fix: remove hardcoded default update proxy URL

The default socks5 proxy (172.16.32.16:3389) was unreachable for most
deployments, causing version check to timeout after 30 seconds.

Setting the default to empty string allows direct connection to the
Gitea API, which is the expected behavior for most users.

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>

.gitea/workflows/release-image.yml

@@ -0,0 +1,96 @@
+name: Release Image
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag to release, for example v0.1.140'
+        required: true
+        type: string
+
+jobs:
+  image:
+    runs-on: linux_amd64
+    env:
+      GITEA_BASE_URL: http://git.jianshixingqiu.com
+      GITEA_API_URL: http://git.jianshixingqiu.com/api/v1
+      GITEA_OWNER: kgod
+      GITEA_REPO: sub2api
+      IMAGE_NAME: git.jianshixingqiu.com/kgod/sub2api
+    steps:
+      - name: Checkout
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        run: |
+          set -eu
+          rm -rf .git
+          git init
+          git remote add origin "http://kgod:${RELEASE_TOKEN}@git.jianshixingqiu.com/kgod/sub2api.git"
+          if [ -n "${{ inputs.tag }}" ] && [ "${GITHUB_EVENT_NAME:-}" != "workflow_dispatch" ]; then
+            git fetch --depth 1 origin "refs/tags/${{ inputs.tag }}"
+          else
+            git fetch --depth 1 origin "$GITHUB_REF"
+          fi
+          git checkout --force FETCH_HEAD
+
+      - name: Prepare metadata
+        run: |
+          set -eu
+          if [ -n "${{ inputs.tag }}" ]; then
+            TAG="${{ inputs.tag }}"
+          else
+            TAG="${GITHUB_REF_NAME:-${GITHUB_REF##*/}}"
+          fi
+          VERSION="${TAG#v}"
+          COMMIT="$(git rev-parse --short=12 HEAD)"
+          BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+
+          echo "TAG=${TAG}" >> "$GITHUB_ENV"
+          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
+          echo "COMMIT=${COMMIT}" >> "$GITHUB_ENV"
+          echo "BUILD_DATE=${BUILD_DATE}" >> "$GITHUB_ENV"
+
+      - name: Login to Gitea Container Registry
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        run: |
+          set -eu
+          echo "$RELEASE_TOKEN" | docker login git.jianshixingqiu.com -u kgod --password-stdin
+
+      - name: Build image
+        run: |
+          set -eu
+          docker build \
+            -f Dockerfile.gitea \
+            --build-arg VERSION="$VERSION" \
+            --build-arg COMMIT="$COMMIT" \
+            --build-arg BUILD_DATE="$BUILD_DATE" \
+            --label "org.opencontainers.image.version=$VERSION" \
+            --label "org.opencontainers.image.revision=$COMMIT" \
+            --label "org.opencontainers.image.source=$GITEA_BASE_URL/$GITEA_OWNER/$GITEA_REPO" \
+            -t "$IMAGE_NAME:$VERSION" \
+            -t "$IMAGE_NAME:latest" \
+            .
+
+      - name: Push image
+        run: |
+          set -eu
+          docker push "$IMAGE_NAME:$VERSION"
+          docker push "$IMAGE_NAME:latest"
+
+      - name: Create Gitea release
+        env:
+          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+        run: |
+          set -eu
+          BODY="Docker image: ${IMAGE_NAME}:${VERSION}"
+          PAYLOAD=$(printf '{"tag_name":"%s","target_commitish":"%s","name":"Sub2API %s","body":"%s","draft":false,"prerelease":false}' "$TAG" "$(git rev-parse HEAD)" "$VERSION" "$BODY")
+          curl -fsS \
+            -X POST \
+            -H "Authorization: token ${RELEASE_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "$PAYLOAD" \
+            "$GITEA_API_URL/repos/$GITEA_OWNER/$GITEA_REPO/releases" || true

