From 133cc1e4f9f3ee97ee89e5ae97d1219832dd2bd6 Mon Sep 17 00:00:00 2001
From: chenc <1458513@qq.com>
Date: Thu, 30 Nov 2023 10:35:11 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                             |  4 +---
 openresty/config/conf/nginx.conf       | 11 +++++++++-
 openresty/config/vhost/ssl/cert.pem    | 22 ++++++++++++++++++++
 openresty/config/vhost/ssl/private.key | 28 ++++++++++++++++++++++++++
 4 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 openresty/config/vhost/ssl/cert.pem
 create mode 100644 openresty/config/vhost/ssl/private.key

diff --git a/.gitignore b/.gitignore
index 51774e7..43d9204 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,9 +3,7 @@ mysql/5.7/data/
 mysql/8.0/data/
 logs/*
 openresty/config/vhost/*
+!openresty/config/vhost/ssl
 !openresty/config/vhost/default.conf
-!openresty/config/vhost/ssl/private.key
-!openresty/config/vhost/ssl/cert.pem
-openresty/config/ssl/*
 redis/data
 .env
\ No newline at end of file
diff --git a/openresty/config/conf/nginx.conf b/openresty/config/conf/nginx.conf
index ba129c0..c7294f2 100644
--- a/openresty/config/conf/nginx.conf
+++ b/openresty/config/conf/nginx.conf
@@ -122,7 +122,16 @@ lua_shared_dict my_limit_req_store1 100m;
     }
   }
   server {
-    listen 443;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    ssl_certificate /usr/local/openresty/nginx/conf/vhost/ssl/cert.pem;
+    ssl_certificate_key /usr/local/openresty/nginx/conf/vhost/ssl/private.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+    ssl_session_timeout 10m;
+    ssl_session_cache builtin:1000 shared:SSL:10m;
+    ssl_session_tickets off;
     server_name _;
     return 444;
   }
diff --git a/openresty/config/vhost/ssl/cert.pem b/openresty/config/vhost/ssl/cert.pem
new file mode 100644
index 0000000..4172dba
--- /dev/null
+++ b/openresty/config/vhost/ssl/cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAn2gAwIBAgIESi1SezANBgkqhkiG9w0BAQsFADCBijESMBAGA1UEAwwJ
+bGRkZ28ubmV0MQwwCgYDVQQLDANkZXYxDjAMBgNVBAoMBWxkZGdvMQswCQYDVQQG
+EwJDTjEjMCEGCSqGSIb3DQEJARYUbGVjaGVuZ2FkbWluQDEyNi5jb20xETAPBgNV
+BAcMCHNoYW5naGFpMREwDwYDVQQIDAhzaGFuZ2hhaTAgFw0yMzExMzAwMjI1MjVa
+GA8yMDk5MTEyOTAyMjUyNVowgYsxEjAQBgNVBAMMCTEyNy4wLjAuMTEPMA0GA1UE
+CwwGYWJjaGVuMQ8wDQYDVQQKDAZhYmNoZW4xCzAJBgNVBAYTAkNOMSAwHgYJKoZI
+hvcNAQkBFhFtYXN0ZXJAYWJjaGVuLm5ldDEQMA4GA1UEBwwHSmlhbmdTdTESMBAG
+A1UECAwJWmhlbkppYW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+g3fm6vUIAOSGG6ENpRlvKvNokF9jnfNB/P1sKD+cEl2/PrGv11gADPksv1lWV5F5
+9MgEr294gCfyESrlfrtBXpnHp0zvc8BpJKkBZ7mZeKyOTT8Ub4wWKrCjk+XS8kBi
