From 28fe1950c417aea7e6f9a88e2d94cc320e99269d Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 19:36:51 +0800 Subject: [PATCH 01/18] Update requirements.txt --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 828d31e9d5..5c043913a9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ setuptools>=33.1.1 Werkzeug>=1.0.1,<3.0.0 wheel>=0.37.1 -gunicorn==20.1.0 +gunicorn>=21.2.0 requests>=2.27.1 urllib3>=1.21.1 flask>=2.0.3,<3.0.0 From c6ac7e90df4db2e249ce694774b8af4c495d2159 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 19:38:51 +0800 Subject: [PATCH 02/18] Revert "Update requirements.txt" This reverts commit 28fe1950c417aea7e6f9a88e2d94cc320e99269d. --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5c043913a9..828d31e9d5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ setuptools>=33.1.1 Werkzeug>=1.0.1,<3.0.0 wheel>=0.37.1 -gunicorn>=21.2.0 +gunicorn==20.1.0 requests>=2.27.1 urllib3>=1.21.1 flask>=2.0.3,<3.0.0 From 889c5d96e563150fa467b51e03fb8101a9b6e736 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 21:25:29 +0800 Subject: [PATCH 03/18] Update bcmath.sh --- plugins/php/versions/common/bcmath.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/plugins/php/versions/common/bcmath.sh b/plugins/php/versions/common/bcmath.sh index 8d02380a83..341ad1d4cf 100755 --- a/plugins/php/versions/common/bcmath.sh +++ b/plugins/php/versions/common/bcmath.sh @@ -60,8 +60,13 @@ Install_lib() fi $serverPath/php/$version/bin/phpize - ./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS + if [ "$version" == "83" ];then + CFLAGS="-std=c99" ./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS + else + ./configure --with-php-config=$serverPath/php/$version/bin/php-config $OPTIONS + fi + make clean && make && make install && make clean if [ -d $sourcePath/php${version} ];then From 5d50b3664d6bf9880f4244c6edcf8f0923a95952 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 21:43:16 +0800 Subject: [PATCH 04/18] Update install.sh --- plugins/openresty/install.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index 57d8ce4e73..38b6f9dc12 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -119,12 +119,20 @@ Install_openresty() # brew info openssl@1.1 | grep /opt/homebrew/Cellar/openssl@1.1 | cut -d \ -f 1 | awk 'END {print}' # OPENSSL_LIB_DEPEND_DIR=`brew info openssl@1.1 | grep ${BREW_DIR}/Cellar/openssl@1.1 | cut -d \ -f 1 | awk 'END {print}'` # OPTIONS="${OPTIONS} --with-openssl=${OPENSSL_LIB_DEPEND_DIR}" - fi + else + if [ "$VERSION" == "1.25.3.1" ]; then + OPTIONS="${OPTIONS} --with-http_v3_module" - if [ "$VERSION" == "1.25.3.1" ]; then - OPTIONS="${OPTIONS} --with-http_v3_module" - fi + if [ ! -f ${openrestyDir}/openssl-${opensslVersion}.tar.gz ];then + wget --no-check-certificate -O ${openrestyDir}/openssl-${opensslVersion}.tar.gz https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz + fi + if [ ! -d ${openrestyDir}/openssl-${opensslVersion} ];then + cd ${openrestyDir} && tar -zxvf openssl-${opensslVersion}.tar.gz + fi + OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" + fi + fi # --with-openssl=$serverPath/source/lib/openssl-1.0.2q From 04823f656abe7a9511d83e30ff57f5e095a4c912 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 22:19:05 +0800 Subject: [PATCH 05/18] Update site_api.py --- class/core/site_api.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 9427ee4db9..49bbce5771 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2776,11 +2776,12 @@ def setSslConf(self, siteName): certPath = self.sslDir + '/' + siteName + '/fullchain.pem' if conf: if conf.find('ssl_certificate') == -1: + #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; sslStr = """#error_page 404/404.html; ssl_certificate %s; ssl_certificate_key %s; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; From 0766ad0063669c809e9974cc77de7d2d346caf44 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 22:58:18 +0800 Subject: [PATCH 06/18] update --- class/core/site_api.py | 1 + plugins/openresty/install.sh | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 49bbce5771..1777e21ea2 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2785,6 +2785,7 @@ def setSslConf(self, siteName): ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; + add_header Strict-Transport-Security "max-age=63072000" always; error_page 497 https://$host$request_uri;""" % (certPath, keyPath) if(conf.find('ssl_certificate') != -1): return mw.returnData(True, 'SSL开启成功!') diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index 38b6f9dc12..d1bc2df864 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -91,6 +91,7 @@ Install_openresty() opensslVersion="1.1.1p" + libresslVersion="1.1.1p" pcreVersion='8.38' if [ "$sysName" == "Darwin" ];then @@ -123,6 +124,16 @@ Install_openresty() if [ "$VERSION" == "1.25.3.1" ]; then OPTIONS="${OPTIONS} --with-http_v3_module" + + + if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then + wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz + fi + + if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then + cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz + fi + if [ ! -f ${openrestyDir}/openssl-${opensslVersion}.tar.gz ];then wget --no-check-certificate -O ${openrestyDir}/openssl-${opensslVersion}.tar.gz https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz fi @@ -130,7 +141,13 @@ Install_openresty() if [ ! -d ${openrestyDir}/openssl-${opensslVersion} ];then cd ${openrestyDir} && tar -zxvf openssl-${opensslVersion}.tar.gz fi - OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" + + # OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" + OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/include" + OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/lib" + + # --with-cc-opt="-I../libressl/build/include" + # --with-ld-opt="-L../libressl/build/lib" fi fi From 8a0e4122f344458459a29240d4b80f946e52ef27 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 23:00:42 +0800 Subject: [PATCH 07/18] Update install.sh --- plugins/openresty/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index d1bc2df864..bd4c62c604 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -91,7 +91,7 @@ Install_openresty() opensslVersion="1.1.1p" - libresslVersion="1.1.1p" + libresslVersion="3.9.1" pcreVersion='8.38' if [ "$sysName" == "Darwin" ];then From d30ff5b882f3fb6f178e7dc717ac2b6c0685e03e Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 23:10:30 +0800 Subject: [PATCH 08/18] Update install.sh --- plugins/openresty/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index bd4c62c604..15b474d066 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -143,8 +143,8 @@ Install_openresty() fi # OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/include" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/lib" + OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" + OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" # --with-cc-opt="-I../libressl/build/include" # --with-ld-opt="-L../libressl/build/lib" From a3a40c830bee0dddcd5351719c83af0024763824 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 23:11:17 +0800 Subject: [PATCH 09/18] Update install.sh --- plugins/openresty/install.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index 15b474d066..6d85895f19 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -193,6 +193,10 @@ Install_openresty() if [ -d ${openrestyDir}/openssl-${opensslVersion} ];then rm -rf ${openrestyDir}/openssl-${opensslVersion} fi + + if [ -d ${openrestyDir}/libressl-${libresslVersion} ];then + rm -rf ${openrestyDir}/libressl-${libresslVersion} + fi echo '安装完成' } From 87da2b9fc51210202689acc620ff19f9da740af5 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 16 Apr 2024 23:41:06 +0800 Subject: [PATCH 10/18] =?UTF-8?q?443=E5=90=8C=E6=97=B6=E5=BC=80=E5=90=AFtc?= =?UTF-8?q?p/udp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- data/sql/default.sql | 2 +- scripts/install/alma.sh | 1 + scripts/install/amazon.sh | 1 + scripts/install/arch.sh | 1 + scripts/install/centos.sh | 1 + scripts/install/debian.sh | 1 + scripts/install/euler.sh | 1 + scripts/install/fedora.sh | 1 + scripts/install/opensuse.sh | 1 + scripts/install/rhel.sh | 1 + scripts/install/rocky.sh | 1 + scripts/install/ubuntu.sh | 1 + 12 files changed, 12 insertions(+), 1 deletion(-) diff --git a/data/sql/default.sql b/data/sql/default.sql index 7dd925e3b6..18e3258454 100755 --- a/data/sql/default.sql +++ b/data/sql/default.sql @@ -49,7 +49,7 @@ ALTER TABLE `firewall` ADD COLUMN `protocol` TEXT DEFAULT 'tcp'; INSERT INTO `firewall` (`id`, `port`, `protocol`, `ps`, `addtime`) VALUES (1, '80', 'tcp','网站默认端口', '0000-00-00 00:00:00'), -(2, '443', 'tcp', 'HTTPS', '0000-00-00 00:00:00'); +(2, '443', 'tcp/udp', 'HTTPS', '0000-00-00 00:00:00'); diff --git a/scripts/install/alma.sh b/scripts/install/alma.sh index 8c2a9f440f..a844df4d78 100755 --- a/scripts/install/alma.sh +++ b/scripts/install/alma.sh @@ -53,6 +53,7 @@ if [ ! -f /usr/sbin/iptables ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf diff --git a/scripts/install/amazon.sh b/scripts/install/amazon.sh index 29d38617cb..7e9fdddc39 100755 --- a/scripts/install/amazon.sh +++ b/scripts/install/amazon.sh @@ -62,6 +62,7 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf diff --git a/scripts/install/arch.sh b/scripts/install/arch.sh index c954ed8503..ee75efd7db 100644 --- a/scripts/install/arch.sh +++ b/scripts/install/arch.sh @@ -94,6 +94,7 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf diff --git a/scripts/install/centos.sh b/scripts/install/centos.sh index f8f680be40..3c984302f5 100755 --- a/scripts/install/centos.sh +++ b/scripts/install/centos.sh @@ -66,6 +66,7 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp diff --git a/scripts/install/debian.sh b/scripts/install/debian.sh index 0ea60280a4..df20e349a7 100644 --- a/scripts/install/debian.sh +++ b/scripts/install/debian.sh @@ -92,6 +92,7 @@ if [ ! -f /usr/sbin/ufw ];then fi firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp systemctl start firewalld diff --git a/scripts/install/euler.sh b/scripts/install/euler.sh index 5bbe5f8ba2..98c4296fda 100755 --- a/scripts/install/euler.sh +++ b/scripts/install/euler.sh @@ -65,6 +65,7 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp diff --git a/scripts/install/fedora.sh b/scripts/install/fedora.sh index c67b60e49c..6d5f86ab0e 100644 --- a/scripts/install/fedora.sh +++ b/scripts/install/fedora.sh @@ -58,6 +58,7 @@ if [ ! -f /usr/sbin/iptables ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp firewall-cmd --reload fi diff --git a/scripts/install/opensuse.sh b/scripts/install/opensuse.sh index 7576c82699..4b0b852573 100644 --- a/scripts/install/opensuse.sh +++ b/scripts/install/opensuse.sh @@ -74,6 +74,7 @@ if [ ! -f /usr/sbin/firewalld ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp sed -i 's#AllowZoneDrifting=yes#AllowZoneDrifting=no#g' /etc/firewalld/firewalld.conf diff --git a/scripts/install/rhel.sh b/scripts/install/rhel.sh index 7b885f8fe5..ec34cdb456 100644 --- a/scripts/install/rhel.sh +++ b/scripts/install/rhel.sh @@ -125,6 +125,7 @@ if [ -f /usr/sbin/firewalld ];then fi firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp # firewall-cmd --permanent --zone=public --add-port=7200/tcp # firewall-cmd --permanent --zone=public --add-port=3306/tcp diff --git a/scripts/install/rocky.sh b/scripts/install/rocky.sh index d36bfb8f58..14e55d9b50 100644 --- a/scripts/install/rocky.sh +++ b/scripts/install/rocky.sh @@ -49,6 +49,7 @@ if [ ! -f /usr/sbin/iptables ];then firewall-cmd --permanent --zone=public --add-port=22/tcp firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp # firewall-cmd --permanent --zone=public --add-port=7200/tcp # firewall-cmd --permanent --zone=public --add-port=3306/tcp diff --git a/scripts/install/ubuntu.sh b/scripts/install/ubuntu.sh index bd884b7e52..f6c2a1332d 100644 --- a/scripts/install/ubuntu.sh +++ b/scripts/install/ubuntu.sh @@ -62,6 +62,7 @@ if [ ! -f /usr/sbin/ufw ];then firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --permanent --zone=public --add-port=443/tcp + firewall-cmd --permanent --zone=public --add-port=443/udp # firewall-cmd --permanent --zone=public --add-port=888/tcp systemctl start firewalld From d3a5b9874b09cc9e2bf6c4443774faba1add2556 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 00:43:23 +0800 Subject: [PATCH 11/18] Update site_api.py --- class/core/site_api.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 1777e21ea2..0dcc9c84bd 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2785,7 +2785,8 @@ def setSslConf(self, siteName): ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; - add_header Strict-Transport-Security "max-age=63072000" always; + add_header Strict-Transport-Security "max-age=63072000"; + add_header Alt-Svc 'h3=":443"; ma=2592000'; error_page 497 https://$host$request_uri;""" % (certPath, keyPath) if(conf.find('ssl_certificate') != -1): return mw.returnData(True, 'SSL开启成功!') From c2d6f5408dbc2607ec3269beb4b2ff19ca72c16d Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 00:50:06 +0800 Subject: [PATCH 12/18] Update site_api.py --- class/core/site_api.