Merge pull request #326 from persiliao/master

Add run_group And add vhost --proxy

addons.sh

@@ -18,9 +18,11 @@ printf "
 #######################################################################
 "
 # Check if user is root
+# shellcheck disable=SC2046
 [ $(id -u) != '0' ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; }
 
 oneinstack_dir=$(dirname "`readlink -f $0`")
+# shellcheck disable=SC2164
 pushd ${oneinstack_dir} > /dev/null
 
 . ./versions.txt
@@ -40,6 +42,7 @@ pushd ${oneinstack_dir} > /dev/null
 
 . ./include/panel.sh
 
+# shellcheck disable=SC2154
 Show_Help() {
   echo
   echo "Usage: $0  command ...
@@ -146,7 +149,9 @@ What Are You Doing?
         3)
           ACTION_FUN
           if [ "${install_flag}" = 'y' ]; then
+            # shellcheck disable=SC2154
             [ -e "${nginx_install_dir}/sbin/nginx" ] && Nginx_lua_waf
+            # shellcheck disable=SC2154
             [ -e "${tengine_install_dir}/sbin/nginx" ] && Tengine_lua_waf
             enable_lua_waf
           elif [ "${uninstall_flag}" = 'y' ]; then

include/demo.sh

@@ -39,7 +39,7 @@ DEMO() {
         ;;
     esac
   fi
-  chown -R ${run_user}.${run_user} ${wwwroot_dir}/default
+  chown -R ${run_user}.${run_group} ${wwwroot_dir}/default
   [ -e /bin/systemctl ] && systemctl daemon-reload
   popd > /dev/null
 }

include/eaccelerator.sh

@@ -28,7 +28,7 @@ Install_eAccelerator() {
       make -j ${THREAD} && make install
       popd > /dev/null
       if [ -f "${phpExtensionDir}/eaccelerator.so" ]; then
-        mkdir /var/eaccelerator_cache;chown -R ${run_user}.${run_user} /var/eaccelerator_cache
+        mkdir /var/eaccelerator_cache;chown -R ${run_user}.${run_group} /var/eaccelerator_cache
         cat > ${php_install_dir}/etc/php.d/02-eaccelerator.ini << EOF
 [eaccelerator]
 zend_extension=${phpExtensionDir}/eaccelerator.so

include/hhvm_CentOS.sh

@@ -49,7 +49,7 @@ EOF
   userdel -r nginx;userdel -r saslauth
   rm -rf /var/log/hhvm
   mkdir /var/log/hhvm
-  chown -R ${run_user}.${run_user} /var/log/hhvm
+  chown -R ${run_user}.${run_group} /var/log/hhvm
   cat > /etc/hhvm/config.hdf << EOF
 ResourceLimit {
   CoreFileSize = 0          # in bytes

include/jdk-1.6.sh

@@ -20,7 +20,7 @@ Install_JDK16() {
   [ ! -e ${JAVA_dir} ] && mkdir -p ${JAVA_dir}
   /bin/cp -R ${JDK_NAME} ${JAVA_dir}
   if [ -d "${JDK_PATH}" ]; then
-    chown -R ${run_user}.${run_user} ${JDK_PATH}
+    chown -R ${run_user}.${run_group} ${JDK_PATH}
     [ -z "`grep ^'export JAVA_HOME=' /etc/profile`" ] && { [ -z "`grep ^'export PATH=' /etc/profile`" ] && echo  "export JAVA_HOME=${JDK_PATH}" >> /etc/profile || sed -i "s@^export PATH=@export JAVA_HOME=${JDK_PATH}\nexport PATH=@" /etc/profile; } || sed -i "s@^export JAVA_HOME=.*@export JAVA_HOME=${JDK_PATH}@" /etc/profile
     [ -z "`grep ^'export CLASSPATH=' /etc/profile`" ] && sed -i "s@export JAVA_HOME=\(.*\)@export JAVA_HOME=\1\nexport CLASSPATH=\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib@" /etc/profile
     [ -n "`grep ^'export PATH=' /etc/profile`" -a -z "`grep '$JAVA_HOME/bin' /etc/profile`" ] && sed -i "s@^export PATH=\(.*\)@export PATH=\$JAVA_HOME/bin:\1@" /etc/profile