+M9GTrIE3JdOue7Hl851QIqMhfYBNOzLQmFrnb1ECCHmmdM7DkY2iS89fr5h7T+Je
+4woizhyiSSHQH1P9nhhnIYE2jTDoumYgrCBi4Kr2OSiZNbVlUdWGIdZqFFOzjaRa
+BwmHEsQq4vFavg35J02TaM96fE5wsUJSU+GJcslMiKz7xFxnIA78c9ePTjjKZXEh
+iXUDJUcDNqZ65b4FiHqlsQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBiw4dlvGa
+4D2+DJThIr8eOZHze/3rE/ZR2Pquw1ux0FU4xcalVWKfKzkrsdjyJF0LVPFRgJI4
+rg2R8l0HMEBqQQ03ZfUGR9tp+kqnjgriic+UZqz4PyFy5+WiiFSQMWue8akhucwf
+saCqCCXfUNynlwB6TPTsFwKSmzSeY6x21+MFfxUq1kfe2zoJWx13jB3SwIZVstTt
+/T6/BFlA1y6DMfO2HjHIJcz6ZYTiUeuh12h8PLeV6KXtEPcyLzRjusuCAsLxyDDE
+KhPelZwX63R7WkmJdUmcMBib+YPPWN3EDBkwhb9BcTpOQFz5wBewUS/egsT2+Gd/
+WgwMaxcAhG7Y
+-----END CERTIFICATE-----
diff --git a/openresty/config/vhost/ssl/private.key b/openresty/config/vhost/ssl/private.key
new file mode 100644
index 0000000..e6d0fd8
--- /dev/null
+++ b/openresty/config/vhost/ssl/private.key
@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCDd+bq9QgA5IYb
+oQ2lGW8q82iQX2Od80H8/WwoP5wSXb8+sa/XWAAM+Sy/WVZXkXn0yASvb3iAJ/IR
+KuV+u0FemcenTO9zwGkkqQFnuZl4rI5NPxRvjBYqsKOT5dLyQGIz0ZOsgTcl0657
+seXznVAioyF9gE07MtCYWudvUQIIeaZ0zsORjaJLz1+vmHtP4l7jCiLOHKJJIdAf
+U/2eGGchgTaNMOi6ZiCsIGLgqvY5KJk1tWVR1YYh1moUU7ONpFoHCYcSxCri8Vq+
+DfknTZNoz3p8TnCxQlJT4YlyyUyIrPvEXGcgDvxz149OOMplcSGJdQMlRwM2pnrl
+vgWIeqWxAgMBAAECggEAbWmGRphydru5WJkqj/Kg8C/vH+gjMbrXekM2ljCKJUbb
++MNMQn28XQ+qy/z/vJUX2D32mEK/GHkmHl+C63vQJXj6DiQbTEwftSDqSHbQYPvK
+2kLbMRJ3CERFfrrQWkh28gVDT1eim9qV5d/iLmMH5Cu7nYT/wXrC22kcHypd9MqF
+ujY82moASYuolMVRSoXZEUIsqsd2Cgd7rFdJKQN6510jV2h0UvATWb1hBkNUgx6A
+EZ8mj6PJC5GE3Bu+8E8MMIOdACfh5vSG6qq4pezDwu5tn8aTkcwV98w9nu9GieAt
+p6+zWhQEEmht7b/knO93QyP06nlWieRILYUejwQ2IQKBgQDPPNdp2NZkQVy4k5kM
+hdWtLrx3wyMbM5ZC88V9t/jnXlZ/2QUXAnJDKGjpVUAWH1SfXIalbB9KPVU3KkAN
+Bj6qBtzc2wPmDG0MmSPllHBBEQcVDXCmbN/emRa9DkRb4/qaouJQ1xtDr/J7d+Gn
+gbR/J4qK+ad3wr0DDX2pRvBn9QKBgQCiZwZT2fiJbpnOcwl1RGg9m1sJM7b/DkWx
+XkWBsMNJ1B67c4DXRPAguAJ8G+eQECBRJjo/hdaPetRjBDVC6TjQZe7tW0cWphEw
+mzR23n22wB8OiysDRjKsCPV8KeHbi3XhdvNw0RbNHWQARfvhin3l98mFFdMmsYt9
+8CBjEg49TQKBgH3XQCdyGJ3AYwFh/ynvixUisCc5Q3QdGz2EsYPp1ycHzhbMPZ7/
+SUsmmq41qjjExaoPkWOaCFYYcEqTSVmfVSYCDNO/2toy6XUg+P9L5+5a3KYYBzPI
+IRkWdQxQQYpbIa4NAsh8Fn4/tUrsPQZuaKBd7m79soeypPvZkVjdTtaRAoGAV4gF
+3g3+qjxFhAN21pC/Sm1AnO4VtNUBdT7lYahfKZy9z7TKfbx3XHsxQ6lanshCUtqy
+zGgbpAvFC3VKK70+VPyL0by/zRJG85bDqUn0Ihrc4l7aGRKt3xGZFooQZN9+8r3F
+KkpX6sfrjUYrI34cq2VpZWTFAPbywzc4jY0+xYUCgYBRG5LwmXpr0ZpoFA6oxcFX
+Ni4PIYGypUZ9hC86sP5jNDZKqAXJwfCt4fZoWJFrbHDbmji02f1k6RFc4FridgF6
+JaB/RsGLBWX/WxEtwUFJR2nFF2qSTQgk0n83LztZECxwlXETEX7mha+M5ObQxLCU
+CRPC1WhfWqNBYytRQjowyg==
+-----END RSA PRIVATE KEY-----