@wjwjq/release-helper 0.1.8 → 0.1.9

package/.release/README.md

@@ -0,0 +1,73 @@
+# release-helper
+
+打包 和发布辅助工具, 集成nginx二进制文件，支持supervisor和systemctl启动安装模式
+
+服务器端安装和更新，请看发布后文档
+
+## 使用
+
+### 推荐
+
+在package.json中添加如下命令, 后续通过pnpm pak/pub/publish使用
+
+```bash
+  "pak": "release-helper pack",
+  "pub": "release-helper publish",
+  "release": "release-helper release",
+```
+
+### 单独使用命令
+
+请在项目根目录，使用命令
+
+#### 初始化
+
+常规来讲，通过pnpm安装时，会自动在项目根目录位置，生成.release目录，若未生成，请手动生成
+
+```bash
+release-helper init
+```
+
+#### 打包
+
+仅打包成xx.tar.gz  需指定release.conf.yaml中assetsDir字段
+
+```bash
+release-helper pack
+```
+
+#### 发版
+
+发布git release相关版本； 需指定release.conf.yaml中host等相关字段
+
+```bash
+release-helper release
+```
+
+## .release 目录说明
+
+### doc 目录
+
+用于release时附带的文档，文档中可以使用指定变量占位，后续执行release-helper release时会自动遍历，并替换所有变量
+
+可使用变量及说明:
+
+| **占位符**    | **含义**                                             |
+| ------------- | ---------------------------------------------------- |
+| \$APP\_NAME\$ | 应用名称（自动读取package.json中name字段值）         |
+| \$VERSION\$   | 用户指定的版本号                                     |
+| \$PKG_NAME\$  | tar.gz包名称（值为\$APP_NAME\$\_\$VERSION\$.tar.gz） |
+
+### nginx 目录
+
+用于存放服务器端nginx的启动配置文件等，部分占位说明及占位符请勿删除，会在服务器端安装或更新时，由脚本自动替换
+
+文件说明：
+| **文件或目录** | **说明**                                                  |
+| -------------- | --------------------------------------------------------- |
+| ca             | nginx https使用到的证书，变更时需对应修改nginx.conf中的值 |
+| nginx.conf     | nginx启动时 需要的配置文件                                |
+
+### release.conf.yaml
+
+打包发布相关配置项