include/jdk-1.7.sh

@@ -18,7 +18,7 @@ Install_JDK17() {
   [ ! -e ${JAVA_dir} ] && mkdir -p ${JAVA_dir}
   tar xzf ${JDK_FILE} -C ${JAVA_dir}
   if [ -d "${JDK_PATH}" ]; then
-    chown -R ${run_user}.${run_user} ${JDK_PATH}
+    chown -R ${run_user}.${run_group} ${JDK_PATH}
     /bin/cp ${JDK_PATH}/jre/lib/security/cacerts /etc/ssl/certs/java
     [ -z "`grep ^'export JAVA_HOME=' /etc/profile`" ] && { [ -z "`grep ^'export PATH=' /etc/profile`" ] && echo  "export JAVA_HOME=${JDK_PATH}" >> /etc/profile || sed -i "s@^export PATH=@export JAVA_HOME=${JDK_PATH}\nexport PATH=@" /etc/profile; } || sed -i "s@^export JAVA_HOME=.*@export JAVA_HOME=${JDK_PATH}@" /etc/profile
     [ -z "`grep ^'export CLASSPATH=' /etc/profile`" ] && sed -i "s@export JAVA_HOME=\(.*\)@export JAVA_HOME=\1\nexport CLASSPATH=\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib@" /etc/profile

include/jdk-1.8.sh

@@ -18,7 +18,7 @@ Install_JDK18() {
   [ ! -e ${JAVA_dir} ] && mkdir -p ${JAVA_dir}
   tar xzf ${JDK_FILE} -C ${JAVA_dir}
   if [ -d "${JDK_PATH}" ]; then
-    chown -R ${run_user}.${run_user} ${JDK_PATH}
+    chown -R ${run_user}.${run_group} ${JDK_PATH}
     /bin/cp ${JDK_PATH}/jre/lib/security/cacerts /etc/ssl/certs/java
     [ -z "`grep ^'export JAVA_HOME=' /etc/profile`" ] && { [ -z "`grep ^'export PATH=' /etc/profile`" ] && echo  "export JAVA_HOME=${JDK_PATH}" >> /etc/profile || sed -i "s@^export PATH=@export JAVA_HOME=${JDK_PATH}\nexport PATH=@" /etc/profile; } || sed -i "s@^export JAVA_HOME=.*@export JAVA_HOME=${JDK_PATH}@" /etc/profile
     [ -z "`grep ^'export CLASSPATH=' /etc/profile`" ] && sed -i "s@export JAVA_HOME=\(.*\)@export JAVA_HOME=\1\nexport CLASSPATH=\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib@" /etc/profile

include/jdk-11.0.sh

@@ -18,7 +18,7 @@ Install_JDK110() {
   [ ! -e ${JAVA_dir} ] && mkdir -p ${JAVA_dir}
   tar xzf ${JDK_FILE} -C ${JAVA_dir}
   if [ -d "${JDK_PATH}" ]; then
-    chown -R ${run_user}.${run_user} ${JDK_PATH}
+    chown -R ${run_user}.${run_group} ${JDK_PATH}
     /bin/cp ${JDK_PATH}/jre/lib/security/cacerts /etc/ssl/certs/java
     [ -z "`grep ^'export JAVA_HOME=' /etc/profile`" ] && { [ -z "`grep ^'export PATH=' /etc/profile`" ] && echo  "export JAVA_HOME=${JDK_PATH}" >> /etc/profile || sed -i "s@^export PATH=@export JAVA_HOME=${JDK_PATH}\nexport PATH=@" /etc/profile; } || sed -i "s@^export JAVA_HOME=.*@export JAVA_HOME=${JDK_PATH}@" /etc/profile
     [ -z "`grep ^'export CLASSPATH=' /etc/profile`" ] && sed -i "s@export JAVA_HOME=\(.*\)@export JAVA_HOME=\1\nexport CLASSPATH=\$JAVA_HOME/lib/tools.jar:\$JAVA_HOME/lib/dt.jar:\$JAVA_HOME/lib@" /etc/profile

