原项目地址: https://github.com/KawaiiZapic/HidePortWorker
这个脚本可以帮助你在 Cloudflare 使用非 443/80 端口时隐藏你的端口, 基于 Cloudflare Worker.
由于 Worker 无法自定义 Header 内的 Host, 只能添加新的 Header 来传递 Host.
所以需要使用一些手段将新的 Header 转换成 Host 传递给原服务器.
一种比较简单的方案是使用 Nginx 等软件进行反代, 代替源服务器暴露到外网, 并设置头部.
server {
listen 4443 ssl default_server;
listen [::]:4443 ssl default_server ipv6only=on;
ssl_certificate /etc/nginx/key/example.crt;
ssl_certificate_key /etc/nginx/key/example.key;
server_name proxy.example.com;
underscores_in_headers on;
location / {
proxy_set_header Host $http_x_real_host;
proxy_set_header X-Real-Host "";
proxy_pass https://127.0.0.1:443;
}
}在脚本头部添加如下设置
let SvrGrp = [{
"Host": "example.com",
"Port": 4443,
"Protocol": "https",
"Weight": 10
}, {
"Host": "example2.com",
"Port": 4444,
"Protocol": "https",
"Weight": 10
}];
let getSrv = () => {
let SrvMap = [];
for(let Srv in SrvGrp) {
let w = typeof SrvGrp[Srv].Weight != "undefined" ? SrvGrp[Srv].Weight : 0;
while (w >= 0){
SrvMap.push(Srv);
--w;
}
}
return SrvGrp[SrvMap[Math.floor(SrvMap.length * Math.random())]];
};
addEventListener(
"fetch",
(e) => {
let Url = new URL(e.request.url);
let Srv = getSrv();
Url.host = Svr.Host;
Url.port = Svr.Port;
Url.protocol = Svr.Protocol + ":";
let Req = new Request(Url,e.request);
Req.headers.set('X-Real-Host', e.request.headers.get('Host'));
e.respondWith(fetch(Req));
}
)
把脚本添加到 Worker 并部署, 设置代理将全部流量 .example.com/* 代理到新的 Worker, 访问服务器.