package update

- nginx 1.30.0, ModSecurity v3.0.12, AWS-LC 1.72.0 (replaces
  quictls/openssl 3.1.5-quic1; OpenSSL 3.1 is EOL upstream)
- AWS-LC build via cmake+ninja, installed to /usr/local/aws-lc;
  nginx links via -I/-L and rpath
- lua-nginx-module: sed-broaden the existing OPENSSL_IS_BORINGSSL
  guards to also recognise OPENSSL_IS_AWSLC (covers #ifdef,
  #ifndef, #elif defined). without this the missing-API stubs
  never fire on AWS-LC and the build breaks on
  SSL_get1_supported_ciphers / SSL_export_keying_material_early
- lua-resty-core / lrucache: switched from `git clone master`
  to wget tarball pinned via LUA_SCRIPTS_RESTYCORE/LRUCACHE.
  master drifted to wanting ngx_lua 0.10.30 while the pin was
  0.10.29 — silent CI breakage waiting to happen
- ModSec rewritten for v3 build flow (./build.sh && ./configure
  --without-pcre --with-pcre2). v2's standalone.so isn't what
  ModSecurity-nginx connector links against; it wants
  libmodsecurity.so
- PCRE2: switched to /releases/download/ tarball (bundles the
  sljit submodule needed for --with-pcre-jit); /archive/refs/tags/
  is a raw snapshot and omits submodules
- LuaJIT version pin had a stray leading 'v' that produced
  /tags/vv2.1-... → 404
- drop -L/lib/x86_64-linux-gnu -lpcre from --with-ld-opt;
  PCRE1 is gone from debian 13
- drop libpcre3-dev from apt install for the same reason
- fix latent bug in build/run.sh build(): make && make install
  && make clean swallows make failures from set -e because of
  &&-chain semantics. now separate statements
- static/nginx/nginx.conf rewrite for shared hosting at 5k+
  vhosts: server_names_hash_max_size 32768, shared SSL session
  cache 200m, OCSP stapling, open_file_cache, brotli+gzip
  enabled in http{}, worker_cpu_affinity auto, max_headers 100,
  keepalive_requests 10000. client_header_buffer_size dropped
  from 2M to 4k (was a memory amplification surface)
- README: performance section comparing twiy vs vanilla nginx,
  OpenResty, Apache; expected yield breakdown

.gitea/workflows/build-publish.yml

@@ -0,0 +1,187 @@
+name: build-and-publish
+
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [trixie, raccoon]
+        include:
+          - target: trixie
+            image: debian:13
+            distro_dir: Trixie
+            nexus_repo_secret: NEXUS_REPO_TRIXIE
+            nexus_user_secret: NEXUS_USER_TRIXIE
+            nexus_pass_secret: NEXUS_PASS_TRIXIE
+          - target: raccoon
+            image: ubuntu:26.04
+            distro_dir: Raccoon
+            nexus_repo_secret: NEXUS_REPO_RACCOON
+            nexus_user_secret: NEXUS_USER_RACCOON
+            nexus_pass_secret: NEXUS_PASS_RACCOON
+
+    container:
+      image: ${{ matrix.image }}
+
+    steps:
+      - name: Bootstrap
+        run: |
+          apt-get update -qq
+          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+            git ca-certificates nodejs
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build
+        id: pkg
+        env:
+          TARGET: ${{ matrix.target }}
+          DISTRO_DIR: ${{ matrix.distro_dir }}
+        run: |
+          set -euo pipefail
+          REPO_ROOT="$PWD"   # captured before any cd in the build script
+          touch /.dockerenv
+          bash build/${TARGET}.sh new
+          bash build/${TARGET}.sh build
+          bash build/${TARGET}.sh postfix
+
+          NGINX_VER="$(nginx -v 2>&1 | awk -F/ '{print $2}')"
+          VERSION="${NGINX_VER}-${GITHUB_RUN_NUMBER:-1}~${TARGET}"
+          ARCH="amd64"
+
+          assemble_deb() {
+              local pkg_name="$1" unit_src="$2" conflicts="$3"
+              local pkg_dir="/opt/${pkg_name}_${VERSION}_${ARCH}"
+              local deb_dir="${pkg_dir}/DEBIAN"
+
+              mkdir -p "${pkg_dir}/usr/sbin" \
+                       "${pkg_dir}/etc/systemd/system" \
+                       "${pkg_dir}/usr/lib" \
+                       "${pkg_dir}/usr/nginx_lua" \
+                       "${pkg_dir}/usr/share/twiy/defaults/nginx" \
+                       "${pkg_dir}/nginx/live" "${pkg_dir}/nginx/conf.d" \
+                       "${pkg_dir}/nginx/config" "${pkg_dir}/nginx/modsec" \
+                       "${pkg_dir}/nginx/modules"
+
+              cp /usr/sbin/nginx "${pkg_dir}/usr/sbin/"
+              # /nginx ships as an EMPTY, dpkg-owned skeleton (above): the dirs
+              # are tracked so upgrades from the old layout don't warn about
+              # "unable to delete old directory /nginx", but NO config file under
+              # it is tracked. The pristine configs go into a defaults stash;
+              # postinst places them into /nginx only when missing and never
+              # overwrites an admin-edited file (drops <file>.new instead).
+              # /hostdata is intentionally NOT packaged or seeded — postinst only
+              # ensures the directory exists and never removes it.
+              cp -R /nginx/. "${pkg_dir}/usr/share/twiy/defaults/nginx/" || true
+              cp "${unit_src}"  "${pkg_dir}/etc/systemd/system/nginx.service"
+              cp -R /usr/nginx_lua "${pkg_dir}/usr/" || true
+
+              for d in /usr/local/aws-lc /usr/local/LuaJIT /usr/local/modsecurity /usr/local/zlib-ng; do
+                  [ -d "$d" ] && cp -R "$d" "${pkg_dir}/usr/local/" || true
+              done
+              mkdir -p "${pkg_dir}/usr/local/lib"
+              cp -R /usr/local/lib/. "${pkg_dir}/usr/local/lib/" 2>/dev/null || true
+
+              for lib in $(ldd /usr/sbin/nginx | grep '=> /' | awk '{print $3}'); do
+                  case "$lib" in /usr/local/*) continue ;; esac
+                  cp "$lib" "${pkg_dir}/usr/lib/" || true
+              done
+
+              mkdir -p "${deb_dir}"
+              printf 'Package: %s\nVersion: %s\nSection: base\nPriority: optional\nArchitecture: %s\nDepends: libjemalloc2, libsystemd0\nConflicts: %s\nReplaces: %s\nMaintainer: Julio <me@julio.al>\nDescription: Nginx L7 DDoS Protection (%s), built by RAWeb CI for %s.\n' \
+                  "${pkg_name}" "${VERSION}" "${ARCH}" "${conflicts}" "${conflicts}" "${pkg_name}" "${TARGET}" \
+                  > "${deb_dir}/control"
+
+              # Shared maintainer scripts:
+              #   preinst  — backs up /nginx before an upgrade unpacks (so admin
+              #              configs survive the migration off dpkg tracking).
+              #   postinst — restores that backup, then seeds /nginx defaults
+              #              without overwriting any file already there.
+              cp "${REPO_ROOT}/build/deb/preinst"  "${deb_dir}/preinst"
+              cp "${REPO_ROOT}/build/deb/postinst" "${deb_dir}/postinst"
+              chmod 755 "${deb_dir}/preinst" "${deb_dir}/postinst"
+
+              dpkg-deb --build "${pkg_dir}"
+          }
+
+          assemble_deb "twiy"       "${REPO_ROOT}/static/${DISTRO_DIR}/nginx.service"       "twiy-raweb"
+          assemble_deb "twiy-raweb" "${REPO_ROOT}/static/${DISTRO_DIR}/nginx-raweb.service" "twiy"
+
+          DEB_TWIY="/opt/twiy_${VERSION}_${ARCH}.deb"
+          DEB_RAWEB="/opt/twiy-raweb_${VERSION}_${ARCH}.deb"
+
+          {
+              echo "deb_twiy=${DEB_TWIY}"
+              echo "deb_raweb=${DEB_RAWEB}"
+              echo "version=${VERSION}"
+          } >> "$GITHUB_OUTPUT"
+
+          ls -la /opt/twiy*.deb
+          sha256sum /opt/twiy*.deb
+
+      - name: Publish
+        env:
+          NEXUS_USER: ${{ secrets[matrix.nexus_user_secret] }}
+          NEXUS_PASS: ${{ secrets[matrix.nexus_pass_secret] }}
+          NEXUS_URL:  ${{ secrets.NEXUS_URL }}
+          NEXUS_REPO: ${{ secrets[matrix.nexus_repo_secret] }}
+          DEB_TWIY:   ${{ steps.pkg.outputs.deb_twiy }}
+          DEB_RAWEB:  ${{ steps.pkg.outputs.deb_raweb }}
+          TARGET:     ${{ matrix.target }}
+        run: |
+          set -euo pipefail
+          umask 077
+
+          apt-get install -y -q --no-install-recommends curl python3 ca-certificates >/dev/null
+
+          SECDIR="$(mktemp -d -p /dev/shm twiy-XXXXXXXX 2>/dev/null \
+                    || mktemp -d -t twiy-XXXXXXXX)"
+          chmod 700 "$SECDIR"
+          cleanup() {
+              find "$SECDIR" -type f -exec shred -uz {} + 2>/dev/null || true
+              rm -rf "$SECDIR"
+          }
+          trap cleanup EXIT INT TERM HUP
+
+          NEXUS_HOST="$(printf '%s' "$NEXUS_URL" | awk -F/ '{print $3}')"
+          printf 'machine %s login %s password %s\n' \
+                 "$NEXUS_HOST" "$NEXUS_USER" "$NEXUS_PASS" > "$SECDIR/netrc"
+          unset NEXUS_USER NEXUS_PASS
+
+          publish_one() {
+              local deb="$1" pkg_name="$2"
+
+              local old_id
+              old_id="$(curl -fsS --netrc-file "$SECDIR/netrc" \
+                        "$NEXUS_URL/service/rest/v1/components?repository=$NEXUS_REPO" \
+                        | PKG_NAME="$pkg_name" python3 -c '
+          import sys, json, os
+          for c in json.load(sys.stdin).get("items", []):
+              if c.get("name") == os.environ["PKG_NAME"]:
+                  print(c["id"]); break
+          ' || true)"
+              if [ -n "$old_id" ]; then
+                  curl -fsS -X DELETE --netrc-file "$SECDIR/netrc" \
+                       "$NEXUS_URL/service/rest/v1/components/$old_id" -o /dev/null
+              fi
+
+              local http
+              http="$(curl -sS --netrc-file "$SECDIR/netrc" \
+                      -o "$SECDIR/upload.body" -w '%{http_code}' \
+                      -X POST -F "apt.asset=@$deb" \
+                      "$NEXUS_URL/service/rest/v1/components?repository=$NEXUS_REPO")"
+              case "$http" in
+                  201|204) echo "[$TARGET] uploaded $(basename "$deb")" ;;
+                  *) echo "[$TARGET] upload failed for $pkg_name (HTTP $http)"; cat "$SECDIR/upload.body"; exit 1 ;;
+              esac
+          }
+
+          publish_one "$DEB_TWIY"  "twiy"
+          publish_one "$DEB_RAWEB" "twiy-raweb"

.gitignore

@@ -0,0 +1,22 @@
+.claude
+.codex
+.env
+.creds
+.workers
+.local
+.pi
+.gemini
+.cargo
+.claude.json
+.copilot
+.docker
+.grok
+.ollama
+Dockerfile
+docker-compose.yaml
+docker-compose.yml
+PENDING_*.md
+PATCH_*.md
+CLAUDE.md
+GEMINI.md
+AGENTS.md

LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -1,122 +1,121 @@
 # Nginx L7 DDoS Protection! :boom: :zap:
-*(Please Read Whole Page, All Things Are Important Then If You Want You Can Use IT.)*
 
-# This is it!
+![Simple](https://c.tenor.com/uYqsM9uIyuYAAAAC/simple-easy.gif)
-There will be no other version of this PR, This is the only and one and the best that you can find for free where you can see/do/change anything on your will and not some encrypted piece of code! This is pure open source code as you can open any file and read anything, This script automatically compiles nginx from source with lots of modules helpful but mostly who play a big role in L7 Anti-DDoS, including the L7 nginx module which you can configure as simple as https://github.com/theraw/The-World-Is-Yours/issues/10#issuecomment-442579528 more then that consider a [Donate](https://github.com/theraw/The-World-Is-Yours/blob/master/.github/FUNDING.yml) and you can contact me for further support!
 
-Summer is here, after that i may be working and i don't see having much of free time to play with nginx!
+- [x] Debian 13 (trixie) and Ubuntu 26.04 LTS (raccoon) supported
+- [x] nginx 1.31.1
+- [x] HTTP/3 (QUIC) via AWS-LC
+- [x] ModSecurity v3 (libmodsecurity)
+- [x] Naxsi
+- [x] Lua (LuaJIT 2.1)
+- [x] Cookie-based challenge
+- [x] [Versions List](https://git.julio.al/theraw/The-World-Is-Yours/src/branch/master/version)
 
-# To-Do
+### Debian 13 (trixie)
-
+```bash
-- [x] Nginx Version, Always Latest.
+sudo install -d /etc/apt/keyrings
-- [x] Support Ubuntu Trusty. (14.04)
+sudo curl -fsSL https://apt.julio.al/repository/public/keys/raweb.asc -o /etc/apt/keyrings/raweb.asc
-- [x] Support Ubuntu Xenial. (16.04)
+echo "deb [signed-by=/etc/apt/keyrings/raweb.asc] https://apt.julio.al/repository/raweb-trixie trixie main" | sudo tee /etc/apt/sources.list.d/raweb.list
-- [x] Support Ubuntu Cosmic. (18.10)
+sudo apt update && sudo apt install twiy
-- [x] Support Arch Linux.
-- [x] ModSecurity Support.
-- [x] Naxsi Support.
-- [x] L7 Protection.
-- [x] AutoBan System.
-- [x] Integrate Fail2Ban > IpTables.
-
-# Installation
-
-1. **`apt-get install build-essential libssl-dev curl nano wget zip unzip sudo git psmisc -y`**
-
-2. **`git clone https://github.com/theraw/The-World-Is-Yours.git`**
-
-3. **`cd The-World-Is-Yours/; chmod +x *`**
-
-4. **`./install`**
-
-
-# Informations.
-
-**What if installation script fails?** - Check what was the problem source fix it (mostly should be for missing packages) then remove everything under /opt/ folder and just execute again ./install
-
-```
-=> /nginx/                                = Nginx Path,
-=> /nginx/live/                           = Vhosts Config Files Dir,
-=> /nginx/logs/                           = Core Logs Files,
-=> /nginx/modsecurity/                    = ModSecurity Rules Dir,
-=> /hostdata/                             = Place to store your domain folders.
-=> /hostdata/yourdomain.com/              = Ex of domain dir (private folder),
-=> /hostdata/yourdomain.com/public_html/  = Ex of your domain webroot (public files only),
-=> /hostdata/yourdomain.com/logs/         = Place where to store your Domains logs (access.log) (private folder),
-=> /hostdata/yourdomain.com/ssl/          = Place where to store domain ssl/key (private folder),
-=> /hostdata/yourdomain.com/cache/        = Place where to store site cache (private folder).
-
-// Private Folder - Means this cannot be accessed by public.
-// Public Folder  - Means files into this folder can be accessed by public.
 ```
 
+### Ubuntu 26.04 LTS (raccoon)
+```bash
+sudo install -d /etc/apt/keyrings
+sudo curl -fsSL https://apt.julio.al/repository/public/keys/raweb.asc -o /etc/apt/keyrings/raweb.asc
+echo "deb [signed-by=/etc/apt/keyrings/raweb.asc] https://apt.julio.al/repository/raweb-raccoon raccoon main" | sudo tee /etc/apt/sources.list.d/raweb.list
+sudo apt update && sudo apt install twiy
+```
 
-# Check.
+## Compile from source by yourself.
-
-1 . [L7 (Cookie Based Protection)](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L15-L42) AND [Replace "proxy2.dope.. links with yours click here to find aes](https://github.com/theraw/The-World-Is-Yours/tree/master/static/vhost) which should be stored on a external link or in a place where L7 is disabled because it will not work if you put it in main site dir!.
-
-2 . [Auto Ban System](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L105-L111) based on [Connection for ip](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L72-L73)
-
-3 . [Auto Ban 444 Reqs](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/jail.local#L113-L118) A day i've been under attack of multiple proxies, and even after they got banned they still was keep trying the same thing so when you ban someone when that ip tries to access your website that request will not go on `error.log` but in `access.log` so i created this rule to ban with iptables every request who have stauts `444` so nginx will not have to handle those.
-
-4 . [Kernel Settings](https://github.com/theraw/The-World-Is-Yours/blob/master/static/sysctl.conf#L1-L34)
-
-5 . [Naxsi Rules Included](https://github.com/theraw/The-World-Is-Yours/blob/master/static/nginx.conf#L118)
-
-6 . [Example of Naxsi](https://github.com/theraw/The-World-Is-Yours/blob/master/static/vhost/default#L22-L29)
-
-7 . [Check Iptables rules](https://github.com/theraw/The-World-Is-Yours/blob/master/iptables/rules) It will not be automatically enabled, because this changes based on providers in ovh it work in azure it doesn't work. so you need to manually activate iptables!
-
-8 . ModSecurity is not loaded. However you need to set it up by yourself. you have a folder `/nginx/modsecurity/`
-which ModSecurity rules are stored, open `/nginx/modsecurity/modsecurity.conf` add those
 
 ```bash
-Include crs-setup.conf
+apt-get -y install git && cd /root/ && git clone https://git.julio.al/theraw/The-World-Is-Yours.git && cd The-World-Is-Yours/
-Include rules/*.conf
-```
-ModSecurity is by default enabled as "detect only" you can turn it on always by doing this
 
