Merge pull request #865 from midoks/dev

openresty优化
7 hours ago · 40345f6cb9
parent 9cee124afd 8aaf0eb99e
commit 40345f6cb9
25 changed files with 301 additions and 89 deletions
--- a/plugins/openresty/conf/nginx.conf
+++ b/plugins/openresty/conf/nginx.conf
@ -5,6 +5,7 @@ error_log  {$SERVER_PATH}/openresty/nginx/logs/error.log  crit;
 pid        {$SERVER_PATH}/openresty/nginx/logs/nginx.pid;

 worker_rlimit_nofile 65535;
+pcre_jit on;

 events
 {
@ -36,7 +37,7 @@ http
    client_max_body_size 50m;

    # video big file opt
-    # aio threads;
+    aio threads;
    directio 4m;
    output_buffers 16 512k;
    sendfile   on;
@ -54,6 +55,19 @@ http
    fastcgi_temp_file_write_size 256k;
 	fastcgi_intercept_errors on;

+    #zstd on;
+    #zstd_comp_level 6;
+    #zstd_min_length 256;
+    #zstd_types text/plain text/css text/xml text/javascript text/cache-manifest text/x-component text/vtt application/javascript application/json application/ld+json application/xml application/xhtml+xml application/rss+xml application/atom+xml application/manifest+json application/x-web-app-manifest+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/wasm font/opentype image/svg+xml image/bmp;
+
+    brotli on;
+    brotli_min_length 256;
+    brotli_buffers 32 8k;
+    brotli_comp_level 6;
+    brotli_window 16m;
+    brotli_static on;
+    brotli_types text/plain text/css text/xml text/javascript text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype font/tpl font/opentype font/otf font/ttf image/svg+xml image/x-icon image/vnd.microsoft.icon application/wasm application/manifest+json;
+
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
@ -64,13 +78,6 @@ http
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

-    brotli on;
-    brotli_min_length 256;
-    brotli_buffers 32 8k;
-    brotli_comp_level 6;
-    brotli_window 16m;
-    brotli_static on;
-    brotli_types text/plain text/css text/xml text/javascript text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype font/tpl font/opentype font/otf font/ttf image/svg+xml image/x-icon image/vnd.microsoft.icon application/wasm application/manifest+json;

    limit_conn_zone $binary_remote_addr zone=perip:10m;
 	limit_conn_zone $server_name zone=perserver:10m;
--- a/plugins/openresty/install.sh
+++ b/plugins/openresty/install.sh
@ -5,8 +5,10 @@ export PATH
 # cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/openresty && bash install.sh install 1.21.4
 # cd /www/server/mdserver-web/plugins/openresty && bash install.sh install 1.21.4
 # cd /www/server/mdserver-web/plugins/openresty && bash install.sh install 1.29.2
+# cd /www/server/mdserver-web/plugins/openresty && bash install.sh upgrade 1.29.2

 # curl -I -H "Accept-Encoding: br" http://localhost
+# curl --http3 -v https://www.xxx.com

 # cd /www/server/mdserver-web && python3 plugins/openresty/index.py run_info

@ -30,6 +32,21 @@ else
 	useradd -g www -s /bin/bash www
 fi

+if [ "${action}" == "upgrade" ];then
+	sh -x $curPath/versions/$2/install.sh $1
+	
+	echo "${VERSION}" > $serverPath/openresty/version.pl
+
+	mkdir -p $serverPath/web_conf/php/conf
+	echo 'set $PHP_ENV 0;' > $serverPath/web_conf/php/conf/enable-php-00.conf
+
+	#初始化 
+	cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py start
+	cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py initd_install
+	exit 0
+fi
+
+
 if [ "${2}" == "" ];then
 	echo '缺少安装脚本版本...'
 	exit 0
--- a/plugins/openresty/versions/1.17.8/install.sh
+++ b/plugins/openresty/versions/1.17.8/install.sh
@ -19,8 +19,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -127,9 +129,23 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
 	fi

