Update docker-ghcr.yml

Added links to Chinese and English documentation in README.

.github/workflows/docker-ghcr.yml

@@ -3,9 +3,9 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version number'
+        description: '版本号 (例如: v1.0.0)'
         required: true
-        default: 'latest'
+        default: 'v1.0.0'
 
 jobs:
   build:
@@ -36,7 +36,12 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
           
       - name: Set version from input
-        run: echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+        run: |
+          VERSION=${{ github.event.inputs.version }}
+          if [[ $VERSION == v* ]]; then
+            VERSION=${VERSION:1}
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Convert repository name to lowercase
         run: |
@@ -47,10 +52,9 @@ jobs:
       - name: Build and push Docker image
         run: |
           docker buildx build --push \
-            --platform linux/amd64,linux/arm64 \
+            --platform linux/amd64 \
             --tag ghcr.io/${{ env.REPO_LOWER }}:${{ env.VERSION }} \
-            --tag ghcr.io/${{ env.REPO_LOWER }}:latest \
             --build-arg VERSION=${{ env.VERSION }} \
             -f Dockerfile .
         env:
-          GHCR_PUBLIC: true  # 将镜像设置为公开
+          GHCR_PUBLIC: true

.github/workflows/release.yml

@@ -1,7 +1,7 @@
 name: 发布二进制文件
 
 on:
-  workflow_dispatch:  # 手动触发
+  workflow_dispatch:
     inputs:
       version:
         description: '版本号 (例如: v1.0.0)'
@@ -18,12 +18,13 @@ jobs:
       - name: 检出代码
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0  # 获取完整历史，用于生成变更日志
+          fetch-depth: 0
           
       - name: 设置Go环境
         uses: actions/setup-go@v5
         with:
-          go-version: '1.25'
+          go-version-file: "src/go.mod"
+          cache-dependency-path: "src/go.sum"
           
       - name: 获取版本号
         id: version
@@ -53,15 +54,24 @@ jobs:
         run: |
           mkdir -p build/hubproxy
           
+      - name: 安装 UPX
+        uses: crazy-max/ghaction-upx@v3
+        with:
+          install-only: true
+
       - name: 编译二进制文件
         run: |
           cd src
           
           # Linux AMD64
-          GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-amd64 .
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-amd64 .
           
           # Linux ARM64
-          GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-arm64 .
+          CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" -o ../build/hubproxy/hubproxy-linux-arm64 .
+          
+          # 压缩二进制文件
+          upx -9 ../build/hubproxy/hubproxy-linux-amd64
+          upx -9 ../build/hubproxy/hubproxy-linux-arm64
           
       - name: 复制配置文件
         run: |
@@ -125,4 +135,4 @@ jobs:
             build/checksums.txt
           draft: false
           prerelease: false
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -4,11 +4,11 @@ ARG TARGETARCH
 
 WORKDIR /app
 COPY src/go.mod src/go.sum ./
-RUN go mod download
+RUN go mod download && apk add upx
 
 COPY src/ .
 
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -ldflags="-s -w" -trimpath -o hubproxy .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build -ldflags="-s -w" -trimpath -o hubproxy . && upx -9 hubproxy
 
 FROM alpine
 

README.md

@@ -1,14 +1,15 @@
 # HubProxy
 
-🚀 **Docker 和 GitHub 加速代理服务器**
+ **Docker 和 GitHub 加速代理服务器**
 
 一个轻量级、高性能的多功能代理服务，提供 Docker 镜像加速、GitHub 文件加速、下载离线镜像、在线搜索 Docker 镜像等功能。
 
+
 <p align="center">
   <img src="https://count.getloli.com/get/@sky22333.hubproxy?theme=rule34" alt="Visitors">
 </p>
 