-```bash
+# Debian 13
-SecRuleEngine On
+bash build/trixie.sh new
+bash build/trixie.sh build
+bash build/trixie.sh postfix
+
+# Ubuntu 26.04 LTS
+bash build/raccoon.sh new
+bash build/raccoon.sh build
+bash build/raccoon.sh postfix
 ```
 
-Using modSecurity for your site
+To try a different upstream version, edit `version` and re-run `new` then `build`.
-```bash
+
-server { 
+## CLI Info
-     ..... 
-        modsecurity on;
-        modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
-        location / { 
-     ..... 
-        } 
-}
 ```
-**Careful** Using modsec rules like
+bash build/<distro>.sh new     => Download all modules + nginx that are missing from /opt/.
+                                  (Re-run after changing the `version` file to fetch new versions.)
+bash build/<distro>.sh build   => Compile nginx. Re-runnable; will not touch your configs.
+bash build/<distro>.sh postfix => Drop the default /nginx/nginx.conf, vhost, and systemd unit
+                                  into place. Run once on first install; re-running overwrites
+                                  /nginx/nginx.conf.
 ```
-   location / { 
+where `<distro>` is `trixie` or `raccoon`.
-       modsecurity_rules_file /nginx/modsecurity/modsecurity.conf; 
-   } 
-```
-it means that's enabled just for your main place `/` not for other dirs in your site ex `/admin/` (:
 
 
-Test it!
+## Nginx info.
-`curl 'http://localhost/?q="><script>wanna hack</script>'`
+
-```html
+```
-<html>
+=> Nginx Folder     = /nginx/
-<head><title>403 Forbidden</title></head>
+=> --conf-path      = /nginx/nginx.conf
-<body bgcolor="white">
+=> --pid-path       = /var/run/nginx.pid 
-<center><h1>403 Forbidden</h1></center>
+=> --user           = nginx 
-<hr><center>nginx</center>
+=> --group          = nginx
-</body>
+=> --sbin-path      = /usr/sbin/nginx
-</html>
+=> --error-log-path = /var/log/nginx/error.log
+
+LUA RESTY CORE SCRIPTS = /usr/nginx_lua
 ```
 
-# Keep In Mind.
+## How to install lua scripts 
-The **L7 Protection** is the same way which **cloudflare** have that banner "Under Attack" A.K.A Cookie based authorization. Most of bots from where attacks will come doesn't support cookies so it will fail to access your site. (Test it by yourself to "curl http://yoursite.com" before you activate L7 and after you start L7 so you will understand better.)
+```
+. /root/The-World-Is-Yours/version
+cd /opt/mod/; git clone https://github.com/openresty/lua-resty-lrucache.git
+cd /opt/mod/lua-resty-lrucache; make install PREFIX=${LUA_SCRIPTS}
+nginx -s reload
+```
 
-The L7 protection is a good thing for your protection. But a very bad thing for your website seo!, As facebook/google/bing and all search engines will not be able to access your website anymore. There is a way to allow them but if you have 1 year free time to find all their ips go and try it. I've been thinking for a "reverse dns" whitelist but haven't done it so as of now it is like this.
+## Performance
 
-# Contributors
+### vs. vanilla nginx (same version, default config)
 
-Feel free to pull request or do a suggestion..
+| Area | Twiy | Vanilla nginx | Why |
+|---|---|---|---|
+| TLS handshake throughput | **+5–15%** | baseline | AWS-LC's tuned AES/ChaCha asm vs OpenSSL |
+| WAF, Lua, HTTP/3 | included | not included | needs custom build |
+
+# Support options.
+
+- No free support for how to do things, please don't spam with questions in discord.
+- Free support for installation related errors only, is included.
+
+- Business inquiries, regarding anti-ddos protection or other security/optimization concerns you can contact me on : raw@dopehosting.net
+
+
+## Contributors
+
+Feel free to submit a pull request.
+Special thanks to the following contributors:
+
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable -->
+<table>
+	<tr>
+		<td align="center">
+			<a href="https://github.com/theraw">
+				<img src="https://avatars.githubusercontent.com/u/32969774?v=4" width="80" alt=""/>
+				<br /><sub><b>ƬHE ЯAW ☣</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/lucthienphong1120">
+				<img src="https://avatars.githubusercontent.com/u/90561566?v=4" width="80" alt=""/>
+				<br /><sub><b>Lục Thiên Phong</b></sub>
+			</a>
+		</td>
+	</tr>
+</table>

build/deb/postinst

@@ -0,0 +1,58 @@
+#!/bin/sh
+# postinst — shared by the twiy and twiy-raweb packages.
+#
+# Config files live under /nginx but are NOT tracked by dpkg. The package
+# ships an empty /nginx skeleton (so dpkg keeps the dirs across upgrades) plus
+# a pristine copy of every config under /usr/share/twiy/defaults/nginx. We
+# place configs from that stash here and NEVER overwrite a file that already
+# exists — our copy is dropped beside it as <file>.new instead (e.g.
+# nginx.conf.new). An upgrade therefore never changes an admin-edited config.
+#
+# /hostdata is left entirely to the admin: we only make sure the dir exists,
+# and we never touch or remove its contents.
+
+set -e
+
+useradd -r -s /bin/false nginx 2>/dev/null || true
+
+# Existing dirs are left exactly as they are (mkdir -p is a no-op then).
+mkdir -p /nginx /hostdata
+
+# Migration: older releases shipped /nginx/* as dpkg-tracked files, so the
+# upgrade unpack deletes them before this script runs. preinst stashed a copy
+# first — restore it now, without clobbering anything already present.
+if [ -d /var/backups/twiy-nginx ]; then
+    cp -an /var/backups/twiy-nginx/. /nginx/ 2>/dev/null || true
+    rm -rf /var/backups/twiy-nginx
+fi
+
+# Seed packaged defaults:
+#   - target absent          -> install it
+#   - target present, differs -> keep theirs, drop ours as <file>.new
+#   - target present, same    -> do nothing
+seed_tree() {
+    stash="$1"
+    target="$2"
+    [ -d "$stash" ] || return 0
+    find "$stash" -type f | while IFS= read -r src; do
+        rel=${src#$stash/}
+        dst="$target/$rel"
+        install -d "$(dirname "$dst")"
+        if [ -e "$dst" ]; then
+            cmp -s "$src" "$dst" || cp -p "$src" "$dst.new"
+        else
+            cp -p "$src" "$dst"
+        fi
+    done
+}
+seed_tree /usr/share/twiy/defaults/nginx /nginx
+
+install -d /nginx/conf.d /nginx/config
+install -d -o nginx -g nginx -m 0755 /var/log/nginx
+chown -R nginx:nginx /var/log/nginx /nginx 2>/dev/null || true
+
+systemctl daemon-reload  2>/dev/null || true
+systemctl enable  nginx.service 2>/dev/null || true
+systemctl restart nginx.service 2>/dev/null || true
+
+exit 0

build/deb/preinst

@@ -0,0 +1,18 @@
+#!/bin/sh
+# preinst — shared by the twiy and twiy-raweb packages.
+#
+# Older releases shipped /nginx as dpkg-tracked files. When upgrading from one
+# of those, dpkg deletes the old /nginx/* files during unpack (they are no
+# longer part of the package) BEFORE postinst runs. Stash a copy of the live
+# config tree first so postinst can restore any admin-edited config and it
+# survives the migration. Never touched on a fresh install.
+
+set -e
+
+if [ "$1" = upgrade ] && [ -d /nginx ]; then
+    rm -rf /var/backups/twiy-nginx
+    mkdir -p /var/backups
+    cp -a /nginx /var/backups/twiy-nginx
+fi
+
+exit 0

build/patches/nginx-1.31.1-dynamic-tls-records.patch

@@ -0,0 +1,220 @@
+diff -urN nginx-1.31.0-pristine2/src/event/ngx_event_openssl.c nginx-1.31.0-manual/src/event/ngx_event_openssl.c
+--- nginx-1.31.0-pristine2/src/event/ngx_event_openssl.c	2026-05-15 13:37:51.446080719 +0000
++++ nginx-1.31.0-manual/src/event/ngx_event_openssl.c	2026-05-15 13:38:11.254620535 +0000
+@@ -2115,6 +2115,7 @@
+ 
+     sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
+     sc->buffer_size = ssl->buffer_size;
++    sc->dyn_rec = ssl->dyn_rec;
+ 
+     sc->session_ctx = ssl->ctx;
+ 
+@@ -3086,6 +3087,41 @@
+ 
+     for ( ;; ) {
+ 
++        /* Dynamic record resizing:
++           We want the initial records to fit into one TCP segment
++           so we don't get TCP HoL blocking due to TCP Slow Start.
++           A connection always starts with small records, but after
++           a given amount of records sent, we make the records larger
++           to reduce header overhead.
++           After a connection has idled for a given timeout, begin
++           the process from the start. The actual parameters are
++           configurable. If dyn_rec_timeout is 0, we assume dyn_rec is off. */
++
++        if (c->ssl->dyn_rec.timeout > 0 ) {
++
++            if (ngx_current_msec - c->ssl->dyn_rec_last_write >
++                c->ssl->dyn_rec.timeout)
++            {
++                buf->end = buf->start + c->ssl->dyn_rec.size_lo;
++                c->ssl->dyn_rec_records_sent = 0;
++
++            } else {
++                if (c->ssl->dyn_rec_records_sent >
++                    c->ssl->dyn_rec.threshold * 2)
++                {
++                    buf->end = buf->start + c->ssl->buffer_size;
++
++                } else if (c->ssl->dyn_rec_records_sent >
++                           c->ssl->dyn_rec.threshold)
++                {
++                    buf->end = buf->start + c->ssl->dyn_rec.size_hi;
++
++                } else {
++                    buf->end = buf->start + c->ssl->dyn_rec.size_lo;
++                }
++            }
++        }
++
+         while (in && buf->last < buf->end && send < limit) {
+             if (in->buf->last_buf || in->buf->flush) {
+                 flush = 1;
+@@ -3225,6 +3261,9 @@
+ 
+     if (n > 0) {
+ 
++        c->ssl->dyn_rec_records_sent++;
++        c->ssl->dyn_rec_last_write = ngx_current_msec;
++
+         if (c->ssl->saved_read_handler) {
+ 
+             c->read->handler = c->ssl->saved_read_handler;
+diff -urN nginx-1.31.0-pristine2/src/event/ngx_event_openssl.h nginx-1.31.0-manual/src/event/ngx_event_openssl.h
+--- nginx-1.31.0-pristine2/src/event/ngx_event_openssl.h	2026-05-15 13:37:51.446142384 +0000
++++ nginx-1.31.0-manual/src/event/ngx_event_openssl.h	2026-05-15 13:38:11.246599371 +0000
+@@ -101,10 +101,19 @@
+ typedef struct ngx_ssl_ocsp_s   ngx_ssl_ocsp_t;
+ 
+ 
++typedef struct {
++    ngx_msec_t                  timeout;
++    ngx_uint_t                  threshold;
++    size_t                      size_lo;
++    size_t                      size_hi;
++} ngx_ssl_dyn_rec_t;
++
++
+ struct ngx_ssl_s {
+     SSL_CTX                    *ctx;
+     ngx_log_t                  *log;
+     size_t                      buffer_size;
++    ngx_ssl_dyn_rec_t           dyn_rec;
+ 
+     ngx_array_t                 certs;
+ 
+@@ -142,6 +151,10 @@
+     unsigned                    no_send_shutdown:1;
+     unsigned                    shutdown_without_free:1;
+     unsigned                    handshake_buffer_set:1;
++
++    ngx_ssl_dyn_rec_t           dyn_rec;
++    ngx_msec_t                  dyn_rec_last_write;
++    ngx_uint_t                  dyn_rec_records_sent;
+     unsigned                    session_timeout_set:1;
+     unsigned                    try_early_data:1;
+     unsigned                    in_early:1;
+diff -urN nginx-1.31.0-pristine2/src/http/modules/ngx_http_ssl_module.c nginx-1.31.0-manual/src/http/modules/ngx_http_ssl_module.c
+--- nginx-1.31.0-pristine2/src/http/modules/ngx_http_ssl_module.c	2026-05-15 13:37:51.444851287 +0000
++++ nginx-1.31.0-manual/src/http/modules/ngx_http_ssl_module.c	2026-05-15 13:38:11.254833775 +0000
+@@ -313,6 +313,41 @@
+       offsetof(ngx_http_ssl_srv_conf_t, reject_handshake),
+       NULL },
+ 
++    { ngx_string("ssl_dyn_rec_enable"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
++      ngx_conf_set_flag_slot,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_enable),
++      NULL },
++
++    { ngx_string("ssl_dyn_rec_timeout"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
++      ngx_conf_set_msec_slot,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_timeout),
++      NULL },
++
++    { ngx_string("ssl_dyn_rec_size_lo"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
++      ngx_conf_set_size_slot,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_lo),
++      NULL },
++
++    { ngx_string("ssl_dyn_rec_size_hi"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
++      ngx_conf_set_size_slot,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_hi),
++      NULL },
++
++    { ngx_string("ssl_dyn_rec_threshold"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
++      ngx_conf_set_num_slot,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_threshold),
++      NULL },
++
+       ngx_null_command
+ };
+ 
+@@ -668,6 +703,11 @@
+     sscf->ocsp_cache_zone = NGX_CONF_UNSET_PTR;
+     sscf->stapling = NGX_CONF_UNSET;
+     sscf->stapling_verify = NGX_CONF_UNSET;
++    sscf->dyn_rec_enable = NGX_CONF_UNSET;
++    sscf->dyn_rec_timeout = NGX_CONF_UNSET_MSEC;
++    sscf->dyn_rec_size_lo = NGX_CONF_UNSET_SIZE;
++    sscf->dyn_rec_size_hi = NGX_CONF_UNSET_SIZE;
++    sscf->dyn_rec_threshold = NGX_CONF_UNSET_UINT;
+ 
+     return sscf;
+ }
+@@ -739,6 +779,20 @@
+     ngx_conf_merge_str_value(conf->stapling_responder,
+                          prev->stapling_responder, "");
+ 
++    ngx_conf_merge_value(conf->dyn_rec_enable, prev->dyn_rec_enable, 0);
++    ngx_conf_merge_msec_value(conf->dyn_rec_timeout, prev->dyn_rec_timeout,
++                             1000);
++    /* Default sizes for the dynamic record sizes are defined to fit maximal
++       TLS + IPv6 overhead in a single TCP segment for lo and 3 segments for hi:
++       1369 = 1500 - 40 (IP) - 20 (TCP) - 10 (Time) - 61 (Max TLS overhead) */
++    ngx_conf_merge_size_value(conf->dyn_rec_size_lo, prev->dyn_rec_size_lo,
++                             1369);
++    /* 4229 = (1500 - 40 - 20 - 10) * 3  - 61 */
++    ngx_conf_merge_size_value(conf->dyn_rec_size_hi, prev->dyn_rec_size_hi,
++                             4229);
++    ngx_conf_merge_uint_value(conf->dyn_rec_threshold, prev->dyn_rec_threshold,
++                             40);
++
+     conf->ssl.log = cf->log;
+ 
+     if (conf->certificates) {
+@@ -962,6 +1016,28 @@
+         return NGX_CONF_ERROR;
+     }
+ 
++    if (conf->dyn_rec_enable) {
++        conf->ssl.dyn_rec.timeout = conf->dyn_rec_timeout;
++        conf->ssl.dyn_rec.threshold = conf->dyn_rec_threshold;
++
++        if (conf->buffer_size > conf->dyn_rec_size_lo) {
++            conf->ssl.dyn_rec.size_lo = conf->dyn_rec_size_lo;
++
++        } else {
++            conf->ssl.dyn_rec.size_lo = conf->buffer_size;
++        }
++
++        if (conf->buffer_size > conf->dyn_rec_size_hi) {
++            conf->ssl.dyn_rec.size_hi = conf->dyn_rec_size_hi;
++
++        } else {
++            conf->ssl.dyn_rec.size_hi = conf->buffer_size;
++        }
++
++    } else {
++        conf->ssl.dyn_rec.timeout = 0;
++    }
++
+     return NGX_CONF_OK;
+ }
+ 
+diff -urN nginx-1.31.0-pristine2/src/http/modules/ngx_http_ssl_module.h nginx-1.31.0-manual/src/http/modules/ngx_http_ssl_module.h
+--- nginx-1.31.0-pristine2/src/http/modules/ngx_http_ssl_module.h	2026-05-15 13:37:51.445106976 +0000
++++ nginx-1.31.0-manual/src/http/modules/ngx_http_ssl_module.h	2026-05-15 13:38:11.252995002 +0000
+@@ -66,6 +66,12 @@
+     ngx_flag_t                      stapling_verify;
+     ngx_str_t                       stapling_file;
+     ngx_str_t                       stapling_responder;
++
++    ngx_flag_t                      dyn_rec_enable;
++    ngx_msec_t                      dyn_rec_timeout;
++    size_t                          dyn_rec_size_lo;
++    size_t                          dyn_rec_size_hi;
++    ngx_uint_t                      dyn_rec_threshold;
+ } ngx_http_ssl_srv_conf_t;
+ 
+ 

build/patches/nginx-1.31.1-systemd-notify.patch

@@ -0,0 +1,70 @@
+Add sd_notify() integration to nginx master process so the systemd unit can
+use Type=notify. nginx mainline ships #if (NGX_HAVE_SYSTEMD) guards in nothing
+of its own — every distro carries its own patch. This is ours, kept minimal.
+
+Send:
+  READY=1     after workers + cache manager are spawned (master enters loop)
+  READY=1     again after a successful reconfigure
+  RELOADING=1 when reconfigure starts
+  STOPPING=1  in ngx_master_process_exit
+
+The build script provides -DNGX_HAVE_SYSTEMD and -lsystemd, so this patch
+doesn't touch auto/ configure scripts — only the source.
+
+--- a/src/os/unix/ngx_process_cycle.c
++++ b/src/os/unix/ngx_process_cycle.c
+@@ -12,6 +12,10 @@
+ #include <ngx_channel.h>
+
+
++#if (NGX_HAVE_SYSTEMD)
++#include <systemd/sd-daemon.h>
++#endif
++
+ static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n,
+     ngx_int_t type);
+ static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle,
+@@ -132,6 +136,10 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
+     sigio = 0;
+     live = 1;
+
++#if (NGX_HAVE_SYSTEMD)
++    sd_notify(0, "READY=1\nSTATUS=nginx is ready\n");
++#endif
++
+     for ( ;; ) {
+         if (delay) {
+             if (ngx_sigalrm) {
+@@ -211,6 +219,10 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
+         if (ngx_reconfigure) {
+             ngx_reconfigure = 0;
+
++#if (NGX_HAVE_SYSTEMD)
++            sd_notify(0, "RELOADING=1\nSTATUS=nginx is reloading\n");
++#endif
++
+             if (ngx_new_binary) {
+                 ngx_start_worker_processes(cycle, ccf->worker_processes,
+                                            NGX_PROCESS_RESPAWN);
+@@ -241,6 +253,10 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
+             live = 1;
+             ngx_signal_worker_processes(cycle,
+                                         ngx_signal_value(NGX_SHUTDOWN_SIGNAL));
++
++#if (NGX_HAVE_SYSTEMD)
++            sd_notify(0, "READY=1\nSTATUS=nginx is ready\n");
++#endif
+         }
+
+         if (ngx_restart) {
+@@ -655,6 +671,10 @@ static void
+ ngx_master_process_exit(ngx_cycle_t *cycle)
+ {
+     ngx_uint_t  i;
++
++#if (NGX_HAVE_SYSTEMD)
++    sd_notify(0, "STOPPING=1\nSTATUS=nginx is stopping\n");
++#endif
+
+     ngx_delete_pidfile(cycle);
+

