Merge pull request #542 from midoks/dev

0.16.6

README.md

@@ -110,9 +110,10 @@ docker run -itd --name mw-server --privileged=true -p 7200:7200 -p 80:80 -p 443:
 ```
 
 
-### 版本更新 0.16.5
+### 版本更新 0.16.6
 
-* 文件管理，增加排序。
+- openresty【1.25.3.1】配置更新，支持h3; 
+- 修复php83的扩展bcmath在centos7安装出错。
 
 ### JSDelivr安装地址
 

class/core/config_api.py

@@ -28,7 +28,7 @@
 
 class config_api:
 
-    __version = '0.16.5'
+    __version = '0.16.6'
     __api_addr = 'data/api.json'
 
     # 统一默认配置文件

class/core/site_api.py

@@ -2767,24 +2767,41 @@ def setEndDate(self, sid, edate):
         mw.writeLog('TYPE_SITE', '设置成功,站点到期后将自动停止!', (siteName, edate))
         return mw.returnJson(True, '设置成功,站点到期后将自动停止!')
 
-# ssl相关方法 start
+    # ssl相关方法 start
     def setSslConf(self, siteName):
         file = self.getHostConf(siteName)
         conf = mw.readFile(file)
 
+        version = ''
+        version_file_pl = mw.getServerDir() + '/openresty/version.pl'
+        if os.path.exists(version_file_pl):
+            version = mw.readFile(version_file_pl)
+            version = version.strip()
+
+
         keyPath = self.sslDir + '/' + siteName + '/privkey.pem'
         certPath = self.sslDir + '/' + siteName + '/fullchain.pem'
         if conf:
             if conf.find('ssl_certificate') == -1:
+                #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+
+                http3Header = """
+    add_header Strict-Transport-Security "max-age=63072000";
+    add_header Alt-Svc 'h3=":443";ma=86400,h3-29=":443";ma=86400';
+"""
+                if version != '1.25.3.1':
+                    http3Header = '';
+
                 sslStr = """#error_page 404/404.html;
     ssl_certificate    %s;
     ssl_certificate_key  %s;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 10m;
-    error_page 497  https://$host$request_uri;""" % (certPath, keyPath)
+    %s
+    error_page 497  https://$host$request_uri;""" % (certPath, keyPath, http3Header)
             if(conf.find('ssl_certificate') != -1):
                 return mw.returnData(True, 'SSL开启成功!')
 
@@ -2796,6 +2813,10 @@ def setSslConf(self, siteName):
                 listen = re.search(rep, conf).group()
                 http_ssl = "\n\tlisten 443 ssl http2;"
                 http_ssl = http_ssl + "\n\tlisten [::]:443 ssl http2;"
+
+                if version == '1.25.3.1':
+                    http_ssl = http_ssl + "\n\tlisten 443 quic;"
+
                 conf = conf.replace(listen, listen + http_ssl)
 
             mw.backFile(file)

data/sql/default.sql

@@ -49,7 +49,7 @@ ALTER TABLE `firewall` ADD COLUMN `protocol` TEXT DEFAULT 'tcp';
 
 INSERT INTO `firewall` (`id`, `port`, `protocol`, `ps`, `addtime`) VALUES
 (1, '80',  'tcp','网站默认端口', '0000-00-00 00:00:00'),
-(2, '443', 'tcp', 'HTTPS', '0000-00-00 00:00:00');
+(2, '443', 'tcp/udp', 'HTTPS', '0000-00-00 00:00:00');
 
 
 

plugins/openresty/install.sh

@@ -91,6 +91,7 @@ Install_openresty()
 
 
 	opensslVersion="1.1.1p"
+	libresslVersion="3.9.1"
 	pcreVersion='8.38'
 	if [ "$sysName" == "Darwin" ];then
 
@@ -119,12 +120,36 @@ Install_openresty()
 		# brew info [email protected] | grep /opt/homebrew/Cellar/[email protected] | cut -d \  -f 1 | awk 'END {print}'
 		# OPENSSL_LIB_DEPEND_DIR=`brew info [email protected] | grep ${BREW_DIR}/Cellar/[email protected] | cut -d \  -f 1 | awk 'END {print}'`
 		# OPTIONS="${OPTIONS} --with-openssl=${OPENSSL_LIB_DEPEND_DIR}"
-	fi
+	else
+		if [ "$VERSION" == "1.25.3.1" ]; then
+			OPTIONS="${OPTIONS} --with-http_v3_module"
 
-	if [ "$VERSION" == "1.25.3.1" ]; then
-		OPTIONS="${OPTIONS} --with-http_v3_module"
-	fi
+
+
+			if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+		        wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+		    fi
+
+		    if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+				cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+			fi