+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
+	fi

 	# --with-openssl=$serverPath/source/lib/openssl-1.0.2q
 	cd ${openrestyDir}/openresty-${VERSION} && ./configure \
@ -178,7 +194,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/1.19.3/install.sh
+++ b/plugins/openresty/versions/1.19.3/install.sh
@ -19,8 +19,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -128,7 +130,22 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
+	fi
+
+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
 	fi


@ -178,7 +195,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/1.21.4/install.sh
+++ b/plugins/openresty/versions/1.21.4/install.sh
@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -127,7 +129,22 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
+	fi
+
+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
 	fi

 	# --with-openssl=$serverPath/source/lib/openssl-1.0.2q
@ -177,7 +194,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/1.25.3/install.sh
+++ b/plugins/openresty/versions/1.25.3/install.sh
@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -72,9 +74,9 @@ Install_openresty()

 	OPTIONS=''

-	opensslVersion="1.1.1p"
+	opensslVersion="3.4.4"
 	libresslVersion="3.9.1"
-	pcreVersion='8.38'
+	pcreVersion='8.45'
 	if [ "$sysName" == "Darwin" ];then

 		if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then
@ -126,16 +128,16 @@ Install_openresty()
 	if [[ "$VERSION" =~ "1.25.3" ]]; then
 		OPTIONS="${OPTIONS} --with-http_v3_module"

-		if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
-	        wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
-	    fi
+		# if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+	    #     wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+	    # fi

-	    if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
-			cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
-		fi
+	    # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+		# 	cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+		# fi
 	    
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
 	fi

 	# br
@ -143,7 +145,22 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
+	fi
+
+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
 	fi

 	cd ${openrestyDir}/openresty-${VERSION} && ./configure \
@ -192,7 +209,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/1.27.1/install.sh
+++ b/plugins/openresty/versions/1.27.1/install.sh
@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -72,9 +74,9 @@ Install_openresty()

 	OPTIONS=''

-	opensslVersion="1.1.1p"
+	opensslVersion="3.4.4"
 	libresslVersion="3.9.1"
-	pcreVersion='8.38'
+	pcreVersion='8.45'
 	if [ "$sysName" == "Darwin" ];then

 		if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then
@ -114,19 +116,19 @@ Install_openresty()

 	fi

-	if [[ "$VERSION" =~ "1.25.3" ]] || [[ "$VERSION" =~ "1.27.1" ]];then
+	if [[ "$VERSION" =~ "1.27.1" ]];then
 		OPTIONS="${OPTIONS} --with-http_v3_module"

-		if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
-	        wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
-	    fi
+		# if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+	    #     wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+	    # fi

-	    if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
-			cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
-		fi
+	    # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+		# 	cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+		# fi
 	    
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
 	fi

 	# br
@ -134,9 +136,25 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
+	fi
+
+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
 	fi

+
 	cd ${openrestyDir}/openresty-${VERSION} && ./configure \
 	--prefix=$serverPath/openresty \
 	$OPTIONS \
@ -183,7 +201,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/1.29.2/install.sh
+++ b/plugins/openresty/versions/1.29.2/install.sh
@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty

 Install_openresty()
 {
-	if [ -d $serverPath/openresty ];then
-		exit 0
+	if [ "${action}" == "install" ];then
+		if [ -d $serverPath/openresty ];then
+			exit 0
+		fi
 	fi
 	
 	# ----- cpu start ------
@ -117,16 +119,16 @@ Install_openresty()
 	if [[ "$VERSION" =~ "1.29.2" ]];then
 		OPTIONS="${OPTIONS} --with-http_v3_module"

-		if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
-	        wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
-	    fi
+		# if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+	    #     wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+	    # fi

-	    if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
-			cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
-		fi
+	    # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+		# 	cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+		# fi
 	    
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
-	    OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
+	    # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
 	fi

 	# br
@ -134,9 +136,26 @@ Install_openresty()
 		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
 		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init