build/raccoon.sh

@@ -0,0 +1,442 @@
+. ./version
+set -e
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+function reqs() {
+    apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
+    DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata dialog
+    # apt-get purge nftables firewalld ufw -y; apt-get autoremove -y
+    apt-get -y install wget zip unzip build-essential libssl-dev curl nano git
+    # apt-get -y install iptables ipset
+    apt-get install libtool pkg-config make cmake automake autoconf golang-go ninja-build -y
+    apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.1-dev libcurl4-openssl-dev libxml2-dev mercurial libpcre2-dev libc-ares-dev libre2-dev libzstd-dev libjemalloc2 libsystemd-dev -y
+    mkdir -p $LUA_SCRIPTS
+}
+function apply_patches() {
+    local nginx_src="/opt/nginx-${NGINX}"
+    local patch_dir="${SCRIPT_DIR}/patches"
+    [ -f "${nginx_src}/.patches_applied" ] && return 0
+
+    apply_one() {
+        local toggle="$1" file="$2"
+        if [ "$toggle" != "1" ]; then
+            echo "[patch] skip $file (toggle=$toggle)"; return 0
+        fi
+        if [ ! -f "${patch_dir}/${file}" ]; then
+            echo "[patch] MISSING ${patch_dir}/${file}"; return 1
+        fi
+        echo "[patch] applying ${file}"
+        ( cd "$nginx_src" && patch -p1 < "${patch_dir}/${file}" )
+    }
+
+    apply_one "${APPLY_PATCH_SYSTEMD_NOTIFY:-0}"      "nginx-${NGINX}-systemd-notify.patch"
+    apply_one "${APPLY_PATCH_DYNAMIC_TLS_RECORDS:-0}" "nginx-${NGINX}-dynamic-tls-records.patch"
+    apply_one "${APPLY_PATCH_HTTP2_HPACK_ENC:-0}"     "nginx-${NGINX}-http2-hpack-enc.patch"
+
+    touch "${nginx_src}/.patches_applied"
+}
+
+function clean_install() {
+     mkdir -p /opt/mod
+
+    # Nginx
+    if [ ! -d /opt/nginx-${NGINX} ]; then
+        cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz
+        tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz
+    fi
+    apply_patches
+
+    # START OF SYSTEM REQUIRED LIBS
+    # ============================================================================================================
+    # AWS-LC — TLS+QUIC backend. Replaces quictls/openssl. Built standalone
+    # (cmake+ninja) and installed to /usr/local/aws-lc/. nginx 1.29.2+ links
+    # against it via -I/-L; we no longer pass --with-openssl=PATH because we
+    # don't want nginx's configure to rebuild OpenSSL itself.
+    if [ ! -d /opt/mod/aws-lc-${SYSTEM_AWSLC} ]; then
+        cd /opt/mod && wget https://github.com/aws/aws-lc/archive/refs/tags/v${SYSTEM_AWSLC}.tar.gz
+        cd /opt/mod && tar xf v${SYSTEM_AWSLC}.tar.gz; rm -Rf v${SYSTEM_AWSLC}.tar.gz
+    fi
+    if [ ! -f /usr/local/aws-lc/lib/libssl.so ]; then
+        cd /opt/mod/aws-lc-${SYSTEM_AWSLC} && \
+            cmake -GNinja -B build \
+                -DCMAKE_INSTALL_PREFIX=/usr/local/aws-lc \
+                -DBUILD_SHARED_LIBS=1 \
+                -DCMAKE_BUILD_TYPE=Release && \
+            cmake --build build -j`nproc` && \
+            cmake --install build && \
+            ldconfig
+    fi
+
+    # ZLIB (zlib-ng, --zlib-compat mode). Drop-in libz replacement with SIMD-
+    # accelerated DEFLATE. Installed to /usr/local/zlib-ng/. nginx links via
+    # -I/-L below (no more --with-zlib=PATH; nginx finds libz via -L+rpath).
+    if [ ! -d /opt/mod/zlib-ng-${SYSTEM_ZLIBNG} ]; then
+        cd /opt/mod && wget https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${SYSTEM_ZLIBNG}.tar.gz
+        cd /opt/mod && tar xf ${SYSTEM_ZLIBNG}.tar.gz; rm -Rf ${SYSTEM_ZLIBNG}.tar.gz
+    fi
+    if [ ! -f /usr/local/zlib-ng/lib/libz.so ]; then
+        cd /opt/mod/zlib-ng-${SYSTEM_ZLIBNG} && \
+            cmake -GNinja -B build \
+                -DCMAKE_INSTALL_PREFIX=/usr/local/zlib-ng \
+                -DZLIB_COMPAT=ON \
+                -DBUILD_SHARED_LIBS=ON \
+                -DCMAKE_BUILD_TYPE=Release && \
+            cmake --build build -j`nproc` && \
+            cmake --install build && \
+            ldconfig
+    fi
+
+    # SYSTEM_LUAJIT
+    if [ ! -d /opt/mod/luajit2-${SYSTEM_LUAJIT} ]; then
+        cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${SYSTEM_LUAJIT}.tar.gz
+        cd /opt/mod && tar xf v${SYSTEM_LUAJIT}.tar.gz && rm -Rf v${SYSTEM_LUAJIT}.tar.gz
+        if [ ! -d /usr/local/LuaJIT/include/luajit-2.1 ]; then
+            cd /opt/mod/luajit2-${SYSTEM_LUAJIT}/ && make clean && make install PREFIX=/usr/local/LuaJIT && ldconfig
+#            apt-get -y install liblua5.1-0-dev; apt-get -y install luarocks; luarocks install lua-resty-core
+        fi
+    fi
+
+    # SYSTEM_MODSECURITY (v3 — libmodsecurity, what ModSecurity-nginx connector needs)
+    if [ ! -d /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} ]; then
+        cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${SYSTEM_MODSECURITY}/modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
+        cd /opt/mod && tar xf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
+    fi
+    if [ ! -f /usr/local/modsecurity/lib/libmodsecurity.so ]; then
+        cd /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} && ./build.sh && ./configure --without-pcre --with-pcre2 && make -j`nproc` && make install
+    fi
+
+    # SYSTEM_PCRE
+    # Use the official release tarball (bundles the sljit submodule needed for
+    # JIT). The /archive/refs/tags/ tarball from GitHub is a raw source snapshot
+    # that omits submodules and breaks `--with-pcre-jit`.
+    if [ ! -d /opt/mod/pcre2-${SYSTEM_PCRE} ]; then
+        cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${SYSTEM_PCRE}/pcre2-${SYSTEM_PCRE}.tar.gz
+        cd /opt/mod && tar xf pcre2-${SYSTEM_PCRE}.tar.gz; rm -Rf pcre2-${SYSTEM_PCRE}.tar.gz
+    fi
+
+    # LibInjection
+    if [ ! -d /opt/mod/libinjection ]; then
+        cd /opt/mod && git clone https://github.com/libinjection/libinjection.git
+        cd /opt/mod/libinjection && ./autogen.sh && ./configure && make -j`nproc` && make install
+    fi
+    # END OF SYSTEM REQUIRED LIBS
+    # ============================================================================================================
+
+
+    # START OF NGINX MODULES
+    # ============================================================================================================
+    # NGX_MOD_LUA
+    if [ ! -d /opt/mod/lua-nginx-module-${NGX_MOD_LUA} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_MOD_LUA}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA}.tar.gz; rm -Rf v${NGX_MOD_LUA}.tar.gz
+        sed -i 's/cookies/cookie/g' /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/ngx_http_lua_headers_in.c
+        # AWS-LC compatibility: lua-nginx-module already has guards around APIs
+        # missing from BoringSSL (SSL_get1_supported_ciphers, SSL_export_keying_
+        # material_early, etc.). AWS-LC has the same API limitations but defines
+        # OPENSSL_IS_AWSLC instead of OPENSSL_IS_BORINGSSL, so the guards never
+        # fire. Broaden every form (#if, #ifdef, #ifndef, #elif) to recognise
+        # both macros. Order matters: the bare `defined()` substitution runs
+        # first so the later #ifdef/#ifndef substitutions don't double-rewrite.
+        sed -i \
+            -e 's@defined(OPENSSL_IS_BORINGSSL)@(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            -e 's@#ifdef OPENSSL_IS_BORINGSSL@#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            -e 's@#ifndef OPENSSL_IS_BORINGSSL@#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/*.c
+    fi
+
+    # NGX_LUA_CORE — must stay in lockstep with NGX_MOD_LUA. lua-resty-core
+    # does a strict-equality check on ngx.config.ngx_lua_version at startup,
+    # so an upstream bump on master silently breaks the build. Pinning via
+    # the tagged tarball (dir name embeds the version) means changing
+    # LUA_SCRIPTS_RESTYCORE in `version` invalidates the cache automatically.
+    if [ ! -d /opt/mod/lua-resty-core-${LUA_SCRIPTS_RESTYCORE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${LUA_SCRIPTS_RESTYCORE}.tar.gz
+        cd /opt/mod/; tar xf v${LUA_SCRIPTS_RESTYCORE}.tar.gz; rm -Rf v${LUA_SCRIPTS_RESTYCORE}.tar.gz
+        cd /opt/mod/lua-resty-core-${LUA_SCRIPTS_RESTYCORE} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_LUA_LRUCACHE — same pattern, pinned to LUA_SCRIPTS_LRUCACHE.
+    if [ ! -d /opt/mod/lua-resty-lrucache-${LUA_SCRIPTS_LRUCACHE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${LUA_SCRIPTS_LRUCACHE}.tar.gz
+        cd /opt/mod/; tar xf v${LUA_SCRIPTS_LRUCACHE}.tar.gz; rm -Rf v${LUA_SCRIPTS_LRUCACHE}.tar.gz
+        cd /opt/mod/lua-resty-lrucache-${LUA_SCRIPTS_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_MYSQL
+    if [ ! -d /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-mysql/archive/refs/tags/v${NGX_MOD_LUA_MYSQL}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_MYSQL}.tar.gz; rm -Rf v${NGX_MOD_LUA_MYSQL}.tar.gz
+        cd /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_SRCACHE
+    if [ ! -d /opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/srcache-nginx-module/archive/refs/tags/v${NGX_MOD_LUA_SRCACHE}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_SRCACHE}.tar.gz; rm -Rf v${NGX_MOD_LUA_SRCACHE}.tar.gz
+    fi
+
+    # NGX_MOD_LUA_REDIS2
+    if [ ! -d /opt/mod/redis2-nginx-module ]; then
+        cd /opt/mod/; git clone --recursive https://github.com/openresty/redis2-nginx-module.git
+    fi
+
+    # NGX_MOD_LUA_LOCK 0.09
+    if [ ! -d /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-lock/archive/refs/tags/v${NGX_MOD_LUA_LOCK}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_LOCK}.tar.gz; rm -Rf v${NGX_MOD_LUA_LOCK}.tar.gz
+        cd /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_CACHE
+    if [ ! -d /opt/mod/lua-resty-cache ]; then
+        cd /opt/mod/; git clone --branch feature-srcache --recursive https://github.com/lloydzhou/lua-resty-cache
+        cd /opt/mod/lua-resty-cache && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_DEVELKIT
+    if [ ! -d /opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT} ]; then
+        cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_MOD_DEVELKIT}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_DEVELKIT}.tar.gz; rm -Rf v${NGX_MOD_DEVELKIT}.tar.gz
+    fi
+
+    # NGX_MOD_GEOIP2
+    if [ ! -d /opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} ]; then
+        cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_MOD_GEOIP2}.tar.gz
+        cd /opt/mod/; tar xf ${NGX_MOD_GEOIP2}.tar.gz; rm -Rf ${NGX_MOD_GEOIP2}.tar.gz
+    fi
+
+    # NGX_MOD_MODSECURITY
+    if [ ! -d /opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} ]; then
+        cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MOD_MODSECURITY}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_MODSECURITY}.tar.gz; rm -Rf v${NGX_MOD_MODSECURITY}.tar.gz
+    fi
+
+    # NGX_MOD_HTTPFLV
+    if [ ! -d /opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} ]; then
+        cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_MOD_HTTPFLV}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_HTTPFLV}.tar.gz; rm -Rf v${NGX_MOD_HTTPFLV}.tar.gz
+    fi
+
+    # NGX_MOD_HEADERS_MORE
+    if [ ! -d /opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_MOD_HEADERS_MORE}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_MOD_HEADERS_MORE}.tar.gz
+    fi
+
+    # NGX_MOD_SETMISC
+    if [ ! -d /opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_MOD_SETMISC}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_SETMISC}.tar.gz; rm -Rf v${NGX_MOD_SETMISC}.tar.gz
+    fi
+
+    # Testcookie
+    if [ ! -d /opt/mod/testcookie ]; then
+        cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
+    fi
+
+    # Brotli
+    if [ ! -d /opt/mod/ngx_brotli ]; then
+        cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
+    fi
+
+    # Naxsi
+    if [ ! -d /opt/mod/naxsi ]; then
+        cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
+    fi
+
+    # NGX_MOD_ZSTD — Zstandard compression module from tokers. Pinned via
+    # NGX_MOD_ZSTD; tarball pattern (dir name embeds version → cache invalidates
+    # automatically when the pin moves).
+    if [ ! -d /opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD} ]; then
+        cd /opt/mod/; wget https://github.com/tokers/zstd-nginx-module/archive/refs/tags/${NGX_MOD_ZSTD}.tar.gz
+        cd /opt/mod/; tar xf ${NGX_MOD_ZSTD}.tar.gz; rm -Rf ${NGX_MOD_ZSTD}.tar.gz
+    fi
+
+    # END OF NGINX MODULES
+    # ============================================================================================================
+}
+
+test_nginx() {
+    cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
+                                          --user=nginx                                                            \
+                                          --group=nginx                                                           \
+                                          --sbin-path=/usr/sbin/nginx                                             \
+                                          --conf-path=/nginx/nginx.conf                                           \
+                                          --modules-path=/nginx/modules                                           \
+                                          --pid-path=/run/nginx.pid                                           \
+                                          --lock-path=/run/nginx.lock                                               \
+                                          --error-log-path=/var/log/nginx/error.log                               \
+                                          --http-log-path=/var/log/nginx/access.log                               \
+                                          --http-client-body-temp-path=/run/nginx/temp/client_body                \
+                                          --http-proxy-temp-path=/run/nginx/temp/proxy                            \
+                                          --http-fastcgi-temp-path=/run/nginx/temp/fastcgi                        \
+                                          --http-uwsgi-temp-path=/run/nginx/temp/uwsgi                            \
+                                          --http-scgi-temp-path=/run/nginx/temp/scgi                              \
+                                          --with-pcre                                                             \
+                                          --with-pcre-jit                                                         \
+                                          --with-pcre=/opt/mod/pcre2-${SYSTEM_PCRE}                         \
+                                          --with-threads                                                          \
+                                          --with-file-aio                                                         \
+                                          --with-http_ssl_module                                                  \
+                                          --with-http_v2_module                                                   \
+                                          --with-http_v3_module                                                   \
+                                          --with-http_realip_module                                               \
+                                          --with-http_addition_module                                             \
+                                          --with-http_xslt_module                                                 \
+                                          --with-http_image_filter_module                                         \
+                                          --with-http_geoip_module                                                \
+                                          --with-http_sub_module                                                  \
+                                          --with-http_dav_module                                                  \
+                                          --with-http_flv_module                                                  \
+                                          --with-http_mp4_module                                                  \
+                                          --with-http_gunzip_module                                               \
+                                          --with-http_gzip_static_module                                          \
+                                          --with-http_auth_request_module                                         \
+                                          --with-http_random_index_module                                         \
+                                          --with-http_secure_link_module                                          \
+                                          --with-http_slice_module                                                \
+                                          --with-http_stub_status_module                                          \
+                                          --with-mail                                                             \
+                                          --with-mail_ssl_module                                                  \
+                                          --with-stream                                                           \
+                                          --with-stream_ssl_module                                                \
+                                          --with-stream_realip_module                                             \
+                                          --with-stream_geoip_module                                              \
+                                          --add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT}                 \
+                                          --add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC}          \
+                                          --add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2}          \
+                                          --add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
+                                          --add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA}                   \
+                                          --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY}          \
+                                          --add-module=/opt/mod/naxsi/naxsi_src                                   \
+                                          --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV}          \
+                                          --add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE}       \
+                                          --add-module=/opt/mod/redis2-nginx-module                               \
+                                          --add-module=/opt/mod/ngx_brotli                                        \
+                                          --add-module=/opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD}                  \
+                                          --add-module=/opt/mod/testcookie                                        \
+                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC -I/usr/local/aws-lc/include -I/usr/local/zlib-ng/include -DNGX_HAVE_SYSTEMD" \
+                                          --with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/usr/local/aws-lc/lib -lssl -lcrypto -Wl,-rpath,/usr/local/aws-lc/lib -L/usr/local/zlib-ng/lib -lz -Wl,-rpath,/usr/local/zlib-ng/lib -lsystemd"
+                                          make clean
+}
+function build() {
+    cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
+                                          --user=nginx                                                            \
+                                          --group=nginx                                                           \
+                                          --sbin-path=/usr/sbin/nginx                                             \
+                                          --conf-path=/nginx/nginx.conf                                           \
+                                          --modules-path=/nginx/modules                                           \
+                                          --pid-path=/run/nginx.pid                                           \
+                                          --lock-path=/run/nginx.lock                                               \
+                                          --error-log-path=/var/log/nginx/error.log                               \
+                                          --http-log-path=/var/log/nginx/access.log                               \
+                                          --http-client-body-temp-path=/run/nginx/temp/client_body                \
+                                          --http-proxy-temp-path=/run/nginx/temp/proxy                            \
+                                          --http-fastcgi-temp-path=/run/nginx/temp/fastcgi                        \
+                                          --http-uwsgi-temp-path=/run/nginx/temp/uwsgi                            \
+                                          --http-scgi-temp-path=/run/nginx/temp/scgi                              \
+                                          --with-pcre                                                             \
+                                          --with-pcre-jit                                                         \
+                                          --with-pcre=/opt/mod/pcre2-${SYSTEM_PCRE}                         \
+                                          --with-threads                                                          \
+                                          --with-file-aio                                                         \
+                                          --with-http_ssl_module                                                  \
+                                          --with-http_v2_module                                                   \
+                                          --with-http_v3_module                                                   \
+                                          --with-http_realip_module                                               \
+                                          --with-http_addition_module                                             \
+                                          --with-http_xslt_module                                                 \
+                                          --with-http_image_filter_module                                         \
+                                          --with-http_geoip_module                                                \
+                                          --with-http_sub_module                                                  \
+                                          --with-http_dav_module                                                  \
+                                          --with-http_flv_module                                                  \
+                                          --with-http_mp4_module                                                  \
+                                          --with-http_gunzip_module                                               \
+                                          --with-http_gzip_static_module                                          \
+                                          --with-http_auth_request_module                                         \
+                                          --with-http_random_index_module                                         \
+                                          --with-http_secure_link_module                                          \
+                                          --with-http_slice_module                                                \
+                                          --with-http_stub_status_module                                          \
+                                          --with-mail                                                             \
+                                          --with-mail_ssl_module                                                  \
+                                          --with-stream                                                           \
+                                          --with-stream_ssl_module                                                \
+                                          --with-stream_realip_module                                             \
+                                          --with-stream_geoip_module                                              \
+                                          --add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT}                 \
+                                          --add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC}          \
+                                          --add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2}          \
+                                          --add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
+                                          --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY}          \
+                                          --add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA}                   \
+                                          --add-module=/opt/mod/naxsi/naxsi_src                                   \
+                                          --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV}          \
+                                          --add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE}       \
+                                          --add-module=/opt/mod/redis2-nginx-module                               \
+                                          --add-module=/opt/mod/ngx_brotli                                        \
+                                          --add-module=/opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD}                  \
+                                          --add-module=/opt/mod/testcookie                                        \
+                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC -I/usr/local/aws-lc/include -I/usr/local/zlib-ng/include -DNGX_HAVE_SYSTEMD" \
+                                          --with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/usr/local/aws-lc/lib -lssl -lcrypto -Wl,-rpath,/usr/local/aws-lc/lib -L/usr/local/zlib-ng/lib -lz -Wl,-rpath,/usr/local/zlib-ng/lib -lsystemd"
+    # NOTE: kept as separate statements (not `make && make install && make clean`)
+    # so `set -e` actually fires on a make failure. The && chain hides left-side
+    # failures from set -e, which previously let half-built nginx ship.
+    cd /opt/nginx-${NGINX} && make -j`nproc`
+    cd /opt/nginx-${NGINX} && make install
+    cd /opt/nginx-${NGINX} && make clean
+    unset NGINX
+}
+function post_build() {
+    useradd nginx; unset NGINX; rm -rf /nginx/*.default;
+    mkdir -p /nginx/live
+    mkdir -p /nginx/conf.d
+    mkdir -p /nginx/config
+    mkdir -p /var/log/nginx
+    mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
+    curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/nginx.conf > /nginx/nginx.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/live/default > /nginx/live/default
+    mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
+    mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
+    SRC_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+    install -m 0644 "${SRC_DIR}/static/Raccoon/nginx.service" /etc/systemd/system/nginx.service
+    if [ -f "/run/.containerenv" ] || [ -f "/.dockerenv" ] || [ -f "/home/runner/.dockerenv" ]; then
+        echo "Skipping systemctl commands on GitHub runner"
+        mkdir -p /etc/systemd/system/
+    else
+        systemctl daemon-reload
+        systemctl restart nginx.service
+        systemctl enable nginx.service
+    fi
+}
+
+# Handling command-line arguments
+case "$1" in
+    new)
+        reqs
+        clean_install
+        ;;
+    test)
+        test_nginx
+        ;;
+    build)
+        build
+        ;;
+    postfix)
+        post_build
+        ;;
+    *)
+        echo "Invalid option: $1"
+        echo "Usage: $0 {new|test|build|postfix}"
+        echo ""
+        echo "  new: will download all modules & nginx (if you change a version from file, simply rerun this to download that)"
+        echo "  test: Test nginx configuration"
+        echo "  build: Build nginx, or Rebuild (mods/configs will not be redownloaded this will only build)"
+        echo "  postfix: After first installation, run this to download nginx configs (it will replace nginx.conf if there already is one)"
+        exit 1
+        ;;
+esac