-## ✨ 特性
+## 特性
 
 - 🐳 **Docker 镜像加速** - 支持 Docker Hub、GHCR、Quay 等多个镜像仓库加速，流式传输优化拉取速度。
 - 🐳 **离线镜像包** - 支持下载离线镜像包，流式传输加防抖设计。
@@ -22,8 +23,13 @@
 - 🛡️ **完全自托管** - 避免依赖免费第三方服务的不稳定性，例如`cloudflare`等等。
 - 🚀 **多服务统一加速** - 单个程序即可统一加速 Docker、GitHub、Hugging Face 等多种服务，简化部署与管理。
 
+## 详细文档
 
-## 🚀 快速开始
+[中文文档](https://zread.ai/sky22333/hubproxy)
+
+[English](https://deepwiki.com/sky22333/hubproxy)
+
+## 快速开始
 
 ### Docker部署（推荐）
 ```
@@ -34,25 +40,21 @@ docker run -d \
   ghcr.io/sky22333/hubproxy
 ```
 
-
-
 ### 一键脚本安装
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/sky22333/hubproxy/main/install.sh | sudo bash
 ```
 
-也可以直接下载二进制文件执行`./hubproxy`使用，无需配置文件即可启动，内置默认配置，支持所有功能。
+支持单个二进制文件直接启动，无需其他配置，内置默认配置，支持所有功能。
 
 这个脚本会：
-- 🔍 自动检测系统架构（AMD64/ARM64）
-- 📥 从 GitHub Releases 下载最新版本
-- ⚙️ 自动配置系统服务
-- 🔄 保留现有配置（升级时）
+- 自动检测系统架构（AMD64/ARM64）
+- 从 GitHub Releases 下载最新版本
+- 自动配置系统服务
+- 保留现有配置（升级时）
 
-
-
-## 📖 使用方法
+## 使用方法
 
 ### Docker 镜像加速
 
@@ -96,7 +98,7 @@ https://yourdomain.com/https://github.com/user/repo/releases/download/v1.0.0/fil
 git clone https://yourdomain.com/https://github.com/sky22333/hubproxy.git
 ```
 
-## ⚙️ 配置
+## 配置
 
 <details>
   <summary>config.toml 配置说明</summary>
@@ -242,7 +244,9 @@ example.com {
 
 </div>
 
+## 界面预览
 
+![1](./.github/demo/demo1.jpg)
 
 ## Star 趋势
 [![Star 趋势](https://starchart.cc/sky22333/hubproxy.svg?variant=adaptive)](https://starchart.cc/sky22333/hubproxy)

docker-compose.yml

@@ -1,8 +1,14 @@
 services:
   hubproxy:
-    build: .
+    image: ghcr.io/sky22333/hubproxy
+    container_name: hubproxy
     restart: always
     ports:
-      - '5000:5000'
+      - "5000:5000"
     volumes:
-      - ./src/config.toml:/root/config.toml
+      - ./src/config.toml:/root/config.toml
+    logging:
+      driver: json-file
+      options:
+        max-size: "1g"
+        max-file: "2"

src/config.toml

@@ -83,6 +83,12 @@ authHost = "registry.k8s.io"
 authType = "anonymous"
 enabled = true
 
+# Default Registry
+[defaultRegistry]
+upstream = "registry-1.docker.io"
+authHost = "auth.docker.io"
+enabled = true
+
 [tokenCache]
 # 是否启用缓存(同时控制Token和Manifest缓存)显著提升性能
 enabled = true

src/config/config.go

@@ -49,6 +49,8 @@ type AppConfig struct {
 	} `toml:"download"`
 
 	Registries map[string]RegistryMapping `toml:"registries"`
+	
+	DefaultRegistry RegistryMapping `toml:"defaultRegistry"`
 
 	TokenCache struct {
 		Enabled    bool   `toml:"enabled"`

src/handlers/docker.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"regexp"
 	"strings"
 	"time"
 
@@ -16,6 +17,8 @@ import (
 	"hubproxy/utils"
 )
 