-		OPTIONS="${OPTIONS} --add-module=./ngx_brotli"
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
 	fi

+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+
+
+	if [ ! -d ${openrestyDir}/zstd-nginx-module ];then
+		cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz
+		cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz
+
+		pkg-config --exists --print-errors libzstd
+		if [ "$?" == "0" ];then
+			OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master"
+		fi
+	fi
+	
+	

 	cd ${openrestyDir}/openresty-${VERSION} && ./configure \
 	--prefix=$serverPath/openresty \
@ -176,6 +195,10 @@ Install_openresty()
 		rm -rf $openrestyDir/openresty-${VERSION}
 	fi

+	if [ -d $openrestyDir/zstd-nginx-module-master ];then
+		rm -rf $openrestyDir/zstd-nginx-module-master
+	fi
+
 	# if [ -d $openrestyDir/ngx_brotli ];then
 	# 	rm -rf $openrestyDir/ngx_brotli
 	# fi
@ -188,7 +211,9 @@ Uninstall_openresty()
 }

 action=$1
-if [ "${1}" == 'install' ];then
+if [ "${1}" == "install" ];then
+	Install_openresty
+elif [ "${1}" == "upgrade" ];then
 	Install_openresty
 else
 	Uninstall_openresty
--- a/plugins/openresty/versions/rtmp/install.sh
+++ b/plugins/openresty/versions/rtmp/install.sh
@ -14,7 +14,7 @@ sysName=`uname`
 action=$1
 type=$2

-VERSION=1.27.1.1
+VERSION=1.27.1.2

 openrestyDir=${serverPath}/source/openresty

@ -72,9 +72,9 @@ Install_openresty()

 	OPTIONS=''

-	opensslVersion="1.1.1p"
+	opensslVersion="3.4.4"
 	libresslVersion="3.9.1"
-	pcreVersion='8.38'
+	pcreVersion='8.45'
 	if [ "$sysName" == "Darwin" ];then

 		if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then
@ -114,19 +114,19 @@ Install_openresty()

 	fi

-	if [[ "$VERSION" =~ "1.25.3" ]]; then
+	if [[ "$VERSION" =~ "1.27.1" ]]; then
 		OPTIONS="${OPTIONS} --with-http_v3_module"

-		if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
-			wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
-		fi
+		# if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then
+		# 	wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz
+		# fi

-		if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
-			cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
-		fi
+		# if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then
+		# 	cd ${openrestyDir} &&  tar -zxvf libressl-${libresslVersion}.tar.gz
+		# fi
 		
-		OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
-		OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
+		# OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include"
+		# OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib"
 	fi

 	# rtmp推流功能
@ -140,6 +140,19 @@ Install_openresty()
 	fi
 	OPTIONS="${OPTIONS} --add-module=${openrestyDir}/nginx-rtmp-module-${nginx_rtmp_ver}"

+	# br
+	if [ ! -d ${openrestyDir}/openresty-${VERSION}/ngx_brotli ];then
+		cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git
+		cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init
+
+		OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli"
+	fi
+
+	OPTIONS="${OPTIONS} --with-threads"
+	OPTIONS="${OPTIONS} --with-file-aio"
+	OPTIONS="${OPTIONS} --with-pcre-jit"
+	OPTIONS="${OPTIONS} --with-http_gzip_static_module"
+

