nginx 配置里的把域名写死了，改成动态生成

build.sh

@@ -56,6 +56,18 @@ echo "\
 server_name *.$DOMAIN;
 listen $svc_port ssl;" > ./server/include/host-wild.conf
 
+echo "\
+ssl_certificate         cert/${DOMAIN}.fullchain.rsa.cer;
+ssl_certificate_key     cert/${DOMAIN}.rsa.key;
+
+ssl_certificate         cert/${DOMAIN}.fullchain.ecc.cer;
+ssl_certificate_key     cert/${DOMAIN}.ecc.key;
+" > ./server/include/cert.conf
+
+echo "\
+return                  200   'importScripts(\"//${DOMAIN}/x.js\")';
+" > ./server/include/x-js.conf
+      
 
 # gen ssl cert
 ACME=~/.acme.sh/acme.sh

server/include/cert.conf

@@ -0,0 +1,6 @@
+ssl_certificate         cert/jsproxy.tk.fullchain.rsa.cer;
+ssl_certificate_key     cert/jsproxy.tk.rsa.key;
+
+ssl_certificate         cert/jsproxy.tk.fullchain.ecc.cer;
+ssl_certificate_key     cert/jsproxy.tk.ecc.key;
+

server/include/x-js.conf

@@ -0,0 +1,2 @@
+return                  200   'importScripts("//jsproxy.tk/x.js")';
+

server/nginx.conf

@@ -64,12 +64,7 @@ http {
     use_temp_path=off;
 
   # SSL 双证书
-  ssl_certificate         cert/jsproxy.tk.fullchain.rsa.cer;
-  ssl_certificate_key     cert/jsproxy.tk.rsa.key;
-
-  ssl_certificate         cert/jsproxy.tk.fullchain.ecc.cer;
-  ssl_certificate_key     cert/jsproxy.tk.ecc.key;
-
+  include                 include/cert.conf;
   ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers             ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES;
   ssl_prefer_server_ciphers   on;
@@ -242,7 +237,7 @@ http {
     # 因此为了减少重复加载，此处只返回实际脚本的引用。
     location = /__sw.js {
       add_header          cache-control   max-age=9999999;
-      return              200   'importScripts("//jsproxy.tk/x.js")';
+      include             include/x-js.conf;
     }
   }