Skip to content
Go back

使用 Docker 自建订阅转换器

| 0 Views Edit page

前言

自建下订阅转换器,方便自己使用。


方案概述

  1. 安装最新的 Docker(环境)
  2. 启动 subconverter 容器(转换后端)
  3. 启动 sub-web 容器(Web 前端)
  4. Nginx 反代两个容器

操作步骤

一、安装最新的 Docker(环境)

参考:Ubuntu 20.04 从官方源安装最新的 Docker

二、启动 subconverter 容器

项目地址:tindy2013/subconverter
Docker 镜像:tindy2013/subconverter

docker run -d \
  --name subconverter \
  --restart=unless-stopped \
  -p 25500:25500 \
  tindy2013/subconverter:latest

三、启动 sub-web 容器

项目地址:CareyWang/sub-web
Docker 镜像:careywong/subweb

docker run -d \
  --name subweb \
  --restart=unless-stopped \
  -p 10080:80 \
  careywong/subweb:latest

四、Nginx 反代两个容器

申请和安装下证书:

# 后端
acme.sh --issue -d subconverter.ceshiku.cn --webroot /var/acme/webroot/ -k ec-256
mkdir -vp /etc/nginx/ssl/subconverter.ceshiku.cn/
acme.sh --install-cert -d subconverter.ceshiku.cn   --fullchain-file /etc/nginx/ssl/subconverter.ceshiku.cn/certificate.crt   --key-file /etc/nginx/ssl/subconverter.ceshiku.cn/private.key    --reloadcmd "service nginx force-reload"

# 前端
acme.sh --issue -d subweb.ceshiku.cn --webroot /var/acme/webroot/ -k ec-256
mkdir -vp /etc/nginx/ssl/subweb.ceshiku.cn/
acme.sh --install-cert -d subweb.ceshiku.cn   --fullchain-file /etc/nginx/ssl/subweb.ceshiku.cn/certificate.crt   --key-file /etc/nginx/ssl/subweb.ceshiku.cn/private.key    --reloadcmd "service nginx force-reload"

Nginx 配置:

# 后端
server {
    listen      80;
    server_name subconverter.ceshiku.cn;

    # 强制跳转 HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }

    # 设置证书认证用的路径
    location /.well-known/acme-challenge/ {
        # acme.sh --webroot 模式,认证文件生成后放置的路径
        root /var/acme/webroot/;
    }
}

server {
    listen      443 ssl;
    server_name subconverter.ceshiku.cn;

    # SSL 配置
    ssl_certificate             /etc/nginx/ssl/subconverter.ceshiku.cn/certificate.crt;
    ssl_certificate_key         /etc/nginx/ssl/subconverter.ceshiku.cn/private.key;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    location / {
        proxy_pass  http://127.0.0.1:25500;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

# 前端
server {
    listen      80;
    server_name subweb.ceshiku.cn;

    # 强制跳转 HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }

    # 设置证书认证用的路径
    location /.well-known/acme-challenge/ {
        # acme.sh --webroot 模式,认证文件生成后放置的路径
        root /var/acme/webroot/;
    }
}

server {
    listen      443 ssl;
    server_name subweb.ceshiku.cn;

    # SSL 配置
    ssl_certificate             /etc/nginx/ssl/subweb.ceshiku.cn/certificate.crt;
    ssl_certificate_key         /etc/nginx/ssl/subweb.ceshiku.cn/private.key;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

    location / {
        proxy_pass  http://127.0.0.1:10080;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

之后重启 Nginx:

nginx -s reload
service nginx restart

前端界面


Edit page