 	cd ${openrestyDir}/openresty-${VERSION} && ./configure \
 	--prefix=$serverPath/openresty \
--- a/plugins/tgbot/startup/extend/push_ad.py
+++ b/plugins/tgbot/startup/extend/push_ad.py
@ -47,7 +47,7 @@ def send_msg(bot, tag='ad', trigger_time=300):
    keyboard = [
        [
            types.InlineKeyboardButton(
-                text="海内外实名KYC-执照代付✅域名", url='https://t.me/kdgzs')
+                text="海内外实名KYC-执照代付✅域名", url='https://t.me/kuadugongzuoshi')
        ],
        [
            types.InlineKeyboardButton(
--- a/plugins/tgbot/startup/extend/push_notice_msg.py
+++ b/plugins/tgbot/startup/extend/push_notice_msg.py
@ -62,7 +62,7 @@ def send_msg(bot, tag='ad', trigger_time=300):
    keyboard = [
        [
            types.InlineKeyboardButton(
-                text="海内外实名KYC-执照代付✅域名", url='https://t.me/kdgzs')
+                text="海内外实名KYC-执照代付✅域名", url='https://t.me/kuadugongzuoshi')
        ],
        [
            types.InlineKeyboardButton(
--- a/scripts/install/alma.sh
+++ b/scripts/install/alma.sh
@ -20,6 +20,7 @@ yum install -y bzip2-devel
 yum install -y ncurses-compat-libs
 yum install -y numactl
 yum install -y sshpass
+yum install -y libzstd-devel

 SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
 if [ "$SSH_PORT" == "" ];then
--- a/scripts/install/alpine.sh
+++ b/scripts/install/alpine.sh
@ -56,6 +56,7 @@ apk add libargon2-devel --force-broken-world

 apk add net-tools-deprecated --force-broken-world
 apk add numactl --force-broken-world
+apk add zstd-dev --force-broken-world

 # apk add  php-config

--- a/scripts/install/amazon.sh
+++ b/scripts/install/amazon.sh
@ -28,6 +28,7 @@ yum install -y bzip2-devel
 yum install -y ncurses-compat-libs
 yum install -y numactl
 yum install -y sshpass
+yum install -y libzstd-devel

 SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
 if [ "$SSH_PORT" == "" ];then
--- a/scripts/install/centos.sh
+++ b/scripts/install/centos.sh
@ -38,6 +38,7 @@ yum install -y bzip2-devel
 yum install -y ncurses-compat-libs
 yum install -y numactl
 yum install -y sshpass
+yum install -y libzstd-devel

 # if [ -f /usr/sbin/iptables ];then

--- a/scripts/install/debian.sh
+++ b/scripts/install/debian.sh
@ -247,7 +247,7 @@ apt install -y protobuf-compiler
 apt install -y libboost-dev
 apt install -y liblz4-tool
 apt install -y zstd
-
+apt install -y libzstd-dev

 # Disabled due to dependency issues
 #apt install --ignore-missing -y autoconf automake cmake curl dia gcc imagemagick libbz2-dev libcurl4-gnutls-dev\
--- a/scripts/install/euler.sh
+++ b/scripts/install/euler.sh
@ -38,6 +38,7 @@ yum install -y bzip2-devel
 yum install -y ncurses-compat-libs
 yum install -y numactl
 yum install -y sshpass
+yum install -y libzstd-devel


 # if [ -f /usr/sbin/iptables ];then
--- a/scripts/install/fedora.sh
+++ b/scripts/install/fedora.sh
@ -18,6 +18,7 @@ yum install -y expect
 yum install -y ncurses-compat-libs
 yum install -y numactl
 yum install -y sshpass
+yum install -y libzstd-devel
 dnf install crontabs -y

 SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'`
--- a/scripts/install/freebsd.sh
+++ b/scripts/install/freebsd.sh
@ -66,6 +66,7 @@ pkg install -y bzip2
 pkg install -y bzip2-devel
 pkg install -y numactl
 pkg install -y sshpass
+pkg install -y libzstd-devel

 # curl https://sh.rustup.rs -sSf | sh
 pkg install -y rust
--- a/scripts/install/opensuse.sh
+++ b/scripts/install/opensuse.sh
@ -33,6 +33,7 @@ zypper install -y pv
 zypper install -y bc
 zypper install -y bzip2

+
 zypper install -y libzip libzip-devel
 zypper install -y unrar rar
 zypper install -y libmemcached libmemcached-devel
@ -40,6 +41,7 @@ zypper install -y libmemcached libmemcached-devel
 zypper install -y icu libicu-devel
 zypper install -y sqlite3 sqlite3-devel
 zypper install -y oniguruma-devel
+zypper install -y libzstd-devel

