8cac4269aa
- 新增 Node.js TLS Forward Proxy (tools/node-tls-proxy/) 原生 Node.js TLS 栈发起上游 HTTPS,JA3/JA4 天然匹配 Claude CLI SSE 流式透传,支持上游 HTTP CONNECT 代理 零依赖,Node.js 24.13.0 锁定版本 - Go 集成 (config.go + http_upstream.go) 新增 NodeTLSProxyConfig 配置 DoWithTLS 优先走 Node.js 代理模式,URL 重写 https→http://localhost:3456 - Docker 网络隔离 (docker-compose.tls-proxy.yml) sub2api 容器仅 internal 网络,物理隔离外网 node-tls-proxy 唯一出站通道,IPv6 内核级禁用 - iptables 防泄露脚本 (tools/firewall/) QUIC/UDP 443 全局 DROP,仅 nodeproxy 用户可出站 TCP 443 - 镜像切换为 zfc931912343/ 仓库
25 lines
836 B
Docker
25 lines
836 B
Docker
FROM node:24.13.0-slim
|
|
|
|
LABEL maintainer="Wei-Shaw <github.com/Wei-Shaw>"
|
|
LABEL description="Node.js TLS Forward Proxy - native JA3/JA4 fingerprint matching"
|
|
LABEL org.opencontainers.image.source="https://github.com/Wei-Shaw/sub2api"
|
|
|
|
WORKDIR /app
|
|
|
|
COPY proxy.js package.json ./
|
|
|
|
# 零依赖,不需要 npm install
|
|
|
|
ENV PROXY_PORT=3456
|
|
ENV PROXY_HOST=0.0.0.0
|
|
ENV UPSTREAM_HOST=api.anthropic.com
|
|
|
|
EXPOSE 3456
|
|
|
|
# 健康检查:用 Node.js 内置 http 模块,不依赖 curl
|
|
HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=5s \
|
|
CMD node -e "const http=require('http');const r=http.get('http://127.0.0.1:'+(process.env.PROXY_PORT||3456)+'/__health',s=>{process.exit(s.statusCode===200?0:1)});r.on('error',()=>process.exit(1));r.setTimeout(3000,()=>{r.destroy();process.exit(1)})"
|
|
|
|
USER node
|
|
CMD ["node", "proxy.js"]
|