include/ngx_lua_waf.sh

@@ -146,7 +146,7 @@ enable_lua_waf() {
   if [ $? -eq 0 ]; then
     service nginx reload
     echo "${CSUCCESS}ngx_lua_waf enabled successfully! ${CEND}"
-    chown ${run_user}.${run_user} ${wwwlogs_dir}
+    chown ${run_user}.${run_group} ${wwwlogs_dir}
   else
     echo "${CFAILURE}ngx_lua_waf enable failed! ${CEND}"
   fi

include/pecl_xdebug.sh

@@ -32,9 +32,9 @@ Install_pecl_xdebug() {
         src_url=http://mirrors.linuxeye.com/oneinstack/src/webgrind-master.zip && Download_src
         unzip -q webgrind-master.zip
         /bin/mv webgrind-master ${wwwroot_dir}/default/webgrind
-        [ ! -e /tmp/xdebug ] && { mkdir /tmp/xdebug; chown ${run_user}.${run_user} /tmp/xdebug; }
-        [ ! -e /tmp/webgrind ] && { mkdir /tmp/webgrind; chown ${run_user}.${run_user} /tmp/webgrind; }
-        chown -R ${run_user}.${run_user} ${wwwroot_dir}/default/webgrind
+        [ ! -e /tmp/xdebug ] && { mkdir /tmp/xdebug; chown ${run_user}.${run_group} /tmp/xdebug; }
+        [ ! -e /tmp/webgrind ] && { mkdir /tmp/webgrind; chown ${run_user}.${run_group} /tmp/webgrind; }
+        chown -R ${run_user}.${run_group} ${wwwroot_dir}/default/webgrind
         sed -i 's@static $storageDir.*@static $storageDir = "/tmp/webgrind";@' ${wwwroot_dir}/default/webgrind/config.php
         sed -i 's@static $profilerDir.*@static $profilerDir = "/tmp/xdebug";@' ${wwwroot_dir}/default/webgrind/config.php
         cat > ${php_install_dir}/etc/php.d/08-xdebug.ini << EOF

include/phpmyadmin.sh

@@ -26,7 +26,7 @@ Install_phpMyAdmin() {
     sed -i "s@SaveDir.*@SaveDir'\] = 'save';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
     sed -i "s@host'\].*@host'\] = '127.0.0.1';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
     sed -i "s@blowfish_secret.*;@blowfish_secret\'\] = \'$(cat /dev/urandom | head -1 | base64 | head -c 45)\';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
-    chown -R ${run_user}.${run_user} ${wwwroot_dir}/default/phpMyAdmin
+    chown -R ${run_user}.${run_group} ${wwwroot_dir}/default/phpMyAdmin
     popd > /dev/null
   fi
 }

include/tomcat-6.sh

@@ -128,7 +128,7 @@ EOF
 monitorRole  $(cat /dev/urandom | head -1 | md5sum | head -c 8)
 # controlRole   R&D
 EOF
-    chown -R ${run_user}.${run_user} ${tomcat_install_dir}
+    chown -R ${run_user}.${run_group} ${tomcat_install_dir}
     /bin/cp ${oneinstack_dir}/init.d/Tomcat-init /etc/init.d/tomcat
     sed -i "s@JAVA_HOME=.*@JAVA_HOME=${JAVA_HOME}@" /etc/init.d/tomcat
     sed -i "s@^CATALINA_HOME=.*@CATALINA_HOME=${tomcat_install_dir}@" /etc/init.d/tomcat