build/trixie.sh

@@ -0,0 +1,442 @@
+. ./version
+set -e
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+function reqs() {
+    apt-get update -y; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y
+    DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata dialog
+    # apt-get purge nftables firewalld ufw -y; apt-get autoremove -y
+    apt-get -y install wget zip unzip build-essential libssl-dev curl nano git
+    # apt-get -y install iptables ipset
+    apt-get install libtool pkg-config make cmake automake autoconf golang-go ninja-build -y
+    apt-get install libyajl-dev ssdeep zlib1g-dev libxslt1-dev libgd-dev libgeoip-dev liblmdb-dev libfuzzy-dev libmaxminddb-dev liblua5.1-dev libcurl4-openssl-dev libxml2 libxml2-dev mercurial libpcre2-dev libc-ares-dev libre2-dev libzstd-dev libjemalloc2 libsystemd-dev -y
+    mkdir -p $LUA_SCRIPTS
+}
+function apply_patches() {
+    local nginx_src="/opt/nginx-${NGINX}"
+    local patch_dir="${SCRIPT_DIR}/patches"
+    [ -f "${nginx_src}/.patches_applied" ] && return 0
+
+    apply_one() {
+        local toggle="$1" file="$2"
+        if [ "$toggle" != "1" ]; then
+            echo "[patch] skip $file (toggle=$toggle)"; return 0
+        fi
+        if [ ! -f "${patch_dir}/${file}" ]; then
+            echo "[patch] MISSING ${patch_dir}/${file}"; return 1
+        fi
+        echo "[patch] applying ${file}"
+        ( cd "$nginx_src" && patch -p1 < "${patch_dir}/${file}" )
+    }
+
+    apply_one "${APPLY_PATCH_SYSTEMD_NOTIFY:-0}"      "nginx-${NGINX}-systemd-notify.patch"
+    apply_one "${APPLY_PATCH_DYNAMIC_TLS_RECORDS:-0}" "nginx-${NGINX}-dynamic-tls-records.patch"
+    apply_one "${APPLY_PATCH_HTTP2_HPACK_ENC:-0}"     "nginx-${NGINX}-http2-hpack-enc.patch"
+
+    touch "${nginx_src}/.patches_applied"
+}
+
+function clean_install() {
+     mkdir -p /opt/mod
+
+    # Nginx
+    if [ ! -d /opt/nginx-${NGINX} ]; then
+        cd /opt/ && wget https://nginx.org/download/nginx-${NGINX}.tar.gz
+        tar xf nginx-${NGINX}.tar.gz && rm -Rf nginx-${NGINX}.tar.gz
+    fi
+    apply_patches
+
+    # START OF SYSTEM REQUIRED LIBS
+    # ============================================================================================================
+    # AWS-LC — TLS+QUIC backend. Replaces quictls/openssl. Built standalone
+    # (cmake+ninja) and installed to /usr/local/aws-lc/. nginx 1.29.2+ links
+    # against it via -I/-L; we no longer pass --with-openssl=PATH because we
+    # don't want nginx's configure to rebuild OpenSSL itself.
+    if [ ! -d /opt/mod/aws-lc-${SYSTEM_AWSLC} ]; then
+        cd /opt/mod && wget https://github.com/aws/aws-lc/archive/refs/tags/v${SYSTEM_AWSLC}.tar.gz
+        cd /opt/mod && tar xf v${SYSTEM_AWSLC}.tar.gz; rm -Rf v${SYSTEM_AWSLC}.tar.gz
+    fi
+    if [ ! -f /usr/local/aws-lc/lib/libssl.so ]; then
+        cd /opt/mod/aws-lc-${SYSTEM_AWSLC} && \
+            cmake -GNinja -B build \
+                -DCMAKE_INSTALL_PREFIX=/usr/local/aws-lc \
+                -DBUILD_SHARED_LIBS=1 \
+                -DCMAKE_BUILD_TYPE=Release && \
+            cmake --build build -j`nproc` && \
+            cmake --install build && \
+            ldconfig
+    fi
+
+    # ZLIB (zlib-ng, --zlib-compat mode). Drop-in libz replacement with SIMD-
+    # accelerated DEFLATE. Installed to /usr/local/zlib-ng/. nginx links via
+    # -I/-L below (no more --with-zlib=PATH; nginx finds libz via -L+rpath).
+    if [ ! -d /opt/mod/zlib-ng-${SYSTEM_ZLIBNG} ]; then
+        cd /opt/mod && wget https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${SYSTEM_ZLIBNG}.tar.gz
+        cd /opt/mod && tar xf ${SYSTEM_ZLIBNG}.tar.gz; rm -Rf ${SYSTEM_ZLIBNG}.tar.gz
+    fi
+    if [ ! -f /usr/local/zlib-ng/lib/libz.so ]; then
+        cd /opt/mod/zlib-ng-${SYSTEM_ZLIBNG} && \
+            cmake -GNinja -B build \
+                -DCMAKE_INSTALL_PREFIX=/usr/local/zlib-ng \
+                -DZLIB_COMPAT=ON \
+                -DBUILD_SHARED_LIBS=ON \
+                -DCMAKE_BUILD_TYPE=Release && \
+            cmake --build build -j`nproc` && \
+            cmake --install build && \
+            ldconfig
+    fi
+
+    # SYSTEM_LUAJIT
+    if [ ! -d /opt/mod/luajit2-${SYSTEM_LUAJIT} ]; then
+        cd /opt/mod && wget https://github.com/openresty/luajit2/archive/refs/tags/v${SYSTEM_LUAJIT}.tar.gz
+        cd /opt/mod && tar xf v${SYSTEM_LUAJIT}.tar.gz && rm -Rf v${SYSTEM_LUAJIT}.tar.gz
+        if [ ! -d /usr/local/LuaJIT/include/luajit-2.1 ]; then
+            cd /opt/mod/luajit2-${SYSTEM_LUAJIT}/ && make clean && make install PREFIX=/usr/local/LuaJIT && ldconfig
+#            apt-get -y install liblua5.1-0-dev; apt-get -y install luarocks; luarocks install lua-resty-core
+        fi
+    fi
+
+    # SYSTEM_MODSECURITY (v3 — libmodsecurity, what ModSecurity-nginx connector needs)
+    if [ ! -d /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} ]; then
+        cd /opt/mod && wget https://github.com/SpiderLabs/ModSecurity/releases/download/v${SYSTEM_MODSECURITY}/modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
+        cd /opt/mod && tar xf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz; rm -Rf modsecurity-v${SYSTEM_MODSECURITY}.tar.gz
+    fi
+    if [ ! -f /usr/local/modsecurity/lib/libmodsecurity.so ]; then
+        cd /opt/mod/modsecurity-v${SYSTEM_MODSECURITY} && ./build.sh && ./configure --without-pcre --with-pcre2 && make -j`nproc` && make install
+    fi
+
+    # SYSTEM_PCRE
+    # Use the official release tarball (bundles the sljit submodule needed for
+    # JIT). The /archive/refs/tags/ tarball from GitHub is a raw source snapshot
+    # that omits submodules and breaks `--with-pcre-jit`.
+    if [ ! -d /opt/mod/pcre2-${SYSTEM_PCRE} ]; then
+        cd /opt/mod && wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${SYSTEM_PCRE}/pcre2-${SYSTEM_PCRE}.tar.gz
+        cd /opt/mod && tar xf pcre2-${SYSTEM_PCRE}.tar.gz; rm -Rf pcre2-${SYSTEM_PCRE}.tar.gz
+    fi
+
+    # LibInjection
+    if [ ! -d /opt/mod/libinjection ]; then
+        cd /opt/mod && git clone https://github.com/libinjection/libinjection.git
+        cd /opt/mod/libinjection && ./autogen.sh && ./configure && make -j`nproc` && make install
+    fi
+    # END OF SYSTEM REQUIRED LIBS
+    # ============================================================================================================
+
+
+    # START OF NGINX MODULES
+    # ============================================================================================================
+    # NGX_MOD_LUA
+    if [ ! -d /opt/mod/lua-nginx-module-${NGX_MOD_LUA} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v${NGX_MOD_LUA}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA}.tar.gz; rm -Rf v${NGX_MOD_LUA}.tar.gz
+        sed -i 's/cookies/cookie/g' /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/ngx_http_lua_headers_in.c
+        # AWS-LC compatibility: lua-nginx-module already has guards around APIs
+        # missing from BoringSSL (SSL_get1_supported_ciphers, SSL_export_keying_
+        # material_early, etc.). AWS-LC has the same API limitations but defines
+        # OPENSSL_IS_AWSLC instead of OPENSSL_IS_BORINGSSL, so the guards never
+        # fire. Broaden every form (#if, #ifdef, #ifndef, #elif) to recognise
+        # both macros. Order matters: the bare `defined()` substitution runs
+        # first so the later #ifdef/#ifndef substitutions don't double-rewrite.
+        sed -i \
+            -e 's@defined(OPENSSL_IS_BORINGSSL)@(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            -e 's@#ifdef OPENSSL_IS_BORINGSSL@#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            -e 's@#ifndef OPENSSL_IS_BORINGSSL@#if !(defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC))@g' \
+            /opt/mod/lua-nginx-module-${NGX_MOD_LUA}/src/*.c
+    fi
+
+    # NGX_LUA_CORE — must stay in lockstep with NGX_MOD_LUA. lua-resty-core
+    # does a strict-equality check on ngx.config.ngx_lua_version at startup,
+    # so an upstream bump on master silently breaks the build. Pinning via
+    # the tagged tarball (dir name embeds the version) means changing
+    # LUA_SCRIPTS_RESTYCORE in `version` invalidates the cache automatically.
+    if [ ! -d /opt/mod/lua-resty-core-${LUA_SCRIPTS_RESTYCORE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v${LUA_SCRIPTS_RESTYCORE}.tar.gz
+        cd /opt/mod/; tar xf v${LUA_SCRIPTS_RESTYCORE}.tar.gz; rm -Rf v${LUA_SCRIPTS_RESTYCORE}.tar.gz
+        cd /opt/mod/lua-resty-core-${LUA_SCRIPTS_RESTYCORE} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_LUA_LRUCACHE — same pattern, pinned to LUA_SCRIPTS_LRUCACHE.
+    if [ ! -d /opt/mod/lua-resty-lrucache-${LUA_SCRIPTS_LRUCACHE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v${LUA_SCRIPTS_LRUCACHE}.tar.gz
+        cd /opt/mod/; tar xf v${LUA_SCRIPTS_LRUCACHE}.tar.gz; rm -Rf v${LUA_SCRIPTS_LRUCACHE}.tar.gz
+        cd /opt/mod/lua-resty-lrucache-${LUA_SCRIPTS_LRUCACHE} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_MYSQL
+    if [ ! -d /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-mysql/archive/refs/tags/v${NGX_MOD_LUA_MYSQL}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_MYSQL}.tar.gz; rm -Rf v${NGX_MOD_LUA_MYSQL}.tar.gz
+        cd /opt/mod/lua-resty-mysql-${NGX_MOD_LUA_MYSQL} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_SRCACHE
+    if [ ! -d /opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/srcache-nginx-module/archive/refs/tags/v${NGX_MOD_LUA_SRCACHE}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_SRCACHE}.tar.gz; rm -Rf v${NGX_MOD_LUA_SRCACHE}.tar.gz
+    fi
+
+    # NGX_MOD_LUA_REDIS2
+    if [ ! -d /opt/mod/redis2-nginx-module ]; then
+        cd /opt/mod/; git clone --recursive https://github.com/openresty/redis2-nginx-module.git
+    fi
+
+    # NGX_MOD_LUA_LOCK 0.09
+    if [ ! -d /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/lua-resty-lock/archive/refs/tags/v${NGX_MOD_LUA_LOCK}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_LUA_LOCK}.tar.gz; rm -Rf v${NGX_MOD_LUA_LOCK}.tar.gz
+        cd /opt/mod/lua-resty-lock-${NGX_MOD_LUA_LOCK} && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_LUA_CACHE
+    if [ ! -d /opt/mod/lua-resty-cache ]; then
+        cd /opt/mod/; git clone --branch feature-srcache --recursive https://github.com/lloydzhou/lua-resty-cache
+        cd /opt/mod/lua-resty-cache && make install PREFIX=${LUA_SCRIPTS}
+    fi
+
+    # NGX_MOD_DEVELKIT
+    if [ ! -d /opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT} ]; then
+        cd /opt/mod/; wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v${NGX_MOD_DEVELKIT}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_DEVELKIT}.tar.gz; rm -Rf v${NGX_MOD_DEVELKIT}.tar.gz
+    fi
+
+    # NGX_MOD_GEOIP2
+    if [ ! -d /opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2} ]; then
+        cd /opt/mod/; wget https://github.com/leev/ngx_http_geoip2_module/archive/refs/tags/${NGX_MOD_GEOIP2}.tar.gz
+        cd /opt/mod/; tar xf ${NGX_MOD_GEOIP2}.tar.gz; rm -Rf ${NGX_MOD_GEOIP2}.tar.gz
+    fi
+
+    # NGX_MOD_MODSECURITY
+    if [ ! -d /opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY} ]; then
+        cd /opt/mod/; wget https://github.com/SpiderLabs/ModSecurity-nginx/archive/refs/tags/v${NGX_MOD_MODSECURITY}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_MODSECURITY}.tar.gz; rm -Rf v${NGX_MOD_MODSECURITY}.tar.gz
+    fi
+
+    # NGX_MOD_HTTPFLV
+    if [ ! -d /opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV} ]; then
+        cd /opt/mod/; wget https://github.com/winshining/nginx-http-flv-module/archive/refs/tags/v${NGX_MOD_HTTPFLV}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_HTTPFLV}.tar.gz; rm -Rf v${NGX_MOD_HTTPFLV}.tar.gz
+    fi
+
+    # NGX_MOD_HEADERS_MORE
+    if [ ! -d /opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/headers-more-nginx-module/archive/refs/tags/v${NGX_MOD_HEADERS_MORE}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_HEADERS_MORE}.tar.gz; rm -Rf v${NGX_MOD_HEADERS_MORE}.tar.gz
+    fi
+
+    # NGX_MOD_SETMISC
+    if [ ! -d /opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC} ]; then
+        cd /opt/mod/; wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/v${NGX_MOD_SETMISC}.tar.gz
+        cd /opt/mod/; tar xf v${NGX_MOD_SETMISC}.tar.gz; rm -Rf v${NGX_MOD_SETMISC}.tar.gz
+    fi
+
+    # Testcookie
+    if [ ! -d /opt/mod/testcookie ]; then
+        cd /opt/mod/; git clone https://github.com/kyprizel/testcookie-nginx-module.git testcookie
+    fi
+
+    # Brotli
+    if [ ! -d /opt/mod/ngx_brotli ]; then
+        cd /opt/mod/; git clone https://github.com/google/ngx_brotli.git ngx_brotli; cd /opt/mod/ngx_brotli && git submodule update --init
+    fi
+
+    # Naxsi
+    if [ ! -d /opt/mod/naxsi ]; then
+        cd /opt/mod/; git clone --recurse-submodules https://github.com/wargio/naxsi.git naxsi
+    fi
+
+    # NGX_MOD_ZSTD — Zstandard compression module from tokers. Pinned via
+    # NGX_MOD_ZSTD; tarball pattern (dir name embeds version → cache invalidates
+    # automatically when the pin moves).
+    if [ ! -d /opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD} ]; then
+        cd /opt/mod/; wget https://github.com/tokers/zstd-nginx-module/archive/refs/tags/${NGX_MOD_ZSTD}.tar.gz
+        cd /opt/mod/; tar xf ${NGX_MOD_ZSTD}.tar.gz; rm -Rf ${NGX_MOD_ZSTD}.tar.gz
+    fi
+
+    # END OF NGINX MODULES
+    # ============================================================================================================
+}
+
+test_nginx() {
+    cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
+                                          --user=nginx                                                            \
+                                          --group=nginx                                                           \
+                                          --sbin-path=/usr/sbin/nginx                                             \
+                                          --conf-path=/nginx/nginx.conf                                           \
+                                          --modules-path=/nginx/modules                                           \
+                                          --pid-path=/run/nginx.pid                                           \
+                                          --lock-path=/run/nginx.lock                                               \
+                                          --error-log-path=/var/log/nginx/error.log                               \
+                                          --http-log-path=/var/log/nginx/access.log                               \
+                                          --http-client-body-temp-path=/run/nginx/temp/client_body                \
+                                          --http-proxy-temp-path=/run/nginx/temp/proxy                            \
+                                          --http-fastcgi-temp-path=/run/nginx/temp/fastcgi                        \
+                                          --http-uwsgi-temp-path=/run/nginx/temp/uwsgi                            \
+                                          --http-scgi-temp-path=/run/nginx/temp/scgi                              \
+                                          --with-pcre                                                             \
+                                          --with-pcre-jit                                                         \
+                                          --with-pcre=/opt/mod/pcre2-${SYSTEM_PCRE}                         \
+                                          --with-threads                                                          \
+                                          --with-file-aio                                                         \
+                                          --with-http_ssl_module                                                  \
+                                          --with-http_v2_module                                                   \
+                                          --with-http_v3_module                                                   \
+                                          --with-http_realip_module                                               \
+                                          --with-http_addition_module                                             \
+                                          --with-http_xslt_module                                                 \
+                                          --with-http_image_filter_module                                         \
+                                          --with-http_geoip_module                                                \
+                                          --with-http_sub_module                                                  \
+                                          --with-http_dav_module                                                  \
+                                          --with-http_flv_module                                                  \
+                                          --with-http_mp4_module                                                  \
+                                          --with-http_gunzip_module                                               \
+                                          --with-http_gzip_static_module                                          \
+                                          --with-http_auth_request_module                                         \
+                                          --with-http_random_index_module                                         \
+                                          --with-http_secure_link_module                                          \
+                                          --with-http_slice_module                                                \
+                                          --with-http_stub_status_module                                          \
+                                          --with-mail                                                             \
+                                          --with-mail_ssl_module                                                  \
+                                          --with-stream                                                           \
+                                          --with-stream_ssl_module                                                \
+                                          --with-stream_realip_module                                             \
+                                          --with-stream_geoip_module                                              \
+                                          --add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT}                 \
+                                          --add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC}          \
+                                          --add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2}          \
+                                          --add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
+                                          --add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA}                   \
+                                          --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY}          \
+                                          --add-module=/opt/mod/naxsi/naxsi_src                                   \
+                                          --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV}          \
+                                          --add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE}       \
+                                          --add-module=/opt/mod/redis2-nginx-module                               \
+                                          --add-module=/opt/mod/ngx_brotli                                        \
+                                          --add-module=/opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD}                  \
+                                          --add-module=/opt/mod/testcookie                                        \
+                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC -I/usr/local/aws-lc/include -I/usr/local/zlib-ng/include -DNGX_HAVE_SYSTEMD" \
+                                          --with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/usr/local/aws-lc/lib -lssl -lcrypto -Wl,-rpath,/usr/local/aws-lc/lib -L/usr/local/zlib-ng/lib -lz -Wl,-rpath,/usr/local/zlib-ng/lib -lsystemd"
+                                          make clean
+}
+function build() {
+    cd /opt/nginx-${NGINX} && LUAJIT_LIB="/usr/local/LuaJIT/lib" LUAJIT_INC="/usr/local/LuaJIT/include/luajit-2.1/" CFLAGS=-fPIC CXXFLAGS=-fPIC ./configure --with-compat \
+                                          --user=nginx                                                            \
+                                          --group=nginx                                                           \
+                                          --sbin-path=/usr/sbin/nginx                                             \
+                                          --conf-path=/nginx/nginx.conf                                           \
+                                          --modules-path=/nginx/modules                                           \
+                                          --pid-path=/run/nginx.pid                                           \
+                                          --lock-path=/run/nginx.lock                                               \
+                                          --error-log-path=/var/log/nginx/error.log                               \
+                                          --http-log-path=/var/log/nginx/access.log                               \
+                                          --http-client-body-temp-path=/run/nginx/temp/client_body                \
+                                          --http-proxy-temp-path=/run/nginx/temp/proxy                            \
+                                          --http-fastcgi-temp-path=/run/nginx/temp/fastcgi                        \
+                                          --http-uwsgi-temp-path=/run/nginx/temp/uwsgi                            \
+                                          --http-scgi-temp-path=/run/nginx/temp/scgi                              \
+                                          --with-pcre                                                             \
+                                          --with-pcre-jit                                                         \
+                                          --with-pcre=/opt/mod/pcre2-${SYSTEM_PCRE}                         \
+                                          --with-threads                                                          \
+                                          --with-file-aio                                                         \
+                                          --with-http_ssl_module                                                  \
+                                          --with-http_v2_module                                                   \
+                                          --with-http_v3_module                                                   \
+                                          --with-http_realip_module                                               \
+                                          --with-http_addition_module                                             \
+                                          --with-http_xslt_module                                                 \
+                                          --with-http_image_filter_module                                         \
+                                          --with-http_geoip_module                                                \
+                                          --with-http_sub_module                                                  \
+                                          --with-http_dav_module                                                  \
+                                          --with-http_flv_module                                                  \
+                                          --with-http_mp4_module                                                  \
+                                          --with-http_gunzip_module                                               \
+                                          --with-http_gzip_static_module                                          \
+                                          --with-http_auth_request_module                                         \
+                                          --with-http_random_index_module                                         \
+                                          --with-http_secure_link_module                                          \
+                                          --with-http_slice_module                                                \
+                                          --with-http_stub_status_module                                          \
+                                          --with-mail                                                             \
+                                          --with-mail_ssl_module                                                  \
+                                          --with-stream                                                           \
+                                          --with-stream_ssl_module                                                \
+                                          --with-stream_realip_module                                             \
+                                          --with-stream_geoip_module                                              \
+                                          --add-module=/opt/mod/ngx_devel_kit-${NGX_MOD_DEVELKIT}                 \
+                                          --add-module=/opt/mod/set-misc-nginx-module-${NGX_MOD_SETMISC}          \
+                                          --add-module=/opt/mod/ngx_http_geoip2_module-${NGX_MOD_GEOIP2}          \
+                                          --add-module=/opt/mod/headers-more-nginx-module-${NGX_MOD_HEADERS_MORE} \
+                                          --add-module=/opt/mod/ModSecurity-nginx-${NGX_MOD_MODSECURITY}          \
+                                          --add-module=/opt/mod/lua-nginx-module-${NGX_MOD_LUA}                   \
+                                          --add-module=/opt/mod/naxsi/naxsi_src                                   \
+                                          --add-module=/opt/mod/nginx-http-flv-module-${NGX_MOD_HTTPFLV}          \
+                                          --add-module=/opt/mod/srcache-nginx-module-${NGX_MOD_LUA_SRCACHE}       \
+                                          --add-module=/opt/mod/redis2-nginx-module                               \
+                                          --add-module=/opt/mod/ngx_brotli                                        \
+                                          --add-module=/opt/mod/zstd-nginx-module-${NGX_MOD_ZSTD}                  \
+                                          --add-module=/opt/mod/testcookie                                        \
+                                          --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC -I/usr/local/aws-lc/include -I/usr/local/zlib-ng/include -DNGX_HAVE_SYSTEMD" \
+                                          --with-ld-opt="-Wl,-rpath,/usr/local/LuaJIT/lib -Wl,-rpath,/usr/local/lib -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie -L/opt/mod/pcre2-${SYSTEM_PCRE}/.libs -lpcre2-8 -L/usr/local/aws-lc/lib -lssl -lcrypto -Wl,-rpath,/usr/local/aws-lc/lib -L/usr/local/zlib-ng/lib -lz -Wl,-rpath,/usr/local/zlib-ng/lib -lsystemd"
+    # NOTE: kept as separate statements (not `make && make install && make clean`)
+    # so `set -e` actually fires on a make failure. The && chain hides left-side
+    # failures from set -e, which previously let half-built nginx ship.
+    cd /opt/nginx-${NGINX} && make -j`nproc`
+    cd /opt/nginx-${NGINX} && make install
+    cd /opt/nginx-${NGINX} && make clean
+    unset NGINX
+}
+function post_build() {
+    useradd nginx; unset NGINX; rm -rf /nginx/*.default;
+    mkdir -p /nginx/live
+    mkdir -p /nginx/conf.d
+    mkdir -p /nginx/config
+    mkdir -p /var/log/nginx
+    mkdir -p /nginx/modsec; curl -s https://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules > /nginx/modsec/naxi.core
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/l7.conf > /nginx/modsec/l7.conf
+    curl -s https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended > /nginx/modsec/modsecurity.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/tester.conf > /nginx/modsec/tester.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/unicode.mapping > /nginx/modsec/unicode.mapping
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/nginx.conf > /nginx/nginx.conf
+    curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/nginx/live/default > /nginx/live/default
+    mkdir -p /hostdata/default/public_html/ && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/index.html > /hostdata/default/public_html/index.html
+    mkdir -p /hostdata/default/public_html/cdn/modsec && curl -s https://raw.githubusercontent.com/theraw/The-World-Is-Yours/master/static/modsec/aes.min.js > /hostdata/default/public_html/cdn/modsec/aes.min.js
+    SRC_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+    install -m 0644 "${SRC_DIR}/static/Trixie/nginx.service" /etc/systemd/system/nginx.service
+    if [ -f "/run/.containerenv" ] || [ -f "/.dockerenv" ] || [ -f "/home/runner/.dockerenv" ]; then
+        echo "Skipping systemctl commands on GitHub runner"
+        mkdir -p /etc/systemd/system/
+    else
+        systemctl daemon-reload
+        systemctl restart nginx.service
+        systemctl enable nginx.service
+    fi
+}
+
+# Handling command-line arguments
+case "$1" in
+    new)
+        reqs
+        clean_install
+        ;;
+    test)
+        test_nginx
+        ;;
+    build)
+        build
+        ;;
+    postfix)
+        post_build
+        ;;
+    *)
+        echo "Invalid option: $1"
+        echo "Usage: $0 {new|test|build|postfix}"
+        echo ""
+        echo "  new: will download all modules & nginx (if you change a version from file, simply rerun this to download that)"
+        echo "  test: Test nginx configuration"
+        echo "  build: Build nginx, or Rebuild (mods/configs will not be redownloaded this will only build)"
+        echo "  postfix: After first installation, run this to download nginx configs (it will replace nginx.conf if there already is one)"
+        exit 1
+        ;;
+esac

