initial commit

doc/README.md

@@ -0,0 +1,3 @@
+#TBD
+
+[Examples](examples/README.md)

doc/examples/README.md

@@ -0,0 +1,9 @@
+# Examples
+
+- [simple static site](basic/README.md)
+- [static site with templates](static-template/README.md)
+- [print env via NJS](njs/README.md)
+- [print env via Perl](perl/README.md)
+- [SSL with subdomains](ssl/README.md)
+- [generating config with templates](config-template/README.md)
+- [container configuration override](j2cfg-override/README.md)

doc/examples/basic/Dockerfile

@@ -0,0 +1,4 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /site/   /etc/angie/site/
+COPY /static/ /etc/angie/static/

doc/examples/basic/README.md

@@ -0,0 +1,15 @@
+# simple static site
+
+consult [Dockerfile](Dockerfile) or [docker-compose.yml](docker-compose.yml) - both are simple and fine enough.
+
+---
+
+configuration:
+
+```nginx
+server {
+    listen 8080;
+}
+```
+
+simple as that! :)

doc/examples/basic/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-basic:
+    container_name: angie-conv-example-basic
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    ports:
+      - "127.0.0.1:8080:8080"
+    volumes:
+      - "./site:/angie/site:ro"
+      - "./static:/angie/static:ro"

doc/examples/basic/site/http-site.conf

@@ -0,0 +1,3 @@
+server {
+    listen 8080;
+}

doc/examples/basic/static/index.html

@@ -0,0 +1,5 @@
+<html>
+    <body>
+        <h1>Hello World</h1>
+    </body>
+</html>

doc/examples/config-template/README.md

@@ -0,0 +1,113 @@
+# generating config with templates
+
+configuration:
+
+```nginx
+{%- import 'snip/cache.j2mod' as ngx_cache -%}
+
+{%- set my_caches = (j2cfg.my_caches or []) -%}
+
+{%- for h in my_caches %}
+{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{%- endfor %}
+
+server {
+    listen 8888;
+
+    location / { return 204; }
+
+    {%- for h in my_caches %}
+    location /{{ h.name }}/ {
+        proxy_pass {{ h.uri }}/;
+
+        proxy_cache  {{ h.name }};
+
+        expires {{ h.valid_time }};
+
+        proxy_cache_valid 200 {{ h.valid_time }};
+        proxy_cache_valid any 30s;
+    }
+    {%- endfor %}
+}
+```
+
+---
+
+site configuration (via `j2cfg/my-caches.yml`):
+
+```yml
+my_caches:
+
+  - name: apt_debian
+    uri: https://deb.debian.org/debian
+    valid_time: 180m
+    max_time: 1440h
+
+  - name: apt_debian_security
+    uri: https://deb.debian.org/debian-security
+    valid_time: 180m
+    max_time: 1440h
+
+## and so on ...
+```
+
+---
+
+docker-compose.yml:
+
+```yml
+version: "3.8"
+
+services:
+
+  angie-conv-example-config-template:
+    container_name: angie-conv-example-config-template
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    restart: always
+    privileged: true
+    stop_grace_period: 15s
+    network_mode: host
+    environment:
+      NGX_HTTP_TRANSPARENT_PROXY: 1
+    volumes:
+      - "./conf:/etc/angie:ro"
+      - "./data:/angie"
+```
+
+---
+
+final configuration looks like this:
+
+```nginx
+proxy_cache_path  /run/ngx/cache/proxy_apt_debian
+  keys_zone=apt_debian:10m:file=/run/ngx/lib/proxy_apt_debian.keys
+  inactive=1440h
+  levels=1:2
+;
+
+# ...
+
+server {
+# ...
+
+    location /apt_debian/ {
+        proxy_pass https://deb.debian.org/debian/;
+
+        proxy_cache  apt_debian;
+
+        expires 180m;
+
+        proxy_cache_valid 200 180m;
+        proxy_cache_valid any 30s;
+    }
+
+# ...
+}
+```
+
+---
+
+Test URI e.g. with `curl`:
+```sh
+curl -v http://localhost:8888/apt_debian/dists/bookworm/main/binary-all/Release
+```

doc/examples/config-template/conf/j2cfg/my-caches.yml

@@ -0,0 +1,16 @@
+my_caches:
+
+  - name: apt_debian
+    uri: https://deb.debian.org/debian
+    valid_time: 180m
+    max_time: 1440h
+
+  - name: apt_debian_security
+    uri: https://deb.debian.org/debian-security
+    valid_time: 180m
+    max_time: 1440h
+
+  - name: apt_ubuntu
+    uri: https://archive.ubuntu.com/ubuntu
+    valid_time: 180m
+    max_time: 1440h

doc/examples/config-template/conf/site/http-my-cache.conf.j2

@@ -0,0 +1,79 @@
+{%- import 'snip/cache.j2mod' as ngx_cache -%}
+{%- set my_caches = (j2cfg.my_caches or []) -%}
+
+map $uri
+    $to_proxy_uri
+{
+    ~^/[^/]+/(.*)$  $1;
+}
+
+map $request_method
+    $to_proxy_method
+{
+    default  GET;
+    ## already handled by "proxy_cache_convert_head on;" (default setting)
+  # HEAD     GET;
+    OPTIONS  OPTIONS;
+}
+
+## quirks
+
+chunked_transfer_encoding  off;
+proxy_method  $to_proxy_method;
+proxy_ignore_client_abort  on;
+proxy_ignore_headers  Cache-Control  Expires  Set-Cookie  Vary  X-Accel-Buffering  X-Accel-Expires  X-Accel-Limit-Rate;
+
+## tuning
+
+proxy_cache_key  $to_proxy_uri$is_args$args;
+
+proxy_cache_lock          on;
+proxy_cache_lock_age      20s;
+proxy_cache_lock_timeout  25s;
+proxy_cache_use_stale     error  timeout  invalid_header  updating  http_429  http_500  http_502  http_503  http_504;
+proxy_cache_revalidate    on;
+
+{%- for h in my_caches %}
+{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }}
+{%- endfor %}
+
+server {
+    listen 8888;
+
+    location / { return 204; }
+
+    location /console/ {
+        # allow 127.0.0.0/8;
+        # deny all;
+
+        auto_redirect on;
+
+        alias /usr/share/angie-console-light/html/;
+        index index.html;
+
+        location /console/api/
+        {
+            access_log off;
+            api /status/;
+        }
+
+        location /console/api/config/
+        {
+            access_log off;
+            api /config/;
+        }
+    }
+
+    {%- for h in my_caches %}
+    location /{{ h.name }}/ {
+        proxy_pass {{ h.uri }}/;
+
+        proxy_cache  {{ h.name }};
+
+        expires {{ h.valid_time }};
+
+        proxy_cache_valid 200 {{ h.valid_time }};
+        proxy_cache_valid any 30s;
+    }
+    {%- endfor %}
+}

doc/examples/config-template/docker-compose.yml

@@ -0,0 +1,16 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-config-template:
+    container_name: angie-conv-example-config-template
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    restart: always
+    privileged: true
+    stop_grace_period: 15s
+    network_mode: host
+    environment:
+      NGX_HTTP_TRANSPARENT_PROXY: 1
+    volumes:
+      - "./conf:/etc/angie:ro"
+      - "./data:/angie"

doc/examples/j2cfg-override/Dockerfile

@@ -0,0 +1,13 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /j2cfg/  /etc/angie/j2cfg/
+COPY /site/   /etc/angie/site/
+COPY /static/ /etc/angie/static/
+
+ENV NGX_HTTP_CONFLOAD='gzip'
+
+## same as above (adjusted to above variant by entrypoint):
+##   ENV NGX_HTTP_MODULES='gzip'
+
+## enable support for brotli and zstd:
+##   ENV NGX_HTTP_MODULES='gzip brotli zstd'

