@wjwjq/release-helper 0.0.1

package/src/.release/nginx/ca/server.crt

@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4101 (0x1005)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=HXWXGROUP
+        Validity
+            Not Before: May 17 03:12:56 2022 GMT
+            Not After : May 14 03:12:56 2032 GMT
+        Subject: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=www.cdsp.com/emailAddress=''
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:75:b7:fc:09:d8:22:47:a4:78:af:d3:c1:64:
+                    9d:39:7c:47:6a:e2:e3:eb:92:58:3a:f8:93:2e:71:
+                    c9:bd:24:71:53:8c:f0:68:be:5b:18:90:9f:b1:71:
+                    5b:c7:94:36:d3:0d:c3:62:af:d6:0d:6b:02:3d:26:
+                    3d:15:d0:45:8e:28:4e:7e:7a:b3:a9:96:99:b7:5b:
+                    39:fa:4b:59:7e:cf:41:7b:77:f1:8d:f6:7c:81:66:
+                    00:66:ea:77:74:fd:ef:da:36:27:bf:63:a8:b5:48:
+                    17:a9:16:d4:84:f2:50:f8:5d:d0:83:d6:63:c6:d4:
+                    39:2f:b0:2c:62:20:8d:0b:97:2f:72:cc:00:c8:f7:
+                    ee:a0:88:ec:24:25:b5:d4:a2:a5:8f:0e:0d:8c:2b:
+                    f7:a1:b0:bd:00:b7:2a:ad:84:87:64:fd:73:d2:2a:
+                    bd:f6:fc:b8:87:c5:58:9a:30:9d:e0:d9:5d:ae:2e:
+                    4a:57:67:58:dc:be:5b:85:a8:44:01:11:c1:17:83:
+                    10:4b:52:de:e0:9e:19:92:9d:ad:4d:b8:56:60:3c:
+                    47:1a:de:35:86:70:94:be:ef:26:68:5d:ff:4e:fa:
+                    c1:04:8f:ac:b6:0c:1f:62:63:3b:34:6d:90:44:94:
+                    6f:61:cf:d5:44:fe:14:fb:7a:c6:1c:45:8f:21:81:
+                    81:9f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                2C:EB:73:A8:5E:6D:8A:52:61:CC:7A:64:65:89:F3:9D:F3:E2:F9:8A
+            X509v3 Authority Key Identifier: 
+                keyid:5B:38:8D:11:77:98:4B:BB:71:EE:14:4C:A3:E3:79:92:F4:A0:6A:D3
+
+    Signature Algorithm: sha256WithRSAEncryption
+         71:c8:00:e2:16:a1:0d:e7:ce:5c:74:59:06:c7:66:ec:15:ca:
+         f9:9a:94:d2:89:f4:1f:ed:95:5e:37:1a:e6:b7:ac:11:50:15:
+         19:f5:51:2c:22:c4:98:74:f7:93:c2:87:4e:37:20:87:05:e7:
+         0b:87:22:26:6c:2a:17:d2:cd:49:30:36:1e:a1:86:00:0d:79:
+         27:d0:9e:44:ab:6f:77:45:9e:24:3a:92:60:76:f2:d1:1e:16:
+         ce:dc:60:7d:fb:40:71:58:76:86:99:49:8a:9a:a0:c4:2b:c5:
+         8c:d8:e9:f7:bc:ee:d1:d1:89:b6:38:30:88:19:16:d1:aa:59:
+         e7:38:71:d4:55:4c:a4:60:1a:9b:08:50:06:d4:27:fc:e9:89:
+         a2:5a:78:03:bb:6d:c6:bd:15:b8:8a:04:e1:4c:96:01:e6:47:
+         70:25:d0:5a:b0:39:53:c5:67:52:a0:5f:86:97:12:c8:26:fa:
+         b0:23:37:c4:5e:fc:fc:4d:66:e5:fe:b4:40:56:80:a8:8a:54:
+         9e:f0:37:67:ad:02:a0:a1:63:89:62:4e:c9:64:0b:48:3b:7c:
+         e4:6a:13:5b:71:1f:5a:85:8d:5a:96:35:f8:97:97:26:d4:9d:
