diff --git a/plugins/openresty/conf/nginx.conf b/plugins/openresty/conf/nginx.conf index 07cd73d9a..0316650d5 100644 --- a/plugins/openresty/conf/nginx.conf +++ b/plugins/openresty/conf/nginx.conf @@ -5,6 +5,7 @@ error_log {$SERVER_PATH}/openresty/nginx/logs/error.log crit; pid {$SERVER_PATH}/openresty/nginx/logs/nginx.pid; worker_rlimit_nofile 65535; +pcre_jit on; events { @@ -36,7 +37,7 @@ http client_max_body_size 50m; # video big file opt - # aio threads; + aio threads; directio 4m; output_buffers 16 512k; sendfile on; @@ -54,6 +55,19 @@ http fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; + #zstd on; + #zstd_comp_level 6; + #zstd_min_length 256; + #zstd_types text/plain text/css text/xml text/javascript text/cache-manifest text/x-component text/vtt application/javascript application/json application/ld+json application/xml application/xhtml+xml application/rss+xml application/atom+xml application/manifest+json application/x-web-app-manifest+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/wasm font/opentype image/svg+xml image/bmp; + + brotli on; + brotli_min_length 256; + brotli_buffers 32 8k; + brotli_comp_level 6; + brotli_window 16m; + brotli_static on; + brotli_types text/plain text/css text/xml text/javascript text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype font/tpl font/opentype font/otf font/ttf image/svg+xml image/x-icon image/vnd.microsoft.icon application/wasm application/manifest+json; + gzip on; gzip_min_length 1k; gzip_buffers 4 16k; @@ -64,13 +78,6 @@ http gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; - brotli on; - brotli_min_length 256; - brotli_buffers 32 8k; - brotli_comp_level 6; - brotli_window 16m; - brotli_static on; - brotli_types text/plain text/css text/xml text/javascript text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml application/vnd.ms-fontobject application/x-font-ttf application/x-font-opentype application/x-font-truetype font/tpl font/opentype font/otf font/ttf image/svg+xml image/x-icon image/vnd.microsoft.icon application/wasm application/manifest+json; limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $server_name zone=perserver:10m; diff --git a/plugins/openresty/install.sh b/plugins/openresty/install.sh index 9aa98a06c..9a4e4d04f 100755 --- a/plugins/openresty/install.sh +++ b/plugins/openresty/install.sh @@ -5,8 +5,10 @@ export PATH # cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/openresty && bash install.sh install 1.21.4 # cd /www/server/mdserver-web/plugins/openresty && bash install.sh install 1.21.4 # cd /www/server/mdserver-web/plugins/openresty && bash install.sh install 1.29.2 +# cd /www/server/mdserver-web/plugins/openresty && bash install.sh upgrade 1.29.2 # curl -I -H "Accept-Encoding: br" http://localhost +# curl --http3 -v https://www.xxx.com # cd /www/server/mdserver-web && python3 plugins/openresty/index.py run_info @@ -30,6 +32,21 @@ else useradd -g www -s /bin/bash www fi +if [ "${action}" == "upgrade" ];then + sh -x $curPath/versions/$2/install.sh $1 + + echo "${VERSION}" > $serverPath/openresty/version.pl + + mkdir -p $serverPath/web_conf/php/conf + echo 'set $PHP_ENV 0;' > $serverPath/web_conf/php/conf/enable-php-00.conf + + #初始化 + cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py start + cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py initd_install + exit 0 +fi + + if [ "${2}" == "" ];then echo '缺少安装脚本版本...' exit 0 diff --git a/plugins/openresty/versions/1.17.8/install.sh b/plugins/openresty/versions/1.17.8/install.sh index ee8d30fd0..53cf19aad 100644 --- a/plugins/openresty/versions/1.17.8/install.sh +++ b/plugins/openresty/versions/1.17.8/install.sh @@ -19,8 +19,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -127,9 +129,23 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" fi + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi + fi # --with-openssl=$serverPath/source/lib/openssl-1.0.2q cd ${openrestyDir}/openresty-${VERSION} && ./configure \ @@ -178,7 +194,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/1.19.3/install.sh b/plugins/openresty/versions/1.19.3/install.sh index 5b34d13b3..3437172f8 100644 --- a/plugins/openresty/versions/1.19.3/install.sh +++ b/plugins/openresty/versions/1.19.3/install.sh @@ -19,8 +19,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -128,7 +130,22 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" + fi + + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi fi @@ -178,7 +195,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/1.21.4/install.sh b/plugins/openresty/versions/1.21.4/install.sh index dcd36f627..8ec9f2e5f 100644 --- a/plugins/openresty/versions/1.21.4/install.sh +++ b/plugins/openresty/versions/1.21.4/install.sh @@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -127,7 +129,22 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" + fi + + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi fi # --with-openssl=$serverPath/source/lib/openssl-1.0.2q @@ -177,7 +194,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/1.25.3/install.sh b/plugins/openresty/versions/1.25.3/install.sh index 32ac58f80..6d5233b72 100644 --- a/plugins/openresty/versions/1.25.3/install.sh +++ b/plugins/openresty/versions/1.25.3/install.sh @@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -72,9 +74,9 @@ Install_openresty() OPTIONS='' - opensslVersion="1.1.1p" + opensslVersion="3.4.4" libresslVersion="3.9.1" - pcreVersion='8.38' + pcreVersion='8.45' if [ "$sysName" == "Darwin" ];then if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then @@ -126,16 +128,16 @@ Install_openresty() if [[ "$VERSION" =~ "1.25.3" ]]; then OPTIONS="${OPTIONS} --with-http_v3_module" - if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then - wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz - fi + # if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then + # wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz + # fi - if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then - cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz - fi + # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then + # cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz + # fi - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" fi # br @@ -143,7 +145,22 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" + fi + + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi fi cd ${openrestyDir}/openresty-${VERSION} && ./configure \ @@ -192,7 +209,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/1.27.1/install.sh b/plugins/openresty/versions/1.27.1/install.sh index 9208776d7..b25b41cb1 100644 --- a/plugins/openresty/versions/1.27.1/install.sh +++ b/plugins/openresty/versions/1.27.1/install.sh @@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -72,9 +74,9 @@ Install_openresty() OPTIONS='' - opensslVersion="1.1.1p" + opensslVersion="3.4.4" libresslVersion="3.9.1" - pcreVersion='8.38' + pcreVersion='8.45' if [ "$sysName" == "Darwin" ];then if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then @@ -114,19 +116,19 @@ Install_openresty() fi - if [[ "$VERSION" =~ "1.25.3" ]] || [[ "$VERSION" =~ "1.27.1" ]];then + if [[ "$VERSION" =~ "1.27.1" ]];then OPTIONS="${OPTIONS} --with-http_v3_module" - if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then - wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz - fi + # if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then + # wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz + # fi - if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then - cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz - fi + # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then + # cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz + # fi - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" fi # br @@ -134,9 +136,25 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" + fi + + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi fi + cd ${openrestyDir}/openresty-${VERSION} && ./configure \ --prefix=$serverPath/openresty \ $OPTIONS \ @@ -183,7 +201,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/1.29.2/install.sh b/plugins/openresty/versions/1.29.2/install.sh index e1b2dc987..c2be5790d 100644 --- a/plugins/openresty/versions/1.29.2/install.sh +++ b/plugins/openresty/versions/1.29.2/install.sh @@ -20,8 +20,10 @@ openrestyDir=${serverPath}/source/openresty Install_openresty() { - if [ -d $serverPath/openresty ];then - exit 0 + if [ "${action}" == "install" ];then + if [ -d $serverPath/openresty ];then + exit 0 + fi fi # ----- cpu start ------ @@ -117,16 +119,16 @@ Install_openresty() if [[ "$VERSION" =~ "1.29.2" ]];then OPTIONS="${OPTIONS} --with-http_v3_module" - if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then - wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz - fi + # if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then + # wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz + # fi - if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then - cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz - fi + # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then + # cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz + # fi - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" fi # br @@ -134,9 +136,26 @@ Install_openresty() cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init - OPTIONS="${OPTIONS} --add-module=./ngx_brotli" + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" fi + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + + + if [ ! -d ${openrestyDir}/zstd-nginx-module ];then + cd ${openrestyDir} && wget -O $openrestyDir/zstd-nginx-module.tar.gz https://github.com/tokers/zstd-nginx-module/archive/refs/heads/master.tar.gz + cd ${openrestyDir} && tar -zxvf zstd-nginx-module.tar.gz + + pkg-config --exists --print-errors libzstd + if [ "$?" == "0" ];then + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/zstd-nginx-module-master" + fi + fi + + cd ${openrestyDir}/openresty-${VERSION} && ./configure \ --prefix=$serverPath/openresty \ @@ -176,6 +195,10 @@ Install_openresty() rm -rf $openrestyDir/openresty-${VERSION} fi + if [ -d $openrestyDir/zstd-nginx-module-master ];then + rm -rf $openrestyDir/zstd-nginx-module-master + fi + # if [ -d $openrestyDir/ngx_brotli ];then # rm -rf $openrestyDir/ngx_brotli # fi @@ -188,7 +211,9 @@ Uninstall_openresty() } action=$1 -if [ "${1}" == 'install' ];then +if [ "${1}" == "install" ];then + Install_openresty +elif [ "${1}" == "upgrade" ];then Install_openresty else Uninstall_openresty diff --git a/plugins/openresty/versions/rtmp/install.sh b/plugins/openresty/versions/rtmp/install.sh index 11a8f5d88..dc21c570d 100644 --- a/plugins/openresty/versions/rtmp/install.sh +++ b/plugins/openresty/versions/rtmp/install.sh @@ -14,7 +14,7 @@ sysName=`uname` action=$1 type=$2 -VERSION=1.27.1.1 +VERSION=1.27.1.2 openrestyDir=${serverPath}/source/openresty @@ -72,9 +72,9 @@ Install_openresty() OPTIONS='' - opensslVersion="1.1.1p" + opensslVersion="3.4.4" libresslVersion="3.9.1" - pcreVersion='8.38' + pcreVersion='8.45' if [ "$sysName" == "Darwin" ];then if [ ! -f ${openrestyDir}/pcre-${pcreVersion}.tar.gz ];then @@ -114,19 +114,19 @@ Install_openresty() fi - if [[ "$VERSION" =~ "1.25.3" ]]; then + if [[ "$VERSION" =~ "1.27.1" ]]; then OPTIONS="${OPTIONS} --with-http_v3_module" - if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then - wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz - fi + # if [ ! -f ${openrestyDir}/libressl-${libresslVersion}.tar.gz ];then + # wget --no-check-certificate -O ${openrestyDir}/libressl-${libresslVersion}.tar.gz https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${libresslVersion}.tar.gz + # fi - if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then - cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz - fi + # if [ ! -d ${openrestyDir}/libressl-${libresslVersion} ];then + # cd ${openrestyDir} && tar -zxvf libressl-${libresslVersion}.tar.gz + # fi - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" - OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/include" + # OPTIONS="${OPTIONS} --with-cc-opt=-I${openrestyDir}/libressl-${libresslVersion}/libressl/build/lib" fi # rtmp推流功能 @@ -140,6 +140,19 @@ Install_openresty() fi OPTIONS="${OPTIONS} --add-module=${openrestyDir}/nginx-rtmp-module-${nginx_rtmp_ver}" + # br + if [ ! -d ${openrestyDir}/openresty-${VERSION}/ngx_brotli ];then + cd ${openrestyDir}/openresty-${VERSION} && git clone https://github.com/wxx9248/ngx_brotli.git + cd ${openrestyDir}/openresty-${VERSION}/ngx_brotli && git submodule update --init + + OPTIONS="${OPTIONS} --add-module=${openrestyDir}/openresty-${VERSION}/ngx_brotli" + fi + + OPTIONS="${OPTIONS} --with-threads" + OPTIONS="${OPTIONS} --with-file-aio" + OPTIONS="${OPTIONS} --with-pcre-jit" + OPTIONS="${OPTIONS} --with-http_gzip_static_module" + cd ${openrestyDir}/openresty-${VERSION} && ./configure \ --prefix=$serverPath/openresty \ diff --git a/plugins/tgbot/startup/extend/push_ad.py b/plugins/tgbot/startup/extend/push_ad.py index 5539927b0..d39574db7 100644 --- a/plugins/tgbot/startup/extend/push_ad.py +++ b/plugins/tgbot/startup/extend/push_ad.py @@ -47,7 +47,7 @@ def send_msg(bot, tag='ad', trigger_time=300): keyboard = [ [ types.InlineKeyboardButton( - text="海内外实名KYC-执照代付✅域名", url='https://t.me/kdgzs') + text="海内外实名KYC-执照代付✅域名", url='https://t.me/kuadugongzuoshi') ], [ types.InlineKeyboardButton( diff --git a/plugins/tgbot/startup/extend/push_notice_msg.py b/plugins/tgbot/startup/extend/push_notice_msg.py index f1869e359..27830845c 100644 --- a/plugins/tgbot/startup/extend/push_notice_msg.py +++ b/plugins/tgbot/startup/extend/push_notice_msg.py @@ -62,7 +62,7 @@ def send_msg(bot, tag='ad', trigger_time=300): keyboard = [ [ types.InlineKeyboardButton( - text="海内外实名KYC-执照代付✅域名", url='https://t.me/kdgzs') + text="海内外实名KYC-执照代付✅域名", url='https://t.me/kuadugongzuoshi') ], [ types.InlineKeyboardButton( diff --git a/scripts/install/alma.sh b/scripts/install/alma.sh index 016409759..227c1cf56 100755 --- a/scripts/install/alma.sh +++ b/scripts/install/alma.sh @@ -20,6 +20,7 @@ yum install -y bzip2-devel yum install -y ncurses-compat-libs yum install -y numactl yum install -y sshpass +yum install -y libzstd-devel SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` if [ "$SSH_PORT" == "" ];then diff --git a/scripts/install/alpine.sh b/scripts/install/alpine.sh index cd1afdd2c..b69eff498 100644 --- a/scripts/install/alpine.sh +++ b/scripts/install/alpine.sh @@ -56,6 +56,7 @@ apk add libargon2-devel --force-broken-world apk add net-tools-deprecated --force-broken-world apk add numactl --force-broken-world +apk add zstd-dev --force-broken-world # apk add php-config diff --git a/scripts/install/amazon.sh b/scripts/install/amazon.sh index 9f3a9b5da..a16134e47 100755 --- a/scripts/install/amazon.sh +++ b/scripts/install/amazon.sh @@ -28,6 +28,7 @@ yum install -y bzip2-devel yum install -y ncurses-compat-libs yum install -y numactl yum install -y sshpass +yum install -y libzstd-devel SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` if [ "$SSH_PORT" == "" ];then diff --git a/scripts/install/centos.sh b/scripts/install/centos.sh index 12587a87c..6e8ed3429 100755 --- a/scripts/install/centos.sh +++ b/scripts/install/centos.sh @@ -38,6 +38,7 @@ yum install -y bzip2-devel yum install -y ncurses-compat-libs yum install -y numactl yum install -y sshpass +yum install -y libzstd-devel # if [ -f /usr/sbin/iptables ];then diff --git a/scripts/install/debian.sh b/scripts/install/debian.sh index ad2081da6..9d773b754 100644 --- a/scripts/install/debian.sh +++ b/scripts/install/debian.sh @@ -247,7 +247,7 @@ apt install -y protobuf-compiler apt install -y libboost-dev apt install -y liblz4-tool apt install -y zstd - +apt install -y libzstd-dev # Disabled due to dependency issues #apt install --ignore-missing -y autoconf automake cmake curl dia gcc imagemagick libbz2-dev libcurl4-gnutls-dev\ diff --git a/scripts/install/euler.sh b/scripts/install/euler.sh index 36adf21ee..56ce3fc42 100755 --- a/scripts/install/euler.sh +++ b/scripts/install/euler.sh @@ -38,6 +38,7 @@ yum install -y bzip2-devel yum install -y ncurses-compat-libs yum install -y numactl yum install -y sshpass +yum install -y libzstd-devel # if [ -f /usr/sbin/iptables ];then diff --git a/scripts/install/fedora.sh b/scripts/install/fedora.sh index 235d9b037..e895baffb 100644 --- a/scripts/install/fedora.sh +++ b/scripts/install/fedora.sh @@ -18,6 +18,7 @@ yum install -y expect yum install -y ncurses-compat-libs yum install -y numactl yum install -y sshpass +yum install -y libzstd-devel dnf install crontabs -y SSH_PORT=`netstat -ntpl|grep sshd|grep -v grep | sed -n "1,1p" | awk '{print $4}' | awk -F : '{print $2}'` diff --git a/scripts/install/freebsd.sh b/scripts/install/freebsd.sh index a2dbb9530..09d1624c2 100644 --- a/scripts/install/freebsd.sh +++ b/scripts/install/freebsd.sh @@ -66,6 +66,7 @@ pkg install -y bzip2 pkg install -y bzip2-devel pkg install -y numactl pkg install -y sshpass +pkg install -y libzstd-devel # curl https://sh.rustup.rs -sSf | sh pkg install -y rust diff --git a/scripts/install/opensuse.sh b/scripts/install/opensuse.sh index 0358ed75b..d1190256c 100644 --- a/scripts/install/opensuse.sh +++ b/scripts/install/opensuse.sh @@ -33,6 +33,7 @@ zypper install -y pv zypper install -y bc zypper install -y bzip2 + zypper install -y libzip libzip-devel zypper install -y unrar rar zypper install -y libmemcached libmemcached-devel @@ -40,6 +41,7 @@ zypper install -y libmemcached libmemcached-devel zypper install -y icu libicu-devel zypper install -y sqlite3 sqlite3-devel zypper install -y oniguruma-devel +zypper install -y libzstd-devel # zypper install -y libmcrypt libmcrypt-devel # zypper install -y protobuf diff --git a/scripts/install/rhel.sh b/scripts/install/rhel.sh index dfab7acf2..f17fe7139 100644 --- a/scripts/install/rhel.sh +++ b/scripts/install/rhel.sh @@ -44,6 +44,7 @@ $PKGMGR install -y mmap-devel $PKGMGR install -y libncurses* $PKGMGR install -y sshpass +$PKGMGR install -y libzstd-devel echo "install remi source" if [ "$VERSION_ID" == "9" ];then diff --git a/scripts/install/rocky.sh b/scripts/install/rocky.sh index d5b2e15c8..ba460a15a 100644 --- a/scripts/install/rocky.sh +++ b/scripts/install/rocky.sh @@ -27,7 +27,8 @@ yum install -y libzip-devel yum install -y re2c yum install -y ncurses-compat-libs yum install -y numactl -apt install -y sshpass +yum install -y sshpass +yum install -y libzstd-devel if [ -f /usr/sbin/iptables ];then diff --git a/scripts/install/ubuntu.sh b/scripts/install/ubuntu.sh index 38e420b90..3f1b0c436 100644 --- a/scripts/install/ubuntu.sh +++ b/scripts/install/ubuntu.sh @@ -60,6 +60,7 @@ apt install -y libboost-dev apt install -y liblz4-tool apt install -y zstd apt install -y sshpass +apt install -y libzstd-dev P_VER=`python3 -V | awk '{print $2}'` if version_ge "$P_VER" "3.11.0" ;then diff --git a/web/core/mw.py b/web/core/mw.py index 208d049b2..4eab3d1cc 100644 --- a/web/core/mw.py +++ b/web/core/mw.py @@ -922,6 +922,15 @@ def isSupportSystemctl(): return False return True +def isSupportHttp3(version): + if version.startswith('1.25'): + return True + if version.startswith('1.27'): + return True + if version.startswith('1.29'): + return True + return False + def isDebugMode(): if isAppleSystem(): return True diff --git a/web/utils/site.py b/web/utils/site.py index a8fa1fc9e..912b57814 100644 --- a/web/utils/site.py +++ b/web/utils/site.py @@ -527,11 +527,12 @@ class sites(object): if conf.find('ssl_certificate') == -1: # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; # add_header Alt-Svc 'h3=":443";ma=86400,h3-29=":443";ma=86400'; + # add_header Strict-Transport-Security "max-age=63072000" always; http3Header = """ - add_header Strict-Transport-Security "max-age=63072000"; - add_header Alt-Svc 'h3=":443";ma=86400'; + add_header Alt-Svc 'h3=":443";ma=86400' always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; """ - if not version.startswith('1.25') or version.startswith('1.27'): + if not mw.isSupportHttp3(version): http3Header = ''; sslStr = """#error_page 404/404.html; @@ -553,16 +554,16 @@ class sites(object): tmp = re.findall(rep, conf) if not mw.inArray(tmp, '443'): listen = re.search(rep, conf).group() - - if version.startswith('1.25') or version.startswith('1.27'): + if mw.isSupportHttp3(version): http_ssl = "\n\tlisten 443 ssl;" http_ssl = http_ssl + "\n\tlisten [::]:443 ssl;" + http_ssl = http_ssl + "\n\tlisten 443 quic;#reuseport" + http_ssl = http_ssl + "\n\tlisten [::]:443 quic;" + http_ssl = http_ssl + "\n\thttp3 on;" http_ssl = http_ssl + "\n\thttp2 on;" else: - http_ssl = "\n\tlisten 443 ssl;" - http_ssl = http_ssl + "\n\tlisten [::]:443 ssl;" - - + http_ssl = "\n\tlisten 443 ssl http2;" + http_ssl = http_ssl + "\n\tlisten [::]:443 ssl http2;" conf = conf.replace(listen, listen + http_ssl) mw.backFile(file) @@ -1532,6 +1533,10 @@ location ^~ {from} {\n\ proxy_set_header Upgrade $http_upgrade;\n\ proxy_set_header Connection $connection_upgrade;\n\ proxy_http_version 1.1;\n\ + proxy_set_header User-Agent $http_user_agent;\n\ + proxy_set_header X-Forwarded-Proto $scheme;\n\ + proxy_set_header X-Forwarded-Host $http_host;\n\ + proxy_set_header X-Forwarded-Port $server_port;\n\ \n\ {proxy_cache}\n\ }\n\ @@ -1925,19 +1930,46 @@ location ^~ {from} {\n\ path = self.getHostConf(default_site) if os.path.exists(path): conf = mw.readFile(path) - rep = r"listen\s+80.+;" + rep = r"listen\s+443\s+quic\s*reuseport default_server" + conf = re.sub(rep, 'listen 443 quic reuseport;', conf, 1) + rep = r"listen\s+\[\:\:\]\:443\s+quic\s*reuseport\s*default_server;" + conf = re.sub(rep, 'listen [::]:443 quic reuseport;', conf, 1) + + rep = r"listen\s+80\s*default_server;" conf = re.sub(rep, 'listen 80;', conf, 1) - rep = r"listen\s+443.+;" + rep = r"listen\s+\[\:\:\]\:80\s*default_server;" + conf = re.sub(rep, 'listen [::]:80;', conf, 1) + rep = r"listen\s+443\s*ssl\s*default_server;" conf = re.sub(rep, 'listen 443 ssl;', conf, 1) + rep = r"listen\s+443\s*quic\*default_server;" + conf = re.sub(rep, 'listen 443 quic;', conf, 1) + rep = r"listen\s+\[\:\:\]\:443\s*ssl\s*default_server;" + conf = re.sub(rep, 'listen [::]:443 ssl;', conf, 1) + rep = r"listen\s+\[\:\:\]\:443\s*quic\s*default_server;" + conf = re.sub(rep, 'listen [::]:443 quic;', conf, 1) mw.writeFile(path, conf) path = self.getHostConf(name) if os.path.exists(path): conf = mw.readFile(path) + rep = r"listen\s+443\s*quic\s*reuseport;" + conf = re.sub(rep, 'listen 443 quic reuseport default_server;', conf, 1) + + rep = r"listen\s+\[\:\:\]\:443\s*quic\s*reuseport;" + conf = re.sub(rep, 'listen [::]:443 quic reuseport default_server;', conf, 1) + rep = r"listen\s+80\s*;" conf = re.sub(rep, 'listen 80 default_server;', conf, 1) - rep = r"listen\s+443\s*ssl\s*\w*\s*;" + rep = r"listen\s+\[\:\:\]\:80;" + conf = re.sub(rep, 'listen [::]:80 default_server;', conf, 1) + rep = r"listen\s+443\s*ssl;" conf = re.sub(rep, 'listen 443 ssl default_server;', conf, 1) + rep = r"listen\s+443\s*quic;" + conf = re.sub(rep, 'listen 443 quic default_server;', conf, 1) + rep = r"listen\s+\[\:\:\]\:443\s*ssl;" + conf = re.sub(rep, 'listen [::]:443 ssl default_server;', conf, 1) + rep = r"listen\s+\[\:\:\]\:443\s*quic;" + conf = re.sub(rep, 'listen [::]:443 quic default_server;', conf, 1) mw.writeFile(path, conf) thisdb.setOption('default_site', name) @@ -2112,6 +2144,8 @@ location ^~ {from} {\n\ conf = re.sub(rep, '', conf) rep = r"\s+http2\s+on;" conf = re.sub(rep, '', conf) + rep = r"\s+http3\s+on;" + conf = re.sub(rep, '', conf) mw.writeFile(file, conf) msg = mw.getInfo('网站[{1}]关闭SSL成功!', (site_name,))