当前位置：首页 > news >正文

怎么免费建立自己的网站网站建设对服务器有舍要求吗

news 2025/12/20 18:59:06

怎么免费建立自己的网站,网站建设对服务器有舍要求吗,妙趣网通辽网站建设,推广分享本文首发于 Anyeの小站#xff0c;转载请取得作者同意。前言国密算法是国家商用密码算法的简称。自2012年以来#xff0c;国家密码管理局以《中华人民共和国密码行业标准》的方式#xff0c;陆续公布了SM2/SM3/SM4等密码算法标准及其应用规范。其中“SM”代表“商密”转载请取得作者同意。前言国密算法是国家商用密码算法的简称。自2012年以来国家密码管理局以《中华人民共和国密码行业标准》的方式陆续公布了SM2/SM3/SM4等密码算法标准及其应用规范。其中“SM”代表“商密”即用于商用的、不涉及国家秘密的密码技术。其中SM2为基于椭圆曲线密码的公钥密码算法标准包含数字签名、密钥交换和公钥加密用于替换RSA/Diffie-Hellman/ECDSA/ECDH等国际算法SM3为密码哈希算法用于替代MD5/SHA-1/SHA-256等国际算法SM4为分组密码用于替代DES/AES等国际算法SM9为基于身份的密码算法可以替代基于数字证书的PKI/CA体系。通过部署国密算法可以降低由弱密码和错误实现带来的安全风险和部署PKI/CA带来的开销。 ——The GmSSL Project 本着学习的态度本文将尝试为 1Panel 所使用的 Web 平台OpenResty 来适配 GMSSL。 Demo Anye导航站该站点已部署国密证书实现国密/RSA单向自适应国密证书于2024-5-15日到期仅供参考。准备工作安装好 1Panel 的服务器一台优良的网络环境相关基础知识误区说明 https://www.gmssl.cn/ 与 http://gmssl.org/ 并非同一项目本文中所使用的为前者。警告本教程中所使用的 openssl国密版来自 GMSSL - 国密SSL实验室免费版本每年年底失效程序会自动退出需更新库重新链接。请勿用于正式/生产环境后果自负。正片开始 Docker 兼容为了使自编译的 OpenResty 能够与 1Panel 的相关组件完美配合首先得找到 1Panel所使用的 OpenResty Dockerfile可以找到https://github.com/openresty/docker-openresty 找到当前版本1.21.4.3-0-focal # Dockerfile - Ubuntu Focal # https://github.com/openresty/docker-openrestyARG RESTY_IMAGE_BASEubuntu ARG RESTY_IMAGE_TAGfocalFROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}LABEL maintainerEvan Wies evanneomantra.net# Docker Build Arguments ARG RESTY_IMAGE_BASEubuntu ARG RESTY_IMAGE_TAGfocal ARG RESTY_VERSION1.21.4.3 ARG RESTY_LUAROCKS_VERSION3.9.2 ARG RESTY_OPENSSL_VERSION1.1.1w ARG RESTY_OPENSSL_PATCH_VERSION1.1.1f ARG RESTY_OPENSSL_URL_BASEhttps://www.openssl.org/source ARG RESTY_PCRE_VERSION8.45 ARG RESTY_PCRE_BUILD_OPTIONS--enable-jit ARG RESTY_PCRE_SHA2564e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09 ARG RESTY_J1 ARG RESTY_CONFIG_OPTIONS\--with-compat \--with-file-aio \--with-http_addition_module \--with-http_auth_request_module \--with-http_dav_module \--with-http_flv_module \--with-http_geoip_moduledynamic \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_image_filter_moduledynamic \--with-http_mp4_module \--with-http_random_index_module \--with-http_realip_module \--with-http_secure_link_module \--with-http_slice_module \--with-http_ssl_module \--with-http_stub_status_module \--with-http_sub_module \--with-http_v2_module \--with-http_xslt_moduledynamic \--with-ipv6 \--with-mail \--with-mail_ssl_module \--with-md5-asm \--with-sha1-asm \--with-stream \--with-stream_ssl_module \--with-threads \ ARG RESTY_CONFIG_OPTIONS_MORE ARG RESTY_LUAJIT_OPTIONS--with-luajit-xcflags-DLUAJIT_NUMMODE2 -DLUAJIT_ENABLE_LUA52COMPAT ARG RESTY_PCRE_OPTIONS--with-pcre-jitARG RESTY_ADD_PACKAGE_BUILDDEPS ARG RESTY_ADD_PACKAGE_RUNDEPS ARG RESTY_EVAL_PRE_CONFIGURE ARG RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE ARG RESTY_EVAL_POST_MAKE# These are not intended to be user-specified ARG _RESTY_CONFIG_DEPS--with-pcre \--with-cc-opt-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include \--with-ld-opt-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib \LABEL resty_image_base${RESTY_IMAGE_BASE} LABEL resty_image_tag${RESTY_IMAGE_TAG} LABEL resty_version${RESTY_VERSION} LABEL resty_luarocks_version${RESTY_LUAROCKS_VERSION} LABEL resty_openssl_version${RESTY_OPENSSL_VERSION} LABEL resty_openssl_patch_version${RESTY_OPENSSL_PATCH_VERSION} LABEL resty_openssl_url_base${RESTY_OPENSSL_URL_BASE} LABEL resty_pcre_version${RESTY_PCRE_VERSION} LABEL