package/.release/doc//351/203/250/347/275/262/346/211/213/345/206/214.md

@@ -0,0 +1,418 @@
+# 1.基础信息
+
+version: $VERSION$
+
+author: release-helper
+
+# 2. 安装
+
+## 2.1 自动安装
+
+### 2.1.1 前置条件
+
+  . 从gitlab仓库中$APP_NAME$中获取最新的版本$TAR_PKG$
+
+### 2.1.2 安装步骤
+
++ 步骤一：上传$TAR_PKG$ 到 远程服务器/home 目录下
+
++ 步骤二：进入/home目录，使用一下命令解压$TAR_PKG$
+
+```bash
+cd /home; tar -zxvf $TAR_PKG$
+```
+
+```text
+[root@localhost ~]# cd /home; tar -zxvf $TAR_PKG$
+$APP_NAME$/
+$APP_NAME$/conf/
+$APP_NAME$/conf/nginx.conf
+$APP_NAME$/pkg/
+...
+$APP_NAME$/script/docker.sh
+$APP_NAME$/script/install.sh
+$APP_NAME$/script/upgrade.sh
+```
+
++ 步骤三： 进入/home/$APP_NAME$/script目录下
+
+```bash
+cd /home/$APP_NAME$/script
+```
+
++ 步骤四： 给install.sh附加可执行权限
+
+```bash
+chmod +x install.sh
+```
+
++ 步骤五： 执行install.sh脚本进行安装
+
+以**集群**（agent）模式安装
+
+```bash
+./install.sh -cluster
+```
+
+以**独立**（supervisor）模式安装
+
+```bash
+./install.sh -standalone
+```
+
+```text
+[root@localhost home]# cd /home/$APP_NAME$/script
+[root@localhost script]# chmod +x install.sh
+[root@localhost script]# ./install.sh                                          # 不带参数，会报错
+2024-06-28 14:49:40: -----------execute $APP_NAME$ script-------------
+2024-06-28 14:49:40: -----------receive parameter: ------------
+2024-06-28 14:49:40: Fatal error: parameter -standalone or -cluster  is required! 
+[root@localhost script]# ./install.sh -cluster                                 # 携带参数
+install_path: /opt/$APP_NAME$/
+$VERSION$
+Nginx has been installed, re-install it?[Y/N]n                                # 若检测nginx可执行文件已安装, 会询问是否需要重新安装NGINX，通常输入n 即可
+2024-06-28 14:57:23: -----------execute $APP_NAME$ script-------------
+2024-06-28 14:57:23: -----------receive parameter: -cluster------------
+2024-06-28 14:57:23: -------------------------------------------------
+2024-06-28 14:57:23: -------start to install Cluster mode-------
+2024-06-28 14:57:23: -------------------------------------------------
+...
+2024-06-28 14:57:39: -----------execute $APP_NAME$ script-------------
+...
+2024-06-28 14:57:39: nginx start command: /usr/sbin/nginx -c /opt/$APP_NAME$/nginx/nginx.conf
+2024-06-28 14:57:39: $VERSION$ /opt/$APP_NAME$/nginx/nginx.conf replaced successfully!       
+2024-06-28 14:57:39: add $APP_NAME$.nginx.service to /usr/lib/systemd/system/ 
+2024-06-28 14:57:39: /opt/$APP_NAME$/assets/settings
+2024-06-28 14:57:39: $APP_NAME$ deployed successfully                      #安装成功
+```
+
+### 2.1.3 启动
+
+所有组件安装后统一通过supervisor或agent组件启动， 详见supervisor或agent部署文档
+
+### 2.2 手动安装
+
+暂无
+
+# 3. 升级
+
+## 3.1 自动升级
+
+### 3.1.1 前置条件
+
+1. 已安装$APP_NAME$
+
+2. 从gitlab仓库中$APP_NAME$-new中获取最新的版本$TAR_PKG$
+
+### 3.1.2 升级步骤
+
++ 步骤一：上传$TAR_PKG$ 到 远程服务器/home 目录下
+
++ 步骤二：进入/home目录，使用一下命令解压$TAR_PKG$
+
+```bash
+cd /home; tar -zxvf $TAR_PKG$
+```
+
+```text
+[root@localhost ~]# cd /home; tar -zxvf $TAR_PKG$
+$APP_NAME$/
+$APP_NAME$/conf/
+$APP_NAME$/conf/nginx.conf
+$APP_NAME$/pkg/
+...
+$APP_NAME$/script/docker.sh
+$APP_NAME$/script/install.sh
+$APP_NAME$/script/upgrade.sh
+```
+
++ 步骤三： 进入/home/$APP_NAME$/script目录下
+
+```bash
+cd /home/$APP_NAME$/script
+```
+
++ 步骤四： 给upgrade.sh附加可执行权限
+
+```bash
+chmod +x upgrade.sh
+```
+
++ 步骤五： 执行upgrade.sh脚本进行安装
+
+```bash
+./upgrade.sh
+```
+
+```text
+[root@localhost home]# cd /home/$APP_NAME$/script
+[root@localhost script]# chmod +x upgrade.sh
+[root@localhost script]# ./upgrade.sh                                          # 不带参数，会报错
+2024-06-28 14:49:40: -----------execute $APP_NAME$ script-------------
+2024-06-28 14:49:40: -----------receive parameter: ------------
+2024-06-28 14:49:40: Fatal error: parameter -standalone or -cluster  is required! 
+[root@localhost script]# ./upgrade.sh -cluster                                 # 携带参数
+2024-06-28 14:57:23: -----------execute $APP_NAME$ script-------------
+2024-06-28 14:57:23: -----------receive parameter: -cluster------------
+2024-06-28 14:57:23: -------------------------------------------------
+2024-06-28 14:57:23: -------start to upgrade Cluster mode-------
+2024-06-28 14:57:23: -------------------------------------------------
+...
+2024-06-28 14:57:39: -----------execute $APP_NAME$ script-------------
+...
+2024-06-28 14:57:39: nginx start command: /usr/sbin/nginx -c /opt/$APP_NAME$/nginx/nginx.conf
+2024-06-28 14:57:39: $VERSION$ /opt/$APP_NAME$/nginx/nginx.conf replaced successfully!       
+2024-06-28 14:57:39: add $APP_NAME$.nginx.service to /usr/lib/systemd/system/
+2024-06-28 14:57:39: /opt/$APP_NAME$/assets/settings
+2024-06-28 14:57:39: $APP_NAME$ deployed successfully                      #安装成功
+```
+
+### 3.1.3 启动
+
+## 3.2 手动升级
+
+暂无
+
+# 4. FAQ
+
+## 4.1 相关文件位置？
+
+| **说明**           | **路径**                                             |
+| ------------------ | ---------------------------------------------------- |
+| 安装目录           | /opt/$APP_NAME$/                                     |
+| 版本文件           | /opt/$APP_NAME$/version                              |
+| nginx配置文件      | /opt/$APP_NAME$/nginx/nginx.conf                     |
+| 日志文件位置       | /var/log/$APP_NAME$/nginx.log                        |
+| 系统静态资源目录   | /opt/$APP_NAME$/assets/                              |
+| 系统配置文件       | /opt/$APP_NAME$/assets/settings                      |
+| system service位置 | /usr/lib/systemd/system/$APP_NAME$.nginx.service     |
+| 日志翻转配置位置 | /etc/logrotate.d/$APP_NAME$.nginx     |
+
+## 4.2 启动命令
+
+### 4.2.1 原始命令
+
+```bash
+/usr/sbin/nginx -c /opt/$APP_NAME$/nginx/nginx.conf
+```
+
+### 4.2.2 supervisor
+
+需安装时选择 -standalone 模式
+
+```bash
+supervisorctl start $APP_NAME$.nginx 
+```
+
+### 4.2.3 systemctl
+
+需安装时选择 -cluster 模式
+
+```bash
+systemctl start $APP_NAME$.nginx.service
+```
+
+## 4.3 验证
+
+正常启动后，使用如下命令，返回如图结果则表示成功 其中5443是nginx.conf 中配置的服务端口
+
+```bash
+curl https://127.0.0.1:5443 --insecure | grep 'x-v'
+```
+
+```text
+[root@localhost script]# curl https://127.0.0.1:5443 --insecure | grep 'x-v'
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
+  <!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta x-v=$VERSION$><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1"><link rel=icon href=/favicon.ico><style>.notice-browser * {
+100 51143  100 51143    0     0   483k      0 --:--:-- --:--:-- --:--:--  484k
+```
+
+## 4.4 版本查看
+
+```bash
+cat /opt/$APP_NAME$/version
+```
+
+```tet
+[root@localhost script]# cat /opt/$APP_NAME$/version
+$VERSION$
+```
+
+## 4.5 修改系统名称
+
+```bash
+vim /opt/$APP_NAME$/assets/settings
+```
+
+```text
+#请勿调整顺序，注释单开一行，并用#开头
+
+systemName.zh="数据安全综合管理系统"
+systemName.en="Comprehensive Data Security Platform"
+```
+
+## 4.6 修改安全事件查询页面过滤条件时间段的时间限制范围(以分钟为单位，设置时间应不低于10080，即7天，默认设置43200，即30天)
+
+```bash
+vim /opt/$APP_NAME$/settings
+```
+
+```text
+#请勿调整顺序，注释单开一行，并用#开头
+
+systemSafeEventDate.limit=43200
+```
+
+## 4.7 Nginx启动失败，提示80端口绑定失败？
+
++ 问题截图：
+
+```text
+2021/12/15 22:16:52 [emerg] 13825#13825: bind() to 0.0.0.0:80 failed (98:Address already in use)
+nginx:[emerg] bind() to 0.0.0.0:80 failed (98:Address already in use)
+2021/12/15 22:16:52 [emerg] 13825#13825: bind() to 0.0.0.0:80 failed (98:Address already in use)
+nginx:[emerg] bind() to 0.0.0.0:80 failed (98:Address already in use)
+2021/12/15 22:16:52 [emerg] 13825#13825: bind() to 0.0.0.0:80 failed (98:Address already in use)
+nginx:[emerg] bind() to 0.0.0.0:80 failed (98:Address already in use)
+2021/12/15 22:16:52 [emerg] 13825#13825: bind() to 0.0.0.0:80 failed (98:Address already in use)
+nginx:[emerg] bind() to 0.0.0.0:80 failed (98:Address already in use)
+```
+
++ 问题说明
+
+80端口被占用导致，此问题出现几率，几乎为0
+
++ 解决方法：
+
+**先和用户确认是否可以操作**
+
+使用如下命令查看占用80的应用，并使用kill杀掉与之相关的进程
+
+```bash
+netstat -tunlp | grep 80
+
+**kill** -9 pid
+```
+
+## 4.8 更改默认80端口？
+
++ 修改nginx.conf中server listen；参照下图，注最新配置默认端口为5443
+
+```bash
+vi /opt/$APP_NAME$/nginx/nginx.conf
+```
+
+```text
+    upstream tomcatposidon{
+      server localhost:9998; #tomcat
+    }
+
+    # 开启自定义错误信息响应
+    fastcgi_intercept_errors on;
+
+
+    limit_conn_zone $binary_remote_addr zone=conn:10m;    # 限制连接数
+    limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s; # 限制请求数
+
+    #server {
+      #listen 80 default_server;
+      #listen [::]:80 default_server;
+      #server_name _;
+      #return 301 https://$host$request_uri;
+    #}
+
+    server {
+        # listen 80;
+        listen 5443 default_server ssl http2; # 修改此处
+        server_name  localhost;
+root /opt/posidon-frontend/;
+
+        error_page 497 =301 https://$host:$server_port$request_uri;
+
+        ssl_certificate ca/server.crt;        # 这里为服务器上server.crt的路径
+        ssl_certificate_key ca/server.key;    # 这里为服务器上server.key的路径
+        #ssl_client_certificate ca/ca.crt;    # 双向认证
+        #ssl_verify_client on;             # 双向认证
+
+        ssl_session_timeout 5m;
+        ssl_protocols SSLv2 SSLv3 TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+        ssl_prefer_server_ciphers   on;
+
+        #charset koi8-r;
+        #access_log  /var/log/nginx/host.access.log  main;
+        access_log /dev/stdout main;
+
+        location ~* /posidon|api/ {
+```
+
++ 重启nginx
+参照 4.2 启动命令
+
+## 4.9 从中安跳转我们系统后，无法正常进入我们系统其它页面？
+
++ 问题说明：
+
+中安单点登录进入我们系统后，由于存在中安登录信息，此时浏览器输入我们系统地址，仍会进入中安跳转时携带token认证的用户关联页面，无法查看其它页面
+
++ 解决方案
+
+请【退出】后，浏览器重新输入我们系统地址访问
+
+## 4.10 xxx不是文件目录问题？
+
++ 问题截图：
+
+```text
+[root@Server01 redis-6.2.2]# cd
+[root@Server01 script]# 1l
+总用量 16
+-rw-r--r--. 1 root root 2126 12月 9 17:04 common.sh
+-nwxr-xr-x. 1 root root 1049 12月 9 17:11 install.sh
+drwxr-xr-x. 2 root root    6 12月 9 17:19 redis-6.2.2
+-rw-r--r--. 1 root root 1457 12月 9 17:04 topic.sh
+-rw-r--r--. 1 root root  122 12月 9 17:04 upgrade.sh
+[root@Server01 script]# rmdir redis-6.2.2]
+[root@Server01 script]# ./install.sh
+./install.sh：第4行:source:/home/vl.0.：是一个目录
+install redis to path:
+tar（child）：/pkg/redis-6.2.2.tar.gz：无法open：没有那个文件或目录
+tar (child):Error is not recoverable: exiting now
+tar:Child returned status 2
+tar: Error is not recoverable: exiting now
+./install.sh：第30行：cd：/home/v1.0.0source/open-source-component/redis/script/redis-6.2.2:没有那个文件或月录
+[root@Server01 script]#
+```
+
++ 问题说明：
+
+大概率是脚本换行符问题（目前已解决，后续应该不会出现此问题），将script 下的所有脚本都设置为unix格式，重新执行即可
+
++ 解决方法：
+
+  + 步骤一： 以common.sh为例， vi common.sh
+
+  ```bash
+  vi xx.sh
+  ```
+
+  + 步骤二： 编辑模式下，输入如下指令，回车
+
+  ```bash
+  :set ff=unix
+  ```
+
+  + 步骤三： 保存并退出, 重新执行脚本
+
+  ```bash
+  :wq
+  ```
+
+
+# 5.配置文件变更记录
+
+页面配置： **最新版配置文件，请查看最新版本$APP_NAME$.tar.gz解压路径"/$APP_NAME$/pkg/assets/settings"**
+
+nginx配置： **最新版配置文件，请查看最新版本$APP_NAME$.tar.gz解压路径"/$APP_NAME$/pkg/nginx/nginx.conf"**

