利用CloudFlare Workers反代Gravatar头像自建CDN

准备条件:

一个域名,建议使用eu.org,永久免费

一个CloudFlare账户

登录cloudflare,将域名添加到cloudflare,生效后解析一个A地址,ip指向(8.8.8.8)随意填,开启代理状态(如下图)

回到CloudFlare主页,打开Workers,点击:创建服务,会让你选个系统自带域名,随便选

创建好后,资源页面往下拉找到:快速编辑

清空里面的默认代码,并粘贴以下代码进去

// 替换成你想镜像的站点
const upstream = 'secure.gravatar.com'

// 如果那个站点有专门的移动适配站点,否则保持和上面一致
const upstream_mobile = 'secure.gravatar.com'

// 你希望禁止哪些国家访问
const blocked_region = ['RU']

// 禁止自访问
const blocked_ip_address = ['0.0.0.0', '127.0.0.1']

// 替换成你想镜像的站点
const replace_dict = {
    '$upstream': '$custom_domain',
    '//secure.gravatar.com': ''
}

//以下内容都不用动
addEventListener('fetch', event => {
    event.respondWith(fetchAndApply(event.request));
})

async function fetchAndApply(request) {

    const region = request.headers.get('cf-ipcountry').toUpperCase();
    const ip_address = request.headers.get('cf-connecting-ip');
    const user_agent = request.headers.get('user-agent');

    let response = null;
    let url = new URL(request.url);
    let url_host = url.host;

    if (url.protocol == 'http:') {
        url.protocol = 'https:'
        response = Response.redirect(url.href);
        return response;
    }

    if (await device_status(user_agent)) {
        upstream_domain = upstream
    } else {
        upstream_domain = upstream_mobile
    }

    url.host = upstream_domain;

    if (blocked_region.includes(region)) {
        response = new Response('Access denied: WorkersProxy is not available in your region yet.', {
            status: 403
        });
    } else if(blocked_ip_address.includes(ip_address)){
        response = new Response('Access denied: Your IP address is blocked by WorkersProxy.', {
            status: 403
        });
    } else{
        let method = request.method;
        let request_headers = request.headers;
        let new_request_headers = new Headers(request_headers);

        new_request_headers.set('Host', upstream_domain);
        new_request_headers.set('Referer', url.href);

        let original_response = await fetch(url.href, {
            method: method,
            headers: new_request_headers
        })

        let original_response_clone = original_response.clone();
        let original_text = null;
        let response_headers = original_response.headers;
        let new_response_headers = new Headers(response_headers);
        let status = original_response.status;

        new_response_headers.set('access-control-allow-origin', '*');
        new_response_headers.set('access-control-allow-credentials', true);
        new_response_headers.delete('content-security-policy');
        new_response_headers.delete('content-security-policy-report-only');
        new_response_headers.delete('clear-site-data');

        const content_type = new_response_headers.get('content-type');
        if (content_type.includes('text/html') && content_type.includes('UTF-8')) {
            original_text = await replace_response_text(original_response_clone, upstream_domain, url_host);
        } else {
            original_text = original_response_clone.body
        }

        response = new Response(original_text, {
            status,
            headers: new_response_headers
        })
    }
    return response;
}

async function replace_response_text(response, upstream_domain, host_name) {
    let text = await response.text()

    var i, j;
    for (i in replace_dict) {
        j = replace_dict[i]
        if (i == '$upstream') {
            i = upstream_domain
        } else if (i == '$custom_domain') {
            i = host_name
        }

        if (j == '$upstream') {
            j = upstream_domain
        } else if (j == '$custom_domain') {
            j = host_name
        }

        let re = new RegExp(i, 'g')
        text = text.replace(re, j);
    }
    return text;
}

async function device_status (user_agent_info) {
    var agents = ["Android", "iPhone", "SymbianOS", "Windows Phone", "iPad", "iPod"];
    var flag = true;
    for (var v = 0; v < agents.length; v++) { if (user_agent_info.indexOf(agents[v]) > 0) {
            flag = false;
            break;
        }
    }
    return flag;
}

点击右边的预览看见Gravatar官网就说明成功了,最后点击下面的:保存并部署

回到CloudFlare主页找到我们刚刚的域名,在域名里面找到Workers,注意是在域名里面的左边找到Workers,并不是在CloudFlare主页(如下图)

点击:添加路由

  • 路由:填我们开始的域名,注意这里的格式不是它默认提示那个:正确格式A解析前面无缝加号,比如我这里的A解析是gravatar,直接就是在gravatar前面加号,不能隔着小数点:gravatar.wenjian.eu.org/,后面/*
  • 服务:选择我们刚刚创建的那个Workers
  • 环境:不选

最后点击保存,添加到我们博客作为头像CDN一般还要在后面加上/avatar也就是:https://gravatar.wenjian.eu.org/avatar

题外话,细心的人已经发现了上面代码中的“替换成你想镜像的站点”,也就是说不仅可以反代Gravatar头像,还可以反代Google以及其他网站,只需替换代码中的3条网址(secure.gravatar.com)


评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注