doc/examples/j2cfg-override/README.md

@@ -0,0 +1,32 @@
+# container configuration override
+
+consult [Dockerfile](Dockerfile) or [docker-compose.yml](docker-compose.yml) - both are simple and fine enough.
+
+---
+
+mostly same as [simple static site](../basic/README.md) except container configuration file `j2cfg/override-compress-types.yml`.
+
+`j2cfg/override-compress-types.yml`:
+```yml
+compress_types: []
+
+---
+
+compress_types:
+- text/plain
+```
+
+this effectively disables response compression for all mime types except `text/plain`.
+
+---
+
+in order to enable (!) response compression specify environment variable `NGX_HTTP_CONFLOAD='gzip'` or `NGX_HTTP_MODULES='gzip brotli zstd'` (for gzip, brotli and zstd).
+
+---
+
+Test URI e.g. with `curl`:
+```sh
+curl -v --compressed http://127.0.0.1:8080/index.html
+
+curl -v --compressed http://127.0.0.1:8080/index.txt
+```

doc/examples/j2cfg-override/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-cfg-override:
+    container_name: angie-conv-example-cfg-override
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    environment:
+      NGX_HTTP_MODULES: 'gzip brotli zstd'
+    ports:
+      - "127.0.0.1:8080:8080"
+    volumes:
+      - "./j2cfg:/angie/j2cfg:ro"
+      - "./site:/angie/site:ro"
+      - "./static:/angie/static:ro"

doc/examples/j2cfg-override/j2cfg/override-compress-types.yml

@@ -0,0 +1,6 @@
+compress_types: []
+
+---
+
+compress_types:
+- text/plain

doc/examples/j2cfg-override/site/http-site.conf

@@ -0,0 +1,3 @@
+server {
+    listen 8080;
+}

doc/examples/j2cfg-override/static/index.html

@@ -0,0 +1,5 @@
+<html>
+    <body>
+        <h1>Hello World</h1>
+    </body>
+</html>

doc/examples/j2cfg-override/static/index.txt

@@ -0,0 +1,5 @@
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

doc/examples/njs/Dockerfile

@@ -0,0 +1,6 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /site/ /etc/angie/site/
+
+## load ngx_http_js_module
+ENV NGX_HTTP_MODULES='njs'

doc/examples/njs/README.md

@@ -0,0 +1,47 @@
+# print env via NJS
+
+consult [Dockerfile](Dockerfile) or [docker-compose.yml](docker-compose.yml) - both are simple and fine enough.
+
+---
+
+configuration:
+
+```nginx
+server {
+    listen 8080;
+
+    location / { return 204; }
+
+    js_import ngx_env.js;
+    location = /env
+    {
+        js_content ngx_env.report;
+    }
+}
+```
+
+---
+
+NJS script:
+
+```js
+function report(r) {
+    var s = "";
+    const keys = Object.keys(process.env).sort();
+    for (const i in keys) {
+        const k = keys[i];
+        const v = process.env[k];
+        s += k + '=' + v + "\n";
+    }
+    r.return(200, s);
+}
+
+export default { report };
+```
+
+---
+
+Test URI e.g. with `curl`:
+```sh
+curl http://127.0.0.1:8080/env
+```

doc/examples/njs/docker-compose.yml

@@ -0,0 +1,13 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-njs:
+    container_name: angie-conv-example-njs
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    environment:
+      NGX_HTTP_MODULES: 'njs'
+    ports:
+      - "127.0.0.1:8080:8080"
+    volumes:
+      - "./site:/angie/site:ro"

doc/examples/njs/site/http-env-js.conf

@@ -0,0 +1,11 @@
+server {
+    listen 8080;
+
+    location / { return 204; }
+
+    js_import ngx_env.js;
+    location = /env
+    {
+        js_content ngx_env.report;
+    }
+}

doc/examples/njs/site/ngx_env.js

@@ -0,0 +1,12 @@
+function report(r) {
+    var s = "";
+    const keys = Object.keys(process.env).sort();
+    for (const i in keys) {
+        const k = keys[i];
+        const v = process.env[k];
+        s += k + '=' + v + "\n";
+    }
+    r.return(200, s);
+}
+
+export default { report };

doc/examples/perl/Dockerfile

@@ -0,0 +1,11 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+SHELL [ "/bin/sh", "-ec" ]
+
+COPY /site/ /etc/angie/site/
+
+## install 'angie-module-perl' and process package contents
+RUN apt-install-angie-mod.sh perl ; \
+    apt-clean.sh
+
+## load ngx_http_perl_module
+ENV NGX_HTTP_MODULES='perl'

doc/examples/perl/README.md

@@ -0,0 +1,70 @@
+# print env via Perl
+
+Dockerfile:
+
+```dockerfile
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /site/ /etc/angie/site/
+
+## install 'angie-module-perl' and process package contents
+RUN apt-install-angie-mod.sh perl ; \
+    apt-clean.sh
+
+## load ngx_http_perl_module
+ENV NGX_HTTP_MODULES='perl'
+```
+
+---
+
+configuration:
+
+```nginx
+perl_require ngx_env.pm;
+server {
+    listen 8080;
+
+    location / { return 204; }
+
+    location = /env
+    {
+        perl ngx_env::report;
+    }
+}
+```
+
+---
+
+Perl script:
+
+```perl
+package ngx_env;
+
+use nginx;
+
+sub report {
+    my $r = shift;
+
+    my $s = "";
+    for (sort keys %ENV) {
+        $s = $s . "$_=$ENV{$_}\n";
+    }
+
+    $r->discard_request_body;
+    $r->send_http_header;
+    $r->print($s);
+
+    return OK;
+}
+
+1;
+
+__END__
+```
+
+---
+
+Test URI e.g. with `curl`:
+```sh
+curl http://127.0.0.1:8080/env
+```

doc/examples/perl/site/http-env-perl.conf

@@ -0,0 +1,11 @@
+perl_require ngx_env.pm;
+server {
+    listen 8080;
+
+    location / { return 204; }
+
+    location = /env
+    {
+        perl ngx_env::report;
+    }
+}

doc/examples/perl/site/ngx_env.pm

@@ -0,0 +1,22 @@
+package ngx_env;
+
+use nginx;
+
+sub report {
+    my $r = shift;
+
+    my $s = "";
+    for (sort keys %ENV) {
+        $s = $s . "$_=$ENV{$_}\n";
+    }
+
+    $r->discard_request_body;
+    $r->send_http_header;
+    $r->print($s);
+
+    return OK;
+}
+
+1;
+
+__END__

doc/examples/ssl/Dockerfile

@@ -0,0 +1,15 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /site/   /etc/angie/site/
+COPY /static/ /etc/angie/static/
+COPY /tls/    /etc/angie/tls/
+
+ENV NGX_HTTP_CONFLOAD='ssl'
+
+## same as above (adjusted to above variant by entrypoint):
+##   ENV NGX_HTTP_MODULES='ssl'
+
+## serve with HTTP/2 (disabled by default):
+##   ENV NGX_HTTP_CONFLOAD='ssl v2'
+## or
+##   ENV NGX_HTTP_MODULES='ssl v2'