+var realmRegex = regexp.MustCompile(`realm="(https?://)([^/"]+)(/?[^"]*)"`)
+
 // DockerProxy Docker代理配置
 type DockerProxy struct {
 	registry name.Registry
@@ -28,9 +31,16 @@ var dockerProxy *DockerProxy
 type RegistryDetector struct{}
 
 // detectRegistryDomain 检测Registry域名并返回域名和剩余路径
-func (rd *RegistryDetector) detectRegistryDomain(path string) (string, string) {
+func (rd *RegistryDetector) detectRegistryDomain(c *gin.Context, path string) (string, string) {
 	cfg := config.GetConfig()
 
+	// 兼容Containerd的ns参数
+	if ns := c.Query("ns"); ns != "" {
+		if mapping, exists := cfg.Registries[ns]; exists && mapping.Enabled {
+			return ns, path
+		}
+	}
+
 	for domain := range cfg.Registries {
 		if strings.HasPrefix(path, domain+"/") {
 			remainingPath := strings.TrimPrefix(path, domain+"/")
@@ -61,7 +71,13 @@ var registryDetector = &RegistryDetector{}
 
 // InitDockerProxy 初始化Docker代理
 func InitDockerProxy() {
-	registry, err := name.NewRegistry("registry-1.docker.io")
+	cfg := config.GetConfig()
+	upstream := "registry-1.docker.io"
+	if cfg.DefaultRegistry.Upstream != "" {
+		upstream = cfg.DefaultRegistry.Upstream
+	}
+
+	registry, err := name.NewRegistry(upstream)
 	if err != nil {
 		fmt.Printf("创建Docker registry失败: %v\n", err)
 		return
@@ -99,7 +115,7 @@ func ProxyDockerRegistryGin(c *gin.Context) {
 func handleRegistryRequest(c *gin.Context, path string) {
 	pathWithoutV2 := strings.TrimPrefix(path, "/v2/")
 
-	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(pathWithoutV2); registryDomain != "" {
+	if registryDomain, remainingPath := registryDetector.detectRegistryDomain(c, pathWithoutV2); registryDomain != "" {
 		if registryDetector.isRegistryEnabled(registryDomain) {
 			c.Set("target_registry_domain", registryDomain)
 			c.Set("target_path", remainingPath)
@@ -346,17 +362,21 @@ func (r *ResponseRecorder) Write(data []byte) (int, error) {
 }
 
 func proxyDockerAuthOriginal(c *gin.Context) {
-	var authURL string
+	cfg := config.GetConfig()
+
+	authHost := "auth.docker.io"
+	if cfg.DefaultRegistry.AuthHost != "" {
+		authHost = cfg.DefaultRegistry.AuthHost
+	}
+
 	if targetDomain, exists := c.Get("target_registry_domain"); exists {
 		if mapping, found := registryDetector.getRegistryMapping(targetDomain.(string)); found {
-			authURL = "https://" + mapping.AuthHost + c.Request.URL.Path
-		} else {
-			authURL = "https://auth.docker.io" + c.Request.URL.Path
+			authHost = mapping.AuthHost
 		}
-	} else {
-		authURL = "https://auth.docker.io" + c.Request.URL.Path
 	}
 
+	authURL := "https://" + authHost + c.Request.URL.Path
+
 	if c.Request.URL.RawQuery != "" {
 		authURL += "?" + c.Request.URL.RawQuery
 	}
@@ -399,10 +419,15 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 		}
 	}
 
+	scheme := "http"
+	if c.Request.TLS != nil || c.GetHeader("X-Forwarded-Proto") == "https" {
+		scheme = "https"
+	}
+
 	for key, values := range resp.Header {
 		for _, value := range values {
 			if key == "Www-Authenticate" {
-				value = rewriteAuthHeader(value, proxyHost)
+				value = rewriteAuthHeader(value, scheme, proxyHost)
 			}
 			c.Header(key, value)
 		}
@@ -413,13 +438,8 @@ func proxyDockerAuthOriginal(c *gin.Context) {
 }
 