include/tomcat-7.sh

@@ -128,7 +128,7 @@ EOF
 monitorRole  $(cat /dev/urandom | head -1 | md5sum | head -c 8)
 # controlRole   R&D
 EOF
-    chown -R ${run_user}.${run_user} ${tomcat_install_dir}
+    chown -R ${run_user}.${run_group} ${tomcat_install_dir}
     /bin/cp ${oneinstack_dir}/init.d/Tomcat-init /etc/init.d/tomcat
     sed -i "s@JAVA_HOME=.*@JAVA_HOME=${JAVA_HOME}@" /etc/init.d/tomcat
     sed -i "s@^CATALINA_HOME=.*@CATALINA_HOME=${tomcat_install_dir}@" /etc/init.d/tomcat

include/tomcat-8.sh

@@ -128,7 +128,7 @@ EOF
 monitorRole  $(cat /dev/urandom | head -1 | md5sum | head -c 8)
 # controlRole   R&D
 EOF
-    chown -R ${run_user}.${run_user} ${tomcat_install_dir}
+    chown -R ${run_user}.${run_group} ${tomcat_install_dir}
     /bin/cp ${oneinstack_dir}/init.d/Tomcat-init /etc/init.d/tomcat
     sed -i "s@JAVA_HOME=.*@JAVA_HOME=${JAVA_HOME}@" /etc/init.d/tomcat
     sed -i "s@^CATALINA_HOME=.*@CATALINA_HOME=${tomcat_install_dir}@" /etc/init.d/tomcat

include/tomcat-9.sh

@@ -127,7 +127,7 @@ EOF
 monitorRole  $(cat /dev/urandom | head -1 | md5sum | head -c 8)
 # controlRole   R&D
 EOF
-    chown -R ${run_user}.${run_user} ${tomcat_install_dir}
+    chown -R ${run_user}.${run_group} ${tomcat_install_dir}
     /bin/cp ${oneinstack_dir}/init.d/Tomcat-init /etc/init.d/tomcat
     sed -i "s@JAVA_HOME=.*@JAVA_HOME=${JAVA_HOME}@" /etc/init.d/tomcat
     sed -i "s@^CATALINA_HOME=.*@CATALINA_HOME=${tomcat_install_dir}@" /etc/init.d/tomcat

include/upgrade_phpmyadmin.sh

@@ -47,7 +47,7 @@ Upgrade_phpMyAdmin() {
     sed -i "s@SaveDir.*@SaveDir'\] = 'save';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
     sed -i "s@host'\].*@host'\] = '127.0.0.1';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
     sed -i "s@blowfish_secret.*;@blowfish_secret\'\] = \'$(cat /dev/urandom | head -1 | base64 | head -c 45)\';@" ${wwwroot_dir}/default/phpMyAdmin/config.inc.php
-    chown -R ${run_user}.${run_user} ${wwwroot_dir}/default/phpMyAdmin
+    chown -R ${run_user}.${run_group} ${wwwroot_dir}/default/phpMyAdmin
     echo "You have ${CMSG}successfully${CEND} upgrade from ${CWARNING}$OLD_phpmyadmin_ver${CEND} to ${CWARNING}$NEW_phpmyadmin_ver${CEND}"
   fi
   popd > /dev/null

include/upgrade_web.sh

@@ -326,7 +326,7 @@ Upgrade_Tomcat() {
     [[ -d ${tomcat_install_dir}_bak && -d ${tomcat_install_dir} ]] && rm -rf ${tomcat_install_dir}._bak
     service tomcat stop
     /bin/mv ${tomcat_install_dir}{,_bak}
-    /bin/mv apache-tomcat-${NEW_tomcat_ver} ${tomcat_install_dir} && chown -R ${run_user}.${run_user} ${tomcat_install_dir}
+    /bin/mv apache-tomcat-${NEW_tomcat_ver} ${tomcat_install_dir} && chown -R ${run_user}.${run_group} ${tomcat_install_dir}
     if [ -e "${tomcat_install_dir}/conf/server.xml" ]; then
       service tomcat start
       echo "You have ${CMSG}successfully${CEND} upgrade from ${CWARNING}${OLD_tomcat_ver}${CEND} to ${CWARNING}${NEW_tomcat_ver}${CEND}"

