V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
爱意满满的作品展示区。
muzihuaner
V2EX  ›  分享创造

用 cloudflare worker 搭建一个 Docker 镜像

  •  
  •   muzihuaner ·
    muzihuaner · 352 天前 · 6068 次点击
    这是一个创建于 352 天前的主题,其中的信息可能已经有所发展或是发生改变。

    看到最近的网友帖子有这个需求~ 把下面代码放进 cloudflare worker 绑定自己的域名就好了

    使用方法:docker pull abc.com/mysql/mysql-server

    'use strict'
    
    const hub_host = 'registry-1.docker.io'
    const auth_url = 'https://auth.docker.io'
    const workers_url = 'https://你的域名'
    /**
     * static files (404.html, sw.js, conf.js)
     */
    
    /** @type {RequestInit} */
    const PREFLIGHT_INIT = {
        status: 204,
        headers: new Headers({
            'access-control-allow-origin': '*',
            'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
            'access-control-max-age': '1728000',
        }),
    }
    
    /**
     * @param {any} body
     * @param {number} status
     * @param {Object<string, string>} headers
     */
    function makeRes(body, status = 200, headers = {}) {
        headers['access-control-allow-origin'] = '*'
        return new Response(body, {status, headers})
    }
    
    
    /**
     * @param {string} urlStr
     */
    function newUrl(urlStr) {
        try {
            return new URL(urlStr)
        } catch (err) {
            return null
        }
    }
    
    
    addEventListener('fetch', e => {
        const ret = fetchHandler(e)
            .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
        e.respondWith(ret)
    })
    
    
    /**
     * @param {FetchEvent} e
     */
    async function fetchHandler(e) {
      const getReqHeader = (key) => e.request.headers.get(key);
    
      let url = new URL(e.request.url);
    
      if (url.pathname === '/token') {
          let token_parameter = {
            headers: {
            'Host': 'auth.docker.io',
            'User-Agent': getReqHeader("User-Agent"),
            'Accept': getReqHeader("Accept"),
            'Accept-Language': getReqHeader("Accept-Language"),
            'Accept-Encoding': getReqHeader("Accept-Encoding"),
            'Connection': 'keep-alive',
            'Cache-Control': 'max-age=0'
            }
          };
          let token_url = auth_url + url.pathname + url.search
          return fetch(new Request(token_url, e.request), token_parameter)
      }
    
      url.hostname = hub_host;
      
      let parameter = {
        headers: {
          'Host': hub_host,
          'User-Agent': getReqHeader("User-Agent"),
          'Accept': getReqHeader("Accept"),
          'Accept-Language': getReqHeader("Accept-Language"),
          'Accept-Encoding': getReqHeader("Accept-Encoding"),
          'Connection': 'keep-alive',
          'Cache-Control': 'max-age=0'
        },
        cacheTtl: 3600
      };
    
      if (e.request.headers.has("Authorization")) {
        parameter.headers.Authorization = getReqHeader("Authorization");
      }
    
      let original_response = await fetch(new Request(url, e.request), parameter)
      let original_response_clone = original_response.clone();
      let original_text = original_response_clone.body;
      let response_headers = original_response.headers;
      let new_response_headers = new Headers(response_headers);
      let status = original_response.status;
    
      if (new_response_headers.get("Www-Authenticate")) {
        let auth = new_response_headers.get("Www-Authenticate");
        let re = new RegExp(auth_url, 'g');
        new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
      }
    
      if (new_response_headers.get("Location")) {
        return httpHandler(e.request, new_response_headers.get("Location"))
      }
    
      let response = new Response(original_text, {
                status,
                headers: new_response_headers
            })
      return response;
      
    }
    
    
    /**
     * @param {Request} req
     * @param {string} pathname
     */
    function httpHandler(req, pathname) {
        const reqHdrRaw = req.headers
    
        // preflight
        if (req.method === 'OPTIONS' &&
            reqHdrRaw.has('access-control-request-headers')
        ) {
            return new Response(null, PREFLIGHT_INIT)
        }
    
        let rawLen = ''
    
        const reqHdrNew = new Headers(reqHdrRaw)
    
        const refer = reqHdrNew.get('referer')
    
        let urlStr = pathname
        
        const urlObj = newUrl(urlStr)
    
