a72ba424cc
- 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS,JA3/JA4 天然匹配 Claude CLI SSE 流式透传,支持上游 HTTP CONNECT 代理 零依赖,Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式,URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络,物理隔离外网 node-tls-proxy 唯一出站通道,IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP,仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库
80 lines
2.3 KiB
Bash
Executable File
80 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# =============================================================================
|
|
# Build and push node-tls-proxy multi-arch image
|
|
# =============================================================================
|
|
# Usage:
|
|
# ./build-push.sh # build + push latest
|
|
# ./build-push.sh v1.0.0 # build + push with tag
|
|
# ./build-push.sh --local # build locally only (no push)
|
|
#
|
|
# Prerequisites:
|
|
# docker login # login to Docker Hub first
|
|
# docker buildx create --use # enable multi-arch builds (one-time)
|
|
# =============================================================================
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
CONTEXT_DIR="${SCRIPT_DIR}/../tools/node-tls-proxy"
|
|
IMAGE="zfc931912343/sub2api-tls-proxy"
|
|
PLATFORMS="linux/amd64,linux/arm64"
|
|
|
|
TAG="${1:-latest}"
|
|
PUSH=true
|
|
|
|
if [ "$TAG" = "--local" ]; then
|
|
TAG="latest"
|
|
PUSH=false
|
|
fi
|
|
|
|
echo "============================================="
|
|
echo " Node.js TLS Proxy Image Builder"
|
|
echo "============================================="
|
|
echo " Image: ${IMAGE}:${TAG}"
|
|
echo " Platforms: ${PLATFORMS}"
|
|
echo " Push: ${PUSH}"
|
|
echo " Context: ${CONTEXT_DIR}"
|
|
echo "============================================="
|
|
|
|
# Verify context
|
|
if [ ! -f "${CONTEXT_DIR}/proxy.js" ]; then
|
|
echo "ERROR: proxy.js not found in ${CONTEXT_DIR}"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$PUSH" = true ]; then
|
|
echo ""
|
|
echo "[1/2] Building multi-arch image..."
|
|
docker buildx build \
|
|
--platform "${PLATFORMS}" \
|
|
--tag "${IMAGE}:${TAG}" \
|
|
--tag "${IMAGE}:latest" \
|
|
--push \
|
|
--file "${CONTEXT_DIR}/Dockerfile" \
|
|
"${CONTEXT_DIR}"
|
|
|
|
echo ""
|
|
echo "[2/2] Verifying..."
|
|
docker manifest inspect "${IMAGE}:${TAG}" | head -20
|
|
else
|
|
echo ""
|
|
echo "[1/1] Building local image (current arch only)..."
|
|
docker build \
|
|
--tag "${IMAGE}:${TAG}" \
|
|
--file "${CONTEXT_DIR}/Dockerfile" \
|
|
"${CONTEXT_DIR}"
|
|
fi
|
|
|
|
echo ""
|
|
echo "============================================="
|
|
echo " Done!"
|
|
if [ "$PUSH" = true ]; then
|
|
echo " Pushed: ${IMAGE}:${TAG}"
|
|
echo " Pushed: ${IMAGE}:latest"
|
|
echo ""
|
|
echo " Cloud deploy:"
|
|
echo " cd deploy"
|
|
echo " docker compose -f docker-compose.yml -f docker-compose.tls-proxy.yml up -d"
|
|
fi
|
|
echo "============================================="
|