doc/examples/ssl/README.md

@@ -0,0 +1,67 @@
+# SSL with subdomains
+
+consult [Dockerfile](Dockerfile) or [docker-compose.yml](docker-compose.yml) - both are simple and fine enough.
+
+---
+
+configuration:
+
+```nginx
+server {
+    listen 8443 ssl;
+
+    server_name www.example.org;
+
+    ssl_certificate      tls/www.example.org.chain.crt;
+    ssl_certificate_key  tls/www.example.org.pem;
+
+    root static/www.example.org;
+}
+```
+
+---
+
+configuration for wildcard certificate:
+
+```nginx
+server {
+    listen 8443 ssl;
+
+    server_name .example.org;
+
+    ssl_certificate      tls/example.org.chain.crt;
+    ssl_certificate_key  tls/example.org.pem;
+
+    root static/example.org;
+}
+```
+
+*Note: certificate must have* `X509v3 Subject Alternative Name` *property with value like* `DNS:example.org, DNS:*.example.org` .
+
+---
+
+(optional) configuration for cut-off SSL server block (see [documentation](https://angie.software/en/configuration/modules/http/http_ssl/#ssl-reject-handshake) for rationale):
+
+```nginx
+server {
+    listen 8443 ssl default_server bind deferred;
+
+    server_name _;
+
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+
+    ## reject connections early
+    ssl_reject_handshake on;
+}
+```
+
+---
+
+Test URI e.g. with `curl`:
+```sh
+curl --insecure --resolve example.org:8443:127.0.0.1 https://example.org:8443/
+
+curl --insecure --resolve www.example.org:8443:127.0.0.1 https://www.example.org:8443/
+
+curl --insecure --resolve test.example.org:8443:127.0.0.1 https://test.example.org:8443/
+```

doc/examples/ssl/demo-ca/0-CA-Root.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIITliyKcJbVmEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNjA5MTgyMzU5NTlaMBIxEDAO
+BgNVBAMTB0NBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP
+0HWgtUwQ+OMm30ANf8Iy4H3tfGnfrDd4oQXqMjuW6Eh0nxzlWMIcvrN1l2Y2QscI
+i+/6CNq6tirbkN3PIYFdboejROXPDRsh7ck+92PyJiEcbK0SbI/S/3bKGpeqmTy+
+HvbkMvzlUJ/+SH6FgU3sCkYga43QDE8DT3PRf0zd7mBF2ij/OXtv69JehdTJBDa2
+hW09Ivjfq5cHoMIEfIvTp8847TGIQDqU8k1N8A5brrU+2gHJ+H3GoV09ej5/cv6Q
+9FU9DE/mTW7iDHjNVNgq4JQXJWyCYH6TfoKet+/8Q1odhe+4dG22lO6EgHdp5IIN
+J5322FKKsuwZ1JhA/ZJ9AgMBAAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFDHRuuHS1LwoRcTtUhLcp+DaEa/IMAsGA1UdDwQEAwIBBjAfBgNVHSUEGDAW
+BgorBgEEAYI3CgMBBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAxRGAJ3nV
+/ycyml5mm4q330Mnsa8Rc0DoVaQXfEyIIBkgYD2dIhvjnA5cK6AVStAJ/16lx77T
+v5bG5/AyC2D7ISd8PLcpWrAtxo06cYM3OJjpWwl18oH1tS1L2hi6L8I2LNkW4TKQ
+yFjRCYJvsM2QUnRL99S4JKiXACDMCTP/ZP87fQvmfi4lXCnUlQqgtnCq0+iCwXVJ
+oR1SdOrmPz/NI23RA41U15LePwFuK5cTE0WhtyZej8ksv6V+5Z1aiIBTt/cMl+KH
+2K9dmO+dNp1DJeSaeH+8rsDd44FkPvDi1nMjm4G51U2JVrbjift70DM/Ia/DPH72
+bYJLgeFDhdfzMg==
+-----END CERTIFICATE-----

doc/examples/ssl/demo-ca/0-CA-Root.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAz9B1oLVMEPjjJt9ADX/CMuB97Xxp36w3eKEF6jI7luhIdJ8c
+5VjCHL6zdZdmNkLHCIvv+gjaurYq25DdzyGBXW6Ho0Tlzw0bIe3JPvdj8iYhHGyt
+EmyP0v92yhqXqpk8vh725DL85VCf/kh+hYFN7ApGIGuN0AxPA09z0X9M3e5gRdoo
+/zl7b+vSXoXUyQQ2toVtPSL436uXB6DCBHyL06fPOO0xiEA6lPJNTfAOW661PtoB
+yfh9xqFdPXo+f3L+kPRVPQxP5k1u4gx4zVTYKuCUFyVsgmB+k36Cnrfv/ENaHYXv
+uHRttpTuhIB3aeSCDSed9thSirLsGdSYQP2SfQIDAQABAoIBADAlMD9DiWQsOToO
+AlGuTeBKHLqato+cnzxZ99wWd7JCTdkA7OmgitYsgzik0wgSp/htrTL8/qm/nwW/
+1feRIF60RwXXJjO2KllNtPBa0cOtvEGQ1vb8AkUkrNFtYEJknotAcrwTKP56k5qO
+kotdFd+v0KfdqxzuYRbX/zHjv3vxvQ/GxPAjyliAfrY+kt4I7tL30ZSCnLbmUEE5
+22v5zAeehi5QnFx6P3jnuv6f5Nn84fl0BV5xHOVrAj3WHRVb5UiHrZc1N+A2hKAC
+5SPYwLpf5RYQ4oJFCeUL3zZSSCSQnwa3jcSmCMV3flqL7ZsDI+EWJ9PwAEb1t7HF
+gCAF1skCgYEA+iXXOB0IR5N1nHVVGUWJSCL8JihDE/xyw1EbXGJPfz2648R7sOEq
+RqjnUNa7ODPlZ09Mf0zFhbWxAVEw4lCH++ZHCAw5JQ8mWCXwqd4zbcjJ6jzHtnn5
+U7JoEwPfPXZ5bx1avSaXHoOjgHXeGCMuLEF2faJd8iqnGh9epGq4PEkCgYEA1K0U
+SovG/1OoJw13LK5BQhSdcko5B03kAKROMVA6tvOekCYGC+MAqJtj/+lxkbLlTEtr
+FUzFdAIv+djU7yd0CxGcsiic25AKUq/Ko3Etxe89agpI3I+kSfb2zzOiRqAPyYBP
+AF9Crm6uJFZdATc2j/60DIElFlhD2qdDO6rWnJUCgYAhQqrNMT8KlVbMCOXZyF8q
+kkxIno3cuHJh+gTTUdcUKhcRdeykZiwC3S50lzipjmzwQaEARCr3TmNMs4j2bpLG
+MaY8MbPfc5Y7nj/TtlHMRShj1tUPNESslko0TQ1/1KLs3VBVWi45xnMU/5caSoM3
+KzUgG1i2fGlfldA1uGLq0QKBgFENuasDhI7wwihIEIBd1Q8rLipNsVhgTiIUfJx8
+uDPbuzWy2CEVnb2ko0L4JElkBdHC+IfAn4wr/T7abaTLw4UobDDWG5nuVpDW4ILT
+8p76I8zTKJuuvu1VixDC2/jQrdOc6/73T0GNex7sLzv0X/4XE2Wkno7aitm9X3lR
+DcPVAoGAUvleRG0hFMOFJH6jdX61/FW9tPZc+nPY3JXNYVvQLj9oEArgoT6crKfa
+cBgRLYd3AZUfz6CY+8Ln81oNKWM2iTkv/+y8Mtt35r1+GeBHXvfgsDcJmKsaZ+Oh
+/avdDrMT9UnLbIImYmhmixrMrypGtBMN5f2EVQZmk2CGe1lG5rw=
+-----END RSA PRIVATE KEY-----