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 0dcc9c84bd..cd70c82892 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2767,11 +2767,17 @@ def setEndDate(self, sid, edate): mw.writeLog('TYPE_SITE', '设置成功,站点到期后将自动停止!', (siteName, edate)) return mw.returnJson(True, '设置成功,站点到期后将自动停止!') -# ssl相关方法 start + # ssl相关方法 start def setSslConf(self, siteName): file = self.getHostConf(siteName) conf = mw.readFile(file) + version = '' + version_file_pl = mw.getServerDir() + '/openresty/version.pl' + if os.path.exists(version_file_pl): + version = mw.readFile(version_file_pl) + + keyPath = self.sslDir + '/' + siteName + '/privkey.pem' certPath = self.sslDir + '/' + siteName + '/fullchain.pem' if conf: @@ -2799,6 +2805,10 @@ def setSslConf(self, siteName): listen = re.search(rep, conf).group() http_ssl = "\n\tlisten 443 ssl http2;" http_ssl = http_ssl + "\n\tlisten [::]:443 ssl http2;" + + if version == '1.25.3.1': + http_ssl = http_ssl + "\n\tlisten 443 quic;" + conf = conf.replace(listen, listen + http_ssl) mw.backFile(file) From 222c4c6d58c1f5faaaa5a0d7f466e0e1a6f9d4f4 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 00:53:33 +0800 Subject: [PATCH 13/18] Update site_api.py --- class/core/site_api.py | 1 + 1 file changed, 1 insertion(+) diff --git a/class/core/site_api.py b/class/core/site_api.py index cd70c82892..9be8c037ea 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2776,6 +2776,7 @@ def setSslConf(self, siteName): version_file_pl = mw.getServerDir() + '/openresty/version.pl' if os.path.exists(version_file_pl): version = mw.readFile(version_file_pl) + version = version.strip() keyPath = self.sslDir + '/' + siteName + '/privkey.pem' From 5139cacce8064ca3faf0598675561b1f335d64c7 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 00:59:06 +0800 Subject: [PATCH 14/18] Update install.sh --- plugins/openresty/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index 6d85895f19..2e1d4f5a3a 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -142,7 +142,7 @@ Install_openresty() cd ${openrestyDir} && tar -zxvf openssl-${opensslVersion}.tar.gz fi - # OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" + OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}" OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" From 539857919a60d5a5656efd8f6555a58895353067 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 01:20:34 +0800 Subject: [PATCH 15/18] Update site_api.py --- class/core/site_api.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 9be8c037ea..4719fd5f04 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2784,6 +2784,14 @@ def setSslConf(self, siteName): if conf: if conf.find('ssl_certificate') == -1: #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; + + http3Header = """ + add_header Strict-Transport-Security "max-age=63072000"; + add_header Alt-Svc 'h3=":443"; ma=2592000'; +""" + if version != '1.25.3.1': + http3Header = ''; + sslStr = """#error_page 404/404.html; ssl_certificate %s; ssl_certificate_key %s; @@ -2792,9 +2800,8 @@ def setSslConf(self, siteName): ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; - add_header Strict-Transport-Security "max-age=63072000"; - add_header Alt-Svc 'h3=":443"; ma=2592000'; - error_page 497 https://$host$request_uri;""" % (certPath, keyPath) + %s + error_page 497 https://$host$request_uri;""" % (certPath, keyPath, http3Header) if(conf.find('ssl_certificate') != -1): return mw.returnData(True, 'SSL开启成功!') From d0d75f452654f0266b67cb91dae298802fb4f3b7 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 01:37:50 +0800 Subject: [PATCH 16/18] Update site_api.py --- class/core/site_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class/core/site_api.py b/class/core/site_api.py index 4719fd5f04..de6013295a 100755 --- a/class/core/site_api.py +++ b/class/core/site_api.py @@ -2787,7 +2787,7 @@ def setSslConf(self, siteName): http3Header = """ add_header Strict-Transport-Security "max-age=63072000"; - add_header Alt-Svc 'h3=":443"; ma=2592000'; + add_header Alt-Svc 'h3=":443";ma=86400,h3-29=":443";ma=86400'; """ if version != '1.25.3.1': http3Header = ''; From c25ecc9db29d6da7c16416091cfc95dde5444cfa Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 01:41:21 +0800 Subject: [PATCH 17/18] Update config_api.py --- class/core/config_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class/core/config_api.py b/class/core/config_api.py index dc1b2cde46..bf74ca51c8 100755 --- a/class/core/config_api.py +++ b/class/core/config_api.py @@ -28,7 +28,7 @@ class config_api: - __version = '0.16.5' + __version = '0.16.6' __api_addr = 'data/api.json' # 统一默认配置文件 From 0670b7f338fa0aa2fe20307b53c8e91f32e743e2 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Wed, 17 Apr 2024 01:49:06 +0800 Subject: [PATCH 18/18] Update README.md --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c860692a26..a496378824 100644 --- a/README.md +++ b/README.md @@ -110,9 +110,10 @@ docker run -itd --name mw-server --privileged=true -p 7200:7200 -p 80:80 -p 443: ``` -### 版本更新 0.16.5 +### 版本更新 0.16.6 -* 文件管理,增加排序。 +- openresty【1.25.3.1】配置更新,支持h3; +- 修复php83的扩展bcmath在centos7安装出错。 ### JSDelivr安装地址