pref: 修复维基百科 ip、新增Nyaa；新增自签证书批处理包 (#48)

* fix Wikipedia ip

198.35.26.96 早已被封锁；
103.102.166.224 不稳定。

* add nyaa.si

* update hosts

* add batch file for self-sign cert

* Add files via upload

* Delete crtserial.srl

* fix bat

* fix: remove unexist extensions

* add gif teaching

conf/pixiv.conf

@@ -275,8 +275,9 @@ server {
 }
 
 upstream wikipedia-server { 
-    server 198.35.26.96:443;
-    server 103.102.166.224:443;
+    server 208.80.153.224:443;
+    server 208.80.154.224:443;
+    server 91.198.174.192:443;
 }
 
 server {
@@ -356,4 +357,24 @@ server {
         proxy_set_header Accept-Encoding ''; 
         proxy_buffering off;
     }
+}
+  server {
+    listen 443 ssl;
+    server_name nyaa.si;
+    server_name www.nyaa.si;
+    server_name sukebei.nyaa.si;
+
+
+    ssl_certificate ca/pixiv.net.crt;
+    ssl_certificate_key ca/pixiv.net.key;
+    
+    location / {
+        proxy_pass https://185.178.208.182/;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header User-Agent $http_user_agent;
+        proxy_set_header Accept-Encoding ''; 
+        proxy_buffering off;
+    }
 }

hosts

@@ -89,7 +89,6 @@
 210.140.131.220  myaccount.pixiv.net
 #Pixiv End
 
-# 顺手修一下维基百科
 # Wikipedia Start
 127.0.0.1 en.wikipedia.org
 127.0.0.1 zh.wikipedia.org #中文维基百科桌面版
@@ -102,12 +101,17 @@
 127.0.0.1 zh.wikinews.org #中文维基新闻桌面版
 # Wikipedia End
 
-# 顺手修一下Steam
-# Steam
+# Steam Start
 127.0.0.1 store.steampowered.com
 127.0.0.1 steamcommunity.com
 # Steam end
 
-# 新增对Archive of our own的支持
+# AO3 Start
 127.0.0.1 archiveofourown.org
-# Archive of our own end
+# AO3 end
+
+# Nyaa Start
+127.0.0.1	nyaa.si
+127.0.0.1	www.nyaa.si
+127.0.0.1	sukebei.nyaa.si
+# Nyaae End

自签证书傻瓜式批处理包/config_childCA.txt

@@ -0,0 +1,46 @@
+[ req ]
+default_bits				= 2048
+
+prompt					= no
+distinguished_name			= req_distinguished_name
+req_extensions				= v3_req
+
+[ req_distinguished_name ]
+countryName				= CN
+organizationName			= FuckGFW Foundation
+commonName				= PixivCA
+
+[ alternate_names ]
+DNS.01 = *.pixiv.net
+DNS.02 = pixiv.net
+DNS.03 = *.secure.pixiv.net
+DNS.04 = pixivision.net
+DNS.05 = *.pixivision.net
+DNS.06 = pixiv.me
+DNS.07 = *.pixiv.me
+DNS.08 = pximg.net
+DNS.09 = *.pximg.net
+DNS.10 = pixivsketch.net
+DNS.11 = *.pixivsketch.net
+DNS.12 = public-api.secure.pixiv.net
+DNS.13 = wikipedia.org
+DNS.14 = *.wikipedia.org
+DNS.15 = m.wikipedia.org
+DNS.16 = *.m.wikipedia.org
+DNS.17 = google.com
+DNS.18 = *.google.com
+DNS.19 = steamcommunity.com
+DNS.20 = *.steamcommunity.com
+DNS.21 = steampowered.com
+DNS.22 = *.steampowered.com
+DNS.23 = archiveofourown.org
+DNS.24 = *.archiveofourown.org
+DNS.25 = nyaa.si
+DNS.26 = *.nyaa.si
+
+[ v3_req ]
+keyUsage				= digitalSignature
+extendedKeyUsage			= serverAuth,clientAuth
+basicConstraints			= CA:false
+subjectAltName				= @alternate_names
+subjectKeyIdentifier			= hash

自签证书傻瓜式批处理包/config_rootCA.txt

@@ -0,0 +1,17 @@
+[ req ]
+default_bits			= 2048
+
+prompt				= no
+distinguished_name		= req_distinguished_name
+v3_extensions			= v3_ext
+
+[ req_distinguished_name ]
+countryName			= CN
+organizationName		= FuckGFW Foundation
+commonName			= Pixiv.net
+
+[ v3_ext ]
+keyUsage			= keyCertSign,cRLSign
+basicConstraints		= CA:true
+subjectKeyIdentifier		= hash
+authorityKeyIdentifier		= keyid,issuer

自签证书傻瓜式批处理包/config_signCA.txt

@@ -0,0 +1,24 @@
+[ ca ]
+default_ca		= myca
+
+[ myca ]
+serial			= ./crtserial.srl
+database		= ./index.txt
+new_certs_dir		= ./
+certificate		= ./rootCA.crt
+private_key		= ./rootCA.key
+default_md		= sha256
+default_days		= 365
+unique_subject		= no
+policy			= my_policy
+copy_extensions		= copy
+
+
+[ my_policy ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional

自签证书傻瓜式批处理包/★使用说明★.txt

@@ -0,0 +1,5 @@
+1.下载 OpenSSL（https://slproweb.com/products/Win32OpenSSL.html）安装，设置为「环境变量」（自行百度，只要在CMD中输入openssl有反应就行，而不是「'openssl' 不是内部或外部命令，也不是可运行的程序或批处理文件」）。
+
+2.第一次使用时直接使用「【限初次使用】一键生成根证书和子证书.bat」并将rootCA.crt安装到系统受信任的根证书列表即可，生成的Pixiv.key和Pixiv.crt可替换软件自带的CA。
+
+3.需要添加域名时打开「config_childCA.txt」加入，完后使用「【修改config_childCA.txt后使用】重新签发子证书.bat」只需将新生成的Pixiv.crt替换Nginx目录原先的文件即可。

自签证书傻瓜式批处理包/【修改config_childCA.txt后使用】重新签发子证书.bat

@@ -0,0 +1,4 @@
+del /f /s /q pixiv.net.csr
+del /f /s /q pixiv.net.crt
+openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt

自签证书傻瓜式批处理包/【可选】清理生成证书后产生的垃圾文件.bat

@@ -0,0 +1,7 @@
+del /f /s /q *.pem
+del /f /s /q crtserial.srl.old
+del /f /s /q index.txt.old
+del /f /s /q index.txt.attr
+del /f /s /q index.txt.attr.old
+echo 01 > crtserial.srl
+break > index.txt

自签证书傻瓜式批处理包/【限初次使用】一键生成根证书和子证书.bat

@@ -0,0 +1,7 @@
+echo 01 > crtserial.srl
+break > index.txt
+openssl genrsa -out pixiv.net.key 2048
+openssl genrsa -out rootCA.key 2048
+openssl req -new -x509 -key rootCA.key -out rootCA.crt -days 3650 -config config_rootCA.txt
+openssl req -new -sha256 -key pixiv.net.key -out pixiv.net.csr -config config_childCA.txt
+openssl ca -config config_signCA.txt -in pixiv.net.csr -out pixiv.net.crt