 // rewriteAuthHeader 重写认证头
-func rewriteAuthHeader(authHeader, proxyHost string) string {
-	authHeader = strings.ReplaceAll(authHeader, "https://auth.docker.io", "http://"+proxyHost)
-	authHeader = strings.ReplaceAll(authHeader, "https://ghcr.io", "http://"+proxyHost)
-	authHeader = strings.ReplaceAll(authHeader, "https://gcr.io", "http://"+proxyHost)
-	authHeader = strings.ReplaceAll(authHeader, "https://quay.io", "http://"+proxyHost)
-
-	return authHeader
+func rewriteAuthHeader(authHeader, scheme, proxyHost string) string {
+	return realmRegex.ReplaceAllString(authHeader, fmt.Sprintf(`realm="%s://%s$3"`, scheme, proxyHost))
 }
 
 // handleMultiRegistryRequest 处理多Registry请求
@@ -598,12 +618,5 @@ func createUpstreamOptions(mapping config.RegistryMapping) []remote.Option {
 		remote.WithTransport(utils.GetGlobalHTTPClient().Transport),
 	}
 
-	// 预留将来不同Registry的差异化认证逻辑扩展点
-	switch mapping.AuthType {
-	case "github":
-	case "google":
-	case "quay":
-	}
-
 	return options
 }

src/handlers/github.go

@@ -171,9 +171,9 @@ func proxyGitHubWithRedirect(c *gin.Context, u string, redirectCount int) {
 
 		processedBody, processedSize, err := utils.ProcessSmart(resp.Body, isGzipCompressed, realHost)
 		if err != nil {
-			fmt.Printf("智能处理失败，回退到直接代理: %v\n", err)
-			processedBody = resp.Body
-			processedSize = 0
+			fmt.Printf("脚本处理失败: %v\n", err)
+			c.String(http.StatusBadGateway, "Script processing failed: %v", err)
+			return
 		}
 
 		// 智能设置响应头

src/main.go

@@ -125,7 +125,7 @@ func main() {
 		fmt.Printf("H2c: 已启用\n")
 	}
 
-	fmt.Printf("版本号: v1.1.9\n")
+	fmt.Printf("版本号: v1.2.1\n")
 	fmt.Printf("项目地址: https://github.com/sky22333/hubproxy\n")
 
 	// 创建HTTP2服务器

src/utils/access_control.go

@@ -200,6 +200,13 @@ func (ac *AccessController) checkList(matches, list []string) bool {
 		if strings.HasPrefix(fullRepo, item+"/") {
 			return true
 		}
+
+		if strings.HasPrefix(item, "*/") {
+			p := item[2:]
+			if p == repoName || (strings.HasSuffix(p, "*") && strings.HasPrefix(repoName, p[:len(p)-1])) {
+				return true
+			}
+		}
 	}
 	return false
 }

src/utils/proxy_shell.go

@@ -10,49 +10,46 @@ import (
 )
 
 // GitHub URL正则表达式
-var githubRegex = regexp.MustCompile(`https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'"]+`)
+var githubRegex = regexp.MustCompile(`(?:^|[\s'"(=,\[{;|&<>])https?://(?:github\.com|raw\.githubusercontent\.com|raw\.github\.com|gist\.githubusercontent\.com|gist\.github\.com|api\.github\.com)[^\s'")]*`)
+
+// MaxShellSize 限制最大处理大小为 10MB
+const MaxShellSize = 10 * 1024 * 1024
 
 // ProcessSmart Shell脚本智能处理函数
-func ProcessSmart(input io.ReadCloser, isCompressed bool, host string) (io.Reader, int64, error) {
-	defer input.Close()
-
+func ProcessSmart(input io.Reader, isCompressed bool, host string) (io.Reader, int64, error) {
 	content, err := readShellContent(input, isCompressed)
 	if err != nil {
-		return nil, 0, fmt.Errorf("内容读取失败: %v", err)
+		return nil, 0, err
 	}
 
 	if len(content) == 0 {
 		return strings.NewReader(""), 0, nil
 	}
 
-	if len(content) > 10*1024*1024 {
-		return strings.NewReader(content), int64(len(content)), nil
+	if !bytes.Contains(content, []byte("github.com")) && !bytes.Contains(content, []byte("githubusercontent.com")) {
+		return bytes.NewReader(content), int64(len(content)), nil
 	}
 
