4 years ago · d9e096d0d9
--- a/.github/workflows/Openwrt-AutoBuild.yml
+++ b/.github/workflows/Openwrt-AutoBuild.yml
@@ -190,15 +190,15 @@ jobs:
 
				       run: |
			
 
				         mkdir firmware
			
 
				         mv -f openwrt/bin/targets/*/*/{*combined*,*sysupgrade*} ./firmware/ 2>/dev/null || true
			
 
				-        if [ "$(find ./firmware -name *vmdk)" ]; then
			
 
				-            mkdir firmware/EXSI专用
			
 
				-            mv firmware/*vmdk* firmware/EXSI专用/
			
 
				-        fi
			
 
				         cp openwrt/.config  ./firmware/${{matrix.target}}.config
			
 
				         cd firmware
			
 
				         echo ${{ env.date4 }} > version.txt
			
 
				         rename -v "s/^openwrt/${{ env.date3 }}-openwrt/" *
			
 
				         rename -v "s/friendlyarm_//" *gz
			
 
				+        if [ "$(find ./ -name *vmdk)" ]; then
			
 
				+            mkdir EXSI专用
			
 
				+            mv *vmdk* EXSI专用/
			
 
				+        fi
			
 
				         md5=$((md5sum *squashfs-sysupgrade* || md5sum *squashfs-combined-efi*) | awk '{print $1}') 2>/dev/null
			
 
				         echo $md5 >> version.txt
			
 
				         echo $REPO_BRANCH >> version.txt
			
--- a/README.md
+++ b/README.md
@@ -24,9 +24,13 @@
 
				 
			
 
				 + Cutting edge,openwrt官方openwrt-21.02分支版本, 与官方最新源码同步.
			
 
				 
			
 
				-+ 原生极致纯净,固件默认只包含基础上网功能,后台在线选装插件,自建插件仓库囊括了市面上主流开源插件,系统升级不丢失插件和配置.
			
 
				++ 原生极致纯净,固件默认只包含基础上网功能, 后台在线选装插件,系统升级不丢失插件和配置.
			
 
				 
			
 
				-+ 后台一键在线更新固件,省去了每次固件升级都需要找固件,下载固件,上传固件等繁琐操作.
			
 
				++ 自建插件仓库囊括了市面上几乎所有开源插件,插件库日更,系统自动更新所有已安装插件.
			
 
				+
			
 
				++ 后台一键OTA更新固件,省去了每次固件升级都需要找固件,下载固件,上传固件等繁琐操作.
			
 
				+
			
 
				++ 替换 Uhttpd 为 Nginx, 支持 反向代理; WebDAV等诸多玩法.
			
 
				 
			
 
				 + 重构版SSR-PLUS,国内外智能DNS解析,支持DOH,Trojan-Go等
			
 
				 
			
@@ -36,8 +40,6 @@
 
				 
			
 
				 + 无需专业知识,无需linux服务器,人人皆可通过云编译定制编译自己的专属固件.
			
 
				 
			
 
				-+ 持续更新, 每周日零点定时自动云编译更新固件,不用再担心因停更而需更换固件.
			
 
				-
			
 
				 
			
 
				 | 设备           | 固件下载                                             | 说明                                 |
			
 
				 |----------------|-----------------------------------------------------|--------------------------------------|
			
@@ -47,9 +49,9 @@
 
				 | Raspberry Pi 4B (树莓派4B)| [📥](https://op.supes.top/firmware/Rpi-4B/)         |   
			
 
				 
			
 
				 
			
 
				-后台入口 10.0.0.1 &nbsp;(若后台无法打开,请插拔交换wan,lan网线顺序.)
			
 
				+#### 后台入口 op/ 或 10.0.0.1 &nbsp;(若后台无法打开,请插拔交换wan,lan网线顺序.)
			
 
				 
			
 
				-默认密码 root
			
 
				+#### 默认密码 root
			
 
				 
			
 
				 第一次使用请采用全新安装,避免出现升级失败以及其他一些可能的Bug.
			