include/xcache.sh

@@ -23,8 +23,8 @@ Install_XCache() {
       if [ -f "${phpExtensionDir}/xcache.so" ]; then
         /bin/cp -R htdocs ${wwwroot_dir}/default/xcache
         popd > /dev/null
-        chown -R ${run_user}.${run_user} ${wwwroot_dir}/default/xcache
-        touch /tmp/xcache;chown ${run_user}.${run_user} /tmp/xcache
+        chown -R ${run_user}.${run_group} ${wwwroot_dir}/default/xcache
+        touch /tmp/xcache;chown ${run_user}.${run_group} /tmp/xcache
         let xcacheCount="${CPU}+1"
         let xcacheSize="${Memory_limit}/2"
         cat > ${php_install_dir}/etc/php.d/04-xcache.ini << EOF

options.conf

@@ -3,6 +3,8 @@ timezone=Asia/Shanghai
 
 # Nginx Apache and PHP-FPM process is run as $run_user(Default "www"), you can freely specify
 run_user=www
+# Nginx Apache and PHP-FPM process is run as $run_group(Default "www"), you can freely specify
+run_group=www
 
 # set the default install path, you can freely specify
 nginx_install_dir=/usr/local/nginx

vhost.sh

@@ -34,6 +34,7 @@ Show_Help() {
   --quiet, -q                 quiet operation
   --list, -l                  List Virtualhost
   --mphp_ver [53~73]          Use another PHP version (PATH: /usr/local/php${mphp_ver})
+  --proxy                     Use proxy
   --add                       Add Virtualhost
   --delete, --del             Delete Virtualhost
   --httponly                  Use HTTP Only
@@ -44,7 +45,7 @@ Show_Help() {
 }
 
 ARG_NUM=$#
-TEMP=`getopt -o hql --long help,quiet,list,mphp_ver:,add,delete,del,httponly,selfsigned,letsencrypt,dnsapi -- "$@" 2>/dev/null`
+TEMP=`getopt -o hql --long help,quiet,list,proxy,mphp_ver:,add,delete,del,httponly,selfsigned,letsencrypt,dnsapi -- "$@" 2>/dev/null`
 [ $? != 0 ] && echo "${CWARNING}ERROR: unknown argument! ${CEND}" && Show_Help && exit 1
 eval set -- "${TEMP}"
 while :; do
@@ -63,6 +64,9 @@ while :; do
       mphp_ver=$2; mphp_flag=y; shift 2
       [[ ! "${mphp_ver}" =~ ^5[3-6]$|^7[0-3]$ ]] && { echo "${CWARNING}mphp_ver input error! Please only input number 53~73${CEND}"; unset mphp_ver mphp_flag; }
       ;;
+    --proxy)
+      proxy_flag=y; shift 1
+      ;;
     --add)
       add_flag=y; shift 1
       ;;
@@ -209,6 +213,7 @@ If you enter '.', the field will be left blank.
     echo
     read -e -p "Country Name (2 letter code) [CN]: " SELFSIGNEDSSL_C
     SELFSIGNEDSSL_C=${SELFSIGNEDSSL_C:-CN}
+    # shellcheck disable=SC2104
     [ ${#SELFSIGNEDSSL_C} != 2 ] && { echo "${CWARNING}input error, You must input 2 letter code country name${CEND}"; continue; }
     echo
     read -e -p "State or Province Name (full name) [Shanghai]: " SELFSIGNEDSSL_ST
@@ -321,6 +326,20 @@ Print_SSL() {
   fi
 }
 