package/.release/nginx/ca/ca.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFgTCCA2mgAwIBAgIJAKbgNzMfpJehMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAkNOMQswCQYDVQQIDAJTQzELMAkGA1UEBwwCQ0QxCzAJBgNVBAoMAkhYMQ0w
+CwYDVQQLDARIWFdYMRIwEAYDVQQDDAlIWFdYR1JPVVAwHhcNMjIwNTEyMDkxMzUw
+WhcNMzIwNTA5MDkxMzUwWjBXMQswCQYDVQQGEwJDTjELMAkGA1UECAwCU0MxCzAJ
+BgNVBAcMAkNEMQswCQYDVQQKDAJIWDENMAsGA1UECwwESFhXWDESMBAGA1UEAwwJ
+SFhXWEdST1VQMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArDkT3No9
+vmY1eLvPNQ2y17IL+mADMbx143aZrwVKOMVI+08l6mw488A+D0dE3UyJGWtJJB93
+3lypjg/W9Lb6ubZZTcstsHRP8CIhILWML2wR4yAPWwKbC+5tmdjzhmHIHXU/W7kb
+6gZDdRMrzeCc03gQ5OAR5jtqYOv4uKBPJsMHuUceGVQv0YyDdeQlvXFsnGkJ3vMC
+HDuPTUOz2gkcE4qqJQCSUBdj8N5bLQDsc0B3H4d85ZkVodWGtW/5qt/kCMMDzlCU
+G3lT0Q2FeYW0Mnt3x11MgwaTxWzfIQ2JqYRy9AeHotxB+uKE3zJ9YCJ9mHBvPbIc
+Z8XZfHKzxIRD/Pbm4N2pCdtAWWG4IJhcMTm7NHaD4x88EBP4FDubxEkPORJ0Mi4w
+rGF5mEnKZGF2KHyxH97NXtWv6ohe0KQabWrXf3LiSMcCrepAzuiYFzK8rWWmh99i
+cHQjca294qj6b1H3MAhTxO+nBRkL8EjxtTbQb1rzN6gjJ7WoLDxrnVL8K9z0ORiG
+Vru7Fj+eXtOJCCaVQMHAQC6VcoMPAP7XA8GvEWgIpEt+jmtLCnc2o81mmsveqoFS
+0I9XdV5cOcpsPvFAunp+bO7SMrO6tnVJYxtpnwrgrHkUoEYimKumXMEPvwOwC9gp
+0DTwVXzYI1k3kghIE8wQfXWIUIN/k1vLWkkCAwEAAaNQME4wHQYDVR0OBBYEFFs4
+jRF3mEu7ce4UTKPjeZL0oGrTMB8GA1UdIwQYMBaAFFs4jRF3mEu7ce4UTKPjeZL0
+oGrTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFpNw1fgOiWlcxTF
+bBZyyc5xRfpxHbL1hyAcPXrHJq2W6KwPYq7Vm8lxKdLsx1hIql/Zp4BNuY2KVf2u
+DVB2WKT6ZRW2QjrtYTVCrOeC7+67CCFxQCy3qhYqyexu2SX73JUPdN7U9AIiDFAQ
+mPLuG6Sj30M2yUVCe9ZdT7remGM3FbQ7rE07dPXLDxV4g1KPaQ38HoWt8sSPDGLv
+HCnwJPCBxkDHqVBT+A7UpO1oNZJiZbsj1xXl34Py3y1fN6Krn27e8BvX1ymwgvci
+bAb5/QuM/7i3PU/Wmmo45CKXfllenj97XunFLWrHs2hndL6ljfwrB9mCpTpkSckq
+FwRA37ZTnPZ+maD96UbBO85tfHniTAfdiVkInGG9ncbPQYftKO5jUgNCDE8he5g3
+JbJEdB+iopylXoxrIdpNUxuwZCJo0vjcuu/3Zv3jNCgv/K7WBCoDwya0qrMo9fH+
+JgnreCGmTQrGVZx8bpPr8w9QGF1IEPQBandEN29EBrpoAvYcbSNv2yDLeA3iPXuz
+O+CdJSiZnrynx26bmRwUJvlGhEZEQjMEcXzwkhWtIGtu9rSFU0PDf4vf8KvxfSTJ
+b8MnLfgQCvNRUqLK2zdNYhcVBJlzLnbdG7C+376Sdv6sRspkcJVLzY7EfSD9PQQ8
+DWrGBNmHfWBUUICvZ/Wgw27oqAxQ
+-----END CERTIFICATE-----

package/.release/nginx/ca/ca.key

@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5DC321C97BA31394
+
+OUrY/bU42k0k67hY67O/45RfxPuNX7bnAjhDRR8A2SkCodfe+OQAskCNBMeGzSsx
+fl8Agrcwymcn/AFOJK1PA5DLZEg3ht80AYXyIaaR/ngNXGYkZgpugQrwzbiwx0Rf
+8CHXTfslqCXivaAuOpi/I8KyR4d8OHdTJ5JG7oBT8rjsafaPphieheHpT0nZp2Mp
+wibwNzn9k/M8QNZkClSIVXKjKH2Dvrv2Ntq7fqSQQicg/1/fOXFARsIN7kbsbk6h
+u7c7sNP6MJfTWG2UUEefqxuvDAVuIlwTP3h1peR+7m3GG8gJTVFD+akKrkTGSmlv
+ljG/XC9I+XnZDnCSehekNZhSewRG7ryjvEzzlN5P4a27QLhinrBhdARv0UZohx11
+dyhuiFDOaVWna6eK0VXduacXSJQVZwUzfaBk1/tD91L9Dm+f3BoCq3pZXukoNDXo
+VF9PMAGhsdKjmZD0D/hJCuljLCjV4HajmydPVvskfCiNikcZ/3QinuSZojU9TwuW
+0Z4FsU+QEi/U8B9bzZSQYEXgVYQam5CCyPA1bRxaJUHpvRkcmZpRZkMrhkum8HhD
+i7dTc/hrqOKDfAFCUoJ9aY88QXWbtgdnQtlUg3eoxV1aOSeM0fC+Bust6AKlGVAZ
+OB1RCIhUXYedJ+b+VacekF8rzm/Wv+e6PMnRpA8G0NvO+05uBY+I96sqA3fqK/rO
+lbuaQeqSVGAfe8L0QRGQOzLH1UAG4y3MoUVXnDjchS0ZOucefGjnsSVL1FKTQOJF
+O1p9VvvC7pqlexny+pVoU6Gmgy0fc+8GW3mJtY/+wHyTEivVuCsgW8HBR+Qf8/PW
+gyi+pXMvHJYoQpuD/dFQNcchbRxp+JyW9S0E9VSNhETn8hQQ5i2mcix/5+dq0wrv
+XVs4f/DfGYefO8nJdX15PpK3Ut4chc3BBnVfQrvsbJneRfHeDO5s+bIHnxCXnNmH
+pwCdABgjMfgB5yAumjeX/WBzL8m4I99ARTkCcOGg2cpnFCjSkP7DeNRWQ+kJiEbK
+h82byxDXsCYbuvIxRdBKTa4jtp4nYBYfv9zXQ565/GzyVlkAuoEG8GB4j4ZSrnVa
+/qdzj+Ow/svUxoSl4VXr2NG1G8lC31fDUvegQUdcblaDNf4ZjeSMI+c3jW7yf6Ol
+u3kIHAJ+zwbJ6CkpOgFMDkOMUcKVHtS+eQJUgdBacMQXcXZeMWlUAv9zHjWXaS+r
+t6V53sIPH+b4hO4923VXGLPocHKjnvpaaXVx5DL41IOloYvgcXoofPWCQFiRkjCZ
+yklluExZWPub5huykB9dEb3DdpbAnrjYoHoi8IEZgfhCIwl8n6FQyvhXOljvml40
+zW8naoM/pT6FpcaW/YiYg4gNADYHawUCkPxeY5zatRM6d4ssIvPRTBda4UOm92AQ
+VsFfOtvjXmrAzc0HJQy1vJN26RUwfNuxyj7JvWzy+5teMcaph3bSboKqI03Ypo33
+FPSVBpI7GPYxtDlrbpZjG6IF9iq1Hty3Gr98N0qzm3rQ5sYPo7+VFtr5MGlsfZ07
+BQULKRsc4H06dwAY4Wws7UElNDTF+9prodcehlB7lLXk9deCdgQUGzjRUPULdmRr
+qiSev8fNFaYin2rFbAnTXyOysG6xEOcHaQpKRglQe0haqoJQh5coJoxXfS8sUYhS
+G/UEy4XDX6otC/Ut/0/AzbW8MM4dlALDQdlE8dC+dEfu0h7fmu9cc1zyelaMZpri
+AN76Jpbiw2EebFqQ5BTJVtqBfYnPUfGan/QiG8QmAtCFHii4jGJF0uFFgCTMRhId
+l0VyH26XiKEfKqlvhd61bEuWbxSRusuXwwySqOFCOispMW5bvkreSsE4bdoERUp2
+y9SLhDy51A9pOvBpx3gkx6DwK2+1DUZbr6rRQ+wcDnsjsv3xdsjbGs7JrXQvM5Q/
+I/TuQYmhogfxcMJBhfjXMU7tEFRZ4INziJ7CZTH2wy7WWtpPddoq/l7jiWnu0fMb
+nIhIPl2zCKxfEq4p/pqpULc31Jt8AudoEr9n8nYzWXltjir0n4kt3wRV1SanfV05
+xTyI0IDA+lYmHcZAUwyI2G1UEmwbOkxmsGEXFqsVee2Ai+BAt18+hOITchvp2mQt
+jyAty5QSESO5s2Vi4BLgZ4m/hwxKV0gpEIDIsHh/0Jbc53w6htrbyyQCv9M4hLDZ
+tiXbIInGwKX7XuTC+V9LSO0FQ8VNTvvi2MZlogZec7/cMlhg1a2b/E6JWiZlbfdV
+3vyLukvK8aSAfJtqrG6rY7J8RCZNsRQBME22KEFYCy6MzPYzOU4MHTtMS91z85RB
+JRKkkVxHFPx3Rm1JOgtHfsY9XdzV24sN5gAAL9hunNaufquvcN193v/JL367zhtq
+v1hUMlJ6aWWITyitEdVvE3D3vTGIJdxbBG8cw+SbEuGFUYLvciSMCSmSkO4yYUTq
+ETkFHaNl5wSCyReBvzXzV1BRrTuFpqB0Ij9VtOcTHIAuyNgFNp4qhRTFGe64bug1
+ef336zrMeNFP/ztMIsP7huFF2USknMAtsjM8AIw8BGSTluv/vBIuEeyCJW3BOrQO
+N2aKLoZ8g+MuPGxhN277O5i0a8R9F8Rh4lbZ9Xj2boef6xGVqGj3YfE4ASniI+6L
+LFzcP6djwhAcJyKbTrE2NMXOQaehS8gP8PK80G9ctwXQonH7oL0ucPEP1SdXX7TY
+0Mb5mNMTL8DYjUXuG6i0dAOd20i3CtieOAaVRsXnIlWcY5DtttzaNtGlnFOfz7Ny
+wREamXKJcWX7pPqLO4VPUIJS1c+RIsKEZT+WY6KO9Ge6MZjYTKPhX+bfigq9hyDK
+ZQMPstZtsnewlexiNRDF9MgbMR0A2wKb6txRtx8k7A/0WM3pUDVJN+FeiHzLSDut
+uBddBxaYMnwChNW5A1uvd0akPbk09dSs+2IhHMcyZxz/XWzgilclstD3H4RNAyGA
+glv7Oh2SwJ7/ltFsTwEb9ySco80NAUTM+pv44MhP9MBY3h/0QPCOLASHBiLdsvwu
+Km+28o7BbhMoc55dAOLbiuRbkj9DSsoGeM6xb383+3MgElqkTiy8Zl2dTOq+4B00
+wzMUL7z0UYlXVjVaoEvbPsVzz8kkc6ioG9mTDsZlxxmjXOJMTTeHGMDhthZHMb0n
+-----END RSA PRIVATE KEY-----