+         fa:47:75:55:a4:48:7e:cd:27:f7:7d:d8:2e:92:42:c8:54:54:
+         65:7b:14:ab:75:38:72:79:59:34:70:f7:84:ee:4b:3f:cf:e8:
+         79:58:fb:2c:54:4d:f2:4f:7f:08:c3:93:6d:24:27:98:f5:05:
+         ff:7d:0c:1b:ec:7b:d5:8e:eb:76:aa:80:b3:cf:aa:2b:03:2f:
+         61:b2:5e:42:90:a7:89:19:53:c4:3d:7f:a8:30:9b:0f:67:30:
+         b8:70:30:13:c4:24:11:46:a2:e3:b8:19:d0:22:2b:69:5b:40:
+         13:34:af:6f:6a:81:e5:6a:b7:cc:ae:74:18:bd:0a:91:06:02:
+         d9:bd:81:9c:fb:7c:59:16:09:c0:9c:f5:70:44:4a:df:02:75:
+         42:a2:dc:84:13:a0:89:a9:fa:58:ba:82:81:8b:1d:d6:83:29:
+         c6:3e:8a:94:9f:53:7e:8b:a5:cc:12:e0:76:3a:a7:f2:1a:9e:
+         13:54:b1:c9:23:89:1f:b8:65:65:70:00:05:a4:f1:43:e5:f3:
+         8e:19:3a:d8:48:d2:6c:25:41:60:24:90:0c:6a:34:ff:18:39:
+         75:fb:25:e7:67:97:d6:44:ec:cc:6a:21:5d:24:d4:1b:c0:02:
+         28:69:62:92:56:d1:70:6d:99:27:98:0e:b1:ec:40:5b:66:08:
+         f5:8e:3d:88:5a:c2:30:85:e3:35:2e:2b:aa:42:17:db:bf:04:
+         aa:31:9b:74:b7:43:8d:07
+-----BEGIN CERTIFICATE-----
+MIIEuzCCAqOgAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAlNDMQswCQYDVQQHDAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsM
+BEhYV1gxEjAQBgNVBAMMCUhYV1hHUk9VUDAeFw0yMjA1MTcwMzEyNTZaFw0zMjA1
+MTQwMzEyNTZaMG0xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJTQzELMAkGA1UEBwwC
+Q0QxCzAJBgNVBAoMAkhYMQ0wCwYDVQQLDARIWFdYMRUwEwYDVQQDDAx3d3cuY2Rz
+cC5jb20xETAPBgkqhkiG9w0BCQEWAicnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwHW3/AnYIkekeK/TwWSdOXxHauLj65JYOviTLnHJvSRxU4zwaL5b
+GJCfsXFbx5Q20w3DYq/WDWsCPSY9FdBFjihOfnqzqZaZt1s5+ktZfs9Be3fxjfZ8
+gWYAZup3dP3v2jYnv2OotUgXqRbUhPJQ+F3Qg9ZjxtQ5L7AsYiCNC5cvcswAyPfu
+oIjsJCW11KKljw4NjCv3obC9ALcqrYSHZP1z0iq99vy4h8VYmjCd4Nldri5KV2dY
+3L5bhahEARHBF4MQS1Le4J4Zkp2tTbhWYDxHGt41hnCUvu8maF3/TvrBBI+stgwf
+YmM7NG2QRJRvYc/VRP4U+3rGHEWPIYGBnwIDAQABo3sweTAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQULOtzqF5tilJhzHpkZYnznfPi+YowHwYDVR0jBBgwFoAUWziNEXeYS7tx
+7hRMo+N5kvSgatMwDQYJKoZIhvcNAQELBQADggIBAHHIAOIWoQ3nzlx0WQbHZuwV
+yvmalNKJ9B/tlV43Gua3rBFQFRn1USwixJh095PCh043IIcF5wuHIiZsKhfSzUkw
+Nh6hhgANeSfQnkSrb3dFniQ6kmB28tEeFs7cYH37QHFYdoaZSYqaoMQrxYzY6fe8
+7tHRibY4MIgZFtGqWec4cdRVTKRgGpsIUAbUJ/zpiaJaeAO7bca9FbiKBOFMlgHm
+R3Al0FqwOVPFZ1KgX4aXEsgm+rAjN8Re/PxNZuX+tEBWgKiKVJ7wN2etAqChY4li
+TslkC0g7fORqE1txH1qFjVqWNfiXlybUnfpHdVWkSH7NJ/d92C6SQshUVGV7FKt1
+OHJ5WTRw94TuSz/P6HlY+yxUTfJPfwjDk20kJ5j1Bf99DBvse9WO63aqgLPPqisD
+L2GyXkKQp4kZU8Q9f6gwmw9nMLhwMBPEJBFGouO4GdAiK2lbQBM0r29qgeVqt8yu
+dBi9CpEGAtm9gZz7fFkWCcCc9XBESt8CdUKi3IQToImp+li6goGLHdaDKcY+ipSf
+U36LpcwS4HY6p/IanhNUsckjiR+4ZWVwAAWk8UPl844ZOthI0mwlQWAkkAxqNP8Y
+OXX7Jednl9ZE7MxqIV0k1BvAAihpYpJW0XBtmSeYDrHsQFtmCPWOPYhawjCF4zUu
+K6pCF9u/BKoxm3S3Q40H
+-----END CERTIFICATE-----