 # zypper install -y libmcrypt libmcrypt-devel
 # zypper install -y protobuf
--- a/scripts/install/rhel.sh
+++ b/scripts/install/rhel.sh
@ -44,6 +44,7 @@ $PKGMGR install -y mmap-devel

 $PKGMGR install -y libncurses*
 $PKGMGR install -y sshpass
+$PKGMGR install -y libzstd-devel

 echo "install remi source"
 if [ "$VERSION_ID" == "9" ];then
--- a/scripts/install/rocky.sh
+++ b/scripts/install/rocky.sh
@ -27,7 +27,8 @@ yum install -y libzip-devel
 yum install -y re2c 
 yum install -y ncurses-compat-libs
 yum install -y numactl 
-apt install -y sshpass
+yum install -y sshpass
+yum install -y libzstd-devel

 if [ -f /usr/sbin/iptables ];then

--- a/scripts/install/ubuntu.sh
+++ b/scripts/install/ubuntu.sh
@ -60,6 +60,7 @@ apt install -y libboost-dev
 apt install -y liblz4-tool
 apt install -y zstd
 apt install -y sshpass
+apt install -y libzstd-dev

 P_VER=`python3 -V | awk '{print $2}'`
 if version_ge "$P_VER" "3.11.0" ;then
--- a/web/core/mw.py
+++ b/web/core/mw.py
@ -922,6 +922,15 @@ def isSupportSystemctl():
        return False
    return True

+def isSupportHttp3(version):
+    if version.startswith('1.25'):
+        return True 
+    if version.startswith('1.27'):
+        return True
+    if version.startswith('1.29'):
+        return True
+    return False
+
 def isDebugMode():
    if isAppleSystem():
        return True
--- a/web/utils/site.py
+++ b/web/utils/site.py
@ -527,11 +527,12 @@ class sites(object):
        if conf.find('ssl_certificate') == -1:
            # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
            # add_header Alt-Svc 'h3=":443";ma=86400,h3-29=":443";ma=86400';
+            # add_header Strict-Transport-Security "max-age=63072000" always;
            http3Header = """
-    add_header Strict-Transport-Security "max-age=63072000";
-    add_header Alt-Svc 'h3=":443";ma=86400';
+    add_header Alt-Svc 'h3=":443";ma=86400' always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 """
-            if not version.startswith('1.25') or version.startswith('1.27'):
+            if not mw.isSupportHttp3(version):
                http3Header = '';

            sslStr = """#error_page 404/404.html;
@ -553,16 +554,16 @@ class sites(object):
        tmp = re.findall(rep, conf)
        if not mw.inArray(tmp, '443'):
            listen = re.search(rep, conf).group()
-            
-            if version.startswith('1.25') or version.startswith('1.27'):
+            if mw.isSupportHttp3(version):
                http_ssl = "\n\tlisten 443 ssl;"
                http_ssl = http_ssl + "\n\tlisten [::]:443 ssl;"
+                http_ssl = http_ssl + "\n\tlisten 443 quic;#reuseport"
+                http_ssl = http_ssl + "\n\tlisten [::]:443 quic;"
+                http_ssl = http_ssl + "\n\thttp3 on;"
                http_ssl = http_ssl + "\n\thttp2 on;"
            else:
-                http_ssl = "\n\tlisten 443 ssl;"
-                http_ssl = http_ssl + "\n\tlisten [::]:443 ssl;"
-
-
+                http_ssl = "\n\tlisten 443 ssl http2;"
+                http_ssl = http_ssl + "\n\tlisten [::]:443 ssl http2;"
            conf = conf.replace(listen, listen + http_ssl)