package/.release/nginx/ca/client.crt

@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4098 (0x1002)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=HXWXGROUP
+        Validity
+            Not Before: May 12 10:04:38 2022 GMT
+            Not After : May  9 10:04:38 2032 GMT
+        Subject: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=HXWXGROUP
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:f5:20:ca:ac:89:3e:35:44:c5:3e:78:69:e1:ed:
+                    d8:68:14:05:14:72:69:f0:41:4f:d8:13:41:01:2c:
+                    01:a5:53:88:85:45:bb:f0:e6:f3:75:5b:c1:21:9d:
+                    c8:3b:f1:a6:61:c1:54:01:e7:b2:4e:61:1b:73:fe:
+                    e0:89:57:f3:33:e8:2d:4b:34:0e:0a:e2:89:4c:e2:
+                    18:78:07:e0:d4:b6:94:ba:cd:b6:74:32:aa:e9:77:
+                    1e:06:0a:ee:aa:44:8d:de:0e:0f:02:2f:1d:6f:8a:
+                    48:5e:e2:87:49:e3:04:93:7b:c4:8c:bc:50:9f:45:
+                    38:fc:bd:1c:3b:79:b9:1d:b1:1c:53:a1:34:d7:63:
+                    03:b0:97:45:7a:2e:53:b7:48:84:96:c6:64:bf:7d:
+                    25:cd:90:ce:b5:7f:83:d3:13:c0:03:4f:31:e3:4e:
+                    4a:76:c5:f5:d3:79:6a:2f:95:1c:0a:3a:c6:40:8d:
+                    28:5b:e5:3c:47:0d:9a:49:d9:0a:bb:07:d0:bc:a3:
+                    68:ec:27:7e:1e:74:2d:7e:6c:9d:6d:b4:93:9d:25:
+                    2c:e5:cd:e2:1d:0a:15:4f:2d:44:bd:40:82:37:15:
+                    1a:d5:f9:a6:ef:55:90:1e:27:4f:2d:4a:24:4e:8b:
+                    35:dd:75:66:0d:25:75:69:f4:ad:d0:3b:37:4c:59:
+                    f3:c5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BC:F2:C1:92:7D:20:65:AA:3A:C9:39:40:6D:EE:08:37:56:81:B1:4E
+            X509v3 Authority Key Identifier: 
+                keyid:5B:38:8D:11:77:98:4B:BB:71:EE:14:4C:A3:E3:79:92:F4:A0:6A:D3
+
+    Signature Algorithm: sha256WithRSAEncryption
+         6e:ca:06:28:05:36:8b:bb:82:ed:18:cd:01:d8:d0:e9:57:3d:
+         3c:32:ad:29:1f:50:8e:16:2e:de:e0:47:26:ab:60:72:13:0f:
+         53:9a:ea:2c:30:6c:32:53:ad:60:f8:92:cc:93:91:62:a8:f3:
+         cf:a0:1c:8c:d0:97:85:5f:a2:5e:fe:60:71:91:0a:d9:49:f9:
+         b6:93:77:f2:c2:c2:fe:c9:f9:a8:7a:de:cd:cd:52:a9:fa:2c:
+         a8:45:43:40:93:be:6f:1a:80:66:eb:af:51:3c:b9:3d:fd:6d:
+         a5:d2:a4:63:c7:4b:44:13:a7:db:7c:fc:80:6e:8a:7e:55:94:
+         59:e2:f9:1f:4f:71:49:5f:e6:ba:8e:d2:7d:88:c1:10:bc:6c:
+         4b:97:f3:70:44:49:8e:4a:d3:be:e7:84:d3:73:25:5d:e6:65:
+         5d:7c:44:1d:fc:45:06:05:84:54:b3:b5:a0:e7:79:d3:23:e0:
+         da:14:20:82:b3:f9:53:43:31:8b:80:81:2c:d1:db:6a:de:1a:
+         29:53:25:fb:95:2f:2c:81:93:4c:24:82:5e:46:87:db:d3:a1:
+         21:c3:53:61:55:da:2d:29:ba:ce:2e:50:15:27:b9:0d:d6:b1:
+         60:6b:6f:88:e8:3f:b8:66:b9:96:11:4c:33:9e:18:57:f7:d1:
+         a1:14:42:ae:22:3a:8a:c3:5d:aa:20:aa:23:b1:2f:98:95:36:
+         cd:a4:f4:23:8a:bb:eb:c0:38:bc:5a:14:da:5b:de:83:9d:10:
+         cb:e8:34:09:4a:d6:4d:56:7a:42:f1:fc:8d:f6:c9:25:23:b3:
+         a5:ed:b4:58:ac:ec:62:75:cd:d3:6f:6c:7c:48:b8:30:a3:ed:
+         e0:41:f1:55:0c:b8:99:37:cd:e6:15:7f:d6:04:83:8f:96:9c:
+         e6:de:ef:db:ee:a2:eb:cd:93:e2:92:35:44:4d:bd:3b:a4:dd:
+         ac:7b:5c:e6:bc:8e:e6:26:17:cc:03:41:cc:fe:13:cc:13:1f:
+         6a:33:96:70:49:8b:30:9f:93:19:80:7c:9e:f3:c9:dc:99:5a:
+         06:f5:4d:4d:96:d0:55:e5:bc:15:8f:3a:83:79:58:12:23:e8:
+         c9:80:ba:d2:23:e5:a5:8d:8a:b3:e8:20:26:37:5a:5a:1f:a0:
+         0c:28:15:c5:9f:4d:87:0f:18:c7:22:f6:c8:54:54:13:0e:f8:
+         a9:aa:71:ce:55:78:9e:8b:1a:15:27:cd:f6:d6:cd:43:d1:af:
+         35:72:ff:cc:5a:b4:85:1d:29:82:62:64:5a:a8:d0:ed:39:71:
+         ed:19:25:21:9d:c3:27:05:0f:1c:28:ef:46:17:d7:cc:cf:d3:
+         f9:a0:66:0f:b2:ea:6f:41
+-----BEGIN CERTIFICATE-----
+MIIEpTCCAo2gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAlNDMQswCQYDVQQHDAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsM
+BEhYV1gxEjAQBgNVBAMMCUhYV1hHUk9VUDAeFw0yMjA1MTIxMDA0MzhaFw0zMjA1
+MDkxMDA0MzhaMFcxCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJTQzELMAkGA1UEBwwC
+Q0QxCzAJBgNVBAoMAkhYMQ0wCwYDVQQLDARIWFdYMRIwEAYDVQQDDAlIWFdYR1JP
+VVAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1IMqsiT41RMU+eGnh
+7dhoFAUUcmnwQU/YE0EBLAGlU4iFRbvw5vN1W8Ehncg78aZhwVQB57JOYRtz/uCJ
+V/Mz6C1LNA4K4olM4hh4B+DUtpS6zbZ0Mqrpdx4GCu6qRI3eDg8CLx1vikhe4odJ
+4wSTe8SMvFCfRTj8vRw7ebkdsRxToTTXYwOwl0V6LlO3SISWxmS/fSXNkM61f4PT
+E8ADTzHjTkp2xfXTeWovlRwKOsZAjShb5TxHDZpJ2Qq7B9C8o2jsJ34edC1+bJ1t
+tJOdJSzlzeIdChVPLUS9QII3FRrV+abvVZAeJ08tSiROizXddWYNJXVp9K3QOzdM
+WfPFAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBS88sGSfSBlqjrJOUBt7gg3
+VoGxTjAfBgNVHSMEGDAWgBRbOI0Rd5hLu3HuFEyj43mS9KBq0zANBgkqhkiG9w0B
+AQsFAAOCAgEAbsoGKAU2i7uC7RjNAdjQ6Vc9PDKtKR9QjhYu3uBHJqtgchMPU5rq
+LDBsMlOtYPiSzJORYqjzz6AcjNCXhV+iXv5gcZEK2Un5tpN38sLC/sn5qHrezc1S
+qfosqEVDQJO+bxqAZuuvUTy5Pf1tpdKkY8dLRBOn23z8gG6KflWUWeL5H09xSV/m
+uo7SfYjBELxsS5fzcERJjkrTvueE03MlXeZlXXxEHfxFBgWEVLO1oOd50yPg2hQg
+grP5U0Mxi4CBLNHbat4aKVMl+5UvLIGTTCSCXkaH29OhIcNTYVXaLSm6zi5QFSe5
+DdaxYGtviOg/uGa5lhFMM54YV/fRoRRCriI6isNdqiCqI7EvmJU2zaT0I4q768A4
+vFoU2lveg50Qy+g0CUrWTVZ6QvH8jfbJJSOzpe20WKzsYnXN029sfEi4MKPt4EHx
+VQy4mTfN5hV/1gSDj5ac5t7v2+6i682T4pI1RE29O6TdrHtc5ryO5iYXzANBzP4T
+zBMfajOWcEmLMJ+TGYB8nvPJ3JlaBvVNTZbQVeW8FY86g3lYEiPoyYC60iPlpY2K
+s+ggJjdaWh+gDCgVxZ9Nhw8YxyL2yFRUEw74qapxzlV4nosaFSfN9tbNQ9GvNXL/
+zFq0hR0pgmJkWqjQ7Tlx7RklIZ3DJwUPHCjvRhfXzM/T+aBmD7Lqb0E=
+-----END CERTIFICATE-----

