Initial YakPanel commit

vhost/template/apache/node_http.conf

@@ -0,0 +1,29 @@
+<VirtualHost *:{port}>
+    ServerAdmin {server_admin}
+    DocumentRoot "{site_path}"
+    ServerName {server_name}
+    ServerAlias {domains}
+    #errorDocument 404 /404.html
+    ErrorLog "{log_path}/{project_name}-error_log"
+    CustomLog "{log_path}/{project_name}-access_log" combined
+
+    {ssl_config}
+
+    #DENY FILES
+     <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env)$>
+       Order allow,deny
+       Deny from all
+    </Files>
+
+    #SSL
+    ProxyPass /.well-known/ !
+
+    # HTTP reverse proxy related settings begin >>>
+    <IfModule mod_proxy.c>
+        ProxyRequests Off
+        SSLProxyEngine on
+        ProxyPass / {url}/
+        ProxyPassReverse / {url}/
+    </IfModule>
+    # End of HTTP reverse proxy related settings <<<
+</VirtualHost>

vhost/template/apache/python_http.conf

@@ -0,0 +1,32 @@
+<VirtualHost *:{port}>
+    ServerAdmin {server_admin}
+    DocumentRoot "{site_path}"
+    ServerName {server_name}
+    ServerAlias {domains}
+    #errorDocument 404 /404.html
+    ErrorLog "{log_path}/{project_name}-error_log"
+    CustomLog "{log_path}/{project_name}-access_log" combined
+
+    {ssl_config}
+
+    #DENY FILES
+     <Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env)$>
+       Order allow,deny
+       Deny from all
+    </Files>
+
+    #SSL
+    <IfModule alias_module>
+    Alias /.well-known/ /www/wwwroot/java_node_ssl/
+    </IfModule>
+
+    # HTTP reverse proxy related settings begin >>>
+    <IfModule mod_proxy.c>
+        ProxyRequests Off
+        SSLProxyEngine on
+        ProxyPreserveHost On
+        ProxyPass / {url}/
+        ProxyPassReverse / {url}/
+    </IfModule>
+    # End of HTTP reverse proxy related settings <<<
+</VirtualHost>

vhost/template/nginx/anti.conf

@@ -0,0 +1,10 @@
+#防盗链配置
+location ~ .*\.(<EXT_NAME>)$
+{
+    expires      30d;
+    access_log /dev/null;
+    valid_referers none blocked <DOMAINS>;
+    if ($invalid_referer){
+        return <CODE>;
+    }
+}

vhost/template/nginx/error_page.conf

@@ -0,0 +1,4 @@
+#错误页相关配置
+#<ERRORCODE> 错误代码 (404|502|500|503)
+#<PAGE_FILE> 相对于网站根目录的响应文件位置(/404.html|/error/404.html)
+error_page <ERRORCODE> <PAGE_FILE>;

vhost/template/nginx/node_http.conf

@@ -0,0 +1,59 @@
+server
+{{
+    {listen_ports}
+    server_name {domains};
+    index index.html index.htm default.htm default.html;
+    # root {site_path};
+    
+    #SSL-START SSL related configuration
+    #error_page 404/404.html;
+    {ssl_config}
+    #SSL-END
+    
+    #ERROR-PAGE-START  Error page related configuration
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+    
+    
+    #REWRITE-START Pseudo-static related configuration
+    include {panel_path}/vhost/rewrite/node_{project_name}.conf;
+    #REWRITE-END
+    
+    #Files or directories forbidden to access
+    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env|node_modules) {{
+        return 404;
+    }}
+    
+    #One-click application for SSL certificate verification directory related settings
+    location /.well-known/ {{
+        root  {site_path};
+    }}
+
+    # HTTP reverse proxy related settings begin. You can make proxy cache settings here.>>>
+    #location ~ /purge(/.*) {{
+    #    proxy_cache_purge cache_one {host}$request_uri$is_args$args;
+    #}}
+
+    location / {{
+        proxy_pass {url};
+        proxy_set_header Host {host};
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        proxy_no_cache 1;
+        proxy_cache_bypass 1;
+        add_header X-Cache $upstream_cache_status;
+
+        proxy_connect_timeout 30s;
+        proxy_read_timeout 86400s;
+        proxy_send_timeout 30s;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }}
+    # End of HTTP reverse proxy related settings <<<
+    
+    access_log  {log_path}/{project_name}.log;
+    error_log  {log_path}/{project_name}.error.log;
+}}

vhost/template/nginx/other.conf

@@ -0,0 +1,21 @@
+#允许请求SSL验证目录
+location ~ \.well-known
+{
+    allow all;
+}
+
+#图片缓存设置
+location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
+{
+    expires      30d;
+    error_log /dev/null;
+    access_log /dev/null;
+}
+
+#js/css缓存设置
+location ~ .*\.(js|css)?$
+{
+    expires      12h;
+    error_log /dev/null;
+    access_log /dev/null;
+}

vhost/template/nginx/proxy.conf

@@ -0,0 +1,41 @@
+#反向代理相关配置
+#<HOST> 发送域名($host|www.yakpanel.com)
+#<URL> 被代理的URL地址(https://www.yakpanel.com|https://www.yakpanel.com/)
+#<SUB_OPEN> 是否需要替换字符串(off|on)
+#<SRC> 被替换的字符串
+#<DST> 替换为
+
+proxy_pass <URL>;
+proxy_set_header Host <HOST>;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header REMOTE-HOST $remote_addr;
+proxy_set_header Accept-Encoding "";
+add_header X-Cache $upstream_cache_status;
+
+proxy_connect_timeout 30s;
+proxy_read_timeout 86400s;
+proxy_send_timeout 30s;
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+
+
+location ~ /purge(/.*) { 
+    proxy_cache_purge cache_one <HOST>$request_uri$is_args$args;
+}
+
+location / 
+{	
+    sub_filter "<SRC>" "<DST>";
+    sub_filter_once <SUB_OPEN>;
+    expires 12h;
+}
+
+location ~ .*\.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$
+{   
+    proxy_cache cache_one;
+    proxy_cache_key $host$request_uri$is_args$args;
+    proxy_cache_valid 200 304 301 302 1h;
+    expires 24h;
+}

