前言

开发时，常在大陆服务器上部署或测试项目，因网络环境原因，当访问 github、k8s.gcr.io、quay.io 等资源时，速度会非常慢，甚至无法访问。

其他解决方案弊端

网上的解决访问也有很多，因 github 使用了 cdn，通过找到大陆可访问的 cdn 节点填写到 hosts 中的方式来加速，一是不太稳定，二是速度也不一定快。

且对于 k8s.gcr.io、quay.io 这种，可能连可用的 ip 都找不到。

本文提出的解决访问，无需修改 docker 镜像源，配置加速无需重启使用者任何服务，即用即配。

安装步骤（在海外服务器上）

前提条件

本文提出的解决访问也是 hosts 映射的方式，不过使用了自建服务器代理来解决。

要求条件：

• 非大陆服务器一台
• 需占用服务器 443 端口
• ubuntu/debian 服务器（centos 未测试成功）

安装 sniproxy

apt-get install -y git autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config fakeroot devscripts
git clone https://github.com/dlundquist/sniproxy.git
cd sniproxy
./autogen.sh && dpkg-buildpackage
dpkg -i ../sniproxy_*_*.deb
apt-get install -y sniproxy
​

配置 sniproxy

修改 /etc/sniproxy.conf 配置文件为如下内容：

# sniproxy example configuration file
# lines that start with # are comments
# lines with only white space are ignored

user daemon

# PID file
pidfile /var/run/sniproxy.pid

error_log {
    # Log to the daemon syslog facility
    syslog daemon

    # Alternatively we could log to file
    #filename /var/log/sniproxy/sniproxy.log

    # Control the verbosity of the log
    priority notice
}

# blocks are delimited with {...}
listen 80 {
    proto http
    table http_hosts
    # Fallback backend server to use if we can not parse the client request
    fallback localhost:8080

    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
    }
}

listen 443 {
    proto tls
    table https_hosts

    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice
    }
}

# named tables are defined with the table directive
table http_hosts {
    example.com 192.0.2.10:8001
    example.net 192.0.2.10:8002
    example.org 192.0.2.10:8003

# pattern:
#       valid Perl-compatible Regular Expression that matches the
#       hostname
#
# target:
#       - a DNS name
#       - an IP address (with optional port)
#       - '*' to use the hostname that the client requested
#
# pattern       target
#.*\.itunes\.apple\.com$        *:443
#.*     127.0.0.1:4443
}

# named tables are defined with the table directive
table https_hosts {
    # When proxying to local sockets you should use different tables since the
    # local socket server most likely will not autodetect which protocol is
    # being used
    example.org unix:/var/run/server.sock
    github.com$ *
    (.*.|)github.com$ *
    (.*.|)githubusercontent.com$ *
    translate.googleapis.com$ *
    gcr.io$ *
    k8s.gcr.io$ *
    quay.io$ *
}

# if no table specified the default 'default' table is defined
table {
    # if no port is specified default HTTP (80) and HTTPS (443) ports are
    # assumed based on the protocol of the listen block using this table
    example.com 192.0.2.10
    example.net 192.0.2.20
}
​

上述配置中包含了代理 github、谷歌翻译、quay.io、k8s.gcr.io、gcr.io、可自行调整。

启动 sniproxy 服务

sniproxy -c /etc/sniproxy.conf
​

停止 sniproxy 服务

pkill sniproxy
​

测试（在大陆服务器上）

配置 github hosts

将下方的 x.x.x.x 修改为你服务器的公网 ip，然后就可以加速访问国内

sudo sed -i '/github/d' /etc/hosts
sudo echo 'x.x.x.x              github.githubassets.com
x.x.x.x              central.github.com
x.x.x.x              desktop.githubusercontent.com
x.x.x.x              assets-cdn.github.com
x.x.x.x              camo.githubusercontent.com
x.x.x.x              github.map.fastly.net
x.x.x.x              github.global.ssl.fastly.net
x.x.x.x              gist.github.com
x.x.x.x              github.io
x.x.x.x              github.com
x.x.x.x              api.github.com
x.x.x.x              raw.githubusercontent.com
x.x.x.x              user-images.githubusercontent.com
x.x.x.x              favicons.githubusercontent.com
x.x.x.x              avatars5.githubusercontent.com
x.x.x.x              avatars4.githubusercontent.com
x.x.x.x              avatars3.githubusercontent.com
x.x.x.x              avatars2.githubusercontent.com
x.x.x.x              avatars1.githubusercontent.com
x.x.x.x              avatars0.githubusercontent.com
x.x.x.x              avatars.githubusercontent.com
x.x.x.x              codeload.github.com
x.x.x.x              github-cloud.s3.amazonaws.com
x.x.x.x              github-com.s3.amazonaws.com
x.x.x.x              github-production-release-asset-2e65be.s3.amazonaws.com
x.x.x.x              github-production-user-asset-6210df.s3.amazonaws.com
x.x.x.x              github-production-repository-file-5c1aeb.s3.amazonaws.com
x.x.x.x              githubstatus.com
x.x.x.x              github.community
x.x.x.x              media.githubusercontent.com
x.x.x.x              objects.githubusercontent.com
x.x.x.x              raw.github.com
x.x.x.x              copilot-proxy.githubusercontent.com
' >> /etc/hosts
​

测试 github 加速情况

curl -I https://github.com
​

如返回类似以下内容，则为正常

HTTP/1.1 200 OK
Server: GitHub.com
Date: Mon, 14 Nov 2022 01:58:28 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
content-language: en-US
ETag: W/"52722faad6b1b0ee103e6d83982f005c"
Cache-Control: max-age=0, private, must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
......
​

配置 k8s hosts

同理，见下方的 x.x.x.x 修改为你服务器的公网 ip，然后就可以加速访问了

sudo echo 'x.x.x.x              k8s.gcr.io
x.x.x.x              gcr.io
x.x.x.x              quay.io
' >> /etc/hosts
​

测试 k8s 加速情况

可尝试拉取此镜像，能拉取成功，表示没问题

docker pull k8s.gcr.io/etcd:3.4.3-0
​

总结

通过此办法，可加速很多开发资源，看你自己怎么发挥了，但一定要遵纪守法，不要通过技术作恶。