package/.release/nginx/ca/client.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNDMQswCQYDVQQH
+DAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsMBEhYV1gxEjAQBgNVBAMMCUhYV1hH
+Uk9VUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPUgyqyJPjVExT54
+aeHt2GgUBRRyafBBT9gTQQEsAaVTiIVFu/Dm83VbwSGdyDvxpmHBVAHnsk5hG3P+
+4IlX8zPoLUs0DgriiUziGHgH4NS2lLrNtnQyqul3HgYK7qpEjd4ODwIvHW+KSF7i
+h0njBJN7xIy8UJ9FOPy9HDt5uR2xHFOhNNdjA7CXRXouU7dIhJbGZL99Jc2QzrV/
+g9MTwANPMeNOSnbF9dN5ai+VHAo6xkCNKFvlPEcNmknZCrsH0LyjaOwnfh50LX5s
+nW20k50lLOXN4h0KFU8tRL1AgjcVGtX5pu9VkB4nTy1KJE6LNd11Zg0ldWn0rdA7
+N0xZ88UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA3KsjHhN6PIjLSvLQ45idR
+6TOhTY05ULZleFeoQEyLMWY8h/vTBG+BCFMQjwB1NNfz/MhfRm9BRW1nBXlgEJHe
+8jZMaj8sh+So/2ecScXtUjSiP0UvNN+H7CFuvi0dHsK/HV2lohdSYjf5AG2x3Rcv
+smW7C5w3mtEZIitItYzCllVckxWe2iYGfDzUefU6tdaBT+p7peBlq+kwkYA/7mtK
+zMbrR5DgZ4t30KHsA+hXwrByZyd0cXioz9//MMUHWoQdWaGppxzXJj9ftZtQXUgV
+ujlcmuzz5orPWoFE6Sb51TSbMROUbSWw0HNwJ/sRw9HTZdEdjFrdHGRIHJTeV5sv
+-----END CERTIFICATE REQUEST-----

package/.release/nginx/ca/client.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6FC91C55F844B1B7
+
+YIF8lJyn+b/qxZgmGrRPJs1yAe4LayQcuPgNjrJtnyspD+NFkDcttARkueldJMrk
+UkCCHoaxVjpE1lbnu84bqHePb8NE2VpMCfN6cMuYN3A6YcHpJOAsKprqs1SvJz3Q
+LrtcRw3Yhp5Ud/aBWJVcnFhRENSqUEALQ4VaZ9fXRBNaYwGNQeSBy/UmChQ4//t5
+c7uxkubKUPO5LCT2L0QSytS5bP0MLtAOiA9FxoT8xeV4zFWKCzeiTnpu2JvBksu6
+u8K1Fw08sWIX8mnXxKng9Q0cUSH7b6FT3fqh2Cq1jTr0/UH6x2+HuqaETwv+JN9u
+3sNaEg2EEFKHx5K2GStc4DiVw2533lQvrnqic59ykybzwccdUDxLN9gkkLjnFpZ0
+dT8vBeoMcJDt2jpONEAgsHv6wMGVFqq+mUgd1GB7PCgZ3axB8lcCr8NmeyvXhoTJ
+UIasZoqQLrRDiMuYDXViH6U7T3E8uBya4tcb7d13mq92JmnQhT9ovs1CwlF1LcbZ
+J4uLzeeP4CwxmTPZ9D10QG7rqGBsHb5qKz7YoHnXHZ/WF9Q96ncbuIZIot+GkiyT
+TlUlqaxT7hfU8SsswbxP+9nWGqwY/OE2caC8IskcALxufZUbehjJGw/3EsBH0RPk
+wW9LlQ3v9/vRHTzh7/NYU6zOXZ8zhkoUkjAJhJuz3TIWjmDbR+zJ2oXN6jZO5T2/
+Eg9qL6Z/z5tk+NUjzIkDWKNGUf/o+6Udnnh+VKCa1Sh+NfqBZgiQMEuNqUxDwqBf
+5JuPSuZ9oPLuA4XvfRDfviPeb9aHMF99ErBD7i3YCQCgEQCvfPdeOVSJ8JU3ts9C
+f/1q+xA05RMsQhLW0K96yQ7sXjQdYlIbD52f1qXl+VCNO7ZfO5D4EuqfRstRBJCN
+cHjORHW2VoP0gv6Z1aw6Nx+FrJ1Z3KH5xGZROoaPzRikudPIpGgBrJRdclDz7J5e
+i27fli4kgRpToEkNVKEKU2pdfgmejqnhQ25hvaa3TVBczM0skSQI5Y2THDvtVc4G
+dw7ALxE+88uh24+3Y8xU/j7As6pu80wCA4oi0gNhkgckcdEvBQcr5bePXQq0Ry3g
+5YTTcef3tUPy1pFbvftaVLlGSS8NCh8eQw/yh4ZyIc4gcNAiESTp5sNe5eY5t8pO
+aWUE1YubD4SxMyBR4bKMDca8bpmVX3MG9s03Wtfqg/j7GeQlEqlPk2sL+dliOxTt
+BLLj/RBswpXUGUQNGjLTKequEU+XJSUEJmsrJMOzwArYRljDQrqQo92tfjTBXlUv
+vtM62kdHoahy/1sAFLcntIdwOwuxyv+6nJoXs/wiR2NTkeUIbtxJjbDc6QvIxNg8
+M0kCDivOcmD8N97cx76SVDo+H9kdhdDep97OGSmchbkZ5vAl/9y59cFkIHFxg83N
+7PKmCh+vGSRtqKZc6vW/eeyDPioGL66jJvWDAqfX2TFu95vBQLRE7tREZ7qtC1zA
+GTH+1FhMlUCh0AjEL6EB2uJXC9IDROHBnMHNaWhCvecDos3cSEOj+LY5ay0QKFWb
+Oo6tUFZon/ja8tg0PspTU7umtsQVXY8RR1pBegiBuvaxv+0XMtYWFFMjPfML0hmd
+-----END RSA PRIVATE KEY-----