doc/examples/ssl/demo-ca/1-CA-Internal.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
+BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
+Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
+3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
+RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
+jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
+xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
+vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
+AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
+taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
+x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
+XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
+3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
+15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
+-----END CERTIFICATE-----

doc/examples/ssl/demo-ca/1-CA-Internal.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1
+mINw3442HcrhNij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdD
+huksbrIApQow3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVA
+DJ7rmPSoZSa/RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh7
+8KA6LuECUDX9jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzB
+o6szAeyIKzkkxOjppCNz2Uou3UsVEVyCA6GAjQIDAQABAoIBABwMEkeGBuvHz4Th
+KvpQ3c0DNqM/02PPP9E0HZQuXeEEMAkz2Cfv7KF1YP8hRkIQfzlK7vQqu41tc6qz
++UawNe+5IQ2IQUNOz+1lnaoWrHdod6T2c5iwc4ywGcy4fvO7XVAS1KAgjcOlLSzD
+fny6w+EHCCMvle7N44/7Yik6vFbbcThUiaHhg52rfWVkxydEzSRLj/SnBwQTGuk2
+vE/N2W3OkRWGpKmdjnrRsCJhF3XbHBqMQq9NoTxRUV9Uil2iGIvggW4cqT6hc0w6
+gC+P/9/5atpOlbtKgEDMCMUM+ltwgDN12SnYwJDbp/pXNm6v7818bccueJ+W8KTX
+kgRyF9ECgYEA+7/nRzFrFAkXItlASjuhtbachwu0bXBBYJMADHtN5V8scosX43vp
+0Q150W6b8pJB/HYCrCpVv+9tSlT20PPwQR/UcpZKrEWkuAcNjQs/UNSRuZ2qyibc
+nIp+jk9Rdt86BEj5UFmiylIUnHsHgW6O3tE+phedK0zH11d6mdwzT1kCgYEAtkt6
+GZpFnmH8VFOoU006fPPETVnNNSNkn4ysNHzRC1OBDynWhiFWUW+23SdRaayCYTl9
+IWpUTRVuW8Y4B1qO+rUd1C68+p8FlIaFFIT5Z1bCJ7e/M0hl6TSuIhrNa/ItUmEB
+Ax330guUVr9IIGZiROliIcSdoGf9T9UqhvG8aFUCgYAmZt6TuJEZ7E0QLs2kxTXk
+rydvXjS2oPIIFkRiowh93ae9DUSmmcdP8VtMvC+jr/XK2gGMW6Ta813bgdxogV17
+waw5kn1vi+wVelXx1u5gmRxlkQx1a7opUuL9OFI37NM/xhXp0NKJRD4KpKW/c6rt
+iEOjOGTsLvko+xojkDhveQKBgFY9Rrot/Zl8CX9rREqEUpMiT0+4mBf3cnb4ec8q
+7UpKatfdlxtFUiyciQn+u8keT1/nbocMYm1FIjxQfdkcwl9gp4flxIlcCavGJ9cZ
+QVPd+2QGzXFZYrz8qxR/UYcrvr0mHvB2kPLRf4+6VkjdpserET2gYmGsUG4gDkpg
+uh0xAoGBAOcZk8EGQUiesG8mk3r1ylVpxjlpbVyQ0dwuehSsyKqYlFDAF/TWF6EQ
+1k1GjwjXZmL5FuOhW1Ozh5m1kkg0tBW2jCevniRzLrUzBFRImuwfrOHH6FYyXBBs
+q3+fn1htEiDB3xelFGPyFEMzUrEvUQNU3jkiypR8JNPoE09X5XtD
+-----END RSA PRIVATE KEY-----

doc/examples/ssl/demo-ca/2-example.org.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIIKr9NphMObcAwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
+AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAW
+MRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ+WCrO6ML91DNYfgzrc6XiZvOFNxBfbuPkPdFw6dx4wwJCFg0VcdH1W
+BpVMMvczlntphpARGZ+bsktKRhsbDHNfbExo6Sn6b0x/xnUkFg34ukYhRdFs+xHC
+/PO9t2a9LDcMsBr0yLBugbMYGZj2Ln+sp478aKyWNkQLBKOEfeijtg3qrIx0B/we
+vd8Tx49ahQYB8XELiZa1mntqRpHewMr+ul6sf5z6JR3Jrokvzu7kGLjt1FN1VAQR
+pkzqNYJX/vUJ3KIdZxWHyzyoIbra/VjeP/POIY22eQGDWwbg9sNVUyVKFPzkaSwV
++BAytQiEn2cEQtmxoPZ+iLkyiGgGFWUCAwEAAaOBrjCBqzAMBgNVHRMBAf8EAjAA
+MB0GA1UdDgQWBBRrZV8OY2075agO7UQfsDcPKmt87TAfBgNVHSMEGDAWgBRKxJqX
+F5NjWqa8UsgshLeBnjKcYzALBgNVHQ8EBAMCA/gwJwYDVR0lBCAwHgYIKwYBBQUH
+AwEGCCsGAQUFBwMCBggrBgEFBQcDCDAlBgNVHREEHjAcggtleGFtcGxlLm9yZ4IN
+Ki5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEApijiwX+Y6XR25Z0yyv9P
+gAkZkE+X/rQuk+9PyuSXLWUg9x0p3G0RUwPHHwiUpYHnTmAf3iKoPHLltX+KxqkO
+W3Kx07TId5FmK8UrCZ+Xs1yuvMHtwdAvf8DA8QCaWSa8N9QeYmbzArjM8035j16+
+rFiMaO8mLEftqnVZksYt3pPWsus0UnhK9gnTw9PSxqWpC1EoTyiuDwTLdVqqYAeM
+oqqdpHfSFPBXmCRZc5dbptnrJmLiMHoVeeKjdYXLr1GgIVYPN+Dbldwb8gcIQ+TM
+zN+J7p0W7rHhsGSleackNlWWfodjnc0WHZWkyplg4W48V6KbLxsK+LOpvnuoy+mu
+vw==
+-----END CERTIFICATE-----