package/src/.release/nginx/ca/server.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNDMQswCQYDVQQH
+DAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsMBEhYV1gxFTATBgNVBAMMDHd3dy5j
+ZHNwLmNvbTERMA8GCSqGSIb3DQEJARYCJycwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDAdbf8CdgiR6R4r9PBZJ05fEdq4uPrklg6+JMuccm9JHFTjPBo
+vlsYkJ+xcVvHlDbTDcNir9YNawI9Jj0V0EWOKE5+erOplpm3Wzn6S1l+z0F7d/GN
+9nyBZgBm6nd0/e/aNie/Y6i1SBepFtSE8lD4XdCD1mPG1DkvsCxiII0Lly9yzADI
+9+6giOwkJbXUoqWPDg2MK/ehsL0AtyqthIdk/XPSKr32/LiHxViaMJ3g2V2uLkpX
+Z1jcvluFqEQBEcEXgxBLUt7gnhmSna1NuFZgPEca3jWGcJS+7yZoXf9O+sEEj6y2
+DB9iYzs0bZBElG9hz9VE/hT7esYcRY8hgYGfAgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAWDnN1PJLwlYqv5VSDvqINzgu5uy4oKswUm2k+Jq4eAcVtq/soBIVZixe
+9weO2iXGQRtumDMlu/JihLfiZ7Klp+SEbGiPKS5p3WmR6cebSeOMGmfy+JGN952U
+EUqwFYhM7tt+2wAB1MbO57S7r512sQwOUGp7GWa2U5Anslw27kSSyhH/q0Z23Hlc
+6Q7KLRqb0WUs9DkrbPS1jedQOSzsy1hO2iINvRxA/dhvFzGDZSXFxyrnjxs0VID0
+sjpcrL4M8HJMPXYr8Hwj3njTPef18GKx1mAbiaQ2xHhkl6iuJyX+T4XS9iYtnarL
+EuGDO+6ZO34ZoH1YcElmLWwcM4IEdw==
+-----END CERTIFICATE REQUEST-----