+Input_Add_proxy() {
+  echo
+  while :;do
+    read -e -p "Please input the correct proxy_pass: " Proxy_Pass
+    if [[ -z ${Proxy_Pass} ]]; then
+      echo "${CFAILURE}input error! Please only input 1~3 and q${CEND}"
+    else
+      echo "proxy_pass=${Proxy_Pass}"
+      echo
+      break
+    fi
+  done
+}
+
 Input_Add_domain() {
   if [ "${sslquiet_flag}" != 'y' ]; then
     while :;do
@@ -431,25 +450,26 @@ What Are You Doing?
   else
     echo "domain=${domain}"
   fi
-
-  while :; do echo
-    echo "Please input the directory for the domain:${domain} :"
-    read -e -p "(Default directory: ${wwwroot_dir}/${domain}): " vhostdir
-    if [ -n "${vhostdir}" -a -z "$(echo ${vhostdir} | grep '^/')" ]; then
-      echo "${CWARNING}input error! Press Enter to continue...${CEND}"
-    else
-      if [ -z "${vhostdir}" ]; then
-        vhostdir="${wwwroot_dir}/${domain}"
-        echo "Virtual Host Directory=${CMSG}${vhostdir}${CEND}"
+  if [[ -z ${proxy_flag} || "${proxy_flag}" != 'y' ]]; then
+    while :; do echo
+      echo "Please input the directory for the domain:${domain} :"
+      read -e -p "(Default directory: ${wwwroot_dir}/${domain}): " vhostdir
+      if [ -n "${vhostdir}" -a -z "$(echo ${vhostdir} | grep '^/')" ]; then
+        echo "${CWARNING}input error! Press Enter to continue...${CEND}"
+      else
+        if [ -z "${vhostdir}" ]; then
+          vhostdir="${wwwroot_dir}/${domain}"
+          echo "Virtual Host Directory=${CMSG}${vhostdir}${CEND}"
+        fi
+        echo
+        echo "Create Virtul Host directory......"
+        mkdir -p ${vhostdir}
+        echo "set permissions of Virtual Host directory......"
+        chown -R ${run_user}.${run_group} ${vhostdir}
+        break
       fi
-      echo
-      echo "Create Virtul Host directory......"
-      mkdir -p ${vhostdir}
-      echo "set permissions of Virtual Host directory......"
-      chown -R ${run_user}.${run_user} ${vhostdir}
-      break
-    fi
-  done
+    done
+  fi
 
   while :; do echo
     read -e -p "Do you want to add more domain name? [y/n]: " moredomainame_flag
@@ -790,6 +810,97 @@ EOF
   Print_SSL
 }
 
