@@ -28,6 +28,126 @@ icon: Ellipsis
2828
2929` 主域名 ` 填入你将要使用的域名,并勾选` 监听 IPV6 ` ,代理类型选择 ` http ` ,地址填入 ` 127.0.0.1:2333 `
3030
31+ #### Vane
32+ <Callout type = " warn"
33+ 由于 ** Vane** 是一个新开发的反向代理(2025-09-09),** 所以请做好出现异常问题的准备** ,但是不要担心,出现任何代理问题的时候请携带** 日志** 给我们,我们会听取你们的反馈,目前已经测试过了 ` mx-server ` + ` Shiroi ` 请放心使用
34+ </Callout >
35+
36+ [ Vane] ( https://github.com/canmi21/vane ) 是一个现代的,100% 使用 Rust 编写的反向代理,其优势是大约 1.5-3MB 的内存占用,整 docker 镜像部署大约占用 5MB 磁盘大小
37+ 详细步骤:
38+
39+ 首先使用 ` SSL ` 需要先获取证书,` Vane ` 目前不包含 SSL 证书管理,有2个办法是:
40+ - ` 1panel ` & '宝塔面板' 这些 GUI 运维工具自带了 acme.sh 可以GUI管理了给 Vane 导入证书文件
41+ - [ lazy-acme] ( https://github.com/canmi21/lazy-acme ) 这是 Vane 配套的管理工具,后端使用 [ Lego] ( https://github.com/go-acme/lego ) , 目前只支持 ` Cloudfalre ` DNS 验证 + 少量主流免费 CA.
42+
43+ 如果使用` 方法1 ` 的话,需要你自行映射证书目录给 ` ~/vane/cert ` 或者映射其他任何你喜欢的位置,内部存在的 ` pem ` 格式证书在下面 ` zonefile ` 内部修改使用
44+
45+ 关于 ` Vane ` 部署,推荐使用 [ docker-compose.yml] ( https://github.com/canmi21/vane?tab=readme-ov-file#installation-and-usage ) 部署
46+
47+ 然后需要编写一个 ` Zone File ` 采用 ** TOML** 语法, 配置文件默认存放在 "~ /vane/config.toml",Vane 虽然支持 ` * ` wildcard 匹配,但是还是建议分离域名管理会方便一些,例如:
48+
49+ ``` toml
50+ # Vane main configuration file
51+ # This file maps hostnames to their specific configuration files.
52+ [domains ]
53+ "example.com" = " example.com.toml"
54+ "api.example.com" = " api.example.com.toml"
55+ ```
56+
57+ 这样就创建好了2个独立的域名,接下来,在该文件夹内分别创建 ` example.com.toml ` 和 ` api.example.com.toml ` 注意请替换为实际域名
58+
59+
60+ ``` toml
61+ # Vane domain configuration for example.com
62+
63+ # --- Core Protocol Settings ---
64+ # Enable HTTPS on the standard port (443 by default).
65+ https = true
66+ # Enable HTTP/3 over QUIC on the HTTPS UDP port. Requires `https` to be true.
67+ http3 = true
68+ # Enable HSTS (HTTP Strict Transport Security) header to enforce HTTPS on clients.
69+ hsts = true
70+ # Behavior for plain HTTP requests on port 80:
71+ # "upgrade" (redirects to HTTPS), "reject" (blocks), or "allow".
72+ http_options = " reject"
73+
74+ # --- TLS Certificate Settings ---
75+ [tls ]
76+ # Path to the PEM-encoded TLS certificate file. Supports '~' for the home directory.
77+ cert = " ~/vane/cert/example.com.pem"
78+ # Path to the PEM-encoded private key file. Supports '~' for the home directory.
79+ key = " ~/vane/cert/example.com.key"
80+
81+ # --- Method Filtering ---
82+ # Optional: Restrict which HTTP methods are allowed for this entire domain.
83+ # This check happens before CORS or routing. Use "*" to allow all methods.
84+ [methods ]
85+ allow = " GET, POST, OPTIONS, HEAD"
86+
87+ # --- CORS (Cross-Origin Resource Sharing) ---
88+ # Optional: Fine-grained CORS configuration.
89+ # If this section is present, Vane will override any CORS headers from the backend.
90+ [cors ]
91+ # Map of allowed origins to their allowed methods.
92+ [cors .origins ]
93+ # For methods, use a comma-separated string (e.g., "GET, POST"), or use "*" to allow all methods from that origin.
94+ "https://canmi.net" = " GET, POST, OPTIONS"
95+
96+ # --- Rate Limiting ---
97+ [rate_limit ]
98+ # Default rate limit applied to all requests for this domain unless a more specific rule matches.
99+ [rate_limit .default ]
100+ # The time window for the rate limit (e.g., "1s", "10m", "1h").
101+ period = " 1s"
102+ # Number of requests allowed in the period. Set to 0 to disable.
103+ requests = 20
104+
105+ # --- Routing Rules ---
106+ # Define how incoming paths are proxied to backend targets.
107+ # Rules are matched from top to bottom.
108+ # [[routes]]
109+ # The URL path to match. Supports wildcards (*) at the end.
110+ # path = "/api/*"
111+ # A list of backend servers. Vane will try them in order.
112+ # If the first target fails (connection error or 5xx response), it will try the second, and so on.
113+ # targets = ["http://12.0.0.1:8000", "http://127.0.0.1:33433"] # Primary and fallback targets
114+
115+ [[routes ]]
116+ path = " /"
117+ websocket = true
118+ targets = [" http://127.0.0.1:2323"
119+ ```
120+
121+ 以及后端 ` mx-server `
122+
123+ ``` toml
124+ # Vane domain configuration for api.example.com
125+
126+ https = true
127+ http_options = " reject"
128+ hsts = true
129+ http3 = false
130+
131+ [tls ]
132+ cert = " ~/vane/cert/api.example.com.pem"
133+ key = " ~/vane/cert/api.example.com.key"
134+
135+ [methods ]
136+ allow = " GET, POST, OPTIONS, HEAD"
137+
138+ [rate_limit .default ]
139+ period = " 1s"
140+ requests = 20
141+
142+ [[routes ]]
143+ path = " /*"
144+ websocket = true
145+ targets = [" http://localhost:2333"
146+ ```
147+
148+ 注意这里 ` 2333 ` 和 ` 2323 ` 端口可能会需要按照你实际部署的 ` mx-space ` 来决定端口,如果你自己修改了的话, 以及端口,这里例示使用了
149+ ` example.com ` 这个裸域名作为前端,` api.example.com ` 具体域名可能需要按照实际情况修改,当然如果你前端想要部署在三级域名上比如 ` blog.example.com ` 上也是可以的,按照上述配置修改即可
150+
31151### Cloudflare Tunnel
32152<Callout type = " warn"
33153除非你在** 非完整服务器环境** (如在 Sealos 或 Huggingface Space 上部署),否则我们不推荐在容器内使用该功能,而应在宿主机内配置 ** Cloudflare Tunnel** 以避免后期出现管理不方便等问题
0 commit comments