Dockerfile.gitea

@@ -0,0 +1,89 @@
+# syntax=docker/dockerfile:1
+
+ARG NODE_IMAGE=node:20-alpine
+ARG GO_IMAGE=golang:1.26.3-alpine
+ARG ALPINE_IMAGE=alpine:3.21
+ARG POSTGRES_IMAGE=postgres:18-alpine
+
+FROM ${NODE_IMAGE} AS frontend
+WORKDIR /src
+
+RUN corepack enable && corepack prepare pnpm@9.15.9 --activate
+
+COPY frontend/package.json frontend/pnpm-lock.yaml ./frontend/
+WORKDIR /src/frontend
+RUN pnpm install --frozen-lockfile
+
+WORKDIR /src
+COPY frontend ./frontend
+COPY backend/internal/web ./backend/internal/web
+RUN cd frontend && pnpm run build
+
+FROM ${GO_IMAGE} AS backend-builder
+RUN sed -i 's#https://dl-cdn.alpinelinux.org/alpine#https://mirrors.tencent.com/alpine#g' /etc/apk/repositories && \
+    apk add --no-cache ca-certificates git
+ENV GOPROXY=https://goproxy.cn,direct
+WORKDIR /src
+
+COPY backend/go.mod backend/go.sum ./backend/
+RUN cd backend && go mod download
+
+COPY backend ./backend
+COPY --from=frontend /src/backend/internal/web/dist ./backend/internal/web/dist
+
+ARG VERSION=0.0.0-dev
+ARG COMMIT=unknown
+ARG BUILD_DATE=unknown
+
+RUN cd backend && \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+      -tags=embed \
+      -ldflags="-s -w -X main.Version=${VERSION} -X main.Commit=${COMMIT} -X main.Date=${BUILD_DATE} -X main.BuildType=release" \
+      -o /out/sub2api \
+      ./cmd/server
+
+FROM ${POSTGRES_IMAGE} AS pg-client
+
+FROM ${ALPINE_IMAGE}
+
+LABEL maintainer="Wei-Shaw <github.com/Wei-Shaw>"
+LABEL description="Sub2API - AI API Gateway Platform"
+LABEL org.opencontainers.image.source="http://git.jianshixingqiu.com/kgod/sub2api"
+
+RUN sed -i 's#https://dl-cdn.alpinelinux.org/alpine#https://mirrors.tencent.com/alpine#g' /etc/apk/repositories && \
+    apk add --no-cache \
+    ca-certificates \
+    tzdata \
+    curl \
+    su-exec \
+    libpq \
+    zstd-libs \
+    lz4-libs \
+    krb5-libs \
+    libldap \
+    libedit \
+    && rm -rf /var/cache/apk/*
+
+COPY --from=pg-client /usr/local/bin/pg_dump /usr/local/bin/pg_dump
+COPY --from=pg-client /usr/local/bin/psql /usr/local/bin/psql
+COPY --from=pg-client /usr/local/lib/libpq.so.5* /usr/local/lib/
+
+RUN addgroup -g 1000 sub2api && \
+    adduser -u 1000 -G sub2api -s /bin/sh -D sub2api
+
+WORKDIR /app
+
+COPY --from=backend-builder /out/sub2api /app/sub2api
+COPY deploy/docker-entrypoint.sh /app/docker-entrypoint.sh
+
+RUN mkdir -p /app/data && \
+    chown -R sub2api:sub2api /app && \
+    chmod +x /app/docker-entrypoint.sh
+
+EXPOSE 8080
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:${SERVER_PORT:-8080}/health || exit 1
+
+ENTRYPOINT ["/app/docker-entrypoint.sh"]
+CMD ["/app/sub2api"]

backend/internal/config/config.go

@@ -148,9 +148,9 @@ type GeminiTierQuotaConfig struct {
 }
 
 type UpdateConfig struct {
-	// GitHubRepo 用于在线更新的 GitHub 仓库，格式 owner/repo
+	// GitHubRepo 是历史配置字段名，用于在线更新的代码仓库，格式 owner/repo。
 	GitHubRepo string `mapstructure:"github_repo"`
-	// ProxyURL 用于访问 GitHub 的代理地址
+	// ProxyURL 用于访问代码仓库的代理地址
 	// 支持 http/https/socks5/socks5h 协议
 	// 例如: "http://127.0.0.1:7890", "socks5://127.0.0.1:1080"
 	ProxyURL string `mapstructure:"proxy_url"`
@@ -564,7 +564,7 @@ type CSPConfig struct {
 type ProxyFallbackConfig struct {
 	// AllowDirectOnError 当辅助服务的代理初始化失败时是否允许回退直连。
 	// 仅影响以下非 AI 账号连接的辅助服务：
-	//   - GitHub Release 更新检查
+	//   - Gitea Release 更新检查
 	//   - 定价数据拉取
 	// 不影响 AI 账号网关连接（Claude/OpenAI/Gemini/Antigravity），
 	// 这些关键路径的代理失败始终返回错误，不会回退直连。
@@ -1614,8 +1614,8 @@ func setDefaults() {
 	viper.SetDefault("pricing.hash_check_interval_minutes", 10)
 
 	// Update
-	viper.SetDefault("update.github_repo", "man209111-cpu/sub2api")
+	viper.SetDefault("update.github_repo", "kgod/sub2api")
-	viper.SetDefault("update.proxy_url", "socks5://admin%40sub2api.local:m729066849@172.16.32.16:3389")
+	viper.SetDefault("update.proxy_url", "")
 
 	// Timezone (default to Asia/Shanghai for Chinese users)
 	viper.SetDefault("timezone", "Asia/Shanghai")