up

2 years ago · 5358cd2d38
parent c4bb20ed54
commit 5358cd2d38
4 changed files with 63 additions and 16 deletions
--- a/class/core/config_api.py
+++ b/class/core/config_api.py
@ -102,6 +102,22 @@ class config_api:
            return mw.returnJson(False, '主域名格式不正确')

        mw.writeFile(cfg_domain, domain)
+
+        op_dir = mw.getServerDir() + "/openresty"
+        if not os.path.exists(op_dir):
+            return mw.returnJson(False, '依赖OpenResty,先安装启动它!')
+
+        panel_tpl = mw.getRunDir() + "/data/tpl/nginx_panel.conf"
+        dst_panel_path = mw.getServerDir() + "/web_conf/nginx/vhost/panel.conf"
+
+        content = mw.readFile(panel_tpl)
+        content = content.replace("{$PORT}", "80")
+        content = content.replace("{$SERVER_NAME}", domain)
+        content = content.replace("{$PANAL_PORT}", mw.readFile('data/port.pl'))
+        content = content.replace("{$LOGPATH}", mw.getRunDir() + '/logs')
+        content = content.replace("{$PANAL_ADDR}", mw.getRunDir())
+        mw.writeFile(dst_panel_path, content)
+
        return mw.returnJson(True, '设置域名成功!')

    def syncDateApi(self):
@ -355,19 +371,22 @@ class config_api:
    def getPanelSslApi(self):
        cert = {}

-        if not os.path.exists('ssl/certificate.pem'):
+        keyPath = 'ssl/private.pem'
+        certPath = 'ssl/cert.pem'
+
+        if not os.path.exists(certPath):
            mw.createSSL()

-        cert['privateKey'] = mw.readFile('ssl/privateKey.pem')
-        cert['certPem'] = mw.readFile('ssl/certificate.pem')
+        cert['privateKey'] = mw.readFile(keyPath)
+        cert['certPem'] = mw.readFile(certPath)
        cert['rep'] = os.path.exists('ssl/input.pl')
-        cert['info'] = mw.getCertName('ssl/certificate.pem')
+        cert['info'] = mw.getCertName(certPath)
        return mw.getJson(cert)

    # 保存面板证书
    def savePanelSslApi(self):
-        keyPath = 'ssl/privateKey.pem'
-        certPath = 'ssl/certificate.pem'
+        keyPath = 'ssl/private.pem'
+        certPath = 'ssl/cert.pem'
        checkCert = '/tmp/cert.pl'

        certPem = request.form.get('certPem', '').strip()
@ -388,7 +407,6 @@ class config_api:
        sslConf = mw.getRunDir() + '/data/ssl.pl'
        if os.path.exists(sslConf):
            os.system('rm -f ' + sslConf)
-            mw.restartMw()
            return mw.returnJson(True, 'SSL已关闭，请使用http协议访问面板!')
        else:
            try:
@ -398,7 +416,6 @@ class config_api:
            except Exception as ex:
                return mw.returnJson(False, '开启失败:' + str(ex))

-            mw.restartMw()
            return mw.returnJson(True, '开启成功，请使用https协议访问面板!')

    def getApi(self):
--- a/class/core/mw.py
+++ b/class/core/mw.py
@ -1371,8 +1371,8 @@ def createSSL():
    private_key = OpenSSL.crypto.dump_privatekey(
        OpenSSL.crypto.FILETYPE_PEM, key)
    if len(cert_ca) > 100 and len(private_key) > 100:
-        writeFile('ssl/certificate.pem', cert_ca, 'wb+')
-        writeFile('ssl/privateKey.pem', private_key, 'wb+')
+        writeFile('ssl/cert.pem', cert_ca, 'wb+')
+        writeFile('ssl/private.pem', private_key, 'wb+')
        return True
    return False

--- a/data/tpl/nginx_panel.conf
+++ b/data/tpl/nginx_panel.conf
@ -1,15 +1,48 @@
 server
 {
    listen {$PORT};
-    listen [::]:{$PORT};
+    #listen 443 ssl http2;
+    #listen [::]:443 ssl http2;
+    
    server_name {$SERVER_NAME};
    index index.php index.html index.htm default.php default.htm default.html;
-    root {$ROOT_DIR};
    
    #SSL-START
-    #error_page 404/404.html;
+    #ssl_certificate    {$PANAL_ADDR}/ssl/cert.pem;
+    #ssl_certificate_key  {$PANAL_ADDR}/ssl/privkey.pem;
+    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+    #ssl_prefer_server_ciphers on;
+    #ssl_session_cache shared:SSL:10m;
+    #ssl_session_timeout 10m;
    #SSL-END

+
+    #PROXY-START
+    location ^~ / {
+        proxy_pass http://0.0.0.0:{$PANAL_PORT}/;
+        proxy_set_header Host 0.0.0.0:{$PANAL_PORT};
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        
+        add_header X-Cache $upstream_cache_status;
+        proxy_ignore_headers Set-Cookie Cache-Control expires;
+        add_header Cache-Control no-cache;
+        
+        set $static_files_app 0;
+        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
+        {
+            set $static_files_app 1;
+            expires 12h;
+        }
+        if ( $static_files_app = 0 )
+        {
+            add_header Cache-Control no-cache;
+        }
+    }
+    #PROXY-END
+
     
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
--- a/setting.py
+++ b/setting.py
@ -82,6 +82,3 @@ loglevel = 'info'
 errorlog = log_dir + '/error.log'
 accesslog = log_dir + '/access.log'
 pidfile = log_dir + '/mw.pid'
-# if os.path.exists(os.getcwd() + '/data/ssl.pl'):
-#     certfile = 'ssl/certificate.pem'
-#     keyfile = 'ssl/privateKey.pem'