 
				 
			
@@ -70,15 +72,12 @@ diy云编译教程: [Read the details in my blog (in Chinese) | 中文教程](ht
 
				 
			
 
				 + Opkg 软件包管理
			
 
				 + Bypass 智能过墙
			
 
				-+ DNSfilter 基于DNS的广告过滤
			
 
				++ Samba4 文件共享(x86)
			
 
				 + UPNP 自动端口转发
			
 
				 + Turbo ACC 网络加速
			
 
				 
			
 
				 其他插件请自行在 后台->软件包 中安装,系统升级不会丢失插件.每次系统升级完成连接网络后,会自动安装所有已自选安装的插件.
			
 
				 
			
 
				-#### 默认后台地址 10.0.0.1, 密码 root
			
 
				-
			
 
				-#### X64设备请分配不低于800M 的磁盘空间.
			
 
				 
			
 
				 ### 如何在本地使用此项目编译自己需要的 OpenWrt 固件
			
 
				 
			
--- a/devices/common/.config
+++ b/devices/common/.config
@@ -33,7 +33,9 @@ CONFIG_PACKAGE_dnsmasq-full=y
 
				 CONFIG_PACKAGE_dnsmasq_full_dhcp=y
			
 
				 CONFIG_PACKAGE_dnsmasq_full_ipset=y
			
 
				 
			
 
				-CONFIG_PACKAGE_luci-ssl=y # uhttpd服务
			
 
				+CONFIG_PACKAGE_luci-ssl=n # uhttpd服务
			
 
				+CONFIG_PACKAGE_luci-ssl-nginx=y # nginx
			
 
				+CONFIG_NGINX_DAV=y
			
 
				 CONFIG_PACKAGE_luci-base=y
			
 
				 CONFIG_PACKAGE_luci-compat=y
			
 
				 CONFIG_PACKAGE_luci-mod-rpc=y
			
--- a/devices/common/default-settings
+++ b/devices/common/default-settings
@@ -161,6 +161,7 @@ echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
 
				 echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
			
 
				 echo vm.swappiness=0 >>$SYSCTL_LOCAL
			
 
				 
			
 
				+cp -pR /www/cgi-bin/* /www/
			
 
				 rm -rf /tmp/luci-*
			
 
				 
			
 
				 uci set base_config.@status[0].version=$version
			
--- a/devices/common/diy.sh
+++ b/devices/common/diy.sh
@@ -33,6 +33,10 @@ curl -L https://git.io/J0klM --create-dirs -o package/network/config/firewall/pa
 
				 sed -i -e 's/+python\( \|$\)/+python3/g' -e 's?../../lang?$(TOPDIR)/feeds/packages/lang?g' package/feeds/custom/*/Makefile
			
 
				 sed -i 's?admin/status/channel_analysis??' package/feeds/luci/luci-mod-status/root/usr/share/luci/menu.d/luci-mod-status.json
			
 
				 sed -i "s/askfirst/respawn/g" `find package target -name inittab`
			
 
				+sed -i "s/+nginx\( \|$\)/+nginx-ssl\1/g"  package/feeds/custom/*/Makefile
			
 
				+sed -i "s/+\(luci\|luci-ssl\)\( \|$\)/+luci-ssl-nginx\2/g"  package/feeds/custom/*/Makefile
			
 
				+sed -i 's/"$routername" "$lanaddr"/"$routername" "$lanaddr"\ndhcp_domain_add "" "op" "$lanaddr"/' package/network/services/dnsmasq/files/dnsmasq.init
			
 
				+
			
 
				 for ipk in $(ls -d package/feeds/custom/*); do
			
 
				 	if [[ ! -d "$ipk/patches" ]]; then
			
 
				 		sed -i "s/PKG_SOURCE_VERSION:=[0-9a-z]\{7,\}/PKG_SOURCE_VERSION:=HEAD/g" !(luci-app*)/Makefile
			
@@ -43,6 +47,7 @@ date=`date +%m.%d.%Y`
 
				 sed -i "s/DISTRIB_DESCRIPTION.*/DISTRIB_DESCRIPTION=\"%D %C by Kiddin'\"/g" package/base-files/files/etc/openwrt_release
			
 
				 sed -i "s/CONFIG_VERSION_CODE=.*/CONFIG_VERSION_CODE=\"$date\"/g" devices/common/.config
			
 
				 sed -i '$a cgi-timeout = 300' package/feeds/packages/uwsgi/files-luci-support/luci-webui.ini
			