        /** @type {RequestInit} */
        const reqInit = {
            method: req.method,
            headers: reqHdrNew,
            redirect: 'follow',
            body: req.body
        }
        return proxy(urlObj, reqInit, rawLen, 0)
    }
    
    
    /**
     *
     * @param {URL} urlObj
     * @param {RequestInit} reqInit
     */
    async function proxy(urlObj, reqInit, rawLen) {
        const res = await fetch(urlObj.href, reqInit)
        const resHdrOld = res.headers
        const resHdrNew = new Headers(resHdrOld)
    
        // verify
        if (rawLen) {
            const newLen = resHdrOld.get('content-length') || ''
            const badLen = (rawLen !== newLen)
    
            if (badLen) {
                return makeRes(res.body, 400, {
                    '--error': `bad len: ${newLen}, except: ${rawLen}`,
                    'access-control-expose-headers': '--error',
                })
            }
        }
        const status = res.status
        resHdrNew.set('access-control-expose-headers', '*')
        resHdrNew.set('access-control-allow-origin', '*')
        resHdrNew.set('Cache-Control', 'max-age=1500')
        
        resHdrNew.delete('content-security-policy')
        resHdrNew.delete('content-security-policy-report-only')
        resHdrNew.delete('clear-site-data')
    
        return new Response(res.body, {
            status,
            headers: resHdrNew
        })
    }
    
    8 条回复    2024-06-13 10:21:55 +08:00
    hzdzyx
        1
    hzdzyx  
       352 天前
    lekai63
        2
    lekai63  
       352 天前 via iPhone
    Good idea
    jeblove
        3
    jeblove  
       202 天前   ❤️ 3
    感谢,用了下发现不能拉取 dockerhub 官方镜像(如 node 、mariadb ),正常输入
    ```
    docker pull 域名/node
    ```
    实际上应该为
    ```
    docker pull 域名/library/node
    ```
    这样有些不太方便

    加上判断是否官方镜像,修改调试了些时间,成功可用
    ```
    'use strict'

    const hub_host = 'registry-1.docker.io'
    const auth_url = 'https://auth.docker.io'
    const workers_url = 'https://dh.jeblove.com'
    /**
    * static files (404.html, sw.js, conf.js)
    */

    /** @type {RequestInit} */
    const PREFLIGHT_INIT = {
    // status: 204,
    headers: new Headers({
    'access-control-allow-origin': '*',
    'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
    'access-control-max-age': '1728000',
    }),
    }

    /**
    * @param {any} body
    * @param {number} status
    * @param {Object<string, string>} headers
    */
    function makeRes(body, status = 200, headers = {}) {
    headers['access-control-allow-origin'] = '*'
    return new Response(body, {status, headers})
    }


    /**
    * @param {string} urlStr
    */
    function newUrl(urlStr) {
    try {
    return new URL(urlStr)
    } catch (err) {
    return null
    }
    }


    addEventListener('fetch', e => {
    const ret = fetchHandler(e)
    .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
    e.respondWith(ret)
    })


    /**
    * @param {FetchEvent} e
    */
    async function fetchHandler(e) {
    const getReqHeader = (key) => e.request.headers.get(key);

    let url = new URL(e.request.url);

    // 修改 pre head get 请求
    // 是否含有 %2F ,用于判断是否具有用户名与仓库名之间的连接符
    // 同时检查 %3A 的存在
    if (!/%2F/.test(url.search) && /%3A/.test(url.toString())) {
    let modifiedUrl = url.toString().replace(/%3A(?=.*?&)/, '%3Alibrary%2F');
    url = new URL(modifiedUrl);
    console.log(`handle_url: ${url}`)
    }

    if (url.pathname === '/token') {
    let token_parameter = {
    headers: {
    'Host': 'auth.docker.io',
    'User-Agent': getReqHeader("User-Agent"),
    'Accept': getReqHeader("Accept"),
    'Accept-Language': getReqHeader("Accept-Language"),
    'Accept-Encoding': getReqHeader("Accept-Encoding"),
    'Connection': 'keep-alive',
    'Cache-Control': 'max-age=0'
    }
    };
    let token_url = auth_url + url.pathname + url.search
    return fetch(new Request(token_url, e.request), token_parameter)
    }

