~~ssh~~ https auto update

.gitignore

@@ -2,6 +2,7 @@
 /*.bat
 /*.sh
 /ssh-*
+/log/*
 
 /phplib/teaminfo_cache_*
 

docker_container/Dockerfile

@@ -1,3 +0,0 @@
-FROM debian:11-slim
-
-RUN sh "./docker_container/script-onboot.sh"

docker_container/container-start.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+docker run --memory 1GB --user root --volume /media/sf_woodpecker2024/attachment_server/:/root/www/:ro --volume /media/sf_woodpecker2024/attachment_server/log/:/root/log/:rw --workdir /root/ --expose 2250 --publish 12345:2250 --interactive --tty --name ly65-attachment-server --hostname woodpecker2024 --rm --detach debian:11-slim sh /root/www/docker_container/inside-container_start.sh

docker_container/inside-container_start.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+cd /root
+
+apt update
+apt install -y --no-install-recommends nginx-core php7.4-fpm php7.4-curl php7.4-mbstring php7.4-gd
+
+cp --force /root/www/docker_container/nginx.conf /etc/nginx/nginx.conf
+cp --force /root/www/docker_container/nginx-0.conf /root/nginx-0.conf
+
+
+#tail -f /dev/null
+#sleep infinity
+bash -i

docker_container/nginx-0.conf

@@ -3,70 +3,41 @@
 server {
     listen 2250;
     listen [::]:2250;
-    listen 2260 ssl;
-    listen [::]:2260 ssl;
 
     root /root/www;
 
     add_header Access-Control-Allow-Origin * always;
 
-    index null;
+    charset utf-8;
 
-    autoindex on;
-    autoindex_localtime on;
-    charset utf-8,gbk;
+    location = / {
+        index index.html;
+        try_files $uri $uri/ =403;
+    }
+
+    location = /api.php {
+        allow all;
+    }
+
+    location = /index.html {
+        allow all;
+    }
+
+    location /assets/ {
+        allow all;
+    }
+
+    location ~* \.php$ {
+        include fastcgi_params;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
 
     location / {
-        # First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
-    }
-
-    location ^~ /ldb/ {
-        proxy_pass http://127.0.0.1:2251/;
-        proxy_connect_timeout 50ms;
-        proxy_set_header Host "$http_host";
-        proxy_buffering off;
-        error_page 502 =200 @error_default;
-    }
-
-    location ~ /internal/ {
-        allow 127.0.0.1;
-        allow 192.168.1.14;
-        deny 192.168.1.0/24;
         deny all;
-        location ~* (\.php|\.bat)$ {
-            include snippets/fastcgi-php.conf;
-            fastcgi_pass 127.0.0.1:9000;
-        }
-    }
-
-    location ~* \.src$ {
-        try_files $uri $uri/ @try_use_src;
-    }
-
-    location @try_use_src {
-        rewrite (.+)\.src$ $1 break;
-        error_page 404 @error_default;
-        add_header X-Source-File $uri always;
-        add_header Content-Type "text/plain; charset=utf-8" always;
-    }
-
-    location @error_default {}
-
-    location ~* (\.php\.*|\.bat\.*)$ {
-        include snippets/fastcgi-php.conf;
-        fastcgi_pass 127.0.0.1:9000;
     }
 
     error_page 405 =200 $uri;
 
-
-    ssl_certificate /root/ly65.top_ecc/pub_chain1.pem;
-    ssl_certificate_key /root/ly65.top_ecc/pri.pem;
-
-    ssl_session_timeout 5m;
-    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_prefer_server_ciphers on;
 }

docker_container/nginx.conf

@@ -0,0 +1,92 @@
+user root;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+    log_format custom_log '[$time_local] '
+                          'remote=$remote_addr:$remote_port '
+                          'local=$server_addr:$server_port '
+                          'request=\n$request\n\n$request_body\n'
+                          'status=$status '
+                          'request_time=$request_time';
+
+	access_log /root/log/access.log custom_log;
+	error_log /root/log/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	#include /etc/nginx/sites-enabled/*;
+
+	include /root/nginx-*.conf;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

docker_container/script-onboot.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-tail -f /dev/null

docker_container/start.sh

@@ -1 +0,0 @@
-docker run --memory 1GB --user root --volume /media/sf_woodpecker2024/attachment_server/:/root/www/ --volume /media/sf_woodpecker2024/attachment_server/log/:/root/log/ --workdir /root/ --expose 80 --publish 12345:80 --attach stdin --attach stdout --attach stderr --interactive --tty debian:11-slim sh /media/sf_woodpecker2024/attachment_server/start.sh