From 0766ad0063669c809e9974cc77de7d2d346caf44 Mon Sep 17 00:00:00 2001
From: Mr Chen <midoks@163.com>
Date: Tue, 16 Apr 2024 22:58:18 +0800
Subject: [PATCH] update

---
 class/core/site_api.py       |  1 +
 plugins/openresty/install.sh | 19 ++++++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/class/core/site_api.py b/class/core/site_api.py
index 49bbce577..1777e21ea 100755
--- a/class/core/site_api.py
+++ b/class/core/site_api.py
@@ -2785,6 +2785,7 @@ location ^~ {from} {\n\
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 10m;
+    add_header Strict-Transport-Security "max-age=63072000" always;
     error_page 497  https://$host$request_uri;""" % (certPath, keyPath)
             if(conf.find('ssl_certificate') != -1):
                 return mw.returnData(True, 'SSL开启成功!')
diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh
index 38b6f9dc1..d1bc2df86 100755
--- a/plugins/openresty/install.sh
+++ b/plugins/openresty/install.sh
@@ -91,6 +91,7 @@ Install_openresty()
 
 
 	opensslVersion="1.1.1p"
+	libresslVersion="1.1.1p"
 	pcreVersion='8.38'
 	if [ "$sysName" == "Darwin" ];then
 
@@ -123,6 +124,16 @@ Install_openresty()
 		if [ "$VERSION" == "1.25.3.1" ]; then
 			OPTIONS="${OPTIONS} --with-http_v3_module"
 
+			
+
+			if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+		        wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+		    fi
+
+		    if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+				cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+			fi
+
 			if [ ! -f ${openrestyDir}/openssl-${opensslVersion}.tar.gz ];then
 		        wget --no-check-certificate -O ${openrestyDir}/openssl-${opensslVersion}.tar.gz https://www.openssl.org/source/openssl-${opensslVersion}.tar.gz
 		    fi
@@ -130,7 +141,13 @@ Install_openresty()
 		    if [ ! -d ${openrestyDir}/openssl-${opensslVersion} ];then
 				cd ${openrestyDir} &&  tar -zxvf openssl-${opensslVersion}.tar.gz
 			fi
-		    OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}"
+
+		    # OPTIONS="${OPTIONS} --with-openssl=${openrestyDir}/openssl-${opensslVersion}"
+		    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/include"
+		    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}-${libresslVersion}/libressl/build/lib"
+
+		    # --with-cc-opt="-I../libressl/build/include"
+    		# --with-ld-opt="-L../libressl/build/lib"
 		fi
 	fi