    // 修改 head 请求
    if (/^\/v2\/[^/]+\/[^/]+\/[^/]+$/.test(url.pathname) && !/^\/v2\/library/.test(url.pathname)) {
    url.pathname = url.pathname.replace(/\/v2\//, '/v2/library/');
    console.log(`modified_url: ${url.pathname}`)
    }

    url.hostname = hub_host;

    let parameter = {
    headers: {
    'Host': hub_host,
    'User-Agent': getReqHeader("User-Agent"),
    'Accept': getReqHeader("Accept"),
    'Accept-Language': getReqHeader("Accept-Language"),
    'Accept-Encoding': getReqHeader("Accept-Encoding"),
    'Connection': 'keep-alive',
    'Cache-Control': 'max-age=0'
    },
    cacheTtl: 3600
    };

    if (e.request.headers.has("Authorization")) {
    parameter.headers.Authorization = getReqHeader("Authorization");
    }

    let original_response = await fetch(new Request(url, e.request), parameter)
    let original_response_clone = original_response.clone();
    let original_text = original_response_clone.body;
    let response_headers = original_response.headers;
    let new_response_headers = new Headers(response_headers);
    let status = original_response.status;

    if (new_response_headers.get("Www-Authenticate")) {
    let auth = new_response_headers.get("Www-Authenticate");
    let re = new RegExp(auth_url, 'g');
    new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
    }

    if (new_response_headers.get("Location")) {
    return httpHandler(e.request, new_response_headers.get("Location"))
    }

    let response = new Response(original_text, {
    status,
    headers: new_response_headers
    })
    return response;

    }


    /**
    * @param {Request} req
    * @param {string} pathname
    */
    function httpHandler(req, pathname) {
    const reqHdrRaw = req.headers

    // preflight
    if (req.method === 'OPTIONS' &&
    reqHdrRaw.has('access-control-request-headers')
    ) {
    return new Response(null, PREFLIGHT_INIT)
    }

    let rawLen = ''

    const reqHdrNew = new Headers(reqHdrRaw)

    const refer = reqHdrNew.get('referer')

    let urlStr = pathname

    const urlObj = newUrl(urlStr)

    /** @type {RequestInit} */
    const reqInit = {
    method: req.method,
    headers: reqHdrNew,
    redirect: 'follow',
    body: req.body
    }
    return proxy(urlObj, reqInit, rawLen)
    }


    /**
    *
    * @param {URL} urlObj
    * @param {RequestInit} reqInit
    */
    async function proxy(urlObj, reqInit, rawLen) {
    const res = await fetch(urlObj.href, reqInit)
    const resHdrOld = res.headers
    const resHdrNew = new Headers(resHdrOld)

    // verify
    if (rawLen) {
    const newLen = resHdrOld.get('content-length') || ''
    const badLen = (rawLen !== newLen)

    if (badLen) {
    return makeRes(res.body, 400, {
    '--error': `bad len: ${newLen}, except: ${rawLen}`,
    'access-control-expose-headers': '--error',
    })
    }
    }
    const status = res.status
    resHdrNew.set('access-control-expose-headers', '*')
    resHdrNew.set('access-control-allow-origin', '*')
    resHdrNew.set('Cache-Control', 'max-age=1500')

    resHdrNew.delete('content-security-policy')
    resHdrNew.delete('content-security-policy-report-only')
    resHdrNew.delete('clear-site-data')

    return new Response(res.body, {
    status,
    headers: resHdrNew
    })
    }
    ```
    改动处:

    - 57 行,添加修改 head 前的 get 请求
    - 72 行,添加修改 head 请求

    另外好像版本问题有额外的报错,改动有

    - 12 行
    - 150 行


    👇
    ```
    # docker pull xxx.com/node
    Using default tag: latest
    latest: Pulling from node
    c6cf28de8a06: Downloading [> ] 506.8kB/49.58MB
    891494355808: Downloading [========> ] 4.184MB/24.05MB
    ```
    muzihuaner
        4
    muzihuaner  
    OP
       202 天前
    @jeblove 感谢~
    lazyyz
        5
    lazyyz  
       201 天前
    @jeblove 使用这个拉镜像,个别层速度非常慢,是 cf 的关系吗?
    jeblove
        6
    jeblove  
       201 天前
    @lazyyz 应该是的,毕竟得靠 cf 服务器中转流量
    reY2ox
        7
    reY2ox  
       199 天前
    三楼牛逼,
    Qist
        8
    Qist  
       198 天前   ❤️ 1
    addEventListener("fetch", (event) => {
    event.passThroughOnException();
    event.respondWith(handleRequest(event.request));
    });