package/.release/nginx/ca/server.crt

@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4101 (0x1005)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=HXWXGROUP
+        Validity
+            Not Before: May 17 03:12:56 2022 GMT
+            Not After : May 14 03:12:56 2032 GMT
+        Subject: C=CN, ST=SC, L=CD, O=HX, OU=HXWX, CN=www.cdsp.com/emailAddress=''
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c0:75:b7:fc:09:d8:22:47:a4:78:af:d3:c1:64:
+                    9d:39:7c:47:6a:e2:e3:eb:92:58:3a:f8:93:2e:71:
+                    c9:bd:24:71:53:8c:f0:68:be:5b:18:90:9f:b1:71:
+                    5b:c7:94:36:d3:0d:c3:62:af:d6:0d:6b:02:3d:26:
+                    3d:15:d0:45:8e:28:4e:7e:7a:b3:a9:96:99:b7:5b:
+                    39:fa:4b:59:7e:cf:41:7b:77:f1:8d:f6:7c:81:66:
+                    00:66:ea:77:74:fd:ef:da:36:27:bf:63:a8:b5:48:
+                    17:a9:16:d4:84:f2:50:f8:5d:d0:83:d6:63:c6:d4:
+                    39:2f:b0:2c:62:20:8d:0b:97:2f:72:cc:00:c8:f7:
+                    ee:a0:88:ec:24:25:b5:d4:a2:a5:8f:0e:0d:8c:2b:
+                    f7:a1:b0:bd:00:b7:2a:ad:84:87:64:fd:73:d2:2a:
+                    bd:f6:fc:b8:87:c5:58:9a:30:9d:e0:d9:5d:ae:2e:
+                    4a:57:67:58:dc:be:5b:85:a8:44:01:11:c1:17:83:
+                    10:4b:52:de:e0:9e:19:92:9d:ad:4d:b8:56:60:3c:
+                    47:1a:de:35:86:70:94:be:ef:26:68:5d:ff:4e:fa:
+                    c1:04:8f:ac:b6:0c:1f:62:63:3b:34:6d:90:44:94:
+                    6f:61:cf:d5:44:fe:14:fb:7a:c6:1c:45:8f:21:81:
+                    81:9f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                2C:EB:73:A8:5E:6D:8A:52:61:CC:7A:64:65:89:F3:9D:F3:E2:F9:8A
+            X509v3 Authority Key Identifier: 
+                keyid:5B:38:8D:11:77:98:4B:BB:71:EE:14:4C:A3:E3:79:92:F4:A0:6A:D3
+
+    Signature Algorithm: sha256WithRSAEncryption
+         71:c8:00:e2:16:a1:0d:e7:ce:5c:74:59:06:c7:66:ec:15:ca:
+         f9:9a:94:d2:89:f4:1f:ed:95:5e:37:1a:e6:b7:ac:11:50:15:
+         19:f5:51:2c:22:c4:98:74:f7:93:c2:87:4e:37:20:87:05:e7:
+         0b:87:22:26:6c:2a:17:d2:cd:49:30:36:1e:a1:86:00:0d:79:
+         27:d0:9e:44:ab:6f:77:45:9e:24:3a:92:60:76:f2:d1:1e:16:
+         ce:dc:60:7d:fb:40:71:58:76:86:99:49:8a:9a:a0:c4:2b:c5:
+         8c:d8:e9:f7:bc:ee:d1:d1:89:b6:38:30:88:19:16:d1:aa:59:
+         e7:38:71:d4:55:4c:a4:60:1a:9b:08:50:06:d4:27:fc:e9:89:
+         a2:5a:78:03:bb:6d:c6:bd:15:b8:8a:04:e1:4c:96:01:e6:47:
+         70:25:d0:5a:b0:39:53:c5:67:52:a0:5f:86:97:12:c8:26:fa:
+         b0:23:37:c4:5e:fc:fc:4d:66:e5:fe:b4:40:56:80:a8:8a:54:
+         9e:f0:37:67:ad:02:a0:a1:63:89:62:4e:c9:64:0b:48:3b:7c:
+         e4:6a:13:5b:71:1f:5a:85:8d:5a:96:35:f8:97:97:26:d4:9d:
+         fa:47:75:55:a4:48:7e:cd:27:f7:7d:d8:2e:92:42:c8:54:54:
+         65:7b:14:ab:75:38:72:79:59:34:70:f7:84:ee:4b:3f:cf:e8:
+         79:58:fb:2c:54:4d:f2:4f:7f:08:c3:93:6d:24:27:98:f5:05:
+         ff:7d:0c:1b:ec:7b:d5:8e:eb:76:aa:80:b3:cf:aa:2b:03:2f:
+         61:b2:5e:42:90:a7:89:19:53:c4:3d:7f:a8:30:9b:0f:67:30:
+         b8:70:30:13:c4:24:11:46:a2:e3:b8:19:d0:22:2b:69:5b:40:
+         13:34:af:6f:6a:81:e5:6a:b7:cc:ae:74:18:bd:0a:91:06:02:
+         d9:bd:81:9c:fb:7c:59:16:09:c0:9c:f5:70:44:4a:df:02:75:
+         42:a2:dc:84:13:a0:89:a9:fa:58:ba:82:81:8b:1d:d6:83:29:
+         c6:3e:8a:94:9f:53:7e:8b:a5:cc:12:e0:76:3a:a7:f2:1a:9e:
+         13:54:b1:c9:23:89:1f:b8:65:65:70:00:05:a4:f1:43:e5:f3:
+         8e:19:3a:d8:48:d2:6c:25:41:60:24:90:0c:6a:34:ff:18:39:
+         75:fb:25:e7:67:97:d6:44:ec:cc:6a:21:5d:24:d4:1b:c0:02:
+         28:69:62:92:56:d1:70:6d:99:27:98:0e:b1:ec:40:5b:66:08:
+         f5:8e:3d:88:5a:c2:30:85:e3:35:2e:2b:aa:42:17:db:bf:04:
+         aa:31:9b:74:b7:43:8d:07
+-----BEGIN CERTIFICATE-----
+MIIEuzCCAqOgAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAlNDMQswCQYDVQQHDAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsM
+BEhYV1gxEjAQBgNVBAMMCUhYV1hHUk9VUDAeFw0yMjA1MTcwMzEyNTZaFw0zMjA1
+MTQwMzEyNTZaMG0xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJTQzELMAkGA1UEBwwC
+Q0QxCzAJBgNVBAoMAkhYMQ0wCwYDVQQLDARIWFdYMRUwEwYDVQQDDAx3d3cuY2Rz
+cC5jb20xETAPBgkqhkiG9w0BCQEWAicnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwHW3/AnYIkekeK/TwWSdOXxHauLj65JYOviTLnHJvSRxU4zwaL5b
+GJCfsXFbx5Q20w3DYq/WDWsCPSY9FdBFjihOfnqzqZaZt1s5+ktZfs9Be3fxjfZ8
+gWYAZup3dP3v2jYnv2OotUgXqRbUhPJQ+F3Qg9ZjxtQ5L7AsYiCNC5cvcswAyPfu
+oIjsJCW11KKljw4NjCv3obC9ALcqrYSHZP1z0iq99vy4h8VYmjCd4Nldri5KV2dY
+3L5bhahEARHBF4MQS1Le4J4Zkp2tTbhWYDxHGt41hnCUvu8maF3/TvrBBI+stgwf
+YmM7NG2QRJRvYc/VRP4U+3rGHEWPIYGBnwIDAQABo3sweTAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQULOtzqF5tilJhzHpkZYnznfPi+YowHwYDVR0jBBgwFoAUWziNEXeYS7tx
+7hRMo+N5kvSgatMwDQYJKoZIhvcNAQELBQADggIBAHHIAOIWoQ3nzlx0WQbHZuwV
+yvmalNKJ9B/tlV43Gua3rBFQFRn1USwixJh095PCh043IIcF5wuHIiZsKhfSzUkw
+Nh6hhgANeSfQnkSrb3dFniQ6kmB28tEeFs7cYH37QHFYdoaZSYqaoMQrxYzY6fe8
+7tHRibY4MIgZFtGqWec4cdRVTKRgGpsIUAbUJ/zpiaJaeAO7bca9FbiKBOFMlgHm
+R3Al0FqwOVPFZ1KgX4aXEsgm+rAjN8Re/PxNZuX+tEBWgKiKVJ7wN2etAqChY4li
+TslkC0g7fORqE1txH1qFjVqWNfiXlybUnfpHdVWkSH7NJ/d92C6SQshUVGV7FKt1
+OHJ5WTRw94TuSz/P6HlY+yxUTfJPfwjDk20kJ5j1Bf99DBvse9WO63aqgLPPqisD
+L2GyXkKQp4kZU8Q9f6gwmw9nMLhwMBPEJBFGouO4GdAiK2lbQBM0r29qgeVqt8yu
+dBi9CpEGAtm9gZz7fFkWCcCc9XBESt8CdUKi3IQToImp+li6goGLHdaDKcY+ipSf
+U36LpcwS4HY6p/IanhNUsckjiR+4ZWVwAAWk8UPl844ZOthI0mwlQWAkkAxqNP8Y
+OXX7Jednl9ZE7MxqIV0k1BvAAihpYpJW0XBtmSeYDrHsQFtmCPWOPYhawjCF4zUu
+K6pCF9u/BKoxm3S3Q40H
+-----END CERTIFICATE-----

package/.release/nginx/ca/server.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNDMQswCQYDVQQH
+DAJDRDELMAkGA1UECgwCSFgxDTALBgNVBAsMBEhYV1gxFTATBgNVBAMMDHd3dy5j
+ZHNwLmNvbTERMA8GCSqGSIb3DQEJARYCJycwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDAdbf8CdgiR6R4r9PBZJ05fEdq4uPrklg6+JMuccm9JHFTjPBo
+vlsYkJ+xcVvHlDbTDcNir9YNawI9Jj0V0EWOKE5+erOplpm3Wzn6S1l+z0F7d/GN
+9nyBZgBm6nd0/e/aNie/Y6i1SBepFtSE8lD4XdCD1mPG1DkvsCxiII0Lly9yzADI
+9+6giOwkJbXUoqWPDg2MK/ehsL0AtyqthIdk/XPSKr32/LiHxViaMJ3g2V2uLkpX
+Z1jcvluFqEQBEcEXgxBLUt7gnhmSna1NuFZgPEca3jWGcJS+7yZoXf9O+sEEj6y2
+DB9iYzs0bZBElG9hz9VE/hT7esYcRY8hgYGfAgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAWDnN1PJLwlYqv5VSDvqINzgu5uy4oKswUm2k+Jq4eAcVtq/soBIVZixe
+9weO2iXGQRtumDMlu/JihLfiZ7Klp+SEbGiPKS5p3WmR6cebSeOMGmfy+JGN952U
+EUqwFYhM7tt+2wAB1MbO57S7r512sQwOUGp7GWa2U5Anslw27kSSyhH/q0Z23Hlc
+6Q7KLRqb0WUs9DkrbPS1jedQOSzsy1hO2iINvRxA/dhvFzGDZSXFxyrnjxs0VID0
+sjpcrL4M8HJMPXYr8Hwj3njTPef18GKx1mAbiaQ2xHhkl6iuJyX+T4XS9iYtnarL
+EuGDO+6ZO34ZoH1YcElmLWwcM4IEdw==
+-----END CERTIFICATE REQUEST-----