setup

@@ -1,61 +0,0 @@
-version: '3.7'
-services:
-  nginx:
-    container_name: nginx
-    ports:
-     - "0.0.0.0:80-9000:80-9000"
-    image: ""
-    shm_size: '512MB'
-    privileged: true
-    restart: unless-stopped
-    networks:
-      nginx_net:
-        ipv4_address: 172.22.0.22
-    dns:
-     - "8.8.8.8"
-     - "8.8.4.4"
-    ulimits:
-     nproc: 65535
-    cap_add:
-     - "ALL"
-    volumes:
-      - /dopesrv/nginx:/nginx
-      - /dopesrv/etc:/etc
-      - /dopesrv/opt:/opt
-      - /dopesrv/home:/home
-      - /dopesrv/root:/root
-      - /dopesrv/var:/var
-  db:
-    container_name: db
-    image: 'mariadb:latest'
-    shm_size: '512MB'
-    privileged: true
-    restart: unless-stopped
-    ports:
-      - '3306:3306'
-    networks:
-      nginx_net:
-        ipv4_address: 172.22.0.33
-    dns:
-     - "8.8.8.8"
-     - "8.8.4.4"
-    ulimits:
-     nproc: 65535
-    cap_add:
-     - "ALL"
-    environment:
-      MYSQL_ROOT_PASSWORD: '67WxFgoz1M'
-      MYSQL_DATABASE: 'nginx'
-      MYSQL_USER: 'dopeuser'
-      MYSQL_PASSWORD: '67WxFgoz1M'
-    volumes:
-      - /dopesrv/var/lib/mysql:/var/lib/mysql
-networks:
-  nginx_net:
-    driver: bridge
-    driver_opts:
-      com.docker.network.enable_ipv6: "false"
-    ipam:
-      driver: default
-      config:
-      - subnet: 172.22.0.0/16

static/Raccoon/nginx-raweb.service

@@ -0,0 +1,70 @@
+[Unit]
+Description=A high performance web server and a reverse proxy server (twiy)
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+Environment=LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+ExecStartPre=/usr/bin/install -d -o nginx -g nginx -m 0755 /run/nginx/temp /run/nginx/temp/client_body /run/nginx/temp/proxy /run/nginx/temp/fastcgi /run/nginx/temp/uwsgi /run/nginx/temp/scgi /var/log/nginx
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx -c /nginx/nginx.conf
+ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /run/nginx.pid)"
+ExecStop=/bin/sh -c "/bin/kill -s QUIT $(/bin/cat /run/nginx.pid)"
+TimeoutStartSec=10
+LimitNOFILE=65535
+
+# === hardening: deny-everything by default, allowlist via bind mounts ===
+# TemporaryFileSystem=/ replaces the visible filesystem with an empty tmpfs.
+# Everything not bind-mounted below is invisible to nginx workers — even
+# read access. Compromise of a worker can no longer enumerate /etc/passwd,
+# /home/*, /var/lib/*, /root, /opt, etc.
+TemporaryFileSystem=/
+
+# Read-only: nginx binary, dynamic linker, all linked libs, system config,
+# CA bundles, Let's Encrypt certs (live/ + archive/ both under /etc).
+BindReadOnlyPaths=/usr
+BindReadOnlyPaths=/lib
+BindReadOnlyPaths=/lib64
+BindReadOnlyPaths=/bin
+BindReadOnlyPaths=/sbin
+BindReadOnlyPaths=/etc
+
+# Read-write: nginx runtime state.
+#   /run               nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock
+#   /var/log/nginx     access.log, error.log
+#   /nginx             config dir (read-mostly but reload writes some state)
+BindPaths=/run
+BindPaths=/var/log/nginx
+BindPaths=/nginx
+BindPaths=/var/cache/nginx
+BindPaths=/srv
+BindPaths=/hostdata
+BindPaths=/raweb
+
+NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectClock=true
+ProtectHostname=true
+PrivateDevices=true
+PrivateTmp=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+# NOTE deliberately OFF:
+#   MemoryDenyWriteExecute=true       breaks LuaJIT (JIT writable+executable pages)
+#   SystemCallFilter=~@resources      breaks nginx workers' prlimit64()
+# ProtectSystem and ProtectHome are redundant under TemporaryFileSystem=/.
+
+[Install]
+WantedBy=multi-user.target

static/Raccoon/nginx.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=A high performance web server and a reverse proxy server (twiy)
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+Environment=LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+ExecStartPre=/usr/bin/install -d -o nginx -g nginx -m 0755 /run/nginx/temp /run/nginx/temp/client_body /run/nginx/temp/proxy /run/nginx/temp/fastcgi /run/nginx/temp/uwsgi /run/nginx/temp/scgi /var/log/nginx
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx -c /nginx/nginx.conf
+ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /run/nginx.pid)"
+ExecStop=/bin/sh -c "/bin/kill -s QUIT $(/bin/cat /run/nginx.pid)"
+TimeoutStartSec=10
+LimitNOFILE=65535
+
+[Install]
+WantedBy=multi-user.target

static/Trixie/nginx-raweb.service

@@ -0,0 +1,70 @@
+[Unit]
+Description=A high performance web server and a reverse proxy server (twiy)
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+Environment=LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+ExecStartPre=/usr/bin/install -d -o nginx -g nginx -m 0755 /run/nginx/temp /run/nginx/temp/client_body /run/nginx/temp/proxy /run/nginx/temp/fastcgi /run/nginx/temp/uwsgi /run/nginx/temp/scgi /var/log/nginx
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx -c /nginx/nginx.conf
+ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /run/nginx.pid)"
+ExecStop=/bin/sh -c "/bin/kill -s QUIT $(/bin/cat /run/nginx.pid)"
+TimeoutStartSec=10
+LimitNOFILE=65535
+
+# === hardening: deny-everything by default, allowlist via bind mounts ===
+# TemporaryFileSystem=/ replaces the visible filesystem with an empty tmpfs.
+# Everything not bind-mounted below is invisible to nginx workers — even
+# read access. Compromise of a worker can no longer enumerate /etc/passwd,
+# /home/*, /var/lib/*, /root, /opt, etc.
+TemporaryFileSystem=/
+
+# Read-only: nginx binary, dynamic linker, all linked libs, system config,
+# CA bundles, Let's Encrypt certs (live/ + archive/ both under /etc).
+BindReadOnlyPaths=/usr
+BindReadOnlyPaths=/lib
+BindReadOnlyPaths=/lib64
+BindReadOnlyPaths=/bin
+BindReadOnlyPaths=/sbin
+BindReadOnlyPaths=/etc
+
+# Read-write: nginx runtime state.
+#   /run               nginx.pid, nginx.lock, /run/nginx/temp/*, PHP-FPM sock
+#   /var/log/nginx     access.log, error.log
+#   /nginx             config dir (read-mostly but reload writes some state)
+BindPaths=/run
+BindPaths=/var/log/nginx
+BindPaths=/nginx
+BindPaths=/var/cache/nginx
+BindPaths=/srv
+BindPaths=/hostdata
+BindPaths=/raweb
+
+NoNewPrivileges=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectClock=true
+ProtectHostname=true
+PrivateDevices=true
+PrivateTmp=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+LockPersonality=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+# NOTE deliberately OFF:
+#   MemoryDenyWriteExecute=true       breaks LuaJIT (JIT writable+executable pages)
+#   SystemCallFilter=~@resources      breaks nginx workers' prlimit64()
+# ProtectSystem and ProtectHome are redundant under TemporaryFileSystem=/.
+
+[Install]
+WantedBy=multi-user.target