package/src/.release/nginx/ca/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwHW3/AnYIkekeK/TwWSdOXxHauLj65JYOviTLnHJvSRxU4zw
+aL5bGJCfsXFbx5Q20w3DYq/WDWsCPSY9FdBFjihOfnqzqZaZt1s5+ktZfs9Be3fx
+jfZ8gWYAZup3dP3v2jYnv2OotUgXqRbUhPJQ+F3Qg9ZjxtQ5L7AsYiCNC5cvcswA
+yPfuoIjsJCW11KKljw4NjCv3obC9ALcqrYSHZP1z0iq99vy4h8VYmjCd4Nldri5K
+V2dY3L5bhahEARHBF4MQS1Le4J4Zkp2tTbhWYDxHGt41hnCUvu8maF3/TvrBBI+s
+tgwfYmM7NG2QRJRvYc/VRP4U+3rGHEWPIYGBnwIDAQABAoIBAQCOjGJ6hlwUf9Xd
+IfYIrtoZAujuzSCdkeZRv11cMCGJO13I0YIbQqq8VhpB1kFxYGD/D5mhFbXIeHLP
+Eex6pKlv8oC5A27g9E/kU+hsb7TYzO+mYJ+EU4XCXed8Urup5o/pouTryAfkRYJo
+1iUQV14Lp4jSrU93rCazIJyvDYcKhmZfLwK116Ovgd8QgzyUQCDEkI0uO16Nn3ft
+wZbCH+H4uzEsfosDLoZsAaC/U+i/TtCOQLEl88hqawYanLT3+10GrmUAHat0H1mn
+LCh+DdWzqvVAIlTjteQ5N4DEWZSVYb5E7sNyZvNKlM1puTGd0OuJBfdcRobZKV38
+t9F/vXl5AoGBAOFx9ih3jJ1dn5Gi2L33z8tnJEB6w1f35A9N9jDa9RZHKkOQ90jf
+E7eJcdVE7F9FlALcVuR7MrxxfPw9hlaohqwadV8kM4gGNLiSTnpmj/bvXLf73Oue
+OL5i1j1eZhyWPP3H+BItVMqKSFwjvmy1C2Bo6eR+A/D+JG+LWRkb39t9AoGBANqL
+TKJ7oS1JkcxzZaeiMgDuYkzfEl7MunhaBeszEw590clAgEY0ZZtg6oWMYBMRxFyB
+yaWQveNzs6pMrfuaU/xPzHNK6wZHnSdloePUk3iVjLpNojtglzCNpEXi905Md26O
+NfX3deOp46zBNsQLkF8b/km/HUTyoqk/7vxvS0RLAoGAI6UbIIbWasM0yZgP4Olf
+p29lYfSHEk+VdX4EIPFdsuoJmqk/D/yFZ42JvAirvtyHbHReIL4B5Z2j/1XS+byn
+nmqIiER3CVjB2TT4x42T0Z1C8awW4AIiQqfp68YTKw3uEsodRPJ555Q5oKfeId32
+MIYmBQSPpvjn1eMYcUng+RkCgYBiKaGhdgB+dAYuHEMz2bG2I106BBSfSjwTpPP1
+ojpUDwW07OjxH8Xn1c9hbx0UU62sk4t8d5gjWyv/OXQIiFhjA4Dk5GjOqEoZkRf3
+WttmlV3hrM9K9mbSozx/O6QzojsfCHeKZL2qJfwi86JiyoLthYhhnZtLBeU0Oohh
+EKhxIwKBgQCyiydmXG9jRUCHwT5ltRo0yUEU4CkecmHZHy8juknhqDvgsUnxhJos
+nDCuof3+K4C052Zd5zV8zIM8lHTxWfq5N/MLKSRkqGh7EiwiTbXUkRZXEkwcab6m
+h3ip6dGIcCwvTPq0WPc4cPCYOkfV9neGWb9mfQTCFtBj4d9LiHgkVQ==
+-----END RSA PRIVATE KEY-----