    const routes = {
    "docker.域名": "https://registry-1.docker.io",
    "quay.域名": "https://quay.io",
    "gcr.域名": "https://gcr.io",
    "k8s-gcr.域名": "https://k8s.gcr.io",
    "k8s.域名": "https://registry.k8s.io",
    "ghcr.域名": "https://ghcr.io",
    "cloudsmith.域名": "https://docker.cloudsmith.io",
    };

    function routeByHosts(host) {
    if (host in routes) {
    return routes[host];
    }
    if (MODE == "debug") {
    return TARGET_UPSTREAM;
    }
    return "";
    }

    async function handleRequest(request) {
    let url = new URL(request.url);
    const upstream = routeByHosts(url.hostname);
    if (upstream === "") {
    return new Response(
    JSON.stringify({
    routes: routes,
    }),
    {
    status: 404,
    }
    );
    }
    if (upstream === "https://registry-1.docker.io") {
    // Modify URL if necessary based on search parameters and encoded characters
    if (!/%2F/.test(url.search) && /%3A/.test(url.toString())) {
    let modifiedUrl = url.toString().replace(/%3A(?=.*?&)/, '%3Alibrary%2F');
    url = new URL(modifiedUrl);
    }

    // Append 'library' to the pathname if necessary
    const libraryPathPattern = /^\/v2\/[^/]+\/[^/]+\/[^/]+$/;
    const libraryPrefixPattern = /^\/v2\/library/;
    if (libraryPathPattern.test(url.pathname) && !libraryPrefixPattern.test(url.pathname)) {
    url.pathname = url.pathname.replace(/\/v2\//, '/v2/library/');
    }
    }
    // check if need to authenticate
    if (url.pathname == "/v2/") {
    const newUrl = new URL(upstream + "/v2/");
    const resp = await fetch(newUrl.toString(), {
    method: "GET",
    redirect: "follow",
    });
    if (resp.status === 200) {
    } else if (resp.status === 401) {
    const headers = new Headers();
    if (MODE == "debug") {
    headers.set(
    "Www-Authenticate",
    `Bearer realm="${LOCAL_ADDRESS}/v2/auth",service="cloudflare-docker-proxy"`
    );
    } else {
    headers.set(
    "Www-Authenticate",
    `Bearer realm="https://${url.hostname}/v2/auth",service="cloudflare-docker-proxy"`
    );
    }
    return new Response(JSON.stringify({ message: "UNAUTHORIZED" }), {
    status: 401,
    headers: headers,
    });
    } else {
    return resp;
    }
    }
    // get token
    if (url.pathname == "/v2/auth") {
    const newUrl = new URL(upstream + "/v2/");
    const resp = await fetch(newUrl.toString(), {
    method: "GET",
    redirect: "follow",
    });
    if (resp.status !== 401) {
    return resp;
    }
    const authenticateStr = resp.headers.get("WWW-Authenticate");
    if (authenticateStr === null) {
    return resp;
    }
    const wwwAuthenticate = parseAuthenticate(authenticateStr);
    return await fetchToken(wwwAuthenticate, url.searchParams);
    }
    // foward requests
    const newUrl = new URL(upstream + url.pathname);
    const newReq = new Request(newUrl, {
    method: request.method,
    headers: request.headers,
    redirect: "follow",
    });
    return await fetch(newReq);
    }

    function parseAuthenticate(authenticateStr) {
    // sample: Bearer realm="https://auth.ipv6.docker.com/token",service="registry.docker.io"
    // match strings after =" and before "
    const re = /(?<=\=")(?:\\.|[^"\\])*(?=")/g;
    const matches = authenticateStr.match(re);
    if (matches === null || matches.length < 2) {
    throw new Error(`invalid Www-Authenticate Header: ${authenticateStr}`);
    }
    return {
    realm: matches[0],
    service: matches[1],
    };
    }

    async function fetchToken(wwwAuthenticate, searchParams) {
    const url = new URL(wwwAuthenticate.realm);
    if (wwwAuthenticate.service.length) {
    url.searchParams.set("service", wwwAuthenticate.service);
    }
    if (searchParams.get("scope")) {
    url.searchParams.set("scope", searchParams.get("scope"));
    }
    return await fetch(url, { method: "GET", headers: {} });
    }
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2312 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 01:57 · PVG 09:57 · LAX 17:57 · JFK 20:57
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.