+
+			if [ ! -f ${openrestyDir}/openssl-${opensslVersion}.tar.gz ];then
+		        wget --no-check-certificate -O ${openrestyDir}/openssl-${opensslVersion}.tar.gz https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz
+		    fi
 
+		    if [ ! -d ${openrestyDir}/openssl-${opensslVersion} ];then
+				cd ${openrestyDir} &&  tar -zxvf openssl-${opensslVersion}.tar.gz
+			fi
+
+		    OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}"
+		    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
+		    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
+
+		    # --with-cc-opt="-I../libressl/build/include"
+    		# --with-ld-opt="-L../libressl/build/lib"
+		fi
+	fi
 
 
 	# --with-openssl=$serverPath/source/lib/openssl-1.0.2q
@@ -168,6 +193,10 @@ Install_openresty()
     if [ -d ${openrestyDir}/openssl-${opensslVersion} ];then
     	rm -rf ${openrestyDir}/openssl-${opensslVersion}
     fi
+
+    if [ -d ${openrestyDir}/libressl-${libresslVersion} ];then
+    	rm -rf ${openrestyDir}/libressl-${libresslVersion}
+    fi
 	echo '安装完成'
 }
 

plugins/php/versions/common/bcmath.sh

@@ -60,8 +60,13 @@ Install_lib()
 		fi
 
 		$serverPath/php/$version/bin/phpize
-		./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS
 
+		if [ "$version" == "83" ];then
+			CFLAGS="-std=c99" ./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS
+		else
+			./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS
+		fi
+
 		make clean && make && make install && make clean
 
 		if [ -d $sourcePath/php${version} ];then

scripts/install/alma.sh

@@ -53,6 +53,7 @@ if [ ! -f /usr/sbin/iptables ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf

scripts/install/amazon.sh

@@ -62,6 +62,7 @@ if [ ! -f /usr/sbin/firewalld ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf

scripts/install/arch.sh

@@ -94,6 +94,7 @@ if [ ! -f /usr/sbin/firewalld ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf

scripts/install/centos.sh

@@ -66,6 +66,7 @@ if [ ! -f /usr/sbin/firewalld ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 

scripts/install/debian.sh

@@ -92,6 +92,7 @@ if [ ! -f /usr/sbin/ufw ];then
 	fi
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	systemctl start firewalld

scripts/install/euler.sh

@@ -65,6 +65,7 @@ if [ ! -f /usr/sbin/firewalld ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 

scripts/install/fedora.sh

@@ -58,6 +58,7 @@ if [ ! -f /usr/sbin/iptables ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 	firewall-cmd --reload
 fi

scripts/install/opensuse.sh

@@ -74,6 +74,7 @@ if [ ! -f /usr/sbin/firewalld ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf

scripts/install/rhel.sh

@@ -125,6 +125,7 @@ if [ -f /usr/sbin/firewalld ];then
     fi
     firewall-cmd --permanent --zone=public --add-port=80/tcp
     firewall-cmd --permanent --zone=public --add-port=443/tcp
+    firewall-cmd --permanent --zone=public --add-port=443/udp
     # firewall-cmd --permanent --zone=public --add-port=888/tcp
     # firewall-cmd --permanent --zone=public --add-port=7200/tcp
     # firewall-cmd --permanent --zone=public --add-port=3306/tcp

scripts/install/rocky.sh

@@ -49,6 +49,7 @@ if [ ! -f /usr/sbin/iptables ];then
 	firewall-cmd --permanent --zone=public --add-port=22/tcp
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 	# firewall-cmd --permanent --zone=public --add-port=7200/tcp
 	# firewall-cmd --permanent --zone=public --add-port=3306/tcp

scripts/install/ubuntu.sh

@@ -62,6 +62,7 @@ if [ ! -f /usr/sbin/ufw ];then
 
 	firewall-cmd --permanent --zone=public --add-port=80/tcp
 	firewall-cmd --permanent --zone=public --add-port=443/tcp
+	firewall-cmd --permanent --zone=public --add-port=443/udp
 	# firewall-cmd --permanent --zone=public --add-port=888/tcp
 
 	systemctl start firewalld