荒岛
这问题的本质是Reddit把机房(数据中心)IP给BAN了,和Glance自身没多大关系。
Glance为了解决这个问题,还特地弄出来个request-url-template的配置项,用户可以自己搭建一个HTTP代理,然后把它配置成:
request-url-template: https://your-proxy.com/{REQUEST-URL}
这样就能解决Reddit无法访问的问题,但我实际测试了一下,不太好用哈,所以我自己又想出来一个解决办法:用sing-box和warp。
其实方法类似于我之前写的这篇文章:https://lala.im/9156.html,区别在于之前这篇文章的目的是让客户端解锁,而现在我们要做的是让服务端自身能够解锁。
我首先想到的是直接用sing-box的tun接管机器的所有流量,然后出站配个warp就能解锁Reddit了。但是实际操作下来会发现,机器内的服务就无法访问了,甚至直接失联,ssh都登录不了,看样子并不能像往常一样直接使用默认路由(路由所有流量到tun)然后我就想到只路由部分流量,也就是只把Reddit相关的流量路由到tun,要怎么做呢?
之后我看了一下sing-box的文档,发现从1.10版本起多了这样一个新功能:route_address_set
然后我又通过Google找到了:https://github.com/Loyalsoldier/geoip,里面有geoip:fastly规则,并且支持sing-box的srs格式。Reddit就是用的fastly的cdn,这样一来思路不就有了!首先我们安装sing-box 1.10:
curl -L https://github.com/SagerNet/sing-box/releases/download/v1.10.0-alpha.28/sing-box_1.10.0-alpha.28_linux_amd64.deb -o sing-box_1.10.0-alpha.28_linux_amd64.deb dpkg -i sing-box_1.10.0-alpha.28_linux_amd64.deb rm sing-box_1.10.0-alpha.28_linux_amd64.deb
再把wgcf-cli安装一下:
apt -y update apt -y install zstd mkdir wgcf-cli && cd wgcf-cli curl -L https://github.com/ArchiveNetwork/wgcf-cli/releases/download/v0.3.6/wgcf-cli-linux-64.tar.zstd -o wgcf-cli-linux-64.tar.zstd tar -xvf wgcf-cli-linux-64.tar.zstd
执行如下命令注册warp账户:
./wgcf-cli register
然后生成sing-box的wireguard配置文件:
./wgcf-cli generate --sing-box
编辑sing-box的配置文件:
nano /etc/sing-box/config.json
写入如下配置:
{
"log": {
"level": "info"
},
"dns": {
"servers": [
{
"tag": "google",
"address": "tls://dns.google",
"address_resolver": "resolver",
"strategy": "prefer_ipv4"
},
{
"tag": "resolver",
"address": "1.1.1.1",
"strategy": "prefer_ipv4",
"detour": "direct"
}
],
"rules": [
{
"outbound": "any",
"server": "google"
}
],
"final": "google"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"address": [
"10.0.0.1/30",
"fc00::1/126"
],
"auto_route": true,
"strict_route": true,
"auto_redirect": true,
"stack": "mixed",
"route_address_set": [
"geoip-fastly",
"geoip-netflix"
],
"sniff": true
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
},
{
"type": "wireguard",
"tag": "wireguard-out",
"server": "engage.cloudflareclient.com",
"server_port": 2408,
"system_interface": true,
"interface_name": "wg0",
"local_address": [
"172.16.0.2/32",
"2606:4700:110:87c2:aed7:cd8a:df42:c35/128"
],
"private_key": "hidden",
"peer_public_key": "hidden",
"reserved": "nhu8",
"mtu": 1280
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"rule_set": [
"geosite-reddit",
"geosite-netflix"
],
"outbound": "wireguard-out"
}
],
"rule_set": [
{
"type": "remote",
"tag": "geosite-reddit",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-reddit.srs",
"download_detour": "direct",
"update_interval": "7d"
},
{
"type": "remote",
"tag": "geosite-netflix",
"format": "binary",
"url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-netflix.srs",
"download_detour": "direct",
"update_interval": "7d"
},
{
"type": "remote",
"tag": "geoip-fastly",
"format": "binary",
"url": "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/srs/fastly.srs",
"download_detour": "direct",
"update_interval": "7d"
},
{
"type": "remote",
"tag": "geoip-netflix",
"format": "binary",
"url": "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/srs/netflix.srs",
"download_detour": "direct",
"update_interval": "7d"
}
],
"final": "direct",
"auto_detect_interface": true
}
}
启动sing-box:
systemctl enable --now sing-box
这样就完美了,机器内的服务不受影响依旧可以正常访问,SSH也能正常连接,Reddit也能解锁了,甚至我用同样的方式把奈飞也解了:
