{"id":47270347,"url":"https://github.com/rain-kl/openflare","last_synced_at":"2026-06-06T06:01:18.130Z","repository":{"id":343268056,"uuid":"1176984194","full_name":"Rain-kl/OpenFlare","owner":"Rain-kl","description":"分布式CDN边缘节点, 由统一的控制中心对节点进行管控。","archived":false,"fork":false,"pushed_at":"2026-05-26T03:19:19.000Z","size":3739,"stargazers_count":119,"open_issues_count":7,"forks_count":28,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-26T05:32:05.529Z","etag":null,"topics":["cdn","distributed-systems","golang","network","nextjs","reverse-proxy"],"latest_commit_sha":null,"homepage":"https://open-flare.pages.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Rain-kl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-03-09T15:20:39.000Z","updated_at":"2026-05-26T03:18:29.000Z","dependencies_parsed_at":"2026-04-02T00:05:44.862Z","dependency_job_id":null,"html_url":"https://github.com/Rain-kl/OpenFlare","commit_stats":null,"previous_names":["rain-kl/atsflare","rain-kl/openflare"],"tags_count":70,"template":false,"template_full_name":null,"purl":"pkg:github/Rain-kl/OpenFlare","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rain-kl%2FOpenFlare","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rain-kl%2FOpenFlare/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rain-kl%2FOpenFlare/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rain-kl%2FOpenFlare/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Rain-kl","download_url":"https://codeload.github.com/Rain-kl/OpenFlare/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rain-kl%2FOpenFlare/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33634611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cdn","distributed-systems","golang","network","nextjs","reverse-proxy"],"created_at":"2026-03-15T11:00:41.598Z","updated_at":"2026-06-06T06:01:18.121Z","avatar_url":"https://github.com/Rain-kl.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# OpenFlare\n\n**[📖 中文](./README.md) | [English](./README.en.md)**\n\nOpenFlare 是开源 CDN 编排与边缘安全平台。它支持反向代理、集中式配置同步、内网穿透（Tunnels）、动态 WAF 防护以及防 CC 挑战。\n\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://raw.githubusercontent.com/Rain-kl/OpenFlare/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/Rain-kl/OpenFlare?color=brightgreen\" alt=\"license\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Rain-kl/OpenFlare/releases/latest\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/Rain-kl/OpenFlare?color=brightgreen\u0026include_prereleases\" alt=\"release\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Rain-kl/OpenFlare/pkgs/container/openflare\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/GHCR-ghcr.io%2Frain--kl%2Fopenflare-brightgreen\" alt=\"ghcr\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003e [!WARNING]\n\u003e 使用 `root` 用户初次登录系统后，务必修改默认密码 `123456`。\n\u003e\n\u003e BETA 版本为开发测试阶段的临时产物，可能存在未知问题，请勿在生产环境使用。\n\n## 文档\n\n**https://open-flare.pages.dev**\n\n常用入口：\n\n* [快速开始](https://open-flare.pages.dev/guide/quick-start)\n* [部署说明](https://open-flare.pages.dev/deployment/deployment)\n* [配置项参考](https://open-flare.pages.dev/reference/configuration)\n* [系统设计](https://open-flare.pages.dev/design/)\n\n## 核心能力\n\n* **反代配置管理**：以网站规则为聚合边界，支持多域名绑定与多上游负载均衡，统一管理所有 OpenResty 节点的反代配置。\n* **安全内网穿透（Tunnels）**：开源版的 Cloudflare Tunnels。无须公网 IP 或暴露入向端口，通过 Relay 中继节点与 OpenFlared 客户端安全反向穿透内网 Web 服务至公网。\n* **边缘 WAF 安全防护**：提供全局与自定义规则组，支持手动/自动/订阅型 IP 组、MaxMind GeoIP 国家级地域准入、IP 组成员 Checksum 差分同步（无需 Nginx 重载）以及自定义拦截响应。\n* **防 CC 与人机挑战（PoW）**：内置高性能客户端密码学 Proof of Work 挑战（类似 Turnstile），在网关边缘秒级拦截并阻断僵尸网络与爬虫。\n* **Pages 静态托管**：直接上传预构建 ZIP 包，由边缘 Agent 拉取并通过 OpenResty 本地提供服务，支持 SPA Fallback 与内置 API 反向代理配置。\n* **TLS 证书自动化**：支持证书动态上传、多域名证书自动匹配绑定，以及通过 ACME 协议向 Let's Encrypt 自动申请与续期证书。\n* **Uptime Kuma 监控同步**：与 Uptime Kuma 集成，自动差分同步监控站点列表，实时感知节点存活与服务可用状态。\n* **SSO 单点登录**：支持 GitHub OAuth 与标准 OIDC 协议，无缝接入企业身份提供商实现统一登录。\n* **统一观测**：聚合节点请求指标、实时访问日志明细、宿主机与 Nginx 资源快照、健康事件以及网络波动补传缓冲。