 
				+sed -i 's/limit-as.*/limit-as = 5000/' package/feeds/packages/uwsgi/files-luci-support/luci-webui.ini
			
 
				 
			
 
				 if [ -f sdk.tar.xz ]; then
			
 
				 	sed -i 's,$(STAGING_DIR_HOST)/bin/upx,upx,' package/feeds/custom/*/Makefile
			
--- a/devices/common/files/etc/config/nginx
+++ b/devices/common/files/etc/config/nginx
@@ -0,0 +1,32 @@
 
				+
			
 
				+config main global
			
 
				+	option uci_enable 'true'
			
 
				+
			
 
				+config server '_lan'
			
 
				+	list listen '80 default_server'
			
 
				+	list listen '[::]:80 default_server'
			
 
				+	option server_name 'op'
			
 
				+	option index 'nginx.html index.html'
			
 
				+	list include 'restrict_locally'
			
 
				+	list include 'conf.d/*.locations'
			
 
				+	option access_log 'off; # logd openwrt'
			
 
				+	
			
 
				+config server '_ssl'
			
 
				+	list listen '443 ssl'
			
 
				+	list listen '[::]:443 ssl'
			
 
				+	option server_name '_ssl'
			
 
				+	option index 'nginx.html index.html'
			
 
				+	list include 'restrict_locally'
			
 
				+	list include 'conf.d/*.locations'
			
 
				+	option uci_manage_ssl 'self-signed'
			
 
				+	option ssl_certificate '/etc/nginx/conf.d/_lan.crt'
			
 
				+	option ssl_certificate_key '/etc/nginx/conf.d/_lan.key'
			
 
				+	option ssl_session_cache 'shared:SSL:32k'
			
 
				+	option ssl_session_timeout '64m'
			
 
				+	option access_log 'off; # logd openwrt'
			
 
				+
			
 
				+config server '_redirect2ssl'
			
 
				+	#list listen '80'
			
 
				+	#list listen '[::]:80'
			
 
				+	#option server_name '_redirect2ssl'
			
 
				+	#option return '302 https://$host$request_uri'
			
--- a/devices/common/files/etc/nginx/conf.d/reverse_proxy.conf.sample
+++ b/devices/common/files/etc/nginx/conf.d/reverse_proxy.conf.sample
@@ -0,0 +1,53 @@
 
				+# AdguardHome
			
 
				+server {
			
 
				+		listen 80;
			
 
				+		listen [::]:80;
			
 
				+		server_name adg;
			
 
				+		access_log off; # logd openwrt;
			
 
				+		
			
 
				+		location /{
			
 
				+				   proxy_pass http://10.0.0.1:3000;
			
 
				+				   proxy_set_header Host $host;
			
 
				+				   proxy_set_header X-Real-IP $remote_addr;
			
 
				+				   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
 
				+				   proxy_set_header REMOTE-HOST $remote_addr;
			
 
				+				   }
			
 
				+	}
			
 
				+
			
 
				+# PVE
			
 
				+server {
			
 
				+		listen 443 ssl;
			
 
				+		listen [::]:443 ssl;
			
 
				+		server_name pve;
			
 
				+		access_log off; # logd openwrt;
			
 
				+		
			
 
				+		location /{
			
 
				+				   proxy_pass https://10.0.0.10:8006;
			
 
				+				   proxy_set_header Host $host;
			
 
				+				   proxy_set_header X-Real-IP $remote_addr;
			
 
				+				   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
 
				+				   proxy_set_header REMOTE-HOST $remote_addr;
			
 
				+				   }
			
 
				+	}
			
 
				+server
			
 
				+    {
			
 
				+        listen 80;
			
 
				+		server_name pve;
			
 
				+		return 301 https://$host$request_uri;	
			
 
				+	}
			
 
				+
			
 
				+# 青龙
			
 
				+server {
			
 
				+		listen 80;
			
 
				+		listen [::]:80;
			
 
				+		server_name ql;
			
 
				+		access_log off; # logd openwrt;
			
 
				+		
			
 
				+		location /{
			
 
				+				   proxy_pass http://10.0.0.1:5700;
			
 
				+				   proxy_set_header Host $host;
			
 
				+				   proxy_set_header X-Real-IP $remote_addr;
			
 
				+				   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			
 
				+				   proxy_set_header REMOTE-HOST $remote_addr;
			