package/.release/nginx/ca/server.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAwHW3/AnYIkekeK/TwWSdOXxHauLj65JYOviTLnHJvSRxU4zw
+aL5bGJCfsXFbx5Q20w3DYq/WDWsCPSY9FdBFjihOfnqzqZaZt1s5+ktZfs9Be3fx
+jfZ8gWYAZup3dP3v2jYnv2OotUgXqRbUhPJQ+F3Qg9ZjxtQ5L7AsYiCNC5cvcswA
+yPfuoIjsJCW11KKljw4NjCv3obC9ALcqrYSHZP1z0iq99vy4h8VYmjCd4Nldri5K
+V2dY3L5bhahEARHBF4MQS1Le4J4Zkp2tTbhWYDxHGt41hnCUvu8maF3/TvrBBI+s
+tgwfYmM7NG2QRJRvYc/VRP4U+3rGHEWPIYGBnwIDAQABAoIBAQCOjGJ6hlwUf9Xd
+IfYIrtoZAujuzSCdkeZRv11cMCGJO13I0YIbQqq8VhpB1kFxYGD/D5mhFbXIeHLP
+Eex6pKlv8oC5A27g9E/kU+hsb7TYzO+mYJ+EU4XCXed8Urup5o/pouTryAfkRYJo
+1iUQV14Lp4jSrU93rCazIJyvDYcKhmZfLwK116Ovgd8QgzyUQCDEkI0uO16Nn3ft
+wZbCH+H4uzEsfosDLoZsAaC/U+i/TtCOQLEl88hqawYanLT3+10GrmUAHat0H1mn
+LCh+DdWzqvVAIlTjteQ5N4DEWZSVYb5E7sNyZvNKlM1puTGd0OuJBfdcRobZKV38
+t9F/vXl5AoGBAOFx9ih3jJ1dn5Gi2L33z8tnJEB6w1f35A9N9jDa9RZHKkOQ90jf
+E7eJcdVE7F9FlALcVuR7MrxxfPw9hlaohqwadV8kM4gGNLiSTnpmj/bvXLf73Oue
+OL5i1j1eZhyWPP3H+BItVMqKSFwjvmy1C2Bo6eR+A/D+JG+LWRkb39t9AoGBANqL
+TKJ7oS1JkcxzZaeiMgDuYkzfEl7MunhaBeszEw590clAgEY0ZZtg6oWMYBMRxFyB
+yaWQveNzs6pMrfuaU/xPzHNK6wZHnSdloePUk3iVjLpNojtglzCNpEXi905Md26O
+NfX3deOp46zBNsQLkF8b/km/HUTyoqk/7vxvS0RLAoGAI6UbIIbWasM0yZgP4Olf
+p29lYfSHEk+VdX4EIPFdsuoJmqk/D/yFZ42JvAirvtyHbHReIL4B5Z2j/1XS+byn
+nmqIiER3CVjB2TT4x42T0Z1C8awW4AIiQqfp68YTKw3uEsodRPJ555Q5oKfeId32
+MIYmBQSPpvjn1eMYcUng+RkCgYBiKaGhdgB+dAYuHEMz2bG2I106BBSfSjwTpPP1
+ojpUDwW07OjxH8Xn1c9hbx0UU62sk4t8d5gjWyv/OXQIiFhjA4Dk5GjOqEoZkRf3
+WttmlV3hrM9K9mbSozx/O6QzojsfCHeKZL2qJfwi86JiyoLthYhhnZtLBeU0Oohh
+EKhxIwKBgQCyiydmXG9jRUCHwT5ltRo0yUEU4CkecmHZHy8juknhqDvgsUnxhJos
+nDCuof3+K4C052Zd5zV8zIM8lHTxWfq5N/MLKSRkqGh7EiwiTbXUkRZXEkwcab6m
+h3ip6dGIcCwvTPq0WPc4cPCYOkfV9neGWb9mfQTCFtBj4d9LiHgkVQ==
+-----END RSA PRIVATE KEY-----

package/.release/nginx/ca/server.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,09B111B23D33B446
+
+Y/oDvx4T6nMpFUY9fzfdEXbkFJaP7qPGphgkqX14zIHx7TFZDcLEo7v1HrUeLOuf
+OIKKQ6m8F4NVmjq+9p9g3NFNClm+9RxxZ2CRLnnxr0EY4Ado34/DpN/+6pWuxm6w
+MTVbKQBRmWmZ2bpURkacz+ibYJB3G3Gf4vtLXgHth1zbv/lXi0VvnmlNDVocjiVK
+WPSh0XCQCmTZmUX/Oz1VfES/xvMJIvDvLY61geAgwVVYgpQfZ2uTlT3rHyBzcuVX
+NZOwh0AJHgPH2sruzkb0ic3JhmwIfdzvIsWyvh55CQW3v5CsE9HC6IpEZmqjFhVv
+ahgo4Wfo8pAsDEaK0qeux7oxtU4wFigSrxPWszDbVdzA00NT8iouz2Aq/Tq5uWQj
+YZeOgreDa1o7XoBUzaeGbDcxYX1Gx6nC7+q1dLUo/Pr7dKZdEXguQGeIjhCAUHRg
+1uzPybHTcspk4TpQIS2+rsCJCVFikO8soaRtxanrhH2pPHJ91uJJrudYN5WuUE7G
+2V7a4xSfW49frikk45lF1CirSnGnWaaV8DQIQb7JFeGF+DTS5f4ubi2IwfnDJfyT
+BkislINrejkL8yVC7YjncU1ferIIn5xrAYqecIj2NOK7xWkLNLtMmLWcaPy8fqoB
+EDOAE7RmTUPG8mGgMV5btjxKmUUiJaQ9CZ14jj5Ape2jK8ieUzjlRxGS2KfaYgAN
+9wLHuLLoNaLdX92CIXwCJo5ftfj9kZBxmRc0dz6o+sFlFSTv08MkuiKRYE18N0Dl
+94CvtElR+f46Vnfa44UyKa4XOWH54Itjt5brNnkvkMNbTB7gTiFq1nR5t9El3rQC
+/6fObqCQM+bqHbiFyV9bTjvbAAZSv28YDSfAqx4rxHGkvbKl9E+Mw77nuMDA9l5K
+jp6jJ4iLMdj4X5c2uJ6hcmRTGoCsER9UT71mxBAI58Wmda6Gf6I9mmBwi367CYeF
+iGHCAd46fgTtGN1deb6NTv8UWTeLi43RiRE+LvjgqWeZTsNMrIkwlHa7L8ASRIBl
++pzxLHpG30arm1spNmekw+dAF1LFBUD+1DQaNg9h+PztzHKdDcdw9gkxYZuMPo7f
+Xu+cIsBHouRPC6zudXIt/TPWTmhqCaKeYPfmiNtR1qXNKo11zP/5uIzBDbY49CMF
+9DB1nqXioq5Urgp9S+0dMU65kio2Ocp9BPPxlOCGA9iMCLYsVYmafTqLqdf55JEv
+HMxYiFSYmJhbUbWhU3DCXtlUWXENMyDslDCltJop8FMnYNdD+eHgTqyzgE2lkII1
+5AcOFrGtpJEPz/fQZVYxiG8wwPGusEtHdilG2AVQpQUqYDqBCIn8bEX8ddWAl6QI
+fxZ0em0UFZ4WNkpIN5NUHJq9yegqMtxkpEK6WDXn1UUMUZ9UtWlBIlR1ZkG5x/Ct
+xsltmNjGJpwiE8gywWyLxEiMQJBKQxNGqNcWTLCm+0cl+ZHXoMvaFPeb1AEsAP1U
+GqrvLj0YvfnUT5r/Xg+ksIKJ1VgSpgWKka4ySIb/dB+tV3I49QJ5dELjZi2InX88
+nKP526ssIv1mNOK0b0UQxjN1FFOkHDtTfysWHt3swWSUqaNEV8zTg8fmh4YI3z2u
+-----END RSA PRIVATE KEY-----