vhost/template/nginx/python_http.conf

@@ -0,0 +1,59 @@
+server
+{{
+    {listen_ports}
+    server_name {domains};
+    index index.html index.htm default.htm default.html;
+    root {site_path};
+    #CERT-APPLY-CHECK--START
+    # Configuration related to file verification for SSL certificate application - Do not delete
+    include /www/server/panel/vhost/nginx/well-known/{project_name}.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
+    #error_page 404/404.html;
+    {ssl_config}
+    #SSL-END
+
+    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+
+
+    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
+    include {panel_path}/vhost/rewrite/python_{project_name}.conf;
+    #REWRITE-END
+
+    # Forbidden files or directories
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    {{
+        return 404;
+    }}
+
+    # Forbidden files or directories
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ {{
+        return 404;
+    }}
+
+    # Directory verification related settings for one-click application for SSL certificate
+    location /.well-known/ {{
+        root /www/wwwroot/java_node_ssl;
+    }}
+
+    # Prohibit putting sensitive files in certificate verification directory
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {{
+        return 403;
+    }}
+
+    # PROXY-CONF-START >>>
+    location ~ /purge(/.*) {{
+        proxy_cache_purge cache_one {host}$request_uri$is_args$args;
+    }}
+
+    {proxy}
+
+    # PROXY-CONF-END <<<
+
+    access_log  {log_path}/{project_name}.log;
+    error_log  {log_path}/{project_name}.error.log;
+}}

vhost/template/nginx/redirect.conf

@@ -0,0 +1,9 @@
+#<VAR> 被匹配的变量($uri|$request_uri|$host)
+#<RULE> 匹配规则(capnis.com|^/test$)
+#<CODE> 重定向代码(301|302)
+#<TO> 目标地址(https://www.yakpanel.com|/test)
+#<ARGS> 要传递的参数($request_uri|/?test=1)
+if (<VAR> ~ '<RULE>')
+{
+	return <CODE> <TO><ARGS>;
+}

vhost/template/nginx/ssl.conf

@@ -0,0 +1,11 @@
+#SSL相关配置
+#<CERT_PEM> PEM格式证书位置(/tmp/cert.pem)
+#<KEY_PEM> 私钥位置(/tmp/private.key)
+#<POOL> 支持的协议(SSLv2|SSLv3|TLS1.1|TLS.2|TLS.3)
+ssl_certificate <CERT_PEM>;
+ssl_certificate_key <KEY_PEM>;
+ssl_protocols <POOL>;
+ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;

vhost/template/python_project/gunicorn_conf.conf

@@ -0,0 +1,37 @@
+# project directory
+chdir = '{path}'
+
+# worker processes
+workers = {processes}
+
+# threads per worker
+threads = {threads}
+
+# user to run as
+user = '{user}'
+
+# worker type
+worker_class = '{worker_class}'
+
+# bind IP and port
+bind = '0.0.0.0:{port}'
+
+# PID file path (used for stopping and restarting; do not remove)
+pidfile = '{path}/gunicorn.pid'
+
+# access log and error log paths, file name do not change 'gunicorn_acess.log', 'gunicorn_error.log'
+accesslog = '{logpath}/gunicorn_acess.log'
+errorlog = '{logpath}/gunicorn_error.log'
+
+# Log level (this log level applies to the error log; the access log level cannot be configured)
+# debug: Debug level;
+# info: Normal level;
+# warning: Warning messages level;
+# error: Error level;
+# critical: Critical errors;
+loglevel = '{loglevel}'
+
+# Put custom settings here
+# It is best to follow the same format as above: <comment + newline + key = value>.
+# PS: Gunicorn configuration files are Python\-style (i.e., ".py" files); make sure to follow Python syntax.
+# For example: if a config value (such as loglevel) is a string, it must be enclosed in quotes.

vhost/template/python_project/uwsgi_conf.conf

@@ -0,0 +1,40 @@
+[uwsgi]
+# Project directory
+chdir={path}
+
+# Specify the project's application entry
+wsgi-file={rfile}
+
+# The application variable name used to start within the Python program
+callable={app}
+
+# Number of processes
+processes={processes}
+
+# Number of threads
+threads={threads}
+
+# PID file path at startup (used for stopping and restarting the service; do not remove)
+pidfile={path}/uwsgi.pid
+
+# Specify IP and port
+# HTTP mode by default; can be switched to socket mode
+{is_http}http=0.0.0.0:{port}
+{is_socket}socket=0.0.0.0:{port}
+
+# User and group to run uWSGI as
+uid={user}
+gid={user}
+
+# Enable master process
+master=true
+
+# Set buffer size
+buffer-size = 32768
+
+# Run in background and output logs, do not change log file names 'uwsgi.log'
+daemonize = {logpath}/uwsgi.log
+
+# Write custom settings here\,
+# If you do not want to use wsgi-file as the project's startup method, comment it out, but do not delete it; the same applies to the communication method (http, socket)\;
+# It is best to follow the same format as above: <comment + newline + key = value> for readability and future reference