Initial YakPanel commit

2026-04-07 02:04:22 +05:30
commit 2826d3e7f3
5359 changed files with 1390724 additions and 0 deletions
--- a/vhost/template/nginx/anti.conf
+++ b/vhost/template/nginx/anti.conf
@@ -0,0 +1,10 @@
+#防盗链配置
+location ~ .*\.(<EXT_NAME>)$
+{
+    expires      30d;
+    access_log /dev/null;
+    valid_referers none blocked <DOMAINS>;
+    if ($invalid_referer){
+        return <CODE>;
+    }
+}
--- a/vhost/template/nginx/error_page.conf
+++ b/vhost/template/nginx/error_page.conf
@@ -0,0 +1,4 @@
+#错误页相关配置
+#<ERRORCODE> 错误代码 (404|502|500|503)
+#<PAGE_FILE> 相对于网站根目录的响应文件位置(/404.html|/error/404.html)
+error_page <ERRORCODE> <PAGE_FILE>;
--- a/vhost/template/nginx/node_http.conf
+++ b/vhost/template/nginx/node_http.conf
@@ -0,0 +1,59 @@
+server
+{{
+    {listen_ports}
+    server_name {domains};
+    index index.html index.htm default.htm default.html;
+    # root {site_path};
+    
+    #SSL-START SSL related configuration
+    #error_page 404/404.html;
+    {ssl_config}
+    #SSL-END
+    
+    #ERROR-PAGE-START  Error page related configuration
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+    
+    
+    #REWRITE-START Pseudo-static related configuration
+    include {panel_path}/vhost/rewrite/node_{project_name}.conf;
+    #REWRITE-END
+    
+    #Files or directories forbidden to access
+    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md|package.json|package-lock.json|\.env|node_modules) {{
+        return 404;
+    }}
+    
+    #One-click application for SSL certificate verification directory related settings
+    location /.well-known/ {{
+        root  {site_path};
+    }}
+
+    # HTTP reverse proxy related settings begin. You can make proxy cache settings here.>>>
+    #location ~ /purge(/.*) {{
+    #    proxy_cache_purge cache_one {host}$request_uri$is_args$args;
+    #}}
+
+    location / {{
+        proxy_pass {url};
+        proxy_set_header Host {host};
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header REMOTE-HOST $remote_addr;
+        proxy_no_cache 1;
+        proxy_cache_bypass 1;
+        add_header X-Cache $upstream_cache_status;
+
+        proxy_connect_timeout 30s;
+        proxy_read_timeout 86400s;
+        proxy_send_timeout 30s;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }}
+    # End of HTTP reverse proxy related settings <<<
+    
+    access_log  {log_path}/{project_name}.log;
+    error_log  {log_path}/{project_name}.error.log;
+}}
--- a/vhost/template/nginx/other.conf
+++ b/vhost/template/nginx/other.conf
@@ -0,0 +1,21 @@
+#允许请求SSL验证目录
+location ~ \.well-known
+{
+    allow all;
+}
+
+#图片缓存设置
+location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
+{
+    expires      30d;
+    error_log /dev/null;
+    access_log /dev/null;
+}
+
+#js/css缓存设置
+location ~ .*\.(js|css)?$
+{
+    expires      12h;
+    error_log /dev/null;
+    access_log /dev/null;
+}
--- a/vhost/template/nginx/proxy.conf
+++ b/vhost/template/nginx/proxy.conf
@@ -0,0 +1,41 @@
+#反向代理相关配置
+#<HOST> 发送域名($host|www.yakpanel.com)
+#<URL> 被代理的URL地址(https://www.yakpanel.com|https://www.yakpanel.com/)
+#<SUB_OPEN> 是否需要替换字符串(off|on)
+#<SRC> 被替换的字符串
+#<DST> 替换为
+
+proxy_pass <URL>;
+proxy_set_header Host <HOST>;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header REMOTE-HOST $remote_addr;
+proxy_set_header Accept-Encoding "";
+add_header X-Cache $upstream_cache_status;
+
+proxy_connect_timeout 30s;
+proxy_read_timeout 86400s;
+proxy_send_timeout 30s;
+proxy_http_version 1.1;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "upgrade";