package/.release/nginx/nginx.conf

@@ -0,0 +1,179 @@
+
+daemon off;
+user  root;
+worker_processes 2; 
+
+#PID_FILE_PALCEHOLDER
+
+# 请勿删除此处占位符
+#ERROR_LOG_PLACEHOLDER 
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include      /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # 自定义时间格式
+     map $time_iso8601 $year {
+        default             'year';
+        '~^(?<yyyy>\d{4})-'     $yyyy;
+    }
+    map $time_iso8601 $month {
+        default             'month';
+        '~^\d{4}-(?<mm>\d{2})-'     $mm;
+    }
+    map $time_iso8601 $day {
+        default             'day';
+        '~^\d{4}-\d{2}-(?<dd>\d{2})'    $dd;
+    }
+
+    map $time_iso8601 $time {
+        ~\T([0-9:]+)\+ $1;
+    }
+
+    log_format  main  '$year/$month/$day $time $remote_addr $remote_user "$request"'
+                      ' $status $body_bytes_sent "$http_referer" '
+                      ' "$http_user_agent" "$http_x_forwarded_for"';
+ 
+    # 请勿删除此处占位符
+    #ACCESS_LOG_PLACEHOLDER
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  600;
+    client_header_timeout 600;
+    client_body_timeout 600;
+    send_timeout 600;
+
+    server_tokens off;
+
+    gzip on;
+    gzip_min_length 1k;
+    gzip_comp_level 5;
+    gzip_types text/plain application/json application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
+    gzip_vary on;
+
+    upstream tomcatposidon {
+      server localhost:9998; #tomcat
+    }
+
+    # 开启自定义错误信息响应
+    fastcgi_intercept_errors on;
+ 
+    limit_conn_zone $binary_remote_addr zone=conn:10m;    # 限制连接数
+    limit_req_zone $binary_remote_addr zone=allips:10m rate=500r/s; # 限制请求数
+    
+    map $http_referer $referer_host {
+       default "";
+       "~^https?://([^/]+)" "$1";
+    }
+
+    server { 
+        # listen 80;
+        listen 5443 default_server ssl http2;
+        server_name  localhost;
+        root  __root__;   # 请勿修改 此处会在脚本中动态替换
+        
+        error_page 497 =301 https://$host:$server_port$request_uri;
+
+        ssl_certificate ca/server.crt;        # 这里为服务器上server.crt的路径
+        ssl_certificate_key ca/server.key;    # 这里为服务器上server.key的路径
+        #ssl_client_certificate ca/ca.crt;    # 双向认证
+        #ssl_verify_client on;             # 双向认证
+   
+        ssl_session_timeout 5m;
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+        ssl_prefer_server_ciphers   on;
+
+        # 安全设置
+        add_header X-Frame-Options SAMEORIGIN always;
+        add_header X-Content-Type-Options nosniff always; 
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;" always;
+        
+        add_header X-Permitted-Cross-Domain-Policies "none" always;
+        add_header Referrer-Policy strict-origin-when-cross-origin always;
+        add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;img-src  'self' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-inline' data: blob:;" always;
+        add_header X-DOWNLAOD-OPTIONS noopen always; 
+      
+        if ($request_method !~* OPTIONS|GET|POST|PUT|DELETE) { 
+           return 403; 
+        }
+      
+        location ~* /posidon|api/ {
+            rewrite ^/api/(.*) /posidon/api/$1  break;
+        
+            # add_header Access-Control-Allow-Origin $http_origin;
+            # add_header Access-Control-Allow-Headers $http_access_control_request_headers;
+            # add_header Access-Control-Allow-Credentials true;
+            # add_header Access-Control-Allow-Methods *;
+
+            # if ($request_method = 'OPTIONS') {
+            #     return 204;
+            # }
+
+            #Proxy Settings
+            proxy_pass  http://tomcatposidon;
+            client_max_body_size 2048m;
+            proxy_redirect     off;
+            proxy_set_header   Host             $host;
+            proxy_set_header   X-Real-IP        $remote_addr;
+            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
+            # proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+            proxy_max_temp_file_size 0;
+            proxy_connect_timeout      600;
+            proxy_send_timeout         600;
+            proxy_read_timeout         600;
+            proxy_buffer_size          4k;
+            proxy_buffers              4 32k;
+            proxy_busy_buffers_size    64k;
+            proxy_temp_file_write_size 64k;
+ 
+        }
+
+        location / {
+            limit_conn conn 200;
+            limit_rate 10248k;
+            limit_req zone=allips burst=300 nodelay;
+            limit_rate_after 1000000k; 
+                
+            #client_max_body_size 1000m;
+
+            if ($request_filename ~* .*\.(?:htm|html)$) {
+                add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
+                add_header X-Frame-Options SAMEORIGIN always;
+                add_header X-Content-Type-Options nosniff always; 
+                add_header X-XSS-Protection "1; mode=block" always;
+                add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;" always;        
+                add_header X-Permitted-Cross-Domain-Policies "none" always;
+                add_header Referrer-Policy strict-origin-when-cross-origin always;
+                add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:;img-src  'self' 'unsafe-inline' data: blob:; style-src 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-inline' data: blob:;" always;
+                add_header X-DOWNLAOD-OPTIONS noopen always; 
+            }
+
+            index  index.html;
+            try_files $uri /index.html;
+        }
+
+        # 配置防盗链接设置
+        location ~* ^.+\.(gif|jpg|png|swf|flv|rar|zip)$ {
+            valid_referers none blocked $http_host;
+            if ($referer_host != "$http_host") {
+                    return 403;
+            }
+        }
+
+        # 更改错误响应页面
+        error_page  400  /errors/400.html;
+        error_page  404  /index.html;
+        error_page  413  /errors/413.html;
+        error_page  500  /errors/500.html;
+        error_page  502  /errors/502.html;
+        error_page  504  /errors/504.html;
+    }
+}

package/.release/release.conf.yaml

@@ -0,0 +1,17 @@
+#gitlab 仓库地址   your git repo url
+host: ''
+# gitlab rest api token  your git token
+token: ''
+# build script   default: npm run build  
+buildCmd: "npm run build"
+# 打包后资源 相对工作区所在路径  默认dist
+assetsDir: 'dist' 
+
+# nginx和assets 所属用户和用户组
+user: root
+userGroup: root
+# 安装目录
+installDir: /opt
+
+# 指定安装模式  standalone(supervisor) 、 cluster（agent\systemd) 、 both
+installMode: both

package/dist/prepare.js

@@ -2,14 +2,13 @@ import { resolve, dirname } from 'node:path';
 import fs from 'node:fs';
 import YAML from 'yaml';
 import * as inquirer from '@inquirer/prompts';
-import { execa } from 'execa';
+import { $ } from 'execa';
 import { fileURLToPath } from 'node:url';
 import { logger } from './logger.js';
 import 'picocolors';
 
 const installMode = ["standalone", "cluster", "static", "all"];
-console.log("\u{1F680} ~  process.env.INIT_CWD:", process.env.INIT_CWD);
-const __work_dir = typeof process.env.INIT_CWD === "string" ? process.env.INIT_CWD : process.cwd();
+const __work_dir = process.env.INIT_CWD || process.cwd();
 const __releaseDir = resolve(__work_dir, ".release");
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -40,7 +39,6 @@ const releaseConf = Object.assign({
   installMode: "both",
   installDir: "/opt"
 }, parseConf(__releaseConfPath));
-const $ = execa({ encoding: "utf8" });
 async function prepare({ callBy } = { callBy: "postinstall" }) {
   const copyFiles = () => {
     fs.cpSync(resolve(__dirname, ".release"), __releaseDir, { recursive: true });
@@ -92,4 +90,4 @@ async function checkEnvInfo() {
   }
 }
 
-export { $, __dirname, __releaseConfPath, __releaseDir, __work_dir, checkEnvInfo, prepare, releaseConf, releaseConfFileName };
+export { __dirname, __releaseConfPath, __releaseDir, __work_dir, checkEnvInfo, prepare, releaseConf, releaseConfFileName };

package/dist/publish.js

@@ -6,10 +6,10 @@ import mime from 'mime';
 import * as inquirer from '@inquirer/prompts';
 import { setTimeout } from 'node:timers/promises';
 import { Gitlab } from '@gitbeaker/rest';
-import { $, releaseConf, __releaseDir } from './prepare.js';
+import { releaseConf, __releaseDir } from './prepare.js';
 import { logger } from './logger.js';
+import { $ } from 'execa';
 import 'yaml';
-import 'execa';
 import 'picocolors';
 
 async function isGitFlowRepo() {

package/dist/release.js

@@ -3,7 +3,8 @@ import process from 'process';
 import pc from 'picocolors';
 import { pack } from './pack.js';
 import { getGitTags, selectLatestTag, publish, isGitFlowRepo } from './publish.js';
-import { checkEnvInfo, $, releaseConf } from './prepare.js';
+import { checkEnvInfo, releaseConf } from './prepare.js';
+import { $ } from 'execa';
 import { logger } from './logger.js';
 import 'node:fs';
 import 'node:path';
@@ -14,7 +15,6 @@ import 'mime';
 import 'node:timers/promises';
 import '@gitbeaker/rest';
 import 'yaml';
-import 'execa';
 
 async function release(fromPublishCmd = false) {
   try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wjwjq/release-helper",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "generate deployment package for frontend, include nginx...",
   "main": "dist/index.js",
   "module": "dist/index.js",