doc/examples/ssl/demo-ca/2-example.org.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAn5YKs7owv3UM1h+DOtzpeJm84U3EF9u4+Q90XDp3HjDAkIWD
+RVx0fVYGlUwy9zOWe2mGkBEZn5uyS0pGGxsMc19sTGjpKfpvTH/GdSQWDfi6RiFF
+0Wz7EcL88723Zr0sNwywGvTIsG6BsxgZmPYuf6ynjvxorJY2RAsEo4R96KO2Deqs
+jHQH/B693xPHj1qFBgHxcQuJlrWae2pGkd7Ayv66Xqx/nPolHcmuiS/O7uQYuO3U
+U3VUBBGmTOo1glf+9Qncoh1nFYfLPKghutr9WN4/884hjbZ5AYNbBuD2w1VTJUoU
+/ORpLBX4EDK1CISfZwRC2bGg9n6IuTKIaAYVZQIDAQABAoIBAA52Ufz3VCCdp8P7
+Mht9AU7Txolie0awO63yfRiN7H/uFMgOxBaJP5NLiagxB3Nd7Pa9LvEnuOXn0xC9
+/Twf8ju9u4+ceE48wFEInqsR/J+tLpsEET2JPfgzmVSGGQn0qH5KpjujJabQ35cj
+3s9SYWS3owMIaSdZgOHKCn8TwYykriGYgagV3c+tMdqDaqvrrWAu9mkCp9/MzREb
+X3XBJ9NE/5dlMeMfXJiRKvLc16hQCSrXVdCLLm3U3/sHncDKOEOF4kvEBR5ciXXN
+zXkuvbE4GKjC0rCGZtocbC2EkkHRMD96Y2cNwmNnWp0fJ0KOVYGw3S3YsWNMex0u
+n57vEUcCgYEAy+x9NB4pCF/5Va82yRYYRUZCyDWLAYAC7kJ933R2wugUgs8FUQzK
+xh0d7PuGDYB/zrsZfdQoZGmEbffZ/pze6pdIpaFKFnQoHPtS92aQdBPwyCdBnJUy
+cuVQekPBsDtRFSOaznzOej+bkFH43RujYjDPPRAIP2Oily20CRcXzb8CgYEAyFb6
+X2mQn2EM+vIxGIIUe09YsT9OhZyzI2TG4M4yvapFF8FVA5qZJTQh7mxJzlACev3J
+Rmrpo/36j4co9x8Ph9ojcQzd0qhiwYPaFc4sBjFRPm8k22+mf2zIm5VV1xHqML65
+ciGGCLxfBO+j1y0ktUL6g9QGwyr/0RaFo7UhrdsCgYBcEyipGqEeVe9Hn/hVrTNC
+PCo1Ke/cuocYO0+IUJa7BH0WXxEgem0oLMdxVFQ/znBm0JX++YdPZ1FTMeDtFLmW
+JL65gmzoXIQsKdJZQKcisko6pXb7k2YW+LFwsx1GTFIdAFmKuFGmYwgDju+WLj+E
+O1OnV5DRxlQIfKtYm2O1EwKBgHb1hrgPFAw/cZi1JUf7PbQ22mBtSe/2qzxyA9HL
+Pr/2kg5YA2Yfb55yxU8wx+aVBdQITHLe2xtAnX6KcF3E+NDfS7o+PJ1w1Ss5Ys8d
+3HBU6nwbPRR7yK7TZo9T7mPFxHzrU2yc0Vzwla91qKEFsk1blyueQ+Gx77M1H2el
+D3mPAoGAfd9V3aNVaNjjj/ILQlX6ypPeqWLjzsHRnsIedDXgGRh5/ZgXetSgp+f9
+MtZdaHkYiBMYJJXFqn3KcIaRGAgxQbaqnZtSmHpUg4AXDmxEbu01ryVjPIW/EvZb
+4oTikKQyUW8jqWS3irvxZga+nwJFNNYMyVgK+W29UYZzW53GMV4=
+-----END RSA PRIVATE KEY-----

doc/examples/ssl/demo-ca/3-www.example.org.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVjCCAj6gAwIBAgIIKpxUKA9KjPcwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
+AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAa
+MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7IBurNJ8FFtPgMBX8n8wQuAypCfFucM3reIblnPpHsWifRlk/
+XrOmD1FDhErz4V38ouloS7q4jxAbbrPlLW93u4En5UZ5jPzN3T2h0vIrPl6sCKf1
+edEju5lu7WIcNUH8VF4j6kDP71LwBW99kdFrYHSRCtWIXeJrB1MLx7c9lekrm89/
+lz08UdGd7udJOcKDrsvsIj4cJYImHENLYB4LoWVMsiD7ap+zKud9Zf9YsRNG7XTT
+HtZSTdrgN5opAU/0vA10Jzp1S3HDfPL5+7Xw6Xq62ZJXOyAofpItxc9dGOOoNiZi
+wtYCMZwz2H3LujDgc5wMbPV9k1UxU/Y6QHrjAgMBAAGjgaMwgaAwDAYDVR0TAQH/
+BAIwADAdBgNVHQ4EFgQUDhDi+m6Iocrd9LJ6ZJBFMfsp3F0wHwYDVR0jBBgwFoAU
+SsSalxeTY1qmvFLILIS3gZ4ynGMwCwYDVR0PBAQDAgP4MCcGA1UdJQQgMB4GCCsG
+AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwgwGgYDVR0RBBMwEYIPd3d3LmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBr03L9bIY5unzvN8psu+a410Gwgkma
+8D37SeJ23fV0FR0gemgIJsq0SoVRuwbHQMum1Rs9MC+fRIcN5UZGKDTb6WQIb+In
+1qnX3A5OU/rTOjkWELQLxJ+ejqJT86pHuODwpX+YME1nDo+3nmb/OLAzrXjgfY3j
+w5GCU4dobXU3RvbQAbvpw4ECOBPbuizq+fngIGmeJt7kcdJ6vZw3OvKlk451REGI
+gt3TrELsmvH7D2qNyPYgEn7ifdVKEbiMcFcHoMz/zZ2ZxlGSQ7YnWOZd0++uB2od
+iBWE+faUZ2ApEWEnX1FPcPIQ7x7dDvYHkmGVh0tAwXcgPs1NCX7rJcVF
+-----END CERTIFICATE-----

doc/examples/ssl/demo-ca/3-www.example.org.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuyAbqzSfBRbT4DAV/J/MELgMqQnxbnDN63iG5Zz6R7Fon0ZZ
+P16zpg9RQ4RK8+Fd/KLpaEu6uI8QG26z5S1vd7uBJ+VGeYz8zd09odLyKz5erAin
+9XnRI7uZbu1iHDVB/FReI+pAz+9S8AVvfZHRa2B0kQrViF3iawdTC8e3PZXpK5vP
+f5c9PFHRne7nSTnCg67L7CI+HCWCJhxDS2AeC6FlTLIg+2qfsyrnfWX/WLETRu10
+0x7WUk3a4DeaKQFP9LwNdCc6dUtxw3zy+fu18Ol6utmSVzsgKH6SLcXPXRjjqDYm
+YsLWAjGcM9h9y7ow4HOcDGz1fZNVMVP2OkB64wIDAQABAoIBAD+Cd0GVO397ru+B
+AoVaKuVlwg5BLKsCKDGKF6aor51TjiG4u6OxXaG3wyn6JYI+dCrBlBxsz3PCQoI9
+AVuAHzvw7LYAr/mjK04nj7pzoPOiWHlk+rRq4tuQ2VN3x/uw67NbYxQndlXccTa7
+cYqZygz6kLWFitGco7MVqk7uOrfwqu4O5GbktR4Vm6apEh2eFsSfgFE4LN3z7bbf
+A7dzePBy2BOEvy/CjNX5stkLKJuWzuVTcYXB82bqp/VsSXSQG9o/9VmR6OUhXWjA
+Clf+m3HqVmZ1IivOFz48LHVzvUj26AclvwwXkaGptbA6s08QWJMS2mpZlWbWNwzr
+Mqgl/3ECgYEA8xpGCQrxfw7LTI9sMVnQo3S1rbB23DMuP2PmX6Aad0U3eGSxrv6B
+RweXpb1Kduu8FeLMngihPjv/UsHJkNMX6IRILc2kLbRYoQOLdJ5k42bYzhDKYN33
+e8jr6twJJsCgva4DoLM0woZTvgaRzLJBzMWoL1BT6JJkKGUukgwCiskCgYEAxQ2S
+1oN1ZHc454y2bJ0JYg6c/MGEKHFjIRLKMMxwhNXQzOr8EzzwwF+5IsJORQfJNu+P
+DaFT/3QAuByKG+Dyx4C0ssIhj6u75g1Thzgv8qHwE6DYh1VUUYO656kFTtexlFyg
+gJPYXCOWPelSNNNQXbZTV929R1Wx95+LfqLqQksCgYEApmCj8ApqT3AbmVFLVddH
+YKc+tBnirz/j9gR0JZwYoOphVWds5/xNFATRN+B+NzeNKVloevwjBsnfK49vWUvv
+v/XQxHBKXfFg+wnHBtBk8fFwjk+VgohHmZNgSwO+y6PoHwkaeIBNqphudc5fOL4D
+JJdeTMtoMfMG01K0dcX8c2kCgYEAwE1n0GqIJNxoryfWW5bBMm2abNwZsjI9kGg6
+43aQFEJpu6FTER82wDZqgW5oXdukVTViQOYBCFpX3VUUvvI/W8zSC2WCxSfOfkrh
+CiQePsYkebNNvHzchZRt0WhUYsYCagwfInul+P1NwOuzKxRR6LJnEWe3MSeDP2n3
+A0XQIZMCgYAzubLPZnJjFihAX0M9k8Cjc+q6KKnA6Fp1JqnPmzoTO/r46o1shmCZ
+kRS8iqnKfTCW/MWGSPyRc0OubIVbR9hAdCZjR8wmeVdkiV+VfBRzxpcYpcZbxjmy
+6F0xz1Fv0UeKdjHQyb9UNO6Y1qVaNVVYo3tyD6VGaMdboddHPPxLDw==
+-----END RSA PRIVATE KEY-----

