdrive.ml;

        proxy_set_header X-Real_IP $remote_addr;
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Encoding ''; 
        proxy_set_header referer "https://$proxy_host$request_uri";

        subs_filter_types text/css text/xml text/javascript application/javascript application/json;
        subs_filter .wikipedia.org .wiki.ericdrive.ml;
        subs_filter //wikipedia.org //wiki.ericdrive.ml;
        subs_filter 'https://([^.]+).m.wiki' 'http://$1.m.wiki' igr; 
        subs_filter upload.wikimedia.org up.wiki.ericdrive.ml;
    }
}

4.重启Nginx

lnmp nginx restart

用文字对抗时间 用书写逆熵而行

一个月前、高考前11天的随笔😏


天下无有不散筵席

明·冯梦龙《醒世恒言》


害怕离别

怀念岁月、时光

仿佛生命的一部分会随之流散

或许不只是对舒适区的依恋



意识即记忆

李大仙


记忆总是渺茫的

像云、像烟

高考后千万要写日记啊

用文字对抗时间

用书写逆熵而行


人不就是逆熵前行的生物吗

逆熵,天命也

一个人,一辈子

一个天命

足矣。



我们的征途是星辰大海

林老师


我的天命是什么

我不知道

但那个问天的身躯

亦是对这个问题的最好回答


无论考好考差

一定不能忘了为啥出发啊


超越自己

又何必活在他人的影子下

不能沉湎于《昨日之歌》啊


人的定义是记忆

但人的伟大在于他的超越性



君子终日乾乾,夕惕若厉,无咎!

《易经.乾卦》