From b59fefc6bb15f61826ceba8b98f753d06e637a7a Mon Sep 17 00:00:00 2001
From: cnphpbb <moqiruyi@gmail.com>
Date: Mon, 8 Sep 2025 01:50:06 +0800
Subject: [PATCH] =?UTF-8?q?feat(proxy):=20=E6=B7=BB=E5=8A=A0=E4=BB=A3?=
 =?UTF-8?q?=E7=90=86Docker=20Hub=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加新的Nginx代理配置文件，用于处理Docker Hub相关请求
- 配置代理转发规则和超时设置
- 添加对Docker registry和认证服务的代理支持
- 实现重定向处理和header修改逻辑
---
 config/proxy-hub/proxy.hub.conf | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 config/proxy-hub/proxy.hub.conf

diff --git a/config/proxy-hub/proxy.hub.conf b/config/proxy-hub/proxy.hub.conf
new file mode 100644
index 0000000..a7af443
--- /dev/null
+++ b/config/proxy-hub/proxy.hub.conf
@@ -0,0 +1,51 @@
+# 伪静态
+set_real_ip_from 0.0.0.0/0;
+real_ip_header CF-Connecting-IP;
+client_max_body_size 2G;
+underscores_in_headers on;
+resolver 8.8.8.8 ipv6=off;
+resolver_timeout 10s;
+
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $http_connection;
+proxy_set_header Accept-Encoding "";
+proxy_ssl_session_reuse off;
+proxy_ssl_server_name on;
+
+proxy_http_version 1.1;
+proxy_buffering off;
+proxy_request_buffering off;
+proxy_max_temp_file_size 0;
+
+proxy_connect_timeout 864000s;
+proxy_read_timeout 864000s;
+proxy_send_timeout 864000s;
+send_timeout 864000s;
+
+location /v2/ {
+    proxy_pass https://registry-1.docker.io;
+    proxy_set_header Host registry-1.docker.io;
+
+    header_filter_by_lua_block {
+        local www_auth = ngx.var.upstream_http_www_authenticate
+        if www_auth then
+            local new_www_auth = string.gsub(www_auth, "auth.docker.io", "hub.rat.dev")
+            ngx.header['www-authenticate'] = new_www_auth
+        end
+    }
+
+    proxy_intercept_errors on;
+    recursive_error_pages on;
+    error_page 301 302 307 = @handle_redirect;
+}
+
+location /token {
+    proxy_pass https://auth.docker.io;
+    proxy_set_header Host auth.docker.io;
+}
+
+location @handle_redirect {
+    set $saved_redirect_location '$upstream_http_location';
+    proxy_pass $saved_redirect_location;
+}