doc/examples/ssl/demo-ca/Makefile

@@ -0,0 +1,12 @@
+#!/usr/bin/make -f
+
+intermediate_ca_certs := 1-CA-Internal.crt
+
+certs := $(patsubst %.pem,%.crt,$(sort $(wildcard *.pem)))
+target_certs := $(patsubst %.crt,%.chain.crt,$(certs))
+
+.PHONY: all
+all: $(target_certs)
+
+%.chain.crt: %.crt $(intermediate_ca_certs)
+	cat $+ | tee $@ >/dev/null

doc/examples/ssl/docker-compose.yml

@@ -0,0 +1,15 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-ssl:
+    container_name: angie-conv-example-ssl
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    environment:
+      NGX_HTTP_CONFLOAD: 'ssl'
+    ports:
+      - "127.0.0.1:8443:8443"
+    volumes:
+      - "./site:/angie/site:ro"
+      - "./static:/angie/static:ro"
+      - "./tls:/angie/tls:ro"

doc/examples/ssl/site/http-site.conf

@@ -0,0 +1,33 @@
+server {
+    listen 8443 ssl;
+
+    server_name .example.org;
+
+    ssl_certificate      tls/example.org.chain.crt;
+    ssl_certificate_key  tls/example.org.pem;
+
+    root static/example.org;
+}
+
+server {
+    listen 8443 ssl;
+
+    server_name www.example.org;
+
+    ssl_certificate      tls/www.example.org.chain.crt;
+    ssl_certificate_key  tls/www.example.org.pem;
+
+    root static/www.example.org;
+}
+
+## optional: cut-off server
+server {
+    listen 8443 ssl default_server bind deferred;
+
+    server_name _;
+
+    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+
+    ## reject connections early
+    ssl_reject_handshake on;
+}

doc/examples/ssl/static/example.org/index.html

@@ -0,0 +1,5 @@
+<html>
+    <body>
+        <h1>This is main site.</h1>
+    </body>
+</html>

doc/examples/ssl/static/www.example.org/index.html

@@ -0,0 +1,5 @@
+<html>
+    <body>
+        <h1>This is WWW site.</h1>
+    </body>
+</html>

doc/examples/ssl/tls/ca/internal-ca.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
+BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
+Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
+3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
+RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
+jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
+xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
+vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
+AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
+taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
+x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
+XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
+3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
+15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
+-----END CERTIFICATE-----

doc/examples/ssl/tls/ca/root-ca.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIITliyKcJbVmEwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNjA5MTgyMzU5NTlaMBIxEDAO
+BgNVBAMTB0NBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP
+0HWgtUwQ+OMm30ANf8Iy4H3tfGnfrDd4oQXqMjuW6Eh0nxzlWMIcvrN1l2Y2QscI
+i+/6CNq6tirbkN3PIYFdboejROXPDRsh7ck+92PyJiEcbK0SbI/S/3bKGpeqmTy+
+HvbkMvzlUJ/+SH6FgU3sCkYga43QDE8DT3PRf0zd7mBF2ij/OXtv69JehdTJBDa2
+hW09Ivjfq5cHoMIEfIvTp8847TGIQDqU8k1N8A5brrU+2gHJ+H3GoV09ej5/cv6Q
+9FU9DE/mTW7iDHjNVNgq4JQXJWyCYH6TfoKet+/8Q1odhe+4dG22lO6EgHdp5IIN
+J5322FKKsuwZ1JhA/ZJ9AgMBAAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFDHRuuHS1LwoRcTtUhLcp+DaEa/IMAsGA1UdDwQEAwIBBjAfBgNVHSUEGDAW
+BgorBgEEAYI3CgMBBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAQEAxRGAJ3nV
+/ycyml5mm4q330Mnsa8Rc0DoVaQXfEyIIBkgYD2dIhvjnA5cK6AVStAJ/16lx77T
+v5bG5/AyC2D7ISd8PLcpWrAtxo06cYM3OJjpWwl18oH1tS1L2hi6L8I2LNkW4TKQ
+yFjRCYJvsM2QUnRL99S4JKiXACDMCTP/ZP87fQvmfi4lXCnUlQqgtnCq0+iCwXVJ
+oR1SdOrmPz/NI23RA41U15LePwFuK5cTE0WhtyZej8ksv6V+5Z1aiIBTt/cMl+KH
+2K9dmO+dNp1DJeSaeH+8rsDd44FkPvDi1nMjm4G51U2JVrbjift70DM/Ia/DPH72
+bYJLgeFDhdfzMg==
+-----END CERTIFICATE-----

doc/examples/ssl/tls/example.org.chain.crt

@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIIKr9NphMObcAwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
+AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAW
+MRQwEgYDVQQDEwtleGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJ+WCrO6ML91DNYfgzrc6XiZvOFNxBfbuPkPdFw6dx4wwJCFg0VcdH1W
+BpVMMvczlntphpARGZ+bsktKRhsbDHNfbExo6Sn6b0x/xnUkFg34ukYhRdFs+xHC
+/PO9t2a9LDcMsBr0yLBugbMYGZj2Ln+sp478aKyWNkQLBKOEfeijtg3qrIx0B/we
+vd8Tx49ahQYB8XELiZa1mntqRpHewMr+ul6sf5z6JR3Jrokvzu7kGLjt1FN1VAQR
+pkzqNYJX/vUJ3KIdZxWHyzyoIbra/VjeP/POIY22eQGDWwbg9sNVUyVKFPzkaSwV
++BAytQiEn2cEQtmxoPZ+iLkyiGgGFWUCAwEAAaOBrjCBqzAMBgNVHRMBAf8EAjAA
+MB0GA1UdDgQWBBRrZV8OY2075agO7UQfsDcPKmt87TAfBgNVHSMEGDAWgBRKxJqX
+F5NjWqa8UsgshLeBnjKcYzALBgNVHQ8EBAMCA/gwJwYDVR0lBCAwHgYIKwYBBQUH
+AwEGCCsGAQUFBwMCBggrBgEFBQcDCDAlBgNVHREEHjAcggtleGFtcGxlLm9yZ4IN
+Ki5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEApijiwX+Y6XR25Z0yyv9P
+gAkZkE+X/rQuk+9PyuSXLWUg9x0p3G0RUwPHHwiUpYHnTmAf3iKoPHLltX+KxqkO
+W3Kx07TId5FmK8UrCZ+Xs1yuvMHtwdAvf8DA8QCaWSa8N9QeYmbzArjM8035j16+
+rFiMaO8mLEftqnVZksYt3pPWsus0UnhK9gnTw9PSxqWpC1EoTyiuDwTLdVqqYAeM
+oqqdpHfSFPBXmCRZc5dbptnrJmLiMHoVeeKjdYXLr1GgIVYPN+Dbldwb8gcIQ+TM
+zN+J7p0W7rHhsGSleackNlWWfodjnc0WHZWkyplg4W48V6KbLxsK+LOpvnuoy+mu
+vw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
+BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
+Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
+3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
+RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
+jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
+xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
+vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
+AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
+taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
+x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
+XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
+3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
+15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
+-----END CERTIFICATE-----