resty_pcre_build_options${RESTY_PCRE_BUILD_OPTIONS} LABEL resty_pcre_sha256${RESTY_PCRE_SHA256} LABEL resty_config_options${RESTY_CONFIG_OPTIONS} LABEL resty_config_options_more${RESTY_CONFIG_OPTIONS_MORE} LABEL resty_config_deps${_RESTY_CONFIG_DEPS} LABEL resty_add_package_builddeps${RESTY_ADD_PACKAGE_BUILDDEPS} LABEL resty_add_package_rundeps${RESTY_ADD_PACKAGE_RUNDEPS} LABEL resty_eval_pre_configure${RESTY_EVAL_PRE_CONFIGURE} LABEL resty_eval_post_download_pre_configure${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE} LABEL resty_eval_post_make${RESTY_EVAL_POST_MAKE} LABEL resty_luajit_options${RESTY_LUAJIT_OPTIONS} LABEL resty_pcre_options${RESTY_PCRE_OPTIONS}RUN DEBIAN_FRONTENDnoninteractive apt-get update \ DEBIAN_FRONTENDnoninteractive apt-get install -y --no-install-recommends \build-essential \ca-certificates \curl \gettext-base \libgd-dev \libgeoip-dev \libncurses5-dev \libperl-dev \libreadline-dev \libxslt1-dev \make \perl \unzip \wget \zlib1g-dev \${RESTY_ADD_PACKAGE_BUILDDEPS} \${RESTY_ADD_PACKAGE_RUNDEPS} \ cd /tmp \ if [ -n ${RESTY_EVAL_PRE_CONFIGURE} ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \ curl -fSL ${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ cd openssl-${RESTY_OPENSSL_VERSION} \ if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) 1.1.1 ] ; then \echo patching OpenSSL 1.1.1 for OpenResty \ curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \fi \ if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) 1.1.0 ] ; then \echo patching OpenSSL 1.1.0 for OpenResty \ curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \ curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \fi \ ./config \no-threads shared zlib -g \enable-ssl3 enable-ssl3-method \--prefix/usr/local/openresty/openssl \--libdirlib \-Wl,-rpath,/usr/local/openresty/openssl/lib \ make -j${RESTY_J} \ make -j${RESTY_J} install_sw \ cd /tmp \ curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ echo ${RESTY_PCRE_SHA256} pcre-${RESTY_PCRE_VERSION}.tar.gz | shasum -a 256 --check \ tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ cd /tmp/pcre-${RESTY_PCRE_VERSION} \ ./configure \--prefix/usr/local/openresty/pcre \--disable-cpp \--enable-utf \--enable-unicode-properties \${RESTY_PCRE_BUILD_OPTIONS} \ make -j${RESTY_J} \ make -j${RESTY_J} install \ cd /tmp \ curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \ tar xzf openresty-${RESTY_VERSION}.tar.gz \ cd /tmp/openresty-${RESTY_VERSION} \ if [ -n ${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE} ]; then eval $(echo ${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE}); fi \ eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} ${RESTY_PCRE_OPTIONS} \ make -j${RESTY_J} \ make -j${RESTY_J} install \ cd /tmp \ rm -rf \openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \ curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ cd luarocks-${RESTY_LUAROCKS_VERSION} \ ./configure \--prefix/usr/local/openresty/luajit \--with-lua/usr/local/openresty/luajit \--lua-suffixjit-2.1.0-beta3 \--with-lua-include/usr/local/openresty/luajit/include/luajit-2.1 \ make build \ make install \ cd /tmp \ if [ -n ${RESTY_EVAL_POST_MAKE} ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \ rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ if [ -n ${RESTY_ADD_PACKAGE_BUILDDEPS} ]; then