 
				+				   }
			
 
				+	}
			
--- a/devices/common/files/etc/nginx/conf.d/webdav.conf.sample
+++ b/devices/common/files/etc/nginx/conf.d/webdav.conf.sample
@@ -0,0 +1,42 @@
 
				+server
			
 
				+    {
			
 
				+        listen 8877;
			
 
				+        #listen 443 ssl http2;
			
 
				+        server_name _lan;
			
 
				+        index index.html index.htm index.php default.html default.htm default.php;
			
 
				+        root  /data;
			
 
				+
			
 
				+        # ssl_certificate /etc/acme/supes.top/fullchain.cer;
			
 
				+        # ssl_certificate_key /etc/acme/supes.top/supes.top.key;
			
 
				+	    # ssl_session_timeout '64m';
			
 
				+	    # ssl_protocols TLSv1.2 TLSv1.3;
			
 
				+        # ssl_prefer_server_ciphers on;
			
 
				+        # ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
			
 
				+	    # ssl_session_cache 'shared:SSL:10m';
			
 
				+		
			
 
				+		client_max_body_size 0;
			
 
				+
			
 
				+	        location / {
			
 
				+
			
 
				+            set $dest $http_destination;
			
 
				+            if (-d $request_filename) {
			
 
				+                rewrite ^(.*[^/])$ $1/;
			
 
				+                set $dest $dest/;
			
 
				+            }
			
 
				+            if ($request_method ~ (MOVE|COPY)) {
			
 
				+                more_set_input_headers 'Destination: $dest';
			
 
				+            }
			
 
				+
			
 
				+            if ($request_method ~ MKCOL) {
			
 
				+                rewrite ^(.*[^/])$ $1/ break;
			
 
				+            }
			
 
				+
			
 
				+            dav_methods PUT DELETE MKCOL COPY MOVE;
			
 
				+            dav_ext_methods PROPFIND OPTIONS;
			
 
				+            dav_access user:rw group:rw all:r;
			
 
				+            create_full_put_path  on;
			
 
				+
			
 
				+            auth_basic "Restricted access";
			
 
				+            auth_basic_user_file /etc/nginx/htpasswd.conf;
			
 
				+        }
			
 
				+}
			
--- a/devices/common/files/etc/nginx/htpasswd.conf
+++ b/devices/common/files/etc/nginx/htpasswd.conf
@@ -0,0 +1 @@
 
				+root:fU70Nx.37Ofww
			
--- a/devices/common/files/www/nginx.html
+++ b/devices/common/files/www/nginx.html
@@ -0,0 +1,8 @@
 
				+<?xml version="1.0" encoding="utf-8"?>
			
 
				+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
			
 
				+<html xmlns="http://www.w3.org/1999/xhtml">
			
 
				+<head>
			
 
				+<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
			
 
				+<meta http-equiv="refresh" content="0; URL=luci/" />
			
 
				+</head>
			
 
				+</html>
			
--- a/devices/common/patches/nginx_luci.patch
+++ b/devices/common/patches/nginx_luci.patch
@@ -0,0 +1,18 @@
 
				+--- a/package/feeds/packages/nginx/files-luci-support/luci.locations
			
 
				++++ b/package/feeds/packages/nginx/files-luci-support/luci.locations
			
 
				+@@ -1,12 +1,13 @@
			
 
				+-location /cgi-bin/luci {
			
 
				++location /luci {
			
 
				+ 		index  index.html;
			
 
				+ 		include uwsgi_params;
			
 
				+ 		uwsgi_param SERVER_ADDR $server_addr;
			
 
				+ 		uwsgi_modifier1 9;
			
 
				+ 		uwsgi_pass unix:////var/run/luci-webui.socket;
			
 
				+ }
			
 
				+-location ~ /cgi-bin/cgi-(backup|download|upload|exec) {
			
 
				++location ~ /cgi-(backup|download|upload|exec) {
			
 
				+ 		include uwsgi_params;
			
 
				++		uwsgi_read_timeout 300s;
			
 
				+ 		uwsgi_param SERVER_ADDR $server_addr;
			
 
				+ 		uwsgi_modifier1 9;
			
 
				+ 		uwsgi_pass unix:////var/run/luci-cgi_io.socket;