doc/examples/ssl/tls/example.org.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAn5YKs7owv3UM1h+DOtzpeJm84U3EF9u4+Q90XDp3HjDAkIWD
+RVx0fVYGlUwy9zOWe2mGkBEZn5uyS0pGGxsMc19sTGjpKfpvTH/GdSQWDfi6RiFF
+0Wz7EcL88723Zr0sNwywGvTIsG6BsxgZmPYuf6ynjvxorJY2RAsEo4R96KO2Deqs
+jHQH/B693xPHj1qFBgHxcQuJlrWae2pGkd7Ayv66Xqx/nPolHcmuiS/O7uQYuO3U
+U3VUBBGmTOo1glf+9Qncoh1nFYfLPKghutr9WN4/884hjbZ5AYNbBuD2w1VTJUoU
+/ORpLBX4EDK1CISfZwRC2bGg9n6IuTKIaAYVZQIDAQABAoIBAA52Ufz3VCCdp8P7
+Mht9AU7Txolie0awO63yfRiN7H/uFMgOxBaJP5NLiagxB3Nd7Pa9LvEnuOXn0xC9
+/Twf8ju9u4+ceE48wFEInqsR/J+tLpsEET2JPfgzmVSGGQn0qH5KpjujJabQ35cj
+3s9SYWS3owMIaSdZgOHKCn8TwYykriGYgagV3c+tMdqDaqvrrWAu9mkCp9/MzREb
+X3XBJ9NE/5dlMeMfXJiRKvLc16hQCSrXVdCLLm3U3/sHncDKOEOF4kvEBR5ciXXN
+zXkuvbE4GKjC0rCGZtocbC2EkkHRMD96Y2cNwmNnWp0fJ0KOVYGw3S3YsWNMex0u
+n57vEUcCgYEAy+x9NB4pCF/5Va82yRYYRUZCyDWLAYAC7kJ933R2wugUgs8FUQzK
+xh0d7PuGDYB/zrsZfdQoZGmEbffZ/pze6pdIpaFKFnQoHPtS92aQdBPwyCdBnJUy
+cuVQekPBsDtRFSOaznzOej+bkFH43RujYjDPPRAIP2Oily20CRcXzb8CgYEAyFb6
+X2mQn2EM+vIxGIIUe09YsT9OhZyzI2TG4M4yvapFF8FVA5qZJTQh7mxJzlACev3J
+Rmrpo/36j4co9x8Ph9ojcQzd0qhiwYPaFc4sBjFRPm8k22+mf2zIm5VV1xHqML65
+ciGGCLxfBO+j1y0ktUL6g9QGwyr/0RaFo7UhrdsCgYBcEyipGqEeVe9Hn/hVrTNC
+PCo1Ke/cuocYO0+IUJa7BH0WXxEgem0oLMdxVFQ/znBm0JX++YdPZ1FTMeDtFLmW
+JL65gmzoXIQsKdJZQKcisko6pXb7k2YW+LFwsx1GTFIdAFmKuFGmYwgDju+WLj+E
+O1OnV5DRxlQIfKtYm2O1EwKBgHb1hrgPFAw/cZi1JUf7PbQ22mBtSe/2qzxyA9HL
+Pr/2kg5YA2Yfb55yxU8wx+aVBdQITHLe2xtAnX6KcF3E+NDfS7o+PJ1w1Ss5Ys8d
+3HBU6nwbPRR7yK7TZo9T7mPFxHzrU2yc0Vzwla91qKEFsk1blyueQ+Gx77M1H2el
+D3mPAoGAfd9V3aNVaNjjj/ILQlX6ypPeqWLjzsHRnsIedDXgGRh5/ZgXetSgp+f9
+MtZdaHkYiBMYJJXFqn3KcIaRGAgxQbaqnZtSmHpUg4AXDmxEbu01ryVjPIW/EvZb
+4oTikKQyUW8jqWS3irvxZga+nwJFNNYMyVgK+W29UYZzW53GMV4=
+-----END RSA PRIVATE KEY-----

doc/examples/ssl/tls/www.example.org.chain.crt

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIDVjCCAj6gAwIBAgIIKpxUKA9KjPcwDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UE
+AxMLQ0EgSW50ZXJuYWwwHhcNMjQwOTE5MDAwMDAwWhcNMzQwOTE4MjM1OTU5WjAa
+MRgwFgYDVQQDEw93d3cuZXhhbXBsZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC7IBurNJ8FFtPgMBX8n8wQuAypCfFucM3reIblnPpHsWifRlk/
+XrOmD1FDhErz4V38ouloS7q4jxAbbrPlLW93u4En5UZ5jPzN3T2h0vIrPl6sCKf1
+edEju5lu7WIcNUH8VF4j6kDP71LwBW99kdFrYHSRCtWIXeJrB1MLx7c9lekrm89/
+lz08UdGd7udJOcKDrsvsIj4cJYImHENLYB4LoWVMsiD7ap+zKud9Zf9YsRNG7XTT
+HtZSTdrgN5opAU/0vA10Jzp1S3HDfPL5+7Xw6Xq62ZJXOyAofpItxc9dGOOoNiZi
+wtYCMZwz2H3LujDgc5wMbPV9k1UxU/Y6QHrjAgMBAAGjgaMwgaAwDAYDVR0TAQH/
+BAIwADAdBgNVHQ4EFgQUDhDi+m6Iocrd9LJ6ZJBFMfsp3F0wHwYDVR0jBBgwFoAU
+SsSalxeTY1qmvFLILIS3gZ4ynGMwCwYDVR0PBAQDAgP4MCcGA1UdJQQgMB4GCCsG
+AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwgwGgYDVR0RBBMwEYIPd3d3LmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBr03L9bIY5unzvN8psu+a410Gwgkma
+8D37SeJ23fV0FR0gemgIJsq0SoVRuwbHQMum1Rs9MC+fRIcN5UZGKDTb6WQIb+In
+1qnX3A5OU/rTOjkWELQLxJ+ejqJT86pHuODwpX+YME1nDo+3nmb/OLAzrXjgfY3j
+w5GCU4dobXU3RvbQAbvpw4ECOBPbuizq+fngIGmeJt7kcdJ6vZw3OvKlk451REGI
+gt3TrELsmvH7D2qNyPYgEn7ifdVKEbiMcFcHoMz/zZ2ZxlGSQ7YnWOZd0++uB2od
+iBWE+faUZ2ApEWEnX1FPcPIQ7x7dDvYHkmGVh0tAwXcgPs1NCX7rJcVF
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIIc9z+Nze+1ngwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
+AxMHQ0EgUm9vdDAeFw0yNDA5MTkwMDAwMDBaFw0zNTA5MTgyMzU5NTlaMBYxFDAS
+BgNVBAMTC0NBIEludGVybmFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAs0SnuACpBbkmoPrdnrMKuGhA+dUML/PoF8RZI9BdQvnSa3r1mINw3442Hcrh
+Nij0BeVqjK6DTk8yrLA3l9/bpXIubimXDWvzeMRRVduWPdEc9cdDhuksbrIApQow
+3cP68U95pqwYbDsXtGqXOzDWnKQppok42OjaKL6zwNsM6Qs/UKVADJ7rmPSoZSa/
+RCywhurnZt3eIDQjQqfJCnNifUXnLOD8JwyhSACBvxdQQnn2ibh78KA6LuECUDX9
+jKOdgJvffwl1XaXqX9pfM9KwmoNs+utVOm9weENC0tnss/BftqzBo6szAeyIKzkk
+xOjppCNz2Uou3UsVEVyCA6GAjQIDAQABo4GBMH8wDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSsSalxeTY1qmvFLILIS3gZ4ynGMwHwYDVR0jBBgwFoAUMdG64dLU
+vChFxO1SEtyn4NoRr8gwCwYDVR0PBAQDAgEGMB8GA1UdJQQYMBYGCisGAQQBgjcK
+AwEGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQDJyKWDN6lD4/UTx12HrVqI
+taOkOzFIBho+FSvCRI/ZLpeMj01WZIb9XkdhLZvUAh+c7jC/caMghGX5N8Kqunmr
+x1HYnLm+C6QOdYy2djEml3ZwnbEn9yT1YYhRIZC993ipEzeNFm39J433l1PXYsLa
+XNC99j58tVPFELcpimqe8eoUW2hYKZqFvswuta2PhX9mNYOSVk5ICl3rs0kr8gDR
+3PC6vKmMxmTWTlg94JuTRCT0L5LD5Ode76iR7q0TY3XOzeDeEw3H99nPv3i69d2D
+15pEo78xeNOZhbJ1OGUqBO45JrwhhJ4x9N+5SSnLSEvgv+qghVK+mkxAtvM/6fsp
+-----END CERTIFICATE-----