DEBIAN_FRONTENDnoninteractive apt-get remove -y --purge ${RESTY_ADD_PACKAGE_BUILDDEPS} ; fi \ DEBIAN_FRONTENDnoninteractive apt-get autoremove -y \ mkdir -p /var/run/openresty \ ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \ ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log# Add additional binaries into PATH for convenience ENV PATH$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin# Add LuaRocks paths # If OpenResty changes, these may need updating: # /usr/local/openresty/bin/resty -e print(package.path) # /usr/local/openresty/bin/resty -e print(package.cpath) ENV LUA_PATH/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.luaENV LUA_CPATH/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so# Copy nginx configuration files COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.confCMD [/usr/local/openresty/bin/openresty, -g, daemon off;]# Use SIGQUIT instead of default SIGTERM to cleanly drain requests # See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls STOPSIGNAL SIGQUIT分析后可知我们只需替换其中的 Openssl 模块即可。 GMSSL 简述 GMSSL - 国密SSL实验室官网为 Nginx 作出了国密支持OpenResty 作为 Nginx 的衍生项目理论上同样支持使用 GMSSL 提供的 openssl 国密版。所以采用同样的方式进行替换。 cd /tmp \ curl -fSL ${RESTY_OPENSSL_URL_BASE}/gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz -o gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz \ tar xzfm gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz -C /usr/local \ ln -s /usr/local/gmssl /usr/local/openssl \在编译配置中添加 ARG RESTY_CONFIG_OPTIONS\--with-openssl/usr/local/gmssl \将 Nginx 目录中的 auto/lib/openssl/conf全部 $OPENSSL/.openssl/ 修改为 $OPENSSL/ 并保存。 sed -i s/\$OPENSSL\/\.openssl\//\$OPENSSL\//g ./bundle/nginx-1.21.4/auto/lib/openssl/conf \修改后的完整 Dockerfile 如下 # Dockerfile - Ubuntu Focal # https://github.com/openresty/docker-openrestyARG RESTY_IMAGE_BASEubuntu ARG RESTY_IMAGE_TAGfocalFROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}LABEL maintainerAnyexyz anyexyzfoxmail.com# 构建参数 ARG RESTY_IMAGE_BASEubuntu ARG RESTY_IMAGE_TAGfocal ARG RESTY_VERSION1.21.4.3 ARG RESTY_LUAROCKS_VERSION3.9.2 ARG RESTY_OPENSSL_VERSION1.1_b2024_x64_1 ARG RESTY_OPENSSL_URL_BASEhttps://www.gmssl.cn/gmssl/down/ ARG RESTY_PCRE_VERSION8.45 ARG RESTY_PCRE_BUILD_OPTIONS--enable-jit ARG RESTY_PCRE_SHA2564e6ce03e0336e8b4a3d6c2b70b1c5e18590a5673a98186da90d4f33c23defc09 ARG RESTY_J2 ARG RESTY_CONFIG_OPTIONS\--with-openssl/usr/local/gmssl \--with-compat \--with-file-aio \--with-http_addition_module \--with-http_auth_request_module \--with-http_dav_module \--with-http_flv_module \--with-http_geoip_moduledynamic \--with-http_gunzip_module \--with-http_gzip_static_module \--with-http_image_filter_moduledynamic \--with-http_mp4_module \--with-http_random_index_module \--with-http_realip_module \--with-http_secure_link_module \--with-http_slice_module \--with-http_ssl_module \--with-http_stub_status_module \--with-http_sub_module \--with-http_v2_module \--with-http_xslt_moduledynamic \--with-ipv6 \--with-mail \--with-mail_ssl_module \--with-md5-asm \--with-sha1-asm \--with-stream \--with-stream_ssl_module \--with-threads \ ARG RESTY_CONFIG_OPTIONS_MORE ARG RESTY_LUAJIT_OPTIONS--with-luajit-xcflags-DLUAJIT_NUMMODE2 -DLUAJIT_ENABLE_LUA52COMPAT ARG RESTY_PCRE_OPTIONS--with-pcre-jitARG RESTY_ADD_PACKAGE_BUILDDEPS ARG RESTY_ADD_PACKAGE_RUNDEPS ARG RESTY_EVAL_PRE_CONFIGURE ARG RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE ARG RESTY_EVAL_POST_MAKE# 以下不需要修改 ARG _RESTY_CONFIG_DEPS--with-pcre \--with-cc-opt-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include \--with-ld-opt-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib \LABEL resty_image_base${RESTY_IMAGE_BASE} LABEL resty_image_tag${RESTY_IMAGE_TAG} LABEL resty_version${RESTY_VERSION} LABEL resty_luarocks_version${RESTY_LUAROCKS_VERSION} LABEL resty_openssl_version${RESTY_OPENSSL_VERSION} LABEL resty_openssl_patch_version${RESTY_OPENSSL_PATCH_VERSION} LABEL resty_openssl_url_base${RESTY_OPENSSL_URL_BASE} LABEL resty_pcre_version${RESTY_PCRE_VERSION} LABEL resty_pcre_build_options${RESTY_PCRE_BUILD_OPTIONS} LABEL resty_pcre_sha256${RESTY_PCRE_SHA256} LABEL resty_config_options${RESTY_CONFIG_OPTIONS} LABEL resty_config_options_more${RESTY_CONFIG_OPTIONS_MORE} LABEL resty_config_deps${_RESTY_CONFIG_DEPS} LABEL resty_add_package_builddeps${RESTY_ADD_PACKAGE_BUILDDEPS} LABEL resty_add_package_rundeps${RESTY_ADD_PACKAGE_RUNDEPS} LABEL resty_eval_pre_configure${RESTY_EVAL_PRE_CONFIGURE} LABEL resty_eval_post_download_pre_configure${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE} LABEL resty_eval_post_make${RESTY_EVAL_POST_MAKE} LABEL resty_luajit_options${RESTY_LUAJIT_OPTIONS} LABEL resty_pcre_options${RESTY_PCRE_OPTIONS}RUN DEBIAN_FRONTENDnoninteractive apt-get update \ DEBIAN_FRONTENDnoninteractive apt-get install -y --no-install-recommends \build-essential \ca-certificates \curl \gettext-base \libgd-dev \libgeoip-dev \libncurses5-dev \libperl-dev \libreadline-dev \libxslt1-dev \make \perl \unzip \wget \zlib1g-dev \${RESTY_ADD_PACKAGE_BUILDDEPS} \${RESTY_ADD_PACKAGE_RUNDEPS} \ cd /tmp \ curl -fSL ${RESTY_OPENSSL_URL_BASE}/gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz -o gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz \ tar xzfm gmssl_openssl_${RESTY_OPENSSL_VERSION}.tar.gz -C /usr/local \ ln -s /usr/local/gmssl /usr/local/openssl \ cd /tmp \ curl -fSL https://downloads.sourceforge.net/project/pcre/pcre/${RESTY_PCRE_VERSION}/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ echo ${RESTY_PCRE_SHA256} pcre-${RESTY_PCRE_VERSION}.tar.gz | shasum -a 256 --check \ tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ cd /tmp/pcre-${RESTY_PCRE_VERSION} \ ./configure \--prefix/usr/local/openresty/pcre \--disable-cpp \--enable-utf \--enable-unicode-properties \${RESTY_PCRE_BUILD_OPTIONS} \ make -j${RESTY_J} \ make -j${RESTY_J} install \ cd /tmp \ curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \ tar xzf openresty-${RESTY_VERSION}.tar.gz \ cd /tmp/openresty-${RESTY_VERSION} \ sed -i s/\$OPENSSL\/\.openssl\//\$OPENSSL\//g ./bundle/nginx-1.21.4/auto/lib/openssl/conf \ if [ -n ${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE} ]; then eval $(echo ${RESTY_EVAL_POST_DOWNLOAD_PRE_CONFIGURE}); fi \ eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} ${RESTY_PCRE_OPTIONS} \ make -j${RESTY_J} \ make -j${RESTY_J} install \ cd /tmp \ rm -rf \openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \ curl -fSL https://luarocks.github.io/luarocks/releases/luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz -o luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ tar xzf luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ cd luarocks-${RESTY_LUAROCKS_VERSION} \ ./configure \--prefix/usr/local/openresty/luajit \--with-lua/usr/local/openresty/luajit \--lua-suffixjit-2.1.0-beta3 \--with-lua-include/usr/local/openresty/luajit/include/luajit-2.1 \ make build \ make install \ cd /tmp \ if [ -n ${RESTY_EVAL_POST_MAKE} ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \ rm -rf luarocks-${RESTY_LUAROCKS_VERSION} luarocks-${RESTY_LUAROCKS_VERSION}.tar.gz \ if [ -n ${RESTY_ADD_PACKAGE_BUILDDEPS} ]; then DEBIAN_FRONTENDnoninteractive apt-get remove -y --purge ${RESTY_ADD_PACKAGE_BUILDDEPS} ; fi \ DEBIAN_FRONTENDnoninteractive apt-get autoremove -y \ mkdir -p /var/run/openresty \ ln -sf /dev/stdout /usr/local/openresty/nginx/logs/access.log \ ln -sf /dev/stderr /usr/local/openresty/nginx/logs/error.log# Add additional binaries into PATH for convenience ENV PATH$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin# Add LuaRocks paths # If OpenResty changes, these may need updating: # /usr/local/openresty/bin/resty -e print(package.path) # /usr/local/openresty/bin/resty -e print(package.cpath) ENV LUA_PATH/usr/local/openresty/site/lualib/?.ljbc;/usr/local/openresty/site/lualib/?/init.ljbc;/usr/local/openresty/lualib/?.ljbc;/usr/local/openresty/lualib/?/init.ljbc;/usr/local/openresty/site/lualib/?.lua;/usr/local/openresty/site/lualib/?/init.lua;/usr/local/openresty/lualib/?.lua;/usr/local/openresty/lualib/?/init.lua;./?.lua;/usr/local/openresty/luajit/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/?/init.lua;/usr/local/openresty/luajit/share/lua/5.1/?.lua;/usr/local/openresty/luajit/share/lua/5.1/?/init.luaENV LUA_CPATH/usr/local/openresty/site/lualib/?.so;/usr/local/openresty/lualib/?.so;./?.so;/usr/local/lib/lua/5.1/?.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so;/usr/local/lib/lua/5.1/loadall.so;/usr/local/openresty/luajit/lib/lua/5.1/?.so# Copy nginx configuration files COPY nginx.conf /usr/local/openresty/nginx/conf/nginx.conf COPY nginx.vh.default.conf /etc/nginx/conf.d/default.confCMD [/usr/local/openresty/bin/openresty, -g, daemon off;]# Use SIGQUIT instead of default SIGTERM to cleanly drain requests # See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls STOPSIGNAL SIGQUIT修改源码https://github.com/Anyexyz/gm-docker-openresty 编译成品https://hub.docker.com/r/anyexyz/gm-docker-openrest 1Panel 应用重建在 1Panel 中打开应用商店找到已安装的 OpenResty点击参数编辑高级设置将 image 更改为自己构建/拉取的镜像例 image: anyexyz/gm-docker-openresty:1.21.4.3-0-focal确认重建应用。申请证书我这里选用的 CerSign 证签的免费 SSL 证书点击在其官网申请90天证书 https://www.cersign.com/free-ssl-certificate.html 根据提示进行操作我们会得到一个证书压缩包和自己生成的密钥保存备用。部署证书在 1Panel 网站中找到需要部署国密证书的网站将证书和密钥上传到网站目录中点击配置 - HTTPS 这里的证书配置只能选择非国密证书在下方的 SSL 协议设置中把 TLS 1.3、1.2、1.2SSL V3、V2 打勾将加密算法后面添加 :ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECC-SM4-GCM-SM3:ECC-SM4-GCM-SM2点击保存。在配置文件中找到 ssl_certificate 、ssl_certificate_key 所在的位置复制后面原有的路径这个是在 1Panel 中配置的非国密证书的路径类别添加国密证书配置 ssl_certificate /www/sites/网站域名/ssl/sm2_encrypt.crt; ssl_certificate_key /www/sites/网站域名/ssl/sm2_encrypt.key;ssl_certificate /www/sites/网站域名/ssl/sm2_sign.crt; ssl_certificate_key /www/sites/网站域名/ssl/sm2_sign.key;ssl_certificate /www/sites/网站域名/ssl/fullchain.pem; ssl_certificate_key /www/sites/网站域名/ssl/privkey.pem; 保存并重载。测试使用零信国密浏览器访问如图即为激活国密。再次提醒本教程中所使用的 openssl国密版来自 GMSSL - 国密SSL实验室免费版本每年年底失效程序会自动退出需更新库重新链接。请勿用于正式/生产环境请勿用于正式/生产环境请勿用于正式/生产环境如需用于生产用途请从正常渠道购买国密证书并寻求相关单位的帮助。

查看全文

http://www.pierceye.com/news/572015/