static/Trixie/nginx.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=A high performance web server and a reverse proxy server (twiy)
+After=syslog.target network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+PIDFile=/run/nginx.pid
+Environment=LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
+ExecStartPre=/usr/bin/install -d -o nginx -g nginx -m 0755 /run/nginx/temp /run/nginx/temp/client_body /run/nginx/temp/proxy /run/nginx/temp/fastcgi /run/nginx/temp/uwsgi /run/nginx/temp/scgi /var/log/nginx
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx -c /nginx/nginx.conf
+ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /run/nginx.pid)"
+ExecStop=/bin/sh -c "/bin/kill -s QUIT $(/bin/cat /run/nginx.pid)"
+TimeoutStartSec=10
+LimitNOFILE=65535
+
+[Install]
+WantedBy=multi-user.target

static/docker/supervisord.conf

@@ -0,0 +1,32 @@
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0700
+
+[supervisord]
+user=root
+logfile=/var/log/supervisor/supervisord.log
+pidfile=/var/run/supervisord.pid
+childlogdir=/var/log/supervisor
+
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[program:nginx]
+user=root
+command=/usr/sbin/nginx -g "daemon off;"
+autostart=true
+autorestart=true
+startretries=5
+startsecs=0
+process_name=%(program_name)s_%(process_num)02d
+stderr_logfile=/var/log/supervisor/%(program_name)s_stderr.log
+stderr_logfile_maxbytes=1MB
+stdout_logfile=/var/log/supervisor/%(program_name)s_stdout.log
+stdout_logfile_maxbytes=1MB
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

static/index.html

@@ -1,5 +1,5 @@
 <html>
-<center><h1>NGINX-AS-WEB-FIREWALL Default Page!?</h1></center>
+<center><h1>Congratulations</h1></center>
 <center><h2>If you can see this that means your installation was successful!</h2></center>
 <center><h2>Thank You For Using This Project, For Issues or suggestion Post them on <a href="https://github.com/theraw/The-World-Is-Yours" target="_blank">(Github)</a></h2></center>
 </html>

static/modsec/aes.min.js

@@ -0,0 +1,790 @@
+/*
+ * aes.js: implements AES - Advanced Encryption Standard
+ * from the SlowAES project, http://code.google.com/p/slowaes/
+ * 
+ * Copyright (c) 2008 	Josh Davis ( http://www.josh-davis.org ),
+ *						Mark Percival ( http://mpercival.com ),
+ *
+ * Ported from C code written by Laurent Haan ( http://www.progressive-coding.com )
+ * 
+ * Licensed under the Apache License, Version 2.0
+ * http://www.apache.org/licenses/
+ */
+
+var slowAES = {
+	/*
+	 * START AES SECTION
+	 */
+	aes:{
+		// structure of valid key sizes
+		keySize:{
+			SIZE_128:16,
+			SIZE_192:24,
+			SIZE_256:32
+		},
+		
+		// Rijndael S-box
+		sbox:[
+		0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+		0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+		0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+		0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+		0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+		0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+		0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+		0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+		0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+		0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+		0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+		0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+		0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+		0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+		0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+		0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ],
+		
+		// Rijndael Inverted S-box
+		rsbox:
+		[ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+		, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+		, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+		, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+		, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+		, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+		, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+		, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+		, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+		, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+		, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+		, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+		, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+		, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+		, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+		, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ],
+		
+		/* rotate the word eight bits to the left */
+		rotate:function(word)
+		{
+			var c = word[0];
+			for (var i = 0; i < 3; i++)
+				word[i] = word[i+1];
+			word[3] = c;
+			
+			return word;
+		},
+		
+		// Rijndael Rcon
+		Rcon:[
+		0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
+		0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
+		0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
+		0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d,
+		0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab,
+		0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d,
+		0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25,
+		0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01,
+		0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d,
+		0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa,
+		0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a,
+		0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02,
+		0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
+		0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
+		0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
+		0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
+		0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f,
+		0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5,
+		0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33,
+		0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ],
+
+		G2X: [
+		0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16,
+		0x18, 0x1a, 0x1c, 0x1e, 0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e,
+		0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, 0x40, 0x42, 0x44, 0x46,
+		0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e,
+		0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76,
+		0x78, 0x7a, 0x7c, 0x7e, 0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e,
+		0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, 0xa0, 0xa2, 0xa4, 0xa6,
+		0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe,
+		0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6,
+		0xd8, 0xda, 0xdc, 0xde, 0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee,
+		0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, 0x1b, 0x19, 0x1f, 0x1d,
+		0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05,
+		0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d,
+		0x23, 0x21, 0x27, 0x25, 0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55,
+		0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, 0x7b, 0x79, 0x7f, 0x7d,
+		0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65,
+		0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d,
+		0x83, 0x81, 0x87, 0x85, 0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5,
+		0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, 0xdb, 0xd9, 0xdf, 0xdd,
+		0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5,
+		0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed,
+		0xe3, 0xe1, 0xe7, 0xe5
+		],
+
+		G3X: [
+		0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d,
+		0x14, 0x17, 0x12, 0x11, 0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39,
+		0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, 0x60, 0x63, 0x66, 0x65,
+		0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71,
+		0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d,
+		0x44, 0x47, 0x42, 0x41, 0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9,
+		0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, 0xf0, 0xf3, 0xf6, 0xf5,
+		0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1,
+		0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd,
+		0xb4, 0xb7, 0xb2, 0xb1, 0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99,
+		0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, 0x9b, 0x98, 0x9d, 0x9e,
+		0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a,
+		0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6,
+		0xbf, 0xbc, 0xb9, 0xba, 0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2,
+		0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, 0xcb, 0xc8, 0xcd, 0xce,
+		0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda,
+		0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46,
+		0x4f, 0x4c, 0x49, 0x4a, 0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62,
+		0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, 0x3b, 0x38, 0x3d, 0x3e,
+		0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a,
+		0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16,
+		0x1f, 0x1c, 0x19, 0x1a
+		],
+
+		G9X: [
+		0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53,
+		0x6c, 0x65, 0x7e, 0x77, 0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf,
+		0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, 0x3b, 0x32, 0x29, 0x20,
+		0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
+		0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8,
+		0xc7, 0xce, 0xd5, 0xdc, 0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49,
+		0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, 0xe6, 0xef, 0xf4, 0xfd,
+		0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
+		0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e,
+		0x21, 0x28, 0x33, 0x3a, 0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2,
+		0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, 0xec, 0xe5, 0xfe, 0xf7,
+		0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
+		0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f,
+		0x10, 0x19, 0x02, 0x0b, 0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8,
+		0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, 0x47, 0x4e, 0x55, 0x5c,
+		0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
+		0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9,
+		0xf6, 0xff, 0xe4, 0xed, 0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35,
+		0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, 0xa1, 0xa8, 0xb3, 0xba,
+		0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
+		0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62,
+		0x5d, 0x54, 0x4f, 0x46
+		],
+
+		GBX: [
+		0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45,
+		0x74, 0x7f, 0x62, 0x69, 0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81,
+		0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, 0x7b, 0x70, 0x6d, 0x66,
+		0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
+		0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e,
+		0xbf, 0xb4, 0xa9, 0xa2, 0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7,
+		0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, 0x46, 0x4d, 0x50, 0x5b,
+		0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
+		0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8,
+		0xf9, 0xf2, 0xef, 0xe4, 0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c,
+		0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, 0xf7, 0xfc, 0xe1, 0xea,
+		0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
+		0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02,
+		0x33, 0x38, 0x25, 0x2e, 0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd,
+		0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, 0x3c, 0x37, 0x2a, 0x21,
+		0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
+		0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44,
+		0x75, 0x7e, 0x63, 0x68, 0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80,
+		0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, 0x7a, 0x71, 0x6c, 0x67,
+		0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
+		0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f,
+		0xbe, 0xb5, 0xa8, 0xa3
+		],
+
+		GDX: [
+		0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f,
+		0x5c, 0x51, 0x46, 0x4b, 0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3,
+		0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, 0xbb, 0xb6, 0xa1, 0xac,
+		0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
+		0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14,
+		0x37, 0x3a, 0x2d, 0x20, 0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e,
+		0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, 0xbd, 0xb0, 0xa7, 0xaa,
+		0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
+		0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9,
+		0x8a, 0x87, 0x90, 0x9d, 0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25,
+		0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, 0xda, 0xd7, 0xc0, 0xcd,
+		0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
+		0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75,
+		0x56, 0x5b, 0x4c, 0x41, 0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42,
+		0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, 0xb1, 0xbc, 0xab, 0xa6,
+		0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
+		0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8,
+		0xeb, 0xe6, 0xf1, 0xfc, 0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44,
+		0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, 0x0c, 0x01, 0x16, 0x1b,
+		0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
+		0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3,
+		0x80, 0x8d, 0x9a, 0x97
+		],
+
+		GEX: [
+		0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62,
+		0x48, 0x46, 0x54, 0x5a, 0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca,
+		0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, 0xdb, 0xd5, 0xc7, 0xc9,
+		0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
+		0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59,
+		0x73, 0x7d, 0x6f, 0x61, 0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87,
+		0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, 0x4d, 0x43, 0x51, 0x5f,
+		0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
+		0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14,
+		0x3e, 0x30, 0x22, 0x2c, 0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc,
+		0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, 0x41, 0x4f, 0x5d, 0x53,
+		0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
+		0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3,
+		0xe9, 0xe7, 0xf5, 0xfb, 0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0,
+		0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, 0x7a, 0x74, 0x66, 0x68,
+		0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
+		0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e,
+		0xa4, 0xaa, 0xb8, 0xb6, 0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26,
+		0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, 0x37, 0x39, 0x2b, 0x25,
+		0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
+		0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5,
+		0x9f, 0x91, 0x83, 0x8d
+		],
+		
+		// Key Schedule Core
+		core:function(word,iteration)
+		{
+			/* rotate the 32-bit word 8 bits to the left */
+			word = this.rotate(word);
+			/* apply S-Box substitution on all 4 parts of the 32-bit word */
+			for (var i = 0; i < 4; ++i)
+				word[i] = this.sbox[word[i]];
+			/* XOR the output of the rcon operation with i to the first part (leftmost) only */
+			word[0] = word[0]^this.Rcon[iteration];
+			return word;
+		},
+		
+		/* Rijndael's key expansion
+		 * expands an 128,192,256 key into an 176,208,240 bytes key
+		 *
+		 * expandedKey is a pointer to an char array of large enough size
+		 * key is a pointer to a non-expanded key
+		 */
+		expandKey:function(key,size)
+		{
+			var expandedKeySize = (16*(this.numberOfRounds(size)+1));
+			
+			/* current expanded keySize, in bytes */
+			var currentSize = 0;
+			var rconIteration = 1;
+			var t = [];   // temporary 4-byte variable
+			
+			var expandedKey = [];
+			for(var i = 0;i < expandedKeySize;i++)
+				expandedKey[i] = 0;
+		
+			/* set the 16,24,32 bytes of the expanded key to the input key */
+			for (var j = 0; j < size; j++)
+				expandedKey[j] = key[j];
+			currentSize += size;
+		
+			while (currentSize < expandedKeySize)
+			{
+				/* assign the previous 4 bytes to the temporary value t */
+				for (var k = 0; k < 4; k++)
+					t[k] = expandedKey[(currentSize - 4) + k];
+		
+				/* every 16,24,32 bytes we apply the core schedule to t
+				 * and increment rconIteration afterwards
+				 */
+				if(currentSize % size == 0)
+					t = this.core(t, rconIteration++);
+		
+				/* For 256-bit keys, we add an extra sbox to the calculation */
+				if(size == this.keySize.SIZE_256 && ((currentSize % size) == 16))
+					for(var l = 0; l < 4; l++)
+						t[l] = this.sbox[t[l]];
+		
+				/* We XOR t with the four-byte block 16,24,32 bytes before the new expanded key.
+				 * This becomes the next four bytes in the expanded key.
+				 */
+				for(var m = 0; m < 4; m++) {
+					expandedKey[currentSize] = expandedKey[currentSize - size] ^ t[m];
+					currentSize++;
+				}
+			}
+			return expandedKey;
+		},
+		
+		// Adds (XORs) the round key to the state
+		addRoundKey:function(state,roundKey)
+		{
+			for (var i = 0; i < 16; i++)
+				state[i] ^= roundKey[i];
+			return state;
+		},
+		
+		// Creates a round key from the given expanded key and the
+		// position within the expanded key.
+		createRoundKey:function(expandedKey,roundKeyPointer)
+		{
+			var roundKey = [];
+			for (var i = 0; i < 4; i++)
+				for (var j = 0; j < 4; j++)
+					roundKey[j*4+i] = expandedKey[roundKeyPointer + i*4 + j];
+			return roundKey;
+		},
+		
+		/* substitute all the values from the state with the value in the SBox
+		 * using the state value as index for the SBox
+		 */
+		subBytes:function(state,isInv)
+		{
+			for (var i = 0; i < 16; i++)
+				state[i] = isInv?this.rsbox[state[i]]:this.sbox[state[i]];
+			return state;
+		},
+		
+		/* iterate over the 4 rows and call shiftRow() with that row */
+		shiftRows:function(state,isInv)
+		{
+			for (var i = 0; i < 4; i++)
+				state = this.shiftRow(state,i*4, i,isInv);
+			return state;
+		},
+		
+		/* each iteration shifts the row to the left by 1 */
+		shiftRow:function(state,statePointer,nbr,isInv)
+		{
+			for (var i = 0; i < nbr; i++)
+			{
+				if(isInv)
+				{
+					var tmp = state[statePointer + 3];
+					for (var j = 3; j > 0; j--)
+						state[statePointer + j] = state[statePointer + j-1];
+					state[statePointer] = tmp;
+				}
+				else
+				{
+					var tmp = state[statePointer];
+					for (var j = 0; j < 3; j++)
+						state[statePointer + j] = state[statePointer + j+1];
+					state[statePointer + 3] = tmp;
+				}
+			}
+			return state;
+		},
+
+		// galois multiplication of 8 bit characters a and b
+		galois_multiplication:function(a,b)
+		{
+			var p = 0;
+			for(var counter = 0; counter < 8; counter++)
+			{
+				if((b & 1) == 1)
+					p ^= a;
+				if(p > 0x100) p ^= 0x100;
+				var hi_bit_set = (a & 0x80); //keep p 8 bit
+				a <<= 1;
+				if(a > 0x100) a ^= 0x100; //keep a 8 bit
+				if(hi_bit_set == 0x80)
+					a ^= 0x1b;
+				if(a > 0x100) a ^= 0x100; //keep a 8 bit
+				b >>= 1;
+				if(b > 0x100) b ^= 0x100; //keep b 8 bit
+			}
+			return p;
+		},
+		
+		// galois multipication of the 4x4 matrix
+		mixColumns:function(state,isInv)
+		{
+			var column = [];
+			/* iterate over the 4 columns */
+			for (var i = 0; i < 4; i++)
+			{
+				/* construct one column by iterating over the 4 rows */
+				for (var j = 0; j < 4; j++)
+					column[j] = state[(j*4)+i];
+				/* apply the mixColumn on one column */
+				column = this.mixColumn(column,isInv);
+				/* put the values back into the state */
+				for (var k = 0; k < 4; k++)
+					state[(k*4)+i] = column[k];
+			}
+			return state;
+		},
+
+		// galois multipication of 1 column of the 4x4 matrix
+		mixColumn:function(column,isInv)
+		{
+			var mult = [];	
+			if(isInv)
+				mult = [14,9,13,11];
+			else
+				mult = [2,1,1,3];
+			var cpy = [];
+			for(var i = 0; i < 4; i++)
+				cpy[i] = column[i];
+			
+			column[0] = 	this.galois_multiplication(cpy[0],mult[0]) ^
+					this.galois_multiplication(cpy[3],mult[1]) ^
+					this.galois_multiplication(cpy[2],mult[2]) ^
+					this.galois_multiplication(cpy[1],mult[3]);
+			column[1] = 	this.galois_multiplication(cpy[1],mult[0]) ^
+					this.galois_multiplication(cpy[0],mult[1]) ^
+					this.galois_multiplication(cpy[3],mult[2]) ^
+					this.galois_multiplication(cpy[2],mult[3]);
+			column[2] = 	this.galois_multiplication(cpy[2],mult[0]) ^
+					this.galois_multiplication(cpy[1],mult[1]) ^
+					this.galois_multiplication(cpy[0],mult[2]) ^
+					this.galois_multiplication(cpy[3],mult[3]);
+			column[3] = 	this.galois_multiplication(cpy[3],mult[0]) ^
+					this.galois_multiplication(cpy[2],mult[1]) ^
+					this.galois_multiplication(cpy[1],mult[2]) ^
+					this.galois_multiplication(cpy[0],mult[3]);
+			return column;
+		},
+		
+		// applies the 4 operations of the forward round in sequence
+		round:function(state, roundKey)
+		{
+			state = this.subBytes(state,false);
+			state = this.shiftRows(state,false);
+			state = this.mixColumns(state,false);
+			state = this.addRoundKey(state, roundKey);
+			return state;
+		},
+		
+		// applies the 4 operations of the inverse round in sequence
+		invRound:function(state,roundKey)
+		{
+			state = this.shiftRows(state,true);
+			state = this.subBytes(state,true);
+			state = this.addRoundKey(state, roundKey);
+			state = this.mixColumns(state,true);
+			return state;
+		},
+		
+		/*
+		 * Perform the initial operations, the standard round, and the final operations
+		 * of the forward aes, creating a round key for each round
+		 */
+		main:function(state,expandedKey,nbrRounds)
+		{
+			state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
+			for (var i = 1; i < nbrRounds; i++)
+				state = this.round(state, this.createRoundKey(expandedKey,16*i));
+			state = this.subBytes(state,false);
+			state = this.shiftRows(state,false);
+			state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
+			return state;
+		},
+		
+		/*
+		 * Perform the initial operations, the standard round, and the final operations
+		 * of the inverse aes, creating a round key for each round
+		 */
+		invMain:function(state, expandedKey, nbrRounds)
+		{
+			state = this.addRoundKey(state, this.createRoundKey(expandedKey,16*nbrRounds));
+			for (var i = nbrRounds-1; i > 0; i--)
+				state = this.invRound(state, this.createRoundKey(expandedKey,16*i));
+			state = this.shiftRows(state,true);
+			state = this.subBytes(state,true);
+			state = this.addRoundKey(state, this.createRoundKey(expandedKey,0));
+			return state;
+		},
+
+		numberOfRounds:function(size)
+		{
+			var nbrRounds;
+			switch (size) /* set the number of rounds */
+			{
+				case this.keySize.SIZE_128:
+					nbrRounds = 10;
+					break;
+				case this.keySize.SIZE_192:
+					nbrRounds = 12;
+					break;
+				case this.keySize.SIZE_256:
+					nbrRounds = 14;
+					break;
+				default:
+					return null;
+					break;
+			}
+			return nbrRounds;
+		},
+		
+		// encrypts a 128 bit input block against the given key of size specified
+		encrypt:function(input,key,size)
+		{
+			var output = [];
+			var block = []; /* the 128 bit block to encode */
+			var nbrRounds = this.numberOfRounds(size);
+			/* Set the block values, for the block:
+			 * a0,0 a0,1 a0,2 a0,3
+			 * a1,0 a1,1 a1,2 a1,3
+			 * a2,0 a2,1 a2,2 a2,3
+			 * a3,0 a3,1 a3,2 a3,3
+			 * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
+			 */
+			for (var i = 0; i < 4; i++) /* iterate over the columns */
+				for (var j = 0; j < 4; j++) /* iterate over the rows */
+					block[(i+(j*4))] = input[(i*4)+j];
+		
+			/* expand the key into an 176, 208, 240 bytes key */
+			var expandedKey = this.expandKey(key, size); /* the expanded key */
+			/* encrypt the block using the expandedKey */
+			block = this.main(block, expandedKey, nbrRounds);
+			for (var k = 0; k < 4; k++) /* unmap the block again into the output */
+				for (var l = 0; l < 4; l++) /* iterate over the rows */
+					output[(k*4)+l] = block[(k+(l*4))];
+			return output;
+		},
+		
+		// decrypts a 128 bit input block against the given key of size specified
+		decrypt:function(input, key, size)
+		{
+			var output = [];
+			var block = []; /* the 128 bit block to decode */
+			var nbrRounds = this.numberOfRounds(size);
+			/* Set the block values, for the block:
+			 * a0,0 a0,1 a0,2 a0,3
+			 * a1,0 a1,1 a1,2 a1,3
+			 * a2,0 a2,1 a2,2 a2,3
+			 * a3,0 a3,1 a3,2 a3,3
+			 * the mapping order is a0,0 a1,0 a2,0 a3,0 a0,1 a1,1 ... a2,3 a3,3
+			 */
+			for (var i = 0; i < 4; i++) /* iterate over the columns */
+				for (var j = 0; j < 4; j++) /* iterate over the rows */
+					block[(i+(j*4))] = input[(i*4)+j];
+			/* expand the key into an 176, 208, 240 bytes key */
+			var expandedKey = this.expandKey(key, size);
+			/* decrypt the block using the expandedKey */
+			block = this.invMain(block, expandedKey, nbrRounds);
+			for (var k = 0; k < 4; k++)/* unmap the block again into the output */
+				for (var l = 0; l < 4; l++)/* iterate over the rows */
+					output[(k*4)+l] = block[(k+(l*4))];
+			return output;
+		}
+	},
+	/*
+	 * END AES SECTION
+	 */
+	 
+	/*
+	 * START MODE OF OPERATION SECTION
+	 */
+	//structure of supported modes of operation
+	modeOfOperation:{
+		OFB:0,
+		CFB:1,
+		CBC:2
+	},
+	
+	// get a 16 byte block (aes operates on 128bits)
+	getBlock: function(bytesIn,start,end,mode)
+	{
+		if(end - start > 16)
+			end = start + 16;
+		
+		return bytesIn.slice(start, end);
+	},
+	
+	/*
+	 * Mode of Operation Encryption
+	 * bytesIn - Input String as array of bytes
+	 * mode - mode of type modeOfOperation
+	 * key - a number array of length 'size'
+	 * size - the bit length of the key
+	 * iv - the 128 bit number array Initialization Vector
+	 */
+	encrypt: function (bytesIn, mode, key, iv)
+	{
+		var size = key.length;
+		if(iv.length%16)
+		{
+			throw 'iv length must be 128 bits.';
+		}
+		// the AES input/output
+		var byteArray = [];
+		var input = [];
+		var output = [];
+		var ciphertext = [];
+		var cipherOut = [];
+		// char firstRound
+		var firstRound = true;
+		if (mode == this.modeOfOperation.CBC)
+			this.padBytesIn(bytesIn);
+		if (bytesIn !== null)
+		{
+			for (var j = 0;j < Math.ceil(bytesIn.length/16); j++)
+			{
+				var start = j*16;
+				var end = j*16+16;
+				if(j*16+16 > bytesIn.length)
+					end = bytesIn.length;
+				byteArray = this.getBlock(bytesIn,start,end,mode);
+				if (mode == this.modeOfOperation.CFB)
+				{
+					if (firstRound)
+					{
+						output = this.aes.encrypt(iv, key, size);
+						firstRound = false;
+					}
+					else
+						output = this.aes.encrypt(input, key, size);
+					for (var i = 0; i < 16; i++)
+						ciphertext[i] = byteArray[i] ^ output[i];
+					for(var k = 0;k < end-start;k++)
+						cipherOut.push(ciphertext[k]);
+					input = ciphertext;
+				}
+				else if (mode == this.modeOfOperation.OFB)
+				{
+					if (firstRound)
+					{
+						output = this.aes.encrypt(iv, key, size);
+						firstRound = false;
+					}
+					else
+						output = this.aes.encrypt(input, key, size);
+					for (var i = 0; i < 16; i++)
+						ciphertext[i] = byteArray[i] ^ output[i];
+					for(var k = 0;k < end-start;k++)
+						cipherOut.push(ciphertext[k]);
+					input = output;
+				}
+				else if (mode == this.modeOfOperation.CBC)
+				{
+					for (var i = 0; i < 16; i++)
+						input[i] = byteArray[i] ^ ((firstRound) ? iv[i] : ciphertext[i]);
+					firstRound = false;
+					ciphertext = this.aes.encrypt(input, key, size);
+					// always 16 bytes because of the padding for CBC
+					for(var k = 0;k < 16;k++)
+						cipherOut.push(ciphertext[k]);
+				}
+			}
+		}
+		return cipherOut;
+	},
+	
+	/*
+	 * Mode of Operation Decryption
+	 * cipherIn - Encrypted String as array of bytes
+	 * originalsize - The unencrypted string length - required for CBC
+	 * mode - mode of type modeOfOperation
+	 * key - a number array of length 'size'
+	 * size - the bit length of the key
+	 * iv - the 128 bit number array Initialization Vector
+	 */
+	decrypt:function(cipherIn,mode,key,iv)
+	{
+		var size = key.length;
+		if(iv.length%16)
+		{
+			throw 'iv length must be 128 bits.';
+		}
+		// the AES input/output
+		var ciphertext = [];
+		var input = [];
+		var output = [];
+		var byteArray = [];
+		var bytesOut = [];
+		// char firstRound
+		var firstRound = true;
+		if (cipherIn !== null)
+		{
+			for (var j = 0;j < Math.ceil(cipherIn.length/16); j++)
+			{
+				var start = j*16;
+				var end = j*16+16;
+				if(j*16+16 > cipherIn.length)
+					end = cipherIn.length;
+				ciphertext = this.getBlock(cipherIn,start,end,mode);
+				if (mode == this.modeOfOperation.CFB)
+				{
+					if (firstRound)
+					{
+						output = this.aes.encrypt(iv, key, size);
+						firstRound = false;
+					}
+					else
+						output = this.aes.encrypt(input, key, size);
+					for (i = 0; i < 16; i++)
+						byteArray[i] = output[i] ^ ciphertext[i];
+					for(var k = 0;k < end-start;k++)
+						bytesOut.push(byteArray[k]);
+					input = ciphertext;
+				}
+				else if (mode == this.modeOfOperation.OFB)
+				{
+					if (firstRound)
+					{
+						output = this.aes.encrypt(iv, key, size);
+						firstRound = false;
+					}
+					else
+						output = this.aes.encrypt(input, key, size);
+					for (i = 0; i < 16; i++)
+						byteArray[i] = output[i] ^ ciphertext[i];
+					for(var k = 0;k < end-start;k++)
+						bytesOut.push(byteArray[k]);
+					input = output;
+				}
+				else if(mode == this.modeOfOperation.CBC)
+				{
+					output = this.aes.decrypt(ciphertext, key, size);
+					for (i = 0; i < 16; i++)
+						byteArray[i] = ((firstRound) ? iv[i] : input[i]) ^ output[i];
+					firstRound = false;
+					for(var k = 0;k < end-start;k++)
+						bytesOut.push(byteArray[k]);
+					input = ciphertext;
+				}
+			}
+			if(mode == this.modeOfOperation.CBC)
+			    this.unpadBytesOut(bytesOut);
+		}
+		return bytesOut;
+	},
+	padBytesIn: function(data) {
+		var len = data.length;
+		var padByte = 16 - (len % 16);
+		for (var i = 0; i < padByte; i++) {
+			data.push(padByte);
+		}
+	},
+	unpadBytesOut: function(data) {
+		var padCount = 0;
+		var padByte = -1;
+		var blockSize = 16;
+
+
+		if(data.length > 16) {
+
+			for (var i = data.length - 1; i >= data.length-1 - blockSize; i--) {
+				if (data[i] <= blockSize) {
+					if (padByte == -1)
+						padByte = data[i];
+					if (data[i] != padByte) {
+						padCount = 0;
+						break;
+					}
+					padCount++;
+				} else
+					break;
+				if (padCount == padByte) {
+					break;
+				}
+			}
+
+			if (padCount > 0) {
+				data.splice(data.length - padCount, padCount);
+			}
+
+		}
+
+	}
+	/*
+	 * END MODE OF OPERATION SECTION
+	 */
+};