doc/examples/ssl/tls/www.example.org.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuyAbqzSfBRbT4DAV/J/MELgMqQnxbnDN63iG5Zz6R7Fon0ZZ
+P16zpg9RQ4RK8+Fd/KLpaEu6uI8QG26z5S1vd7uBJ+VGeYz8zd09odLyKz5erAin
+9XnRI7uZbu1iHDVB/FReI+pAz+9S8AVvfZHRa2B0kQrViF3iawdTC8e3PZXpK5vP
+f5c9PFHRne7nSTnCg67L7CI+HCWCJhxDS2AeC6FlTLIg+2qfsyrnfWX/WLETRu10
+0x7WUk3a4DeaKQFP9LwNdCc6dUtxw3zy+fu18Ol6utmSVzsgKH6SLcXPXRjjqDYm
+YsLWAjGcM9h9y7ow4HOcDGz1fZNVMVP2OkB64wIDAQABAoIBAD+Cd0GVO397ru+B
+AoVaKuVlwg5BLKsCKDGKF6aor51TjiG4u6OxXaG3wyn6JYI+dCrBlBxsz3PCQoI9
+AVuAHzvw7LYAr/mjK04nj7pzoPOiWHlk+rRq4tuQ2VN3x/uw67NbYxQndlXccTa7
+cYqZygz6kLWFitGco7MVqk7uOrfwqu4O5GbktR4Vm6apEh2eFsSfgFE4LN3z7bbf
+A7dzePBy2BOEvy/CjNX5stkLKJuWzuVTcYXB82bqp/VsSXSQG9o/9VmR6OUhXWjA
+Clf+m3HqVmZ1IivOFz48LHVzvUj26AclvwwXkaGptbA6s08QWJMS2mpZlWbWNwzr
+Mqgl/3ECgYEA8xpGCQrxfw7LTI9sMVnQo3S1rbB23DMuP2PmX6Aad0U3eGSxrv6B
+RweXpb1Kduu8FeLMngihPjv/UsHJkNMX6IRILc2kLbRYoQOLdJ5k42bYzhDKYN33
+e8jr6twJJsCgva4DoLM0woZTvgaRzLJBzMWoL1BT6JJkKGUukgwCiskCgYEAxQ2S
+1oN1ZHc454y2bJ0JYg6c/MGEKHFjIRLKMMxwhNXQzOr8EzzwwF+5IsJORQfJNu+P
+DaFT/3QAuByKG+Dyx4C0ssIhj6u75g1Thzgv8qHwE6DYh1VUUYO656kFTtexlFyg
+gJPYXCOWPelSNNNQXbZTV929R1Wx95+LfqLqQksCgYEApmCj8ApqT3AbmVFLVddH
+YKc+tBnirz/j9gR0JZwYoOphVWds5/xNFATRN+B+NzeNKVloevwjBsnfK49vWUvv
+v/XQxHBKXfFg+wnHBtBk8fFwjk+VgohHmZNgSwO+y6PoHwkaeIBNqphudc5fOL4D
+JJdeTMtoMfMG01K0dcX8c2kCgYEAwE1n0GqIJNxoryfWW5bBMm2abNwZsjI9kGg6
+43aQFEJpu6FTER82wDZqgW5oXdukVTViQOYBCFpX3VUUvvI/W8zSC2WCxSfOfkrh
+CiQePsYkebNNvHzchZRt0WhUYsYCagwfInul+P1NwOuzKxRR6LJnEWe3MSeDP2n3
+A0XQIZMCgYAzubLPZnJjFihAX0M9k8Cjc+q6KKnA6Fp1JqnPmzoTO/r46o1shmCZ
+kRS8iqnKfTCW/MWGSPyRc0OubIVbR9hAdCZjR8wmeVdkiV+VfBRzxpcYpcZbxjmy
+6F0xz1Fv0UeKdjHQyb9UNO6Y1qVaNVVYo3tyD6VGaMdboddHPPxLDw==
+-----END RSA PRIVATE KEY-----

doc/examples/static-template/Dockerfile

@@ -0,0 +1,4 @@
+FROM docker.io/rockdrilla/angie-conv:v0.0.1
+
+COPY /site/   /etc/angie/site/
+COPY /static/ /etc/angie/static/

doc/examples/static-template/README.md

@@ -0,0 +1,26 @@
+# static site with templates
+
+consult [Dockerfile](Dockerfile) or [docker-compose.yml](docker-compose.yml) - both are simple and fine enough.
+
+---
+
+same as [simple static site](../basic/README.md).
+
+configuration:
+
+```nginx
+server {
+    listen 8080;
+}
+```
+
+Also note that there's no `index.html` but `index.html.j2`:
+
+```jinja
+<hmtl>
+    <body>
+        <h1>Hello World</h1>
+        This image is powered by Angie {% if env.NGX_PRO == '1' %}PRO{% else %}OSS{% endif %} {{ env.ANGIE_VERSION }} and Python {{ env.PYTHON_VERSION }}.
+    </body>
+</hmtl>
+```

doc/examples/static-template/docker-compose.yml

@@ -0,0 +1,12 @@
+version: "3.8"
+
+services:
+
+  angie-conv-example-static-template:
+    container_name: angie-conv-example-static-template
+    image: docker.io/rockdrilla/angie-conv:v0.0.1
+    ports:
+      - "127.0.0.1:8080:8080"
+    volumes:
+      - "./site:/angie/site:ro"
+      - "./static:/angie/static:ro"

doc/examples/static-template/site/http-site.conf

@@ -0,0 +1,3 @@
+server {
+    listen 8080;
+}

doc/examples/static-template/static/index.html.j2

@@ -0,0 +1,6 @@
+<html>
+    <body>
+        <h1>Hello World</h1>
+        This image is powered by Angie {% if env.NGX_PRO == '1' %}PRO{% else %}OSS{% endif %} {{ env.ANGIE_VERSION }} and Python {{ env.PYTHON_VERSION }}.
+    </body>
+</html>