package/src/.release/nginx/ca/server.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,09B111B23D33B446
+
+Y/oDvx4T6nMpFUY9fzfdEXbkFJaP7qPGphgkqX14zIHx7TFZDcLEo7v1HrUeLOuf
+OIKKQ6m8F4NVmjq+9p9g3NFNClm+9RxxZ2CRLnnxr0EY4Ado34/DpN/+6pWuxm6w
+MTVbKQBRmWmZ2bpURkacz+ibYJB3G3Gf4vtLXgHth1zbv/lXi0VvnmlNDVocjiVK
+WPSh0XCQCmTZmUX/Oz1VfES/xvMJIvDvLY61geAgwVVYgpQfZ2uTlT3rHyBzcuVX
+NZOwh0AJHgPH2sruzkb0ic3JhmwIfdzvIsWyvh55CQW3v5CsE9HC6IpEZmqjFhVv
+ahgo4Wfo8pAsDEaK0qeux7oxtU4wFigSrxPWszDbVdzA00NT8iouz2Aq/Tq5uWQj
+YZeOgreDa1o7XoBUzaeGbDcxYX1Gx6nC7+q1dLUo/Pr7dKZdEXguQGeIjhCAUHRg
+1uzPybHTcspk4TpQIS2+rsCJCVFikO8soaRtxanrhH2pPHJ91uJJrudYN5WuUE7G
+2V7a4xSfW49frikk45lF1CirSnGnWaaV8DQIQb7JFeGF+DTS5f4ubi2IwfnDJfyT
+BkislINrejkL8yVC7YjncU1ferIIn5xrAYqecIj2NOK7xWkLNLtMmLWcaPy8fqoB
+EDOAE7RmTUPG8mGgMV5btjxKmUUiJaQ9CZ14jj5Ape2jK8ieUzjlRxGS2KfaYgAN
+9wLHuLLoNaLdX92CIXwCJo5ftfj9kZBxmRc0dz6o+sFlFSTv08MkuiKRYE18N0Dl
+94CvtElR+f46Vnfa44UyKa4XOWH54Itjt5brNnkvkMNbTB7gTiFq1nR5t9El3rQC
+/6fObqCQM+bqHbiFyV9bTjvbAAZSv28YDSfAqx4rxHGkvbKl9E+Mw77nuMDA9l5K
+jp6jJ4iLMdj4X5c2uJ6hcmRTGoCsER9UT71mxBAI58Wmda6Gf6I9mmBwi367CYeF
+iGHCAd46fgTtGN1deb6NTv8UWTeLi43RiRE+LvjgqWeZTsNMrIkwlHa7L8ASRIBl
++pzxLHpG30arm1spNmekw+dAF1LFBUD+1DQaNg9h+PztzHKdDcdw9gkxYZuMPo7f
+Xu+cIsBHouRPC6zudXIt/TPWTmhqCaKeYPfmiNtR1qXNKo11zP/5uIzBDbY49CMF
+9DB1nqXioq5Urgp9S+0dMU65kio2Ocp9BPPxlOCGA9iMCLYsVYmafTqLqdf55JEv
+HMxYiFSYmJhbUbWhU3DCXtlUWXENMyDslDCltJop8FMnYNdD+eHgTqyzgE2lkII1
+5AcOFrGtpJEPz/fQZVYxiG8wwPGusEtHdilG2AVQpQUqYDqBCIn8bEX8ddWAl6QI
+fxZ0em0UFZ4WNkpIN5NUHJq9yegqMtxkpEK6WDXn1UUMUZ9UtWlBIlR1ZkG5x/Ct
+xsltmNjGJpwiE8gywWyLxEiMQJBKQxNGqNcWTLCm+0cl+ZHXoMvaFPeb1AEsAP1U
+GqrvLj0YvfnUT5r/Xg+ksIKJ1VgSpgWKka4ySIb/dB+tV3I49QJ5dELjZi2InX88
+nKP526ssIv1mNOK0b0UQxjN1FFOkHDtTfysWHt3swWSUqaNEV8zTg8fmh4YI3z2u
+-----END RSA PRIVATE KEY-----

