sub2api

zfc/sub2api

Fork 0

Commit Graph

Author	SHA1	Message	Date
win	5c587c1095	fix: Node.js TLS 代理动态识别上游主机 Some checks failed CI / test (push) Has been cancelled Details CI / golangci-lint (push) Has been cancelled Details Security Scan / backend-security (push) Has been cancelled Details Security Scan / frontend-security (push) Has been cancelled Details - Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理 - Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机 - 所有 HTTPS 上游请求统一走代理，不再固定绑定 api.anthropic.com - Gemini/Sora 等不同上游自动识别，无需手动配置	2026-03-22 01:09:39 +08:00
win	a72ba424cc	feat: Node.js TLS 指纹代理 + 网络隔离防泄露 Some checks failed CI / test (push) Failing after 1m32s Details CI / golangci-lint (push) Failing after 33s Details Security Scan / backend-security (push) Failing after 32s Details Security Scan / frontend-security (push) Failing after 32s Details - 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI SSE 流式透传，支持上游 HTTP CONNECT 代理零依赖，Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络，物理隔离外网 node-tls-proxy 唯一出站通道，IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库	2026-03-22 00:18:43 +08:00

Author

SHA1

Message

Date

win

5c587c1095

fix: Node.js TLS 代理动态识别上游主机

CI / test (push) Has been cancelled

Details

CI / golangci-lint (push) Has been cancelled

Details

Security Scan / backend-security (push) Has been cancelled

Details

Security Scan / frontend-security (push) Has been cancelled

Details

- Go: 通过 X-Forwarded-Host 传递原始目标主机给 Node.js 代理
- Node.js: 读取 X-Forwarded-Host 动态连接到正确的上游主机
- 所有 HTTPS 上游请求统一走代理，不再固定绑定 api.anthropic.com
- Gemini/Sora 等不同上游自动识别，无需手动配置

2026-03-22 01:09:39 +08:00

win

a72ba424cc

feat: Node.js TLS 指纹代理 + 网络隔离防泄露

CI / test (push) Failing after 1m32s

Details

CI / golangci-lint (push) Failing after 33s

Details

Security Scan / backend-security (push) Failing after 32s

Details

Security Scan / frontend-security (push) Failing after 32s

Details

- 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/)
  原生 Node.js TLS 栈发起上游 HTTPS，JA3/JA4 天然匹配 Claude CLI
  SSE 流式透传，支持上游 HTTP CONNECT 代理
  零依赖，Node.js 24.13.0 锁定版本

- Go 集成 (config.go + http_upstream.go)
  新增 NodeTLSProxyConfig 配置
  DoWithTLS 优先走 Node.js 代理模式，URL 重写 https→http://localhost:3456

- Docker 网络隔离 (docker-compose.tls-proxy.yml)
  sub2api 容器仅 internal 网络，物理隔离外网
  node-tls-proxy 唯一出站通道，IPv6 内核级禁用

- iptables 防泄露脚本 (tools/firewall/)
  QUIC/UDP 443 全局 DROP，仅 nodeproxy 用户可出站 TCP 443

- 镜像切换为 zfc931912343/ 仓库

2026-03-22 00:18:43 +08:00

2 Commits