        mw.backFile(file)
@ -1532,6 +1533,10 @@ location ^~ {from} {\n\
    proxy_set_header Upgrade $http_upgrade;\n\
    proxy_set_header Connection $connection_upgrade;\n\
    proxy_http_version 1.1;\n\
+    proxy_set_header User-Agent $http_user_agent;\n\
+    proxy_set_header X-Forwarded-Proto $scheme;\n\
+    proxy_set_header X-Forwarded-Host $http_host;\n\
+    proxy_set_header X-Forwarded-Port $server_port;\n\
    \n\
    {proxy_cache}\n\
 }\n\
@ -1925,19 +1930,46 @@ location ^~ {from} {\n\
            path = self.getHostConf(default_site)
            if os.path.exists(path):
                conf = mw.readFile(path)
-                rep = r"listen\s+80.+;"
+                rep = r"listen\s+443\s+quic\s*reuseport default_server"
+                conf = re.sub(rep, 'listen 443 quic reuseport;', conf, 1)
+                rep = r"listen\s+\[\:\:\]\:443\s+quic\s*reuseport\s*default_server;"
+                conf = re.sub(rep, 'listen [::]:443 quic reuseport;', conf, 1)
+
+                rep = r"listen\s+80\s*default_server;"
                conf = re.sub(rep, 'listen 80;', conf, 1)
-                rep = r"listen\s+443.+;"
+                rep = r"listen\s+\[\:\:\]\:80\s*default_server;"
+                conf = re.sub(rep, 'listen [::]:80;', conf, 1)
+                rep = r"listen\s+443\s*ssl\s*default_server;"
                conf = re.sub(rep, 'listen 443 ssl;', conf, 1)
+                rep = r"listen\s+443\s*quic\*default_server;"
+                conf = re.sub(rep, 'listen 443 quic;', conf, 1)
+                rep = r"listen\s+\[\:\:\]\:443\s*ssl\s*default_server;"
+                conf = re.sub(rep, 'listen [::]:443 ssl;', conf, 1)
+                rep = r"listen\s+\[\:\:\]\:443\s*quic\s*default_server;"
+                conf = re.sub(rep, 'listen [::]:443 quic;', conf, 1)
                mw.writeFile(path, conf)

        path = self.getHostConf(name)
        if os.path.exists(path):
            conf = mw.readFile(path)
+            rep = r"listen\s+443\s*quic\s*reuseport;"
+            conf = re.sub(rep, 'listen 443 quic reuseport default_server;', conf, 1)
+
+            rep = r"listen\s+\[\:\:\]\:443\s*quic\s*reuseport;"
+            conf = re.sub(rep, 'listen [::]:443 quic reuseport default_server;', conf, 1)
+
            rep = r"listen\s+80\s*;"
            conf = re.sub(rep, 'listen 80 default_server;', conf, 1)
-            rep = r"listen\s+443\s*ssl\s*\w*\s*;"
+            rep = r"listen\s+\[\:\:\]\:80;"
+            conf = re.sub(rep, 'listen [::]:80 default_server;', conf, 1)
+            rep = r"listen\s+443\s*ssl;"
            conf = re.sub(rep, 'listen 443 ssl default_server;', conf, 1)
+            rep = r"listen\s+443\s*quic;"
+            conf = re.sub(rep, 'listen 443 quic default_server;', conf, 1)
+            rep = r"listen\s+\[\:\:\]\:443\s*ssl;"
+            conf = re.sub(rep, 'listen [::]:443 ssl default_server;', conf, 1)
+            rep = r"listen\s+\[\:\:\]\:443\s*quic;"
+            conf = re.sub(rep, 'listen [::]:443 quic default_server;', conf, 1)
            mw.writeFile(path, conf)

        thisdb.setOption('default_site', name)
@ -2112,6 +2144,8 @@ location ^~ {from} {\n\
            conf = re.sub(rep, '', conf)
            rep = r"\s+http2\s+on;"
            conf = re.sub(rep, '', conf)
+            rep = r"\s+http3\s+on;"
+            conf = re.sub(rep, '', conf)
            mw.writeFile(file, conf)

        msg = mw.getInfo('网站[{1}]关闭SSL成功!', (site_name,))