static/modsec/l7.conf

@@ -0,0 +1,23 @@
+    testcookie off;
+    testcookie_name DOPEHOSTING;
+    testcookie_secret random;
+    testcookie_session $remote_addr;
+    #testcookie_arg GO;
+    testcookie_httponly_flag on;
+    testcookie_max_attempts 3;
+    testcookie_secure_flag on;
+    testcookie_get_only on;
+    testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"';
+    testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri;
+
+    # Those are some ip's whitelisted by me. mostly are search engines. But not everything!
+    testcookie_whitelist {
+        8.8.8.8/32;
+        127.0.0.1/32;
+        # I don't suggest using alot of IPs here as this whitelist can fail!.
+    }
+    testcookie_redirect_via_refresh on;
+    testcookie_refresh_encrypt_cookie on;
+    testcookie_refresh_encrypt_cookie_key random;
+    testcookie_refresh_encrypt_cookie_iv random;
+    testcookie_refresh_template '<html><head><meta http-equiv="refresh" content="0; $testcookie_nexturl"><title>Just a moment please...</title></head><body> </script><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script type=\"text/javascript\" src="//cdn.jsdelivr.net/gh/theraw/The-World-Is-Yours/static/modsec/aes.min.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("$testcookie_enc_key"),b=toNumbers("$testcookie_enc_iv"),c=toNumbers("$testcookie_enc_set");document.cookie="DOPEHOSTING="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";</script></body></html>';

static/modsec/modsecurity.conf

@@ -0,0 +1,275 @@
+# -- Rule engine initialization ----------------------------------------------
+
+# Enable ModSecurity, attaching it to every transaction. Use detection
+# only to start with, because that minimises the chances of post-installation
+# disruption.
+#
+SecRuleEngine DetectionOnly
+
+
+# -- Request body handling ---------------------------------------------------
+
+# Allow ModSecurity to access request bodies. If you don't, ModSecurity
+# won't be able to see any POST parameters, which opens a large security
+# hole for attackers to exploit.
+#
+SecRequestBodyAccess On
+
+
+# Enable XML request body parser.
+# Initiate XML Processor in case of xml content-type
+#
+SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
+     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+
+# Enable JSON request body parser.
+# Initiate JSON Processor in case of JSON content-type; change accordingly
+# if your application does not use 'application/json'
+#
+SecRule REQUEST_HEADERS:Content-Type "application/json" \
+     "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+
+# Sample rule to enable JSON request body parser for more subtypes.
+# Uncomment or adapt this rule if you want to engage the JSON
+# Processor for "+json" subtypes
+#
+#SecRule REQUEST_HEADERS:Content-Type "^application/.+[+]json$" \
+#     "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
+
+# Maximum request body size we will accept for buffering. If you support
+# file uploads then the value given on the first line has to be as large
+# as the largest file you are willing to accept. The second value refers
+# to the size of data, with files excluded. You want to keep that value as
+# low as practical.
+#
+SecRequestBodyLimit 13107200
+SecRequestBodyNoFilesLimit 131072
+
+# What to do if the request body size is above our configured limit.
+# Keep in mind that this setting will automatically be set to ProcessPartial
+# when SecRuleEngine is set to DetectionOnly mode in order to minimize
+# disruptions when initially deploying ModSecurity.
+#
+SecRequestBodyLimitAction Reject
+
+# Maximum parsing depth allowed for JSON objects. You want to keep this
+# value as low as practical.
+#
+SecRequestBodyJsonDepthLimit 512
+
+# Verify that we've correctly processed the request body.
+# As a rule of thumb, when failing to process a request body
+# you should reject the request (when deployed in blocking mode)
+# or log a high-severity alert (when deployed in detection-only mode).
+#
+SecRule REQBODY_ERROR "!@eq 0" \
+"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+
+# By default be strict with what we accept in the multipart/form-data
+# request body. If the rule below proves to be too strict for your
+# environment consider changing it to detection-only. You are encouraged
+# _not_ to remove it altogether.
+#
+SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
+"id:'200003',phase:2,t:none,log,deny,status:400, \
+msg:'Multipart request body failed strict validation: \
+PE %{REQBODY_PROCESSOR_ERROR}, \
+BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+DB %{MULTIPART_DATA_BEFORE}, \
+DA %{MULTIPART_DATA_AFTER}, \
+HF %{MULTIPART_HEADER_FOLDING}, \
+LF %{MULTIPART_LF_LINE}, \
+SM %{MULTIPART_MISSING_SEMICOLON}, \
+IQ %{MULTIPART_INVALID_QUOTING}, \
+IP %{MULTIPART_INVALID_PART}, \
+IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+# Did we see anything that might be a boundary?
+#
+# Here is a short description about the ModSecurity Multipart parser: the
+# parser returns with value 0, if all "boundary-like" line matches with
+# the boundary string which given in MIME header. In any other cases it returns
+# with different value, eg. 1 or 2.
+#
+# The RFC 1341 descript the multipart content-type and its syntax must contains
+# only three mandatory lines (above the content):
+# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING
+# * --BOUNDARY_STRING
+# * --BOUNDARY_STRING--
+#
+# First line indicates, that this is a multipart content, second shows that
+# here starts a part of the multipart content, third shows the end of content.
+#
+# If there are any other lines, which starts with "--", then it should be
+# another boundary id - or not.
+#
+# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive.
+#
+# If multipart content contains the three necessary lines with correct order, but
+# there are one or more lines with "--", then parser returns with value 2 (non-zero).
+#
+# If some of the necessary lines (usually the start or end) misses, or the order
+# is wrong, then parser returns with value 1 (also a non-zero).
+#
+# You can choose, which one is what you need. The example below contains the
+# 'strict' mode, which means if there are any lines with start of "--", then
+# ModSecurity blocked the content. But the next, commented example contains
+# the 'permissive' mode, then you check only if the necessary lines exists in
+# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."),
+# or other text files, which contains eg. HTTP headers.
+#
+# The difference is only the operator - in strict mode (first) the content blocked
+# in case of any non-zero value. In permissive mode (second, commented) the
+# content blocked only if the value is explicit 1. If it 0 or 2, the content will
+# allowed.
+#
+
+#
+# See #1747 and #1924 for further information on the possible values for
+# MULTIPART_UNMATCHED_BOUNDARY.
+#
+SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
+    "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+
+# PCRE Tuning
+# We want to avoid a potential RegEx DoS condition
+#
+SecPcreMatchLimit 1000
+SecPcreMatchLimitRecursion 1000
+
+# Some internal errors will set flags in TX and we will need to look for these.
+# All of these are prefixed with "MSC_".  The following flags currently exist:
+#
+# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
+#
+SecRule TX:/^MSC_/ "!@streq 0" \
+        "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+
+# -- Response body handling --------------------------------------------------
+
+# Allow ModSecurity to access response bodies. 
+# You should have this directive enabled in order to identify errors
+# and data leakage issues.
+# 
+# Do keep in mind that enabling this directive does increases both
+# memory consumption and response latency.
+#
+SecResponseBodyAccess On
+
+# Which response MIME types do you want to inspect? You should adjust the
+# configuration below to catch documents but avoid static files
+# (e.g., images and archives).
+#
+SecResponseBodyMimeType text/plain text/html text/xml
+
+# Buffer response bodies of up to 512 KB in length.
+SecResponseBodyLimit 524288
+
+# What happens when we encounter a response body larger than the configured
+# limit? By default, we process what we have and let the rest through.
+# That's somewhat less secure, but does not break any legitimate pages.
+#
+SecResponseBodyLimitAction ProcessPartial
+
+
+# -- Filesystem configuration ------------------------------------------------
+
+# The location where ModSecurity stores temporary files (for example, when
+# it needs to handle a file upload that is larger than the configured limit).
+# 
+# This default setting is chosen due to all systems have /tmp available however, 
+# this is less than ideal. It is recommended that you specify a location that's private.
+#
+SecTmpDir /tmp/
+
+# The location where ModSecurity will keep its persistent data.  This default setting 
+# is chosen due to all systems have /tmp available however, it
+# too should be updated to a place that other users can't access.
+#
+SecDataDir /tmp/
+
+
+# -- File uploads handling configuration -------------------------------------
+
+# The location where ModSecurity stores intercepted uploaded files. This
+# location must be private to ModSecurity. You don't want other users on
+# the server to access the files, do you?
+#
+#SecUploadDir /opt/modsecurity/var/upload/
+
+# By default, only keep the files that were determined to be unusual
+# in some way (by an external inspection script). For this to work you
+# will also need at least one file inspection rule.
+#
+#SecUploadKeepFiles RelevantOnly
+
+# Uploaded files are by default created with permissions that do not allow
+# any other user to access them. You may need to relax that if you want to
+# interface ModSecurity to an external program (e.g., an anti-virus).
+#
+#SecUploadFileMode 0600
+
+
+# -- Debug log configuration -------------------------------------------------
+
+# The default debug log configuration is to duplicate the error, warning
+# and notice messages from the error log.
+#
+#SecDebugLog /opt/modsecurity/var/log/debug.log
+#SecDebugLogLevel 3
+
+
+# -- Audit log configuration -------------------------------------------------
+
+# Log the transactions that are marked by a rule, as well as those that
+# trigger a server error (determined by a 5xx or 4xx, excluding 404,  
+# level response status codes).
+#
+SecAuditEngine RelevantOnly
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+
+# Log everything we know about a transaction.
+SecAuditLogParts ABIJDEFHZ
+
+# Use a single file for logging. This is much easier to look at, but
+# assumes that you will use the audit log only ocassionally.
+#
+SecAuditLogType Serial
+SecAuditLog /var/log/modsec_audit.log
+
+# Specify the path for concurrent audit logging.
+#SecAuditLogStorageDir /opt/modsecurity/var/audit/
+
+
+# -- Miscellaneous -----------------------------------------------------------
+
+# Use the most commonly used application/x-www-form-urlencoded parameter
+# separator. There's probably only one application somewhere that uses
+# something else so don't expect to change this value.
+#
+SecArgumentSeparator &
+
+# Settle on version 0 (zero) cookies, as that is what most applications
+# use. Using an incorrect cookie version may open your installation to
+# evasion attacks (against the rules that examine named cookies).
+#
+SecCookieFormat 0
+
+# Specify your Unicode Code Point.
+# This mapping is used by the t:urlDecodeUni transformation function
+# to properly map encoded data to your language. Properly setting
+# these directives helps to reduce false positives and negatives.
+#
+SecUnicodeMapFile unicode.mapping 20127
+
+# Improve the quality of ModSecurity by sharing information about your
+# current ModSecurity version and dependencies versions.
+# The following information will be shared: ModSecurity version,
+# Web Server version, APR version, PCRE version, Lua version, Libxml2
+# version, Anonymous unique id for host.
+SecStatusEngine On
+