+
+
+location ~ /purge(/.*) { 
+    proxy_cache_purge cache_one <HOST>$request_uri$is_args$args;
+}
+
+location / 
+{	
+    sub_filter "<SRC>" "<DST>";
+    sub_filter_once <SUB_OPEN>;
+    expires 12h;
+}
+
+location ~ .*\.(html|htm|png|gif|jpeg|jpg|bmp|js|css)?$
+{   
+    proxy_cache cache_one;
+    proxy_cache_key $host$request_uri$is_args$args;
+    proxy_cache_valid 200 304 301 302 1h;
+    expires 24h;
+}
--- a/vhost/template/nginx/python_http.conf
+++ b/vhost/template/nginx/python_http.conf
@@ -0,0 +1,59 @@
+server
+{{
+    {listen_ports}
+    server_name {domains};
+    index index.html index.htm default.htm default.html;
+    root {site_path};
+    #CERT-APPLY-CHECK--START
+    # Configuration related to file verification for SSL certificate application - Do not delete
+    include /www/server/panel/vhost/nginx/well-known/{project_name}.conf;
+    #CERT-APPLY-CHECK--END
+
+    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
+    #error_page 404/404.html;
+    {ssl_config}
+    #SSL-END
+
+    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
+    #error_page 404 /404.html;
+    #error_page 502 /502.html;
+    #ERROR-PAGE-END
+
+
+    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
+    include {panel_path}/vhost/rewrite/python_{project_name}.conf;
+    #REWRITE-END
+
+    # Forbidden files or directories
+    location ~* (\.user.ini|\.htaccess|\.htpasswd|\.env.*|\.project|\.bashrc|\.bash_profile|\.bash_logout|\.DS_Store|\.gitignore|\.gitattributes|LICENSE|README\.md|CLAUDE\.md|CHANGELOG\.md|CHANGELOG|CONTRIBUTING\.md|TODO\.md|FAQ\.md|composer\.json|composer\.lock|package(-lock)?\.json|yarn\.lock|pnpm-lock\.yaml|\.\w+~|\.swp|\.swo|\.bak(up)?|\.old|\.tmp|\.temp|\.log|\.sql(\.gz)?|docker-compose\.yml|docker\.env|Dockerfile|\.csproj|\.sln|Cargo\.toml|Cargo\.lock|go\.mod|go\.sum|phpunit\.xml|phpunit\.xml|pom\.xml|build\.gradl|pyproject\.toml|requirements\.txt|application(-\w+)?\.(ya?ml|properties))$
+    {{
+        return 404;
+    }}
+
+    # Forbidden files or directories
+    location ~* /(\.git|\.svn|\.bzr|\.vscode|\.claude|\.idea|\.ssh|\.github|\.npm|\.yarn|\.pnpm|\.cache|\.husky|\.turbo|\.next|\.nuxt|node_modules|runtime)/ {{
+        return 404;
+    }}
+
+    # Directory verification related settings for one-click application for SSL certificate
+    location /.well-known/ {{
+        root /www/wwwroot/java_node_ssl;
+    }}
+
+    # Prohibit putting sensitive files in certificate verification directory
+    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {{
+        return 403;
+    }}
+
+    # PROXY-CONF-START >>>
+    location ~ /purge(/.*) {{
+        proxy_cache_purge cache_one {host}$request_uri$is_args$args;
+    }}
+
+    {proxy}
+
+    # PROXY-CONF-END <<<
+
+    access_log  {log_path}/{project_name}.log;
+    error_log  {log_path}/{project_name}.error.log;
+}}
--- a/vhost/template/nginx/redirect.conf
+++ b/vhost/template/nginx/redirect.conf
@@ -0,0 +1,9 @@
+#<VAR> 被匹配的变量($uri|$request_uri|$host)
+#<RULE> 匹配规则(capnis.com|^/test$)
+#<CODE> 重定向代码(301|302)
+#<TO> 目标地址(https://www.yakpanel.com|/test)
+#<ARGS> 要传递的参数($request_uri|/?test=1)
+if (<VAR> ~ '<RULE>')
+{
+	return <CODE> <TO><ARGS>;
+}
--- a/vhost/template/nginx/ssl.conf
+++ b/vhost/template/nginx/ssl.conf
@@ -0,0 +1,11 @@
+#SSL相关配置
+#<CERT_PEM> PEM格式证书位置(/tmp/cert.pem)
+#<KEY_PEM> 私钥位置(/tmp/private.key)
+#<POOL> 支持的协议(SSLv2|SSLv3|TLS1.1|TLS.2|TLS.3)
+ssl_certificate <CERT_PEM>;
+ssl_certificate_key <KEY_PEM>;
+ssl_protocols <POOL>;
+ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;