package/src/.release/nginx/nginx.conf

@@ -0,0 +1,179 @@
+
+daemon off;
+user  root;
+worker_processes 2; 
+
+#PID_FILE_PALCEHOLDER
+
+# 请勿删除此处占位符
+#ERROR_LOG_PLACEHOLDER 
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include      /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # 自定义时间格式
+     map $time_iso8601 $year {
+        default             'year';
+        '~^(?<yyyy>\d{4})-'     $yyyy;
+    }
+    map $time_iso8601 $month {
+        default             'month';
+        '~^\d{4}-(?<mm>\d{2})-'     $mm;
+    }
+    map $time_iso8601 $day {
+        default             'day';
+        '~^\d{4}-\d{2}-(?<dd>\d{2})'    $dd;
+    }
+
+    map $time_iso8601 $time {
+        ~\T([0-9:]+)\+ $1;
+    }
+
+    log_format  main  '$year/$month/$day $time $remote_addr $remote_user "$request"'
+                      ' $status $body_bytes_sent "$http_referer" '
+                      ' "$http_user_agent" "$http_x_forwarded_for"';
+ 
+    # 请勿删除此处占位符
+    #ACCESS_LOG_PLACEHOLDER
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  600;
+    client_header_timeout 600;
+    client_body_timeout 600;
+    send_timeout 600;
+
+    server_tokens off;
+
+    gzip on;
+    gzip_min_length 1k;
+    gzip_comp_level 5;
+    gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
+    gzip_vary on;
+
+    upstream tomcatposidon {
+      server localhost:9998; #tomcat
+    }
+
+    # 开启自定义错误信息响应
+    fastcgi_intercept_errors on;
+ 
+    limit_conn_zone $binary_remote_addr zone=conn:10m;    # 限制连接数
+    limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s; # 限制请求数
+    
+    map $http_referer $referer_host {
+       default "";
+       "~^https?://([^/]+)" "$1";
+    }
+
+    server { 
+        # listen 80;
+        listen 5443 default_server ssl http2;
+        server_name  localhost;
+        root  __root__;   # 请勿修改 此处会在脚本中动态替换
+        
+        error_page 497 =301 https://$host:$server_port$request_uri;
+
+        ssl_certificate ca/server.crt;        # 这里为服务器上server.crt的路径
+        ssl_certificate_key ca/server.key;    # 这里为服务器上server.key的路径
+        #ssl_client_certificate ca/ca.crt;    # 双向认证
+        #ssl_verify_client on;             # 双向认证
+   
+        ssl_session_timeout 5m;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+        ssl_prefer_server_ciphers   on;
+
+        # 安全设置
+        add_header X-Frame-Options SAMEORIGIN always;
+        add_header X-Content-Type-Options nosniff always; 
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;" always;
+        
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header Referrer-Policy strict-origin-when-cross-origin always;
+        add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;img-src  'self' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-inline' data: blob:;" always;
+        add_header X-DOWNLAOD-OPTIONS noopen always; 
+      
+        if ($request_method !~* OPTIONS|GET|POST|PUT|DELETE) { 
+           return 403; 
+        }
+      
+        location ~* /posidon|api/ {
+            rewrite ^/api/(.*) /posidon/api/$1  break;
+        
+            # add_header Access-Control-Allow-Origin $http_origin;
+            # add_header Access-Control-Allow-Headers $http_access_control_request_headers;
+            # add_header Access-Control-Allow-Credentials true;
+            # add_header Access-Control-Allow-Methods *;
+
+            # if ($request_method = 'OPTIONS') {
+            #     return 204;
+            # }
+
+            #Proxy Settings
+            proxy_pass  http://tomcatposidon;
+            client_max_body_size 2048m;
+            proxy_redirect     off;
+            proxy_set_header   Host             $host;
+            proxy_set_header   X-Real-IP        $remote_addr;
+            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+            proxy_max_temp_file_size 0;
+            proxy_connect_timeout      600;
+            proxy_send_timeout         600;
+            proxy_read_timeout         600;
+            proxy_buffer_size          4k;
+            proxy_buffers              4 32k;
+            proxy_busy_buffers_size    64k;
+            proxy_temp_file_write_size 64k;
+ 
+        }
+
+        location / {
+            limit_conn conn 200;
+            limit_rate 10248k;
+            limit_req zone=allips burst=300 nodelay;
+            limit_rate_after 1000000k; 
+                
+            #client_max_body_size 1000m;
+
+            if ($request_filename ~* .*\.(?:htm|html)$) {
+                add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
+                add_header X-Frame-Options SAMEORIGIN always;
+                add_header X-Content-Type-Options nosniff always; 
+                add_header X-XSS-Protection "1; mode=block" always;
+                add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;" always;        
+                add_header X-Permitted-Cross-Domain-Policies "none" always;
+                add_header Referrer-Policy strict-origin-when-cross-origin always;
+                add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;img-src  'self' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-inline' data: blob:;" always;
+                add_header X-DOWNLAOD-OPTIONS noopen always; 
+            }
+
+            index  index.html;
+            try_files $uri /index.html;
+        }
+
+        # 配置防盗链接设置
+        location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
+            valid_referers none blocked $http_host;
+            if ($referer_host != "$http_host") {
+                    return 403;
+            }
+        }
+
+        # 更改错误响应页面
+        error_page  400  /errors/400.html;
+        error_page  404  /index.html;
+        error_page  413  /errors/413.html;
+        error_page  500  /errors/500.html;
+        error_page  502  /errors/502.html;
+        error_page  504  /errors/504.html;
+    }
+}