static/modsec/tester.conf

@@ -0,0 +1,6 @@
+# Include the recommended configuration
+Include /nginx/modsec/modsecurity.conf
+
+
+# A test rule
+SecRule ARGS:testparam "@contains test" "id:1234,deny,log,status:403"

static/modsec/unicode.mapping

@@ -0,0 +1,96 @@
+(MAC - Roman)
+
+
+(MAC - Icelandic)
+
+
+1250  (ANSI - Central Europe)
+00a1:21 00a2:63 00a3:4c 00a5:59 00aa:61 00b2:32 00b3:33 00b9:31 00ba:6f 00bc:31 00bd:31 00be:33 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1251  (ANSI - Cyrillic)
+00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221a:76 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2552:2d 2558:4c 2559:4c 255a:4c 255b:2d 255c:2d 255d:2d 2564:54 2565:54 2566:54 256a:2b 256b:2b 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1252  (ANSI - Latin I)
+0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c8:27 02cb:60 02cd:5f 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 0398:54 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2017:3d 2032:27 2035:60 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 207f:6e 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2212:2d 2215:2f 2216:5c 2217:2a 221a:76 221e:38 2223:7c 2229:6e 2236:3a 223c:7e 2261:3d 2264:3d 2265:3d 2303:5e 2320:28 2321:29 2329:3c 232a:3e 2500:2d 250c:2b 2510:2b 2514:2b 2518:2b 251c:2b 252c:2d 2534:2d 253c:2b 2550:2d 2552:2b 2553:2b 2554:2b 2555:2b 2556:2b 2557:2b 2558:2b 2559:2b 255a:2b 255b:2b 255c:2b 255d:2b 2564:2d 2565:2d 2566:2d 2567:2d 2568:2d 2569:2d 256a:2b 256b:2b 256c:2b 2584:5f 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1253  (ANSI - Greek)
+00b4:2f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 037e:3b 203c:21 2190:3c 2191:5e 2192:3e 2193:76 2194:2d 221f:4c 2500:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1254  (ANSI - Turkish)
+00dd:59 00fd:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c7:5e 02c8:27 02cb:60 02cd:5f 02d8:5e 02d9:27 0300:60 0302:5e 0331:5f 0332:5f 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2032:27 2035:60 203c:21 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2081:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2191:5e 2193:76 2194:2d 2195:7c 21a8:7c 2212:2d 2215:2f 2216:5c 2217:2a 221f:4c 2223:7c 2236:3a 223c:7e 2303:5e 2329:3c 232a:3e 2502:2d 250c:2d 2514:4c 2518:2d 251c:2b 2524:2b 252c:54 2534:2b 253c:2b 2550:3d 2554:2d 255a:4c 255d:2d 2566:54 256c:2b 2580:2d 2584:2d 2588:2d 2591:2d 2592:2d 2593:2d 25ac:2d 25b2:5e 25ba:3e 25c4:3c 25cb:30 25d9:30 263a:4f 263b:4f 263c:30 2640:2b 2642:3e 266a:64 266b:64 2758:7c 3000:20 3008:3c 3009:3e 301a:5b 301b:3d 301d:22 301e:22 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1255  (ANSI - Hebrew)
+0191:46 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1256  (ANSI - Arabic)
+0620:41 0621:41 0622:43 0623:45 0624:45 0625:45 0626:45 0627:49 0628:49 0629:4f 062a:55 062b:55 062c:55 062d:46 062e:43 062f:44 0630:45 0631:46 0632:47 0633:48 0634:49 0635:4a 0636:4b 0637:4c 0638:4d 0639:4e 063a:4f 0641:41 0642:42 0643:43 0644:44 0645:45 0646:46 0647:47 0648:48 0649:49 064a:4a 064b:4b 064c:4c 064d:4d 064e:4e 064f:4f 0650:50 0651:51 0652:52 
+
+1257  (ANSI - Baltic)
+ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+1258  (ANSI/OEM - Viet Nam)
+ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+20127 (US-ASCII)
+00a0:20 00a1:21 00a2:63 00a4:24 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ad:2d 00ae:52 00b2:32 00b3:33 00b7:2e 00b8:2c 00b9:31 00ba:6f 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+20261 (T.61)
+f8dd:5c f8de:5e f8df:60 f8e0:7b f8fc:7d f8fd:7e f8fe:7f 
+
+20866 (Russian - KOI8)
+00a7:15 00ab:3c 00ad:2d 00ae:52 00b1:2b 00b6:14 00bb:3e 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2026:3a 2030:25 2039:3c 203a:3e 203c:13 2122:54 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 
+
+28591 (ISO 8859-1 Latin I)
+0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+28592 (ISO 8859-2 Central Europe)
+00a1:21 00a2:63 00a5:59 00a6:7c 00a9:43 00aa:61 00ab:3c 00ae:52 00b2:32 00b3:33 00b7:2e 00b9:31 00ba:6f 00bb:3e 00c0:41 00c3:41 00c5:41 00c6:41 00c8:45 00ca:45 00cc:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d5:4f 00d8:4f 00d9:55 00db:55 00e0:61 00e3:61 00e5:61 00e6:61 00e8:65 00ea:65 00ec:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f8:6f 00f9:75 00fb:75 00ff:79 0100:41 0101:61 0108:43 0109:63 010a:43 010b:63 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 013b:4c 013c:6c 0145:4e 0146:6e 014c:4f 014d:6f 014e:4f 014f:6f 0152:4f 0153:6f 0156:52 0157:72 015c:53 015d:73 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+28605 (ISO 8859-15 Latin 9)
+00a6:7c 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0138:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014a:4e 014b:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:54 0169:74 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0179:5a 017b:5a 017c:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:2e 2026:2e 2032:27 2035:60 2039:3c 203a:3e 2122:54 ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+37    (IBM EBCDIC - U.S./Canada)
+0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:5a 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005f:6d 0060:79 007c:4f 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a2:4a 00a6:6a 00ac:5f 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:5a ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3f:6d ff40:79 ff5c:4f 
+
+437   (OEM - United States)
+00a4:0f 00a7:15 00a8:22 00a9:63 00ad:2d 00ae:72 00af:5f 00b3:33 00b4:27 00b6:14 00b8:2c 00b9:31 00be:5f 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:78 00d8:4f 00d9:55 00da:55 00db:55 00dd:59 00de:5f 00e3:61 00f0:64 00f5:6f 00f8:6f 00fd:79 00fe:5f 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02ca:27 02cb:60 02cd:5f 02dc:7e 0300:60 0301:27 0302:5e 0303:7e 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:60 2019:27 201a:2c 201c:22 201d:22 201e:2c 2020:2b 2022:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2082:32 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:09 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2212:2d 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2758:7c 3000:20 3007:09 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+500   (IBM EBCDIC - International)
+0004:37 0005:2d 0006:2e 0007:2f 0008:16 0009:05 000a:25 0014:3c 0015:3d 0016:32 0017:26 001a:3f 001b:27 0020:40 0021:4f 0022:7f 0023:7b 0024:5b 0025:6c 0026:50 0027:7d 0028:4d 0029:5d 002a:5c 002b:4e 002c:6b 002d:60 002e:4b 002f:61 003a:7a 003b:5e 003c:4c 003d:7e 003e:6e 003f:6f 0040:7c 005b:4a 005d:5a 005e:5f 005f:6d 0060:79 007f:07 0080:20 0081:21 0082:22 0083:23 0084:24 0085:15 0086:06 0087:17 0088:28 0089:29 008a:2a 008b:2b 008c:2c 008d:09 008e:0a 008f:1b 0090:30 0091:31 0092:1a 0093:33 0094:34 0095:35 0096:36 0097:08 0098:38 0099:39 009a:3a 009b:3b 009c:04 009d:14 009e:3e 00a0:41 00a6:6a 00c0:64 00c1:65 00c2:62 00c3:66 00c4:63 00c5:67 00c7:68 00c8:74 00c9:71 00ca:72 00cb:73 00cc:78 00cd:75 00ce:76 00cf:77 00d1:69 00df:59 00e0:44 00e1:45 00e2:42 00e3:46 00e4:43 00e5:47 00e7:48 00e8:54 00e9:51 00ea:52 00eb:53 00ec:58 00ed:55 00ee:56 00ef:57 00f1:49 00f8:70 ff01:4f ff02:7f ff03:7b ff04:5b ff05:6c ff06:50 ff07:7d ff08:4d ff09:5d ff0a:5c ff0b:4e ff0c:6b ff0d:60 ff0e:4b ff0f:61 ff1a:7a ff1b:5e ff1c:4c ff1d:7e ff1e:6e ff20:7c ff3b:4a ff3d:5a ff3e:5f ff3f:6d ff40:79 
+
+850   (OEM - Multilingual Latin I)
+0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01a9:53 01ab:74 01ae:54 01af:55 01b0:75 01b6:5a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02cb:27 02cd:5f 02dc:7e 0300:27 0302:5e 0303:7e 030e:22 0331:5f 0332:5f 037e:3b 0393:47 03a3:53 03a6:46 03a9:4f 03b1:61 03b4:64 03b5:65 03c0:70 03c3:73 03c4:74 03c6:66 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:39 207f:6e 2080:30 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:50 2119:50 211a:51 211b:52 211c:52 211d:52 2122:54 2124:5a 2126:4f 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2211:53 2212:2d 2215:2f 2216:2f 2217:2a 2219:07 221a:56 221e:38 221f:1c 2229:6e 2236:3a 223c:7e 2248:7e 2261:3d 2264:3d 2265:3d 2302:7f 2303:5e 2320:28 2321:29 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 2713:56 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+860   (OEM - Portuguese)
+00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00be:33 00c4:41 00c5:41 00c6:41 00cb:45 00ce:49 00cf:49 00d0:44 00d6:4f 00d7:58 00d8:4f 00db:55 00dd:59 00de:54 00e4:61 00e5:61 00e6:61 00eb:65 00ee:69 00ef:69 00f0:64 00f6:6f 00f8:6f 00fb:75 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:5c 0161:7c 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0191:46 0192:66 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c0:7c 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:5f 2011:5f 2013:5f 2014:5f 2017:5f 2018:27 2019:27 201a:2c 201c:22 201d:22 201e:22 2022:07 2024:07 2026:2e 2030:25 2032:27 2035:60 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 
+
+861   (OEM - Icelandic)
+00a2:63 00a4:0f 00a5:59 00a7:15 00a8:22 00a9:63 00aa:61 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00ba:6f 00be:33 00c0:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00db:55 00e3:61 00ec:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f5:6f 00f9:75 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 0278:66 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 
+
+863   (OEM - Canadian French)
+00a1:21 00a5:59 00a9:63 00aa:61 00ad:16 00ae:72 00b9:33 00ba:6f 00c1:41 00c3:41 00c4:41 00c5:41 00c6:41 00cc:49 00cd:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d5:4f 00d6:4f 00d7:58 00d8:4f 00da:55 00dd:59 00de:54 00e1:61 00e3:61 00e4:61 00e5:61 00e6:61 00ec:69 00ed:69 00f0:64 00f1:6e 00f2:6f 00f5:6f 00f6:6f 00f8:6f 00fd:79 00fe:74 00ff:79 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:22 02ba:27 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02cb:60 02cd:5f 02dc:7e 0300:60 0302:5e 0303:7e 0304:16 0305:16 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20a7:50 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212b:41 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 301a:5b 301b:5d 30fb:07 
+
+865   (OEM - Nordic)
+00a2:63 00a5:59 00a7:15 00a8:22 00a9:63 00ad:5f 00ae:72 00af:16 00b3:33 00b4:2f 00b6:14 00b8:2c 00b9:31 00bb:3e 00be:33 00c0:41 00c1:41 00c2:41 00c3:41 00c8:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d7:58 00d9:55 00da:55 00db:55 00dd:59 00de:54 00e3:61 00f0:64 00f5:6f 00fd:79 00fe:74 0100:41 0101:61 0102:41 0103:61 0104:41 0105:61 0106:43 0107:63 0108:43 0109:63 010a:43 010b:63 010c:43 010d:63 010e:44 010f:64 0110:44 0111:64 0112:45 0113:65 0114:45 0115:65 0116:45 0117:65 0118:45 0119:65 011a:45 011b:65 011c:47 011d:67 011e:47 011f:67 0120:47 0121:67 0122:47 0123:67 0124:48 0125:68 0126:48 0127:68 0128:49 0129:69 012a:49 012b:69 012c:49 012d:69 012e:49 012f:69 0130:49 0131:69 0134:4a 0135:6a 0136:4b 0137:6b 0139:4c 013a:6c 013b:4c 013c:6c 013d:4c 013e:6c 0141:4c 0142:6c 0143:4e 0144:6e 0145:4e 0146:6e 0147:4e 0148:6e 014c:4f 014d:6f 014e:4f 014f:6f 0150:4f 0151:6f 0152:4f 0153:6f 0154:52 0155:72 0156:52 0157:72 0158:52 0159:72 015a:53 015b:73 015c:53 015d:73 015e:53 015f:73 0160:53 0161:73 0162:54 0163:74 0164:54 0165:74 0166:54 0167:74 0168:55 0169:75 016a:55 016b:75 016c:55 016d:75 016e:55 016f:75 0170:55 0171:75 0172:55 0173:75 0174:57 0175:77 0176:59 0177:79 0178:59 0179:5a 017b:5a 017c:7a 017d:5a 017e:7a 0180:62 0189:44 0197:49 019a:6c 019f:4f 01a0:4f 01a1:6f 01ab:74 01ae:54 01af:55 01b0:75 01b6:7a 01c3:21 01cd:41 01ce:61 01cf:49 01d0:69 01d1:4f 01d2:6f 01d3:55 01d4:75 01d5:55 01d6:75 01d7:55 01d8:75 01d9:55 01da:75 01db:55 01dc:75 01de:41 01df:61 01e4:47 01e5:67 01e6:47 01e7:67 01e8:4b 01e9:6b 01ea:4f 01eb:6f 01ec:4f 01ed:6f 01f0:6a 0261:67 02b9:27 02ba:22 02bc:27 02c4:5e 02c6:5e 02c8:27 02c9:16 02ca:2f 02cb:60 02cd:5f 02dc:7e 0300:60 0301:2f 0302:5e 0303:7e 0304:16 0305:16 0308:22 030e:22 0327:2c 0331:5f 0332:5f 037e:3b 04bb:68 0589:3a 066a:25 2000:20 2001:20 2002:20 2003:20 2004:20 2005:20 2006:20 2010:2d 2011:2d 2013:2d 2014:2d 2017:5f 2018:27 2019:27 201a:27 201c:22 201d:22 201e:22 2022:07 2024:07 2026:07 2030:25 2032:27 2035:27 2039:3c 203a:3e 203c:13 2044:2f 2070:30 2074:34 2075:35 2076:36 2077:37 2078:38 2080:30 2081:31 2083:33 2084:34 2085:35 2086:36 2087:37 2088:38 2089:39 20dd:4f 2102:43 2107:45 210a:67 210b:48 210c:48 210d:48 210e:68 2110:49 2111:49 2112:4c 2113:6c 2115:4e 2118:70 2119:50 211a:51 211b:52 211c:52 211d:52 2122:74 2124:5a 2128:5a 212a:4b 212c:42 212d:43 212e:65 212f:65 2130:45 2131:46 2133:4d 2134:6f 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 2205:4f 2212:5f 2215:2f 2216:5c 2217:2a 221f:1c 2223:7c 2236:3a 223c:7e 226b:3c 22c5:07 2302:7f 2303:5e 2329:3c 232a:3e 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e 3000:20 3007:4f 3008:3c 3009:3e 300b:3e 301a:5b 301b:5d 30fb:07 
+
+874   (ANSI/OEM - Thai)
+00a7:15 00b6:14 203c:13 2190:1b 2191:18 2192:1a 2193:19 2194:1d 2195:12 21a8:17 221f:1c 2302:7f 25ac:16 25b2:1e 25ba:10 25bc:1f 25c4:11 25cb:09 25d8:08 25d9:0a 263a:01 263b:02 263c:0f 2640:0c 2642:0b 2660:06 2663:05 2665:03 2666:04 266a:0d 266b:0e ff01:21 ff02:22 ff03:23 ff04:24 ff05:25 ff06:26 ff07:27 ff08:28 ff09:29 ff0a:2a ff0b:2b ff0c:2c ff0d:2d ff0e:2e ff0f:2f ff10:30 ff11:31 ff12:32 ff13:33 ff14:34 ff15:35 ff16:36 ff17:37 ff18:38 ff19:39 ff1a:3a ff1b:3b ff1c:3c ff1d:3d ff1e:3e ff20:40 ff21:41 ff22:42 ff23:43 ff24:44 ff25:45 ff26:46 ff27:47 ff28:48 ff29:49 ff2a:4a ff2b:4b ff2c:4c ff2d:4d ff2e:4e ff2f:4f ff30:50 ff31:51 ff32:52 ff33:53 ff34:54 ff35:55 ff36:56 ff37:57 ff38:58 ff39:59 ff3a:5a ff3b:5b ff3c:5c ff3d:5d ff3e:5e ff3f:5f ff40:60 ff41:61 ff42:62 ff43:63 ff44:64 ff45:65 ff46:66 ff47:67 ff48:68 ff49:69 ff4a:6a ff4b:6b ff4c:6c ff4d:6d ff4e:6e ff4f:6f ff50:70 ff51:71 ff52:72 ff53:73 ff54:74