-	if !strings.Contains(content, "github.com") && !strings.Contains(content, "githubusercontent.com") {
-		return strings.NewReader(content), int64(len(content)), nil
-	}
-
-	processed := processGitHubURLs(content, host)
+	processed := processGitHubURLs(string(content), host)
 
 	return strings.NewReader(processed), int64(len(processed)), nil
 }
 
-func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
+func readShellContent(input io.Reader, isCompressed bool) ([]byte, error) {
 	var reader io.Reader = input
 
 	if isCompressed {
 		peek := make([]byte, 2)
 		n, err := input.Read(peek)
 		if err != nil && err != io.EOF {
-			return "", fmt.Errorf("读取数据失败: %v", err)
+			return nil, fmt.Errorf("读取数据失败: %v", err)
 		}
 
 		if n >= 2 && peek[0] == 0x1f && peek[1] == 0x8b {
 			combinedReader := io.MultiReader(bytes.NewReader(peek[:n]), input)
 			gzReader, err := gzip.NewReader(combinedReader)
 			if err != nil {
-				return "", fmt.Errorf("gzip解压失败: %v", err)
+				return nil, fmt.Errorf("gzip解压失败: %v", err)
 			}
 			defer gzReader.Close()
 			reader = gzReader
@@ -61,37 +58,50 @@ func readShellContent(input io.ReadCloser, isCompressed bool) (string, error) {
 		}
 	}
 
-	data, err := io.ReadAll(reader)
+	limit := int64(MaxShellSize + 1)
+	limitedReader := io.LimitReader(reader, limit)
+
+	data, err := io.ReadAll(limitedReader)
 	if err != nil {
-		return "", fmt.Errorf("读取内容失败: %v", err)
+		return nil, fmt.Errorf("读取内容失败: %v", err)
 	}
 
-	return string(data), nil
+	if int64(len(data)) > MaxShellSize {
+		return nil, fmt.Errorf("脚本文件过大，超过 %d MB 限制", MaxShellSize/1024/1024)
+	}
+
+	return data, nil
 }
 
 func processGitHubURLs(content, host string) string {
-	return githubRegex.ReplaceAllStringFunc(content, func(url string) string {
-		return transformURL(url, host)
+	return githubRegex.ReplaceAllStringFunc(content, func(match string) string {
+		// 如果匹配包含前缀分隔符，保留它，防止出现重复转换
+		if len(match) > 0 && match[0] != 'h' {
+			prefix := match[0:1]
+			url := match[1:]
+			return prefix + transformURL(url, host)
+		}
+		return transformURL(match, host)
 	})
 }
 
 // transformURL URL转换函数
 func transformURL(url, host string) string {
-    if strings.Contains(url, host) {
-        return url
-    }
+	if strings.Contains(url, host) {
+		return url
+	}
 
-    if strings.HasPrefix(url, "http://") {
-        url = "https" + url[4:]
-    } else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
-        url = "https://" + url
-    }
+	if strings.HasPrefix(url, "http://") {
+		url = "https" + url[4:]
+	} else if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "//") {
+		url = "https://" + url
+	}
 
-    // 确保 host 有协议头
-    if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
-        host = "https://" + host
-    }
-    host = strings.TrimSuffix(host, "/")
+	// 确保 host 有协议头
+	if !strings.HasPrefix(host, "http://") && !strings.HasPrefix(host, "https://") {
+		host = "https://" + host
+	}
+	host = strings.TrimSuffix(host, "/")
 
-    return host + "/" + url
-}
+	return host + "/" + url
+}