package/src/.release/release.conf.yaml

@@ -0,0 +1,9 @@
+
+ #gitlab 仓库地址
+host: your git repo url
+# gitlab rest api token
+token: your git token
+# build script   default: npm run build  
+buildCmd: "npm run build"
+# 打包后资源 相对工作区所在路径  默认dist
+assetsDir: string 

package/src/cli.ts

@@ -0,0 +1,99 @@
+import { cac } from 'cac'
+import { logger } from './logger'
+
+const cli = cac('release-helper')
+
+// init 初始化生成.release目录及相关文件
+// pack 打包命令
+// release 稳定版本发布命令 (包含pack和publish)
+// publish 临时或稳定发布命令 
+
+// global options
+interface GlobalCLIOptions {
+  '--'?: string[]
+  c?: boolean | string
+  config?: string
+  base?: string
+  clearScreen?: boolean
+  d?: boolean | string
+  debug?: boolean | string
+  f?: string
+  filter?: string
+  m?: string
+  mode?: string
+  force?: boolean
+}
+
+
+const filterDuplicateOptions = <T extends object>(options: T) => {
+  for (const [key, value] of Object.entries(options)) {
+    if (Array.isArray(value)) {
+      options[key as keyof T] = value[value.length - 1]
+    }
+  }
+}
+
+// init
+cli
+  .command('init', 'generate release configuration') // default command
+  .action(async (options:  GlobalCLIOptions) => {
+    filterDuplicateOptions(options)
+    try {
+      logger.info('start to generate .release configuration ')
+      const {prepare} = await import('./prepare');
+      await prepare();
+      logger.info('done')
+    } catch (e) {
+      process.exit(1)
+    }
+  })
+// pack
+cli
+  .command('pack', 'start to pack assets') // default command
+  // .option('--version <version>', `[version] specify version`)
+  .action(async (options:  GlobalCLIOptions) => {
+    filterDuplicateOptions(options)
+    try {
+      logger.info('start to pack assets')
+      const {pack} = await import('./pack');
+      await pack();
+    } catch (e) {
+      process.exit(1)
+    }
+  })
+
+// publish
+cli
+  .command('publish', 'start to publish assets') // default command
+  // .option('--version <version>', `[version] specify version`)
+  .action(async (options:  GlobalCLIOptions) => {
+    filterDuplicateOptions(options)
+    // publish
+    try {
+      logger.info('start to publish assets')
+      const {release} = await import('./release');
+      await release(true);
+    } catch (e) {
+      process.exit(1)
+    }
+  })
+
+//release
+cli
+  .command('release', 'start to release assets') // default command
+  // .option('--version <version>', `[version] specify version`)
+  .action(async (options:  GlobalCLIOptions) => {
+    filterDuplicateOptions(options)
+    try {
+      logger.info('start to release assets')
+      const {release} = await import('./release');
+      await release();
+    } catch (e) {
+      process.exit(1)
+    }
+  })
+
+cli.help()
+cli.version('0.0.1')
+
+cli.parse()

