update alpine/php logs/enable ssl_early_data

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-02 15:33:32 +00:00 · 2024-01-27 02:47:59 +00:00
parent 740d4c74aa
commit 411b2a6721
6 changed files with 14 additions and 7 deletions
--- a/rootfs/usr/local/bin/start.sh
+++ b/rootfs/usr/local/bin/start.sh
@@ -278,6 +278,7 @@ if [ "$PHP81" = "true" ]; then
    mkdir -vp /data/php
    cp -vrnT /etc/php81 /data/php/81
    sed -i "s|listen =.*|listen = /run/php81.sock|" /data/php/81/php-fpm.d/www.conf
+    sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/81/php-fpm.conf
    sed -i "s|include=.*|include=/data/php/81/php-fpm.d/*.conf|g" /data/php/81/php-fpm.conf

 elif [ "$FULLCLEAN" = "true" ]; then
@@ -310,6 +311,7 @@ if [ "$PHP82" = "true" ]; then
    mkdir -vp /data/php
    cp -vrnT /etc/php82 /data/php/82
    sed -i "s|listen =.*|listen = /run/php82.sock|" /data/php/82/php-fpm.d/www.conf
+    sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/82/php-fpm.conf
    sed -i "s|include=.*|include=/data/php/82/php-fpm.d/*.conf|g" /data/php/82/php-fpm.conf

 elif [ "$FULLCLEAN" = "true" ]; then
@@ -342,6 +344,7 @@ if [ "$PHP83" = "true" ]; then
    mkdir -vp /data/php
    cp -vrnT /etc/php83 /data/php/83
    sed -i "s|listen =.*|listen = /run/php83.sock|" /data/php/83/php-fpm.d/www.conf
+    sed -i "s|;error_log =.*|error_log = /proc/self/fd/2|g" /data/php/83/php-fpm.conf
    sed -i "s|include=.*|include=/data/php/83/php-fpm.d/*.conf|g" /data/php/83/php-fpm.conf

 elif [ "$FULLCLEAN" = "true" ]; then
--- a/rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf
@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Accept-Encoding "";
 proxy_set_header Host $host;

+proxy_set_header Early-Data $ssl_early_data;
 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;

--- a/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
@@ -6,6 +6,7 @@ proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Accept-Encoding "";
 proxy_set_header Host $host;

+proxy_set_header Early-Data $ssl_early_data;
 proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;

--- a/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
+++ b/rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
@@ -1,3 +1,5 @@
+ssl_early_data on;
+
 ssl_stapling on;
 ssl_stapling_verify on;