+Create_nginx_proxy_conf() {
+  [ ! -d ${web_install_dir}/conf/vhost ] && mkdir ${web_install_dir}/conf/vhost
+  cat > ${web_install_dir}/conf/vhost/${domain}.conf << EOF
+server {
+  ${Nginx_conf}
+  server_name ${domain}${moredomainame};
+  ${Nginx_log}
+  index index.html index.htm index.php;
+  ${Nginx_redirect}
+  location / {
+    proxy_pass ${Proxy_Pass};
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-NginX-Proxy true;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade \$http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_max_temp_file_size 0;
+  }
+
+  #error_page 404 /404.html;
+  #error_page 502 /502.html;
+  ${anti_hotlinking}
+
+  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
+    expires 30d;
+    access_log off;
+  }
+  location ~ .*\.(js|css)?$ {
+    expires 7d;
+    access_log off;
+  }
+  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
+    deny all;
+  }
+}
+EOF
+
+  [ "${redirect_flag}" == 'y' ] && sed -i "s@^  root.*;@&\n  if (\$host != ${domain}) {  return 301 \$scheme://${domain}\$request_uri;  }@" ${web_install_dir}/conf/vhost/${domain}.conf
+
+  if [ "${nginx_ssl_flag}" == 'y' ]; then
+    sed -i "s@^  listen 80;@&\n  listen ${LISTENOPT};@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_stapling_verify on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_stapling on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  add_header Strict-Transport-Security max-age=15768000;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_buffer_size 1400;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_session_cache builtin:1000 shared:SSL:10m;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_session_timeout 10m;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_prefer_server_ciphers on;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:\!MD5;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_certificate_key ${PATH_SSL}/${domain}.key;@" ${web_install_dir}/conf/vhost/${domain}.conf
+    sed -i "s@^  server_name.*;@&\n  ssl_certificate ${PATH_SSL}/${domain}.crt;@" ${web_install_dir}/conf/vhost/${domain}.conf
+  fi
+
+  if [ "${anti_hotlinking_flag}" == 'y' ]; then
+      sed -i "s@^  root.*;@&\n  }@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    }@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n      return 403;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n      rewrite ^/ http://www.linuxeye.com/403.html;@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    if (\$invalid_referer) {@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n    valid_referers none blocked ${domain_allow_all};@" ${web_install_dir}/conf/vhost/${domain}.conf
+      sed -i "s@^  root.*;@&\n  location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)\$ {@" ${web_install_dir}/conf/vhost/${domain}.conf
+    fi
+
+  [ "${https_flag}" == 'y' ] && sed -i "s@^  root.*;@&\n  if (\$ssl_protocol = \"\") { return 301 https://\$host\$request_uri; }@" ${web_install_dir}/conf/vhost/${domain}.conf
+
+  echo
+  ${web_install_dir}/sbin/nginx -t
+  if [ $? == 0 ]; then
+    echo "Reload Nginx......"
+    ${web_install_dir}/sbin/nginx -s reload
+  else
+    rm -f ${web_install_dir}/conf/vhost/${domain}.conf
+    echo "Create virtualhost ... [${CFAILURE}FAILED${CEND}]"
+    exit 1
+  fi
+
+  printf "
+#######################################################################
+#       OneinStack for CentOS/RedHat 6+ Debian 8+ and Ubuntu 14+      #
+#       For more information please visit https://oneinstack.com      #
+#######################################################################
+"
+  echo "$(printf "%-30s" "Your domain:")${CMSG}${domain}${CEND}"
+  echo "$(printf "%-30s" "Virtualhost conf:")${CMSG}${web_install_dir}/conf/vhost/${domain}.conf${CEND}"
+  echo "$(printf "%-30s" "Directory of:")${CMSG}${vhostdir}${CEND}"
+  [ "${rewrite_flag}" == 'y' -a "${rewrite}" != 'magento2' -a "${rewrite}" != 'pathinfo' ] && echo "$(printf "%-30s" "Rewrite rule:")${CMSG}${web_install_dir}/conf/rewrite/${rewrite}.conf${CEND}"
+  Print_SSL
+}
+
 Apache_log() {
   while :; do echo
     read -e -p "Allow Apache access_log? [y/n]: " access_flag
@@ -986,13 +1097,18 @@ Add_Vhost() {
     Choose_ENV
     Input_Add_domain
     Nginx_anti_hotlinking
-    Nginx_rewrite
-    if [ "${NGX_FLAG}" == "java" ]; then
-      Nginx_log
-      Create_nginx_tomcat_conf
-    else
-      Nginx_log
-      Create_nginx_phpfpm_hhvm_conf
+    if [ "${proxy_flag}" == "y" ]; then
+        Input_Add_proxy
+        Create_nginx_proxy_conf
+      else
+        Nginx_rewrite
+        if [ "${NGX_FLAG}" == "java" ]; then
+          Nginx_log
+          Create_nginx_tomcat_conf
+        else
+          Nginx_log
+          Create_nginx_phpfpm_hhvm_conf
+        fi
     fi
   elif [ ! -e "${web_install_dir}/sbin/nginx" -a -e "${apache_install_dir}/bin/httpd" ]; then
     Choose_ENV
@@ -1196,7 +1312,7 @@ List_Vhost() {
 if [ ${ARG_NUM} == 0 ]; then
   Add_Vhost
 else
-  [ "${add_flag}" == 'y' -o "${sslquiet_flag}" == 'y' ] && Add_Vhost
+  [ "${add_flag}" == 'y' -o "${proxy_flag}" == 'y' -o "${sslquiet_flag}" == 'y' ] && Add_Vhost
   [ "${list_flag}" == 'y' ] && List_Vhost
   [ "${delete_flag}" == 'y' ] && { Del_NGX_Vhost; Del_Apache_Vhost; Del_Tomcat_Vhost; }
 fi