package/src/deploy/nginx/README.md

@@ -0,0 +1 @@
+# nginx

package/src/deploy/nginx/script/common.sh

@@ -0,0 +1,178 @@
+#!/bin/bash
+# 获取脚本的父目录
+project_path=$(echo "$basepath" | sed -e "s/\/script//")
+
+execute_log_path="/var/log/nginx_script_execute_logs"
+
+log() {
+  now=$(date "+%Y-%m-%d %H:%M:%S")
+  echo "$now: $1"
+  echo "$now: [info] $1" >>$execute_log_path
+}
+
+log_success() {
+  now=$(date "+%Y-%m-%d %H:%M:%S")
+  echo "$(tput setaf 2)""$now": "$1""$(tput sgr0)"
+  echo "$now: [success] $1" >>$execute_log_path
+}
+
+log_error() {
+  now=$(date "+%Y-%m-%d %H:%M:%S")
+  echo "$(tput setaf 1)""$now": "$1" "$(tput sgr0)"
+  echo "$now: [error] $1" >>$execute_log_path
+}
+
+source "$basepath"/prompt.sh
+
+# 指定安装目录
+install_path="$prefix/etc/nginx/"
+
+mkdir -p "$install_path"
+
+# 安装包所在路径
+pkg_path="${project_path}/pkg"
+
+# # 配置文件所在路径
+# conf_path="${pkg_path}/conf/nginx.conf"
+
+# # asset_path="$prefix/opt/posidon-frontend/"
+# log_path="/var/log/nginx"
+# log_file="nginx.log"
+# pid_path="/var/run/nginx.pid"
+
+# conf_version=$(awk '{print $1}' "${pkg_path}"/conf/version)
+# echo $conf_version
+
+# copy_conf_and_write_verison() {
+#   access_log_super="access_log /dev/stdout main"
+#   error_log_super="error_log /dev/stderr warn"
+#   access_log="access_log $log_path/$log_file main"
+#   error_log="error_log $log_path/$log_file"
+
+#   pid_file="pid  $pid_path"
+
+#   exec=$(get_exec_path)
+
+#   if [ -f "${install_path}nginx.conf" ]; then
+#     old_version=$(sed -n '1p' "${install_path}"nginx.conf | sed 's/# version: //' | sed "s/\s\+//g")
+
+#     if [[ -n "${old_version}" ]]; then
+#       now=$(date "+%Y-%m-%d_%H:%M:%S")
+
+#       # echo "nginx_"$old_version"_"$now".conf"
+#       mv "${install_path}"nginx.conf "${install_path}"/nginx_"$old_version"_"$now".conf
+#     fi
+#   fi
+
+#   #nginx -v  nginx代码内部使用的stderr输出， 此处需要转换为stdout
+#   nginx_version=$($exec -v 2>&1)
+
+#   cp "$conf_path" ./
+
+#   sed -i "1i\# ${nginx_version}" ./nginx.conf
+#   sed -i "1i\# version: ${conf_version}" ./nginx.conf
+
+#   if [[ -n "${prefix}" ]]; then
+#     n=$(grep -wn "mime.types" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#     sed -i "${n}c include  conf/mime.types;" ./nginx.conf
+#   fi
+
+#   # n=$(grep -wn "__root__" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#   # if [[ -n "${n}" ]]; then
+#   #   sed -i "${n}c root ${asset_path};" ./nginx.conf
+#   # fi
+
+#   # 替换日志输出路径方式
+#   n=$(grep -wn "#ERROR_LOG_PLACEHOLDER" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#   if [[ -n "${n}" ]]; then
+#     if ((mode == 2)); then
+#       sed -i "${n}c ${error_log};" ./nginx.conf
+#     else
+#       sed -i "${n}c ${error_log_super};" ./nginx.conf
+#     fi
+#   fi
+
+#   n=$(grep -wn "#ACCESS_LOG_PLACEHOLDER" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#   if [[ -n "${n}" ]]; then
+#     if ((mode == 2)); then
+#       sed -i "${n}c ${access_log};" ./nginx.conf
+#     else
+#       sed -i "${n}c ${access_log_super};" ./nginx.conf
+#     fi
+#   fi
+
+#   n=$(grep -wn "#PID_FILE_PALCEHOLDER" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#   if [[ -n "${n}" ]]; then
+#     # 非supervisorctl
+#     if ((mode == 2)); then
+#       sed -i "${n}c ${pid_file};" ./nginx.conf
+#     fi
+#   fi
+
+#   n=$(grep -wn "daemon off;" ./nginx.conf | awk -F: '{print $1}' | sed -n 1p)
+#   if [[ -n "${n}" ]]; then
+#     # 非supervisorctl
+#     if ((mode == 2)); then
+#       sed -i "${n}c daemon on;" ./nginx.conf
+#     fi
+#   fi
+
+#   mv -fb "./nginx.conf" "$install_path"
+
+#   cp -fR "$pkg_path"/conf/ca "$install_path"
+
+#   mkdir -p /data/command/
+#   log "nginx start command: $exec -c  ${install_path}nginx.conf"
+#   echo "$exec -c  ${install_path}nginx.conf" >/data/command/nginx
+
+#   if [[ $? == 0 ]]; then
+#     log_success "$conf_version nginx.conf replaced successfully!"
+#   else
+#     log_error "$conf_version nginx.conf replaced failed!"
+#   fi
+# }
+
+# get_exec_path() {
+#   cmd=''
+#   if [[ -n "${prefix}" ]]; then
+#     cmd="${install_path}/sbin/nginx"
+#   else
+#     cmd="/usr/sbin/nginx"
+#   fi
+
+#   echo "$cmd"
+# }
+
+# get_exec_cmd() {
+#   exec=$(get_exec_path)
+
+#   echo "$exec -c  ${install_path}nginx.conf"
+# }
+
+# add_service() {
+#   #添加到服务
+#   exec_cmd=$(get_exec_cmd)
+#   cp "$basepath"/../pkg/conf/nginx.service.tpl ./nginx.service
+
+#   conf_path="${install_path}nginx.conf"
+#   check_cmd="$exec -t -c $conf_path"
+#   version=$(echo "$conf_version" | grep -oP '\d+\.\d+\.\d+')
+
+#   sed -i "s#_exec_cmd_#$exec_cmd#g" ./nginx.service
+#   sed -i "s#_log_path_#$log_path#g" ./nginx.service
+#   sed -i "s#_log_file_#$log_file#g" ./nginx.service
+#   sed -i "s#_conf_path_#$conf_path#g" ./nginx.service
+#   sed -i "s#_version_#$version#g" ./nginx.service
+#   sed -i "s#_pid_file_#$pid_path#g" ./nginx.service
+#   sed -i "s#_start_check_#$check_cmd#g" ./nginx.service
+
+#   if ((mode == 2)); then
+#     # systemctl enable nginx
+#     cp ./nginx.service /usr/lib/systemd/system/
+#     systemctl daemon-reload
+
+#     log_success 'add nginx.service to /usr/lib/systemd/system/'
+#   else
+#     rm -rf /usr/lib/systemd/system/nginx.service
+#   fi
+# }

package/src/deploy/nginx/script/compile.sh

@@ -0,0 +1,11 @@
+# see https://webhostinggeeks.com/howto/install-update-openssl-centos/
+# serr https://blog.51cto.com/u_13890591/5686850
+
+yum -y update
+
+yum install -y make gcc perl-core pcre-devel wget zlib-devel
+
+wget https://ftp.openssl.org/source/openssl-xxxk.tar.gz
+
+
+./configure --with-http_ssl_module --with-http_gzip_static_module  --with-http_stub_status_module --with-stream --with-http_v2_module --with-openssl=/root/openssl-1.1.1f --prefix=/etc/nginx