使用 Caddy / Nginx 反代谷歌

1、Caddy

使用 Caddy 反代谷歌十分简单，并且支持自动配置 SSL。前提是 VPS 上没有安装其他的 HTTP Server。

安装 Caddy

wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/caddy_install.sh && chmod +x caddy_install.sh && bash caddy_install.sh install http.filemanager

配置文件

# 以下全部内容是一个整体，全部复制粘贴到 SSH 软件中一并执行
# 更改 yourdomain 为你的域名，并提前将它解析到你 VPS 的 IP
# 更改 [email protected] 为你的邮箱
# 更改 user passwd 为你自己的用户名及密码
# 若公开使用则删除 basicauth 一行，强烈不推荐。

echo "https://yourdomain {
 gzip
 tls [email protected]
 basicauth / user passwd
 proxy / https://www.google.com.hk
}" > /usr/local/caddy/Caddyfile

然后重启，即可访问你的域名使用谷歌了。

/etc/init.d/caddy restart

启动错误

一些系统会自带 apache2 ，而 apache2 会占用 80 端口，导致 Caddy 无法绑定端口，所以只要关掉就好了。

kill -9 $(ps -ef|grep "apache2"|grep -v "grep"|awk '{print $2}') && apt-get remove --purge apache2 -y

然后再次重启 Caddy

/etc/init.d/caddy restart

2、Nginx

安装 Nginx

Debian8 安装 Nginx：

curl http://nginx.org/keys/nginx_signing.key | apt-key add - && echo "deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx" >> /etc/apt/sources.list.d/nginx.list && echo "deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx  " >> /etc/apt/sources.list.d/nginx.list && echo "deb http://httpredir.debian.org/debian/ jessie-backports main contrib non-free" >> /etc/apt/sources.list.d/backports.list && echo "deb-src http://httpredir.debian.org/debian/ jessie-backports main contrib non-free" >> /etc/apt/sources.list.d/backports.list && apt-get update && apt-get install -t jessie-backports openssl -y && apt-get install -y nginx 

Debian9 安装 Nginx：

curl http://nginx.org/keys/nginx_signing.key | apt-key add - && echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list && echo "deb-src http://nginx.org/packages/mainline/debian/ stretch nginx" >> /etc/apt/sources.list.d/nginx.list  && apt update && apt install -y nginx

申请 SSL

先将域名解析到 VPS 的 IP，访问域名，出现 Welcome to nginx! 然后申请证书：

# 安装 ACME.SH
curl -L get.acme.sh | bash
# 关闭 SSH 窗口，重新进入
# 将 yourdomain 更改为你的域名
acme.sh --issue -w /usr/share/nginx/html -d 你的域名

配置文件

创建认证文件

# 将 passwd 更换为你的密码
openssl passwd
# 将 username 更改为你的用户名，将 PASSWORD 更改为上一步生成的内容
echo "username:$(openssl passwd -crypt PASSWORD)" > /etc/nginx/passwdfile

mkdir /home/nginx && mkdir /home/nginx/cache && mkdir /home/nginx/temp && vim /etc/nginx/conf.d/gg.conf

复制下面配置文件，将 YOURDOMAIN 更改为你的域名

proxy_cache_path /home/nginx/cache levels=1:2 keys_zone=proxycache:60m max_size=120m inactive=2h use_temp_path=on;
proxy_temp_path /home/nginx/temp;
proxy_cache_key $host$request_uri;

upstream www.google.com {
	server 74.125.199.101:443;
	server 74.125.199.102:443;
	server 74.125.199.103:443;
	server 74.125.199.104:443;
	server 74.125.199.105:443;
}

server {
	listen 80;
	server_name YOURDOMAIN;
	root /usr/share/nginx/html;
    
	location /.well-known/acme-challenge/ { allow all; }
	location / { return 301 https://$host$request_uri; }
}

server {
	listen 443 ssl http2;
	server_name YOURDOMAIN;

	ssl on;
	ssl_protocols TLSv1.2;
	ssl_certificate /root/.acme.sh/YOURDOMAIN/fullchain.cer;
	ssl_certificate_key /root/.acme.sh/YOURDOMAIN/YOURDOMAIN.key;

	ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
	ssl_prefer_server_ciphers on;
    
	location / {
		sub_filter www.google.com YOURDOMAIN;
		sub_filter_once off;
        
		proxy_pass https://www.google.com;
		proxy_redirect off;
		proxy_set_header  Host "www.google.com";
		proxy_set_header  Referer $http_referer;
		proxy_set_header  X-Real-IP $remote_addr;
		proxy_set_header  User-Agent $http_user_agent;
		proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header  X-Forwarded-Proto https;
		proxy_set_header  Accept-Encoding "";
		proxy_set_header  Accept-Language "zh-CN";
		proxy_cookie_domain www.google.com YOURDOMAIN;
		proxy_set_header  Cookie  "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=en-US:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";

		proxy_cache proxycache;
		proxy_cache_valid 304 2h;
		proxy_cache_valid 403 444 2h;
		proxy_cache_valid 404 2h;
		proxy_cache_valid 500 502 2h;
		proxy_cache_use_stale invalid_header http_404 http_500 http_502;
		proxy_cache_lock on;
		proxy_cache_lock_timeout 5s;
		
		auth_basic "Authorization";
		auth_basic_user_file /etc/nginx/passwdfile;
	}
}

然后重启 Nginx

nginx -s reload

访问域名，使用你设置的用户名及密码认证后即可使用谷歌。

本文参考了 1 & 2 & https://yjk.im/proxy-gg/