租户自定义域名绑定 密级: 【C-1】 | 时间:2024-07-12 | 目录:DepyDocs | 编辑本文 上一版本 | 版本差异 | (2023-12-10起,新功能不再对未绑定域名使用的租户进行兼容) (2024-04起不再提供免费域名绑定,已绑定域名租户强制解绑,请及时修改租户额外配置) ~~(2024-07起禁止直接反向代理至saas主服务器,需通过proxy.rce.ink以接入日志系统、waf系统。目前已开放日志功能给租户使用与分析)~~ (请务必在后台绑定域名,否则会导致资源错误) (请务必使用配置了SSL证书的域名进行使用,否则会导致图床图片加载异常) ## 介绍 DepyDocs提供域名绑定的功能,供用户个性化使用服务,本人提供以下两种绑定方式。 ### 基于Nginx反向代理(需要服务器) 域名解析服务器后使用nginx反向代理,配置文件如下,注意修改租户id。 ```bash server { listen 80; listen 443 ssl; server_name wiki.rce.ink; index index.html; if ($server_port !~ 443){ rewrite ^(/.*)$ https://$host$1 permanent; } ssl_certificate /ssl/wiki.rce.ink/fullchain1.pem; ssl_certificate_key /ssl/wiki.rce.ink/privkey1.pem; location / { proxy_pass https://proxy.rce.ink/index/tenant/租户id/; proxy_set_header Host proxy.rce.ink; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` ### 基于CloudFlare Workers(无需服务器) 修改DNS服务器为cloudflare提供的DNS服务器。 ![](https://p1.meituan.net/xianfu/a3c71cb47835f44ad4b2c50428b4c9709238.png%40watermark=1&&object=L3dkY2Zsb3cvN2RiN2M4NTFjYmVjZDg4MTM1OTZjMTYzOWE2MzQ4MDM0MjY0LnBuZw==&p=8&t=90&x=10&y=10) 解析成功后,访问 ![](https://p0.meituan.net/xianfu/4846ff3283221d83d5de95d26b1b083198878.png%40watermark=1&&object=L3dkY2Zsb3cvN2RiN2M4NTFjYmVjZDg4MTM1OTZjMTYzOWE2MzQ4MDM0MjY0LnBuZw==&p=8&t=90&x=10&y=10) ![](https://p0.meituan.net/xianfu/132aefef4294339b54cdc522b82f97d195614.png%40watermark=1&&object=L3dkY2Zsb3cvN2RiN2M4NTFjYmVjZDg4MTM1OTZjMTYzOWE2MzQ4MDM0MjY0LnBuZw==&p=8&t=90&x=10&y=10) 点击部署后,重新进入编辑界面,替换代码为下面的代码。 ```javascript // 目标网站 const upstream = 'rce.ink' // 目标网站路径 const upstream_path = '/index/tenant/租户id/' // 打算为使用移动设备的用户检索的网站. const upstream_mobile = 'rce.ink' // 您希望暂停服务的国家和地区 const blocked_region = [] // 要阻止其使用服务的IP地址 const blocked_ip_address = ['0.0.0.0', '127.0.0.1'] // 上游地址是否使用HTTPS协议 const https = true // 是否禁用缓存 const disable_cache = false // 替换文本 //格式: '被替换':'替换' //注意js结束的的逗号 const replace_dict = { // 'www.google.com':'yourworkername.yourusername.workers.dev' } let data={} addEventListener('fetch', event => { event.respondWith(fetchAndApply(event.request)); }) async function fetchAndApply(request) { const region = request.headers.get('cf-ipcountry').toUpperCase(); const ip_address = request.headers.get('cf-connecting-ip'); const user_agent = request.headers.get('user-agent'); let response = null; let url = new URL(request.url); let url_hostname = url.hostname; if (https == true) { url.protocol = 'https:'; } else { url.protocol = 'http:'; } if (await device_status(user_agent)) { var upstream_domain = upstream; } else { var upstream_domain = upstream_mobile; } url.host = upstream_domain; if (url.pathname == '/') { url.pathname = upstream_path; } else { url.pathname = upstream_path + url.pathname; } if (blocked_region.includes(region)) { response = new Response('拒绝访问: 您所在的地区不可用!', { status: 403 }); } else if (blocked_ip_address.includes(ip_address)) { response = new Response('拒绝访问: 您的IP地址在Ban列表中!', { status: 403 }); } else { let method = request.method; let request_headers = request.headers; let new_request_headers = new Headers(request_headers); new_request_headers.set('Host', upstream_domain); new_request_headers.set('Referer', url.protocol + '//' + upstream_domain); if(method == 'POST'){ let origin_formData = await request.text() data = { method: method, headers: new_request_headers, body : origin_formData } console.log(data) }else if(method == 'GET'){ data = { method: method, headers: new_request_headers } } let fuckKeys = Object.fromEntries(new_request_headers) console.log(method) console.log(fuckKeys) let original_response = await fetch(url.href, data) connection_upgrade = new_request_headers.get("Upgrade"); if (connection_upgrade && connection_upgrade.toLowerCase() == "websocket") { return original_response; } let original_response_clone = original_response.clone(); let original_text = null; let response_headers = original_response.headers; let new_response_headers = new Headers(response_headers); let status = original_response.status; if (disable_cache) { new_response_headers.set('Cache-Control', 'no-store'); } new_response_headers.set('access-control-allow-origin', '*'); new_response_headers.set('access-control-allow-credentials', true); new_response_headers.delete('content-security-policy'); new_response_headers.delete('content-security-policy-report-only'); new_response_headers.delete('clear-site-data'); if (new_response_headers.get("x-pjax-url")) { new_response_headers.set("x-pjax-url", response_headers.get("x-pjax-url").replace("//" + upstream_domain, "//" + url_hostname)); } const content_type = new_response_headers.get('content-type'); if (content_type != null && content_type.includes('text/html') && content_type.includes('UTF-8')) { original_text = await replace_response_text(original_response_clone, upstream_domain, url_hostname); } else { original_text = original_response_clone.body } response = new Response(original_text, { status, headers: new_response_headers }) } return response; } async function replace_form_data(formData, upstream_domain, host_name) { let text = await response.text() var i, j; for (i in replace_dict) { j = replace_dict[i] if (i == '$upstream') { i = upstream_domain } else if (i == '$custom_domain') { i = host_name } if (j == '$upstream') { j = upstream_domain } else if (j == '$custom_domain') { j = host_name } let re = new RegExp(i, 'g') text = text.replace(re, j); } return text; } async function replace_response_text(response, upstream_domain, host_name) { let text = await response.text() var i, j; for (i in replace_dict) { j = replace_dict[i] if (i == '$upstream') { i = upstream_domain } else if (i == '$custom_domain') { i = host_name } if (j == '$upstream') { j = upstream_domain } else if (j == '$custom_domain') { j = host_name } let re = new RegExp(i, 'g') text = text.replace(re, j); } return text; } async function device_status(user_agent_info) { var agents = ["Android", "iPhone", "SymbianOS", "Windows Phone", "iPad", "iPod"]; var flag = true; for (var v = 0; v < agents.length; v++) { if (user_agent_info.indexOf(agents[v]) > 0) { flag = false; break; } } return flag; } ``` 评论列表 写评论 您的IP:18.119.213.82,临时用户名:cd01e834评论已接入DepyWAF审计与流量系统,请勿频繁操作导致IP拉黑 提交评论 © 版权声明:非标注『转载』情况下本文为原创文章,版权归 Depy's docs 所有,转载请联系博主获得授权。