up

class/core/config_api.py

@@ -102,6 +102,22 @@ def setPanelDomainApi(self):
             return mw.returnJson(False, '主域名格式不正确')
 
         mw.writeFile(cfg_domain, domain)
+
+        op_dir = mw.getServerDir() + "/openresty"
+        if not os.path.exists(op_dir):
+            return mw.returnJson(False, '依赖OpenResty,先安装启动它!')
+
+        panel_tpl = mw.getRunDir() + "/data/tpl/nginx_panel.conf"
+        dst_panel_path = mw.getServerDir() + "/web_conf/nginx/vhost/panel.conf"
+
+        content = mw.readFile(panel_tpl)
+        content = content.replace("{$PORT}", "80")
+        content = content.replace("{$SERVER_NAME}", domain)
+        content = content.replace("{$PANAL_PORT}", mw.readFile('data/port.pl'))
+        content = content.replace("{$LOGPATH}", mw.getRunDir() + '/logs')
+        content = content.replace("{$PANAL_ADDR}", mw.getRunDir())
+        mw.writeFile(dst_panel_path, content)
+
         return mw.returnJson(True, '设置域名成功!')
 
     def syncDateApi(self):
@@ -355,19 +371,22 @@ def setIpv6StatusApi(self):
     def getPanelSslApi(self):
         cert = {}
 
-        if not os.path.exists('ssl/certificate.pem'):
+        keyPath = 'ssl/private.pem'
+        certPath = 'ssl/cert.pem'
+
+        if not os.path.exists(certPath):
             mw.createSSL()
 
-        cert['privateKey'] = mw.readFile('ssl/privateKey.pem')
-        cert['certPem'] = mw.readFile('ssl/certificate.pem')
+        cert['privateKey'] = mw.readFile(keyPath)
+        cert['certPem'] = mw.readFile(certPath)
         cert['rep'] = os.path.exists('ssl/input.pl')
-        cert['info'] = mw.getCertName('ssl/certificate.pem')
+        cert['info'] = mw.getCertName(certPath)
         return mw.getJson(cert)
 
     # 保存面板证书
     def savePanelSslApi(self):
-        keyPath = 'ssl/privateKey.pem'
-        certPath = 'ssl/certificate.pem'
+        keyPath = 'ssl/private.pem'
+        certPath = 'ssl/cert.pem'
         checkCert = '/tmp/cert.pl'
 
         certPem = request.form.get('certPem', '').strip()
@@ -388,7 +407,6 @@ def setPanelSslApi(self):
         sslConf = mw.getRunDir() + '/data/ssl.pl'
         if os.path.exists(sslConf):
             os.system('rm -f ' + sslConf)
-            mw.restartMw()
             return mw.returnJson(True, 'SSL已关闭，请使用http协议访问面板!')
         else:
             try:
@@ -398,7 +416,6 @@ def setPanelSslApi(self):
             except Exception as ex:
                 return mw.returnJson(False, '开启失败:' + str(ex))
 
-            mw.restartMw()
             return mw.returnJson(True, '开启成功，请使用https协议访问面板!')
 
     def getApi(self):

class/core/mw.py

@@ -1371,8 +1371,8 @@ def createSSL():
     private_key = OpenSSL.crypto.dump_privatekey(
         OpenSSL.crypto.FILETYPE_PEM, key)
     if len(cert_ca) > 100 and len(private_key) > 100:
-        writeFile('ssl/certificate.pem', cert_ca, 'wb+')
-        writeFile('ssl/privateKey.pem', private_key, 'wb+')
+        writeFile('ssl/cert.pem', cert_ca, 'wb+')
+        writeFile('ssl/private.pem', private_key, 'wb+')
         return True
     return False
 

data/tpl/nginx_panel.conf

@@ -1,15 +1,48 @@
 server
 {
     listen {$PORT};
-    listen [::]:{$PORT};
+    #listen 443 ssl http2;
+    #listen [::]:443 ssl http2;
+
     server_name {$SERVER_NAME};
     index index.php index.html index.htm default.php default.htm default.html;
-    root {$ROOT_DIR};
 
     #SSL-START
-    #error_page 404/404.html;
+    #ssl_certificate    {$PANAL_ADDR}/ssl/cert.pem;
+    #ssl_certificate_key  {$PANAL_ADDR}/ssl/privkey.pem;
+    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+    #ssl_prefer_server_ciphers on;
+    #ssl_session_cache shared:SSL:10m;
+    #ssl_session_timeout 10m;
     #SSL-END
 
+
+    #PROXY-START
+    location ^~ / {
+        proxy_pass http://0.0.0.0:{$PANAL_PORT}/;
+        proxy_set_header Host 0.0.0.0:{$PANAL_PORT};
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header REMOTE-HOST $remote_addr;
+
+        add_header X-Cache $upstream_cache_status;
+        proxy_ignore_headers Set-Cookie Cache-Control expires;
+        add_header Cache-Control no-cache;
+
+        set $static_files_app 0;
+        if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
+        {
+            set $static_files_app 1;
+            expires 12h;
+        }
+        if ( $static_files_app = 0 )
+        {
+            add_header Cache-Control no-cache;
+        }
+    }
+    #PROXY-END
+
 
     #禁止访问的文件或目录
     location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)

setting.py

@@ -82,6 +82,3 @@
 errorlog = log_dir + '/error.log'
 accesslog = log_dir + '/access.log'
 pidfile = log_dir + '/mw.pid'
-# if os.path.exists(os.getcwd() + '/data/ssl.pl'):
-#     certfile = 'ssl/certificate.pem'
-#     keyfile = 'ssl/privateKey.pem'