diff --git a/aaa.txt b/aaa.txt new file mode 100644 index 0000000..c6d8c15 --- /dev/null +++ b/aaa.txt @@ -0,0 +1,111 @@ +server { + listen 80; + server_name hifastapp.com www.hifastapp.com www.hifastvpn.com hifastvpn.com hifast.biz www.hifast.biz; + + location ^~ /.well-known/acme-challenge/ { + root /etc/letsencrypt; + } + + # 统一 HTTP 转 HTTPS + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + server_name hifastvpn.com www.hifastvpn.com; + + ssl_certificate /etc/letsencrypt/live/hifastvpn.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/hifastvpn.com/privkey.pem; # managed by Certbot + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + root /var/www/down; + index index.html index.htm; + + location /api/ { + proxy_pass https://api.hifast.biz/; + proxy_set_header Host api.hifast.biz; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location ^~ /.well-known/acme-challenge/ { + root /etc/letsencrypt; + } + + location / { + try_files $uri $uri/ /index.html; + } + + location /download/ { + autoindex_exact_size off; + autoindex_localtime on; + } +} + +server { + listen 443 ssl http2; + server_name hifastapp.com www.hifastapp.com; + + # 使用 -0001 的新证书(通常包含 www) + ssl_certificate /etc/letsencrypt/live/hifastapp.com-0001/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/hifastapp.com-0001/privkey.pem; # managed by Certbot + + # 安全头 + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + root /var/www/down; + index index.html index.htm; + + location /api/ { + proxy_pass https://api.hifast.biz/; + proxy_set_header Host api.hifast.biz; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location ^~ /.well-known/acme-challenge/ { + root /etc/letsencrypt; + } + + location / { + try_files $uri $uri/ /index.html; + } + + location /download/ { + autoindex_exact_size off; + autoindex_localtime on; + } +} + +server { + listen 443 ssl http2; + server_name hifast.biz www.hifast.biz; + + ssl_certificate /etc/letsencrypt/live/hifast.biz/hifast.biz.cer; + ssl_certificate_key /etc/letsencrypt/live/hifast.biz/hifast.biz.key; + + root /var/www/lp; + index index.html index.htm; + + location ^~ /.well-known/acme-challenge/ { + root /etc/letsencrypt; + } + + location / { + try_files $uri $uri/ /index.html; + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..d695399 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,23 @@ +version: '3' + +services: + jaeger: + image: jaegertracing/all-in-one:latest + container_name: jaeger + ports: + - "16686:16686" + - "4317:4317" + - "4318:4318" + environment: +# - SPAN_STORAGE_TYPE=elasticsearch +# - ES_SERVER_URLS=http://elasticsearch:9200 + - LOG_LEVEL=debug + - COLLECTOR_OTLP_ENABLED=true + deploy: + resources: + limits: + cpus: '0.8' + memory: 500M + reservations: + cpus: '0.05' + memory: 200M \ No newline at end of file diff --git a/initialize/telegram.go b/initialize/telegram.go index 0054ded..fb5856a 100644 --- a/initialize/telegram.go +++ b/initialize/telegram.go @@ -14,6 +14,9 @@ import ( ) func Telegram(svc *svc.ServiceContext) { + if !svc.Config.Telegram.Enable { + return + } // Prefer BotToken from DB auth method, fallback to config file var usedToken string diff --git a/internal/server.go b/internal/server.go index 64c2704..8534fec 100644 --- a/internal/server.go +++ b/internal/server.go @@ -10,9 +10,6 @@ import ( "github.com/perfect-panel/server/pkg/logger" - "github.com/perfect-panel/server/pkg/proc" - "github.com/perfect-panel/server/pkg/trace" - "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/redis" "github.com/gin-gonic/gin" @@ -75,14 +72,6 @@ func (m *Service) Start() { MinVersion: tls.VersionTLS12, }, } - trace.StartAgent(trace.Config{ - Name: "ppanel", - Sampler: 1.0, - Batcher: "", - }) - proc.AddShutdownListener(func() { - trace.StopAgent() - }) m.svc.Restart = m.Restart logger.Infof("server start at %v", serverAddr) if m.svc.Config.TLS.Enable { diff --git a/pkg/trace/agent.go b/pkg/trace/agent.go index a8bf870..7da6239 100644 --- a/pkg/trace/agent.go +++ b/pkg/trace/agent.go @@ -7,6 +7,7 @@ import ( "net/url" "os" "sync" + "time" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/exporters/jaeger" @@ -54,8 +55,10 @@ func StartAgent(c Config) { // if error happens, let later calls run. if err := startAgent(c); err != nil { + logger.Errorf("Trace agent start failed: %v", err) return } + logger.Infof("Trace agent started successfully. Batcher: %s, Endpoint: %s", c.Batcher, c.Endpoint) agents[c.Endpoint] = lang.Placeholder } @@ -92,6 +95,7 @@ func createExporter(c Config) (sdktrace.SpanExporter, error) { opts := []otlptracegrpc.Option{ otlptracegrpc.WithInsecure(), otlptracegrpc.WithEndpoint(c.Endpoint), + otlptracegrpc.WithTimeout(5 * time.Second), // 5秒超时 } if len(c.OtlpHeaders) > 0 { opts = append(opts, otlptracegrpc.WithHeaders(c.OtlpHeaders))