\n\n## 快速开始\n\n### 1. 启动 Server\n\n```yaml\nservices:\n  postgres:\n    image: postgres:17-alpine\n    restart: unless-stopped\n    environment:\n      POSTGRES_DB: openflare\n      POSTGRES_USER: openflare\n      POSTGRES_PASSWORD: replace-with-strong-password\n    volumes:\n      - postgres-data:/var/lib/postgresql/data\n    healthcheck:\n      test: [\"CMD-SHELL\", \"pg_isready -U openflare -d openflare\"]\n      interval: 10s\n      timeout: 5s\n      retries: 5\n\n  openflare:\n    image: ghcr.io/rain-kl/openflare:latest\n    restart: unless-stopped\n    depends_on:\n      postgres:\n        condition: service_healthy\n    ports:\n      - \"3000:3000\"\n    environment:\n      SESSION_SECRET: replace-with-random-string\n      DSN: postgres://openflare:replace-with-strong-password@postgres:5432/openflare?sslmode=disable\n      GIN_MODE: release\n      LOG_LEVEL: info\n\nvolumes:\n  postgres-data:\n```\n\n```bash\ndocker compose up -d\n```\n\n访问地址：`http://localhost:3000`\n\n默认账号：\n\n* 用户名：`root`\n* 密码：`123456`\n\n### 2. 安装 Agent\n\n安装 Agent 前请先在节点上安装 OpenResty，或改用内置 OpenResty 的 Agent Docker 镜像。\n\n你可以在控制面板的节点管理-\u003e详情-\u003e节点信息-\u003e节点标识与部署复制安装命令，或直接使用下面的脚本：\n\n#### Docker 部署\n\nDocker 部署可直接运行 Agent 镜像：\n\n```bash\ndocker pull ghcr.io/rain-kl/openflare-agent:latest\ndocker rm -f openflare-agent 2\u003e/dev/null || true\ndocker run -d --name openflare-agent --restart unless-stopped \\\n  -p 80:80 -p 443:443/tcp -p 443:443/udp \\\n  -e OPENFLARE_SERVER_URL=http://your-server:3000 \\\n  -e OPENFLARE_AGENT_TOKEN=YOUR_AGENT_TOKEN \\\n  ghcr.io/rain-kl/openflare-agent:latest\n```\n\n#### 本地部署\n\n使用 `discovery_token` 接入：\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/Rain-kl/OpenFlare/main/scripts/install-agent.sh | bash -s -- \\\n  --server-url http://your-server:3000 \\\n  --discovery-token YOUR_DISCOVERY_TOKEN\n```\n\n使用节点专属 `agent_token`：\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/Rain-kl/OpenFlare/main/scripts/install-agent.sh | bash -s -- \\\n  --server-url http://your-server:3000 \\\n  --agent-token YOUR_AGENT_TOKEN\n```\n\n安装脚本默认写入 `/opt/openflare-agent`，创建 `openflare-agent.service`，自动查找 `openresty`，并可重复执行以重装或升级 Agent。\n\n### 3. 卸载 Agent\n\n如需彻底卸载 Agent 并清空本地数据，可执行：\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/Rain-kl/OpenFlare/main/scripts/uninstall-agent.sh | bash\n```\n\n卸载脚本会先停止并移除 `openflare-agent.service`、删除整个 `/opt/openflare-agent` 目录，不会删除本机 OpenResty。\n\n### 4. 发布第一份配置\n\n1. 登录管理端并新增反代规则\n2. 在发布前查看预览或变更摘要\n3. 激活新版本\n4. Agent 通过 WebSocket 通知或后续 heartbeat 拉取并应用配置\n\n版本号格式固定为 `YYYYMMDD-NNN`，历史版本不可变，回滚通过重新激活旧版本完成。\n\n\n## 界面预览\n\n### 仪表盘总览\n\n![OpenFlare dashboard overview](./docs/assets/readme/dashboard-overview.png)\n\n### 节点详情\n\n![OpenFlare node detail](./docs/assets/readme/node-detail.png)\n\n### 配置新增\n\n![OpenFlare version release](./docs/assets/readme/proxy-route-detail.png)\n\n## 管理端与接口\n\n管理端当前覆盖：\n\n* 反代规则\n* 配置版本\n* 节点管理\n* 应用记录\n* TLS 证书\n* 域名管理\n* Pages 静态托管\n* WAF 规则组\n* 内网穿透（Tunnels）\n* Uptime Kuma 监控同步\n* SSO 登录配置\n* 用户管理\n* 设置\n* 版本更新\n* PoW 规则\n\n登录管理端后，可访问 Swagger UI：`/swagger/index.html`\n\n## 开源协议\n\n本项目采用 [Apache License 2.0](./LICENSE) 开源。\n\n## Star History\n\n\u003ca href=\"https://www.star-history.com/?repos=Rain-kl%2FOpenFlare\u0026type=date\u0026legend=bottom-right\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/chart?repos=Rain-kl/OpenFlare\u0026type=date\u0026theme=dark\u0026legend=top-left\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/chart?repos=Rain-kl/OpenFlare\u0026type=date\u0026legend=top-left\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/chart?repos=Rain-kl/OpenFlare\u0026type=date\u0026legend=top-left\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frain-kl%2Fopenflare","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frain-kl%2Fopenflare","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frain-kl%2Fopenflare/lists"}