增加静态资源服务

.gitignore

@@ -1 +1,2 @@
-._*
+._*
+www

allowed-sites.conf

@@ -6,13 +6,15 @@
 # 注意 URL 不包含路径部分（结尾没有 /）
 #
 http://127.0.0.1                  '127';
+http://127.0.0.1:8080             '127';
 http://localhost                  'lo';
+http://localhost:8080             'lo';
 
 # 接口和网站同源，这种情况下 origin 为空
 ''                                'mysite';
 
 # ~ 开头为正则匹配，此处允许 github.io 所有子站点
-~^https://([\w-]+).github.io$     'gh-$1';
+~^https://([\w-]+)\.github\.io$     'gh-$1';
 
 # 允许任何站点使用
 # ~(.*)                             '$1';

i.sh

@@ -1,6 +1,10 @@
 #!/usr/bin/env bash
 
-BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master/
+{ # this ensures the entire script is downloaded #
+
+SRC_URL=https://raw.githubusercontent.com/EtherDream/jsproxy/master
+BIN_URL=https://raw.githubusercontent.com/EtherDream/jsproxy-bin/master
+ZIP_URL=https://codeload.github.com/EtherDream/jsproxy/tar.gz
 
 JSPROXY_VER=master
 OPENRESTY_VER=1.15.8.1
@@ -107,7 +111,7 @@ ssl_certificate_key   cert/$domain/ecc.key;
       log "证书申请完成，重启服务 ..."
       server/run.sh reload
 
-      log "在线预览: https://zjcqoo.github.io/#test=$domain:8443"
+      log "在线预览: https://$domain:8443"
       break
     fi
 
@@ -136,10 +140,16 @@ install() {
   log "nginx path: $NGX_DIR"
 
   log "下载代理服务 ..."
-  curl -o jsproxy.tar.gz https://codeload.github.com/EtherDream/jsproxy/tar.gz/$JSPROXY_VER
+  curl -o jsproxy.tar.gz $ZIP_URL/$JSPROXY_VER
   tar zxf jsproxy.tar.gz
   rm -f jsproxy.tar.gz
 
+  log "下载静态资源 ..."
+  curl -o www.tar.gz $ZIP_URL/gh-pages
+  mkdir jsproxy-$JSPROXY_VER/www
+  tar zxf www.tar.gz -C jsproxy-$JSPROXY_VER/www --strip-components=1
+  rm -f www.tar.gz
+
   if [ -x server/run.sh ]; then
     warn "尝试停止当前服务 ..."
     server/run.sh quit
@@ -190,15 +200,8 @@ main() {
     -j REDIRECT \
     --to-ports 10080
 
-  local src=$0
-  local dst=$INSTALL_DIR/i.sh
-  warn "当前脚本移动到 $dst"
-
-  mv -f $src $dst
-  chmod +x $dst
-
   log "切换到 jsproxy 用户，执行安装脚本 ..."
-  su - jsproxy -c "$dst install"
+  su - jsproxy -c "curl -s $SRC_URL/i.sh | bash -s install"
 
   local line=$(iptables -t nat -L --line-numbers | grep "acme challenge svc")
   iptables -t nat -D PREROUTING ${line%% *}
@@ -214,4 +217,6 @@ case $1 in
   gen_cert;;
 *)
   main;;
-esac
+esac
+
+} # this ensures the entire script is downloaded #

mime.types

@@ -0,0 +1,97 @@
+
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}

nginx.conf

@@ -1,20 +1,12 @@
 http {
+  include                 log.conf;
   server {
     listen                8080;
     include               cert/cert.conf;
     include               api.conf;
+    include               www.conf;
   }
-
-  server {
-    listen                10080;  # redir from 80
-    access_log            off;
-    location /.well-known/acme-challenge/ {
-      root                ../acme;
-    }
-    location = /works {
-      return              200 works;
-    }
-  }
+  include                 acme.conf;
 
   # https://nginx.org/en/docs/http/ngx_http_core_module.html
   resolver                1.1.1.1 ipv6=off;
@@ -37,16 +29,6 @@ http {
   limit_req_zone          $binary_remote_addr zone=reqip:16m rate=100r/s;
   limit_req               zone=reqip burst=200 nodelay;
 
-  # https://nginx.org/en/docs/http/ngx_http_log_module.html
-  # separated by tab (\t)
-  log_format              log_proxy escape=none
-    '02	'                 # ver prefix
-    '$time_iso8601	$_origin_id	$_ver	$remote_addr	'
-    '$_level	$_switched	$upstream_cache_status	$request_time	'
-    '$request_length	$bytes_sent	'
-    '$request_method	$_url	$status	$_bodyhash	$upstream_http_access_control_allow_origin	'
-    '$http_user_agent	$_ref	$_mode	$_type'
-  ;
   access_log              logs/proxy.log log_proxy buffer=64k flush=1s;
 
   # https://nginx.org/cn/docs/http/ngx_http_proxy_module.html

www.conf

@@ -0,0 +1,24 @@
+#
+# 提供 www 目录的静态资源服务
+#
+include               mime.types;
+sendfile              on;
+charset               utf-8;
+
+# 安装步骤多，节省的流量不多，暂时不开
+# brotli_static         on;
+# gzip_static           on;
+gzip                  on;
+
+log_not_found         off;
+error_page            404 = /404.html;
+
+location = /404.html {
+  internal;
+  root                ../www;
+}
+
+location / {
+  access_log          logs/access.log log_www buffer=64k flush=1s;
+  root                ../www;
+}