Russel053/ 21 4 月, 2020/ 網路服務

硬體配置:

1c 256M 4g 即可(開高我也沒意見)

安裝方式:

到 Github 選擇對應 OS 安裝包 下載 解壓縮執行安裝即可

wget https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.101.0/AdGuardHome_linux_amd64.tar.gz
tar zxvf AdGuardHome_linux_amd64.tar.gz
cd AdGuardHome/
sudo ./AdGuardHome -s install

IP:3000 進入網頁設定(預設值即可)

一般設置

DNS設置

上游的 DNS 伺服器:

https://dns.cloudflare.com/dns-query
1.1.1.2
168.95.192.1
https://dns.google/dns-query

勾選同時查詢 DNS


RBL清單:

預設內建可以全勾之後,以下可以參考新增:

#NeoHost
https://cdn.jsdelivr.net/gh/neoFelhz/[email protected]/127.0.0.1/full/hosts

#CoinBlocker
https://zerodot1.gitlab.io/CoinBlockerLists/hosts

#StevenBlack
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

#CHEF-KOCH NASBlocklist
https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS/HOSTS

#ABP
https://bestpika.github.io/abp/yui.txt
https://gist.github.com/bestpika/5e414a4f60b2a996a6fb31ec592a56b4/raw/hide.txt
https://filters.adtidy.org/extension/ublock/filters/3.txt
https://filters.adtidy.org/extension/ublock/filters/15.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/badware.txt
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/resource-abuse.txt
https://raw.githubusercontent.com/Yhonay/antipopads/master/popads.txt
https://raw.githubusercontent.com/NanoAdblocker/NanoFilters/master/NanoFilters/NanoTimer.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjxlist.txt
https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt
https://280blocker.net/files/280blocker_adblock.txt
https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-easylist.txt
#AAK
https://easylist-downloads.adblockplus.org/antiadblockfilters.txt
https://raw.githubusercontent.com/jspenguin2017/uBlockProtector/master/uBlockProtectorList.txt
#Other
https://filter.futa.gg/filter.txt
https://filter.futa.gg/hosts.txt
https://raw.githubusercontent.com/gwarser/filter-lists/master/lan-block.txt
https://filter.futa.gg/nofarm_hosts.txt

Let’s Encrypt:

先利用其他域名證書讓 nginx -t 檢查通過之後 CF DNS 直通 Let’s Encrypt 簽發證書回傳:

server
{
   listen 80;
   server_name agh.yourdomain;

   return 301 https://$server_name$request_uri;
}

server
{
   listen 443 ssl http2;
   server_name agh.yourdomain;

   root /dev/null;
    ssl_certificate /etc/letsencrypt/live/agh.yourdomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/agh.yourdomain/privkey.pem; # managed by Certbot
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_session_timeout  10m;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;

   location / {
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://10.0.1.191;
    }

    location ~ .*.(gif|jpg|jpeg|png|bmp|swf|css|js)$ {
        proxy_pass https://10.0.1.191;
        proxy_set_header Host  $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }

    location /dns-query {
        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_buffering off;
        proxy_redirect off;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass https://10.0.1.191:443/dns-query;
    }

}

然後利用 proxy 取得的 ssl 證書拷貝至 AdGuard Home 加密頁面, 填寫相同域名,不勾選 HTTP to HTTPS 之後,生效收工。


如果不小心開啟安全搜尋請先關閉之後進入 Youtube 將嚴格篩選模式關閉:


驗證 DoT 以及 DoH >> https://github.com/ameshkov/dnslookup

apt install golang
git clone https://github.com/ameshkov/dnslookup
cd dnslookup
make
./dnslookup www.google.com https://adg.yourdomain/dns-query

or 使用此測試:

time nslookup www.google.com agh.yourdomain

其他封鎖清單:

https://github.com/tasi788/abp

https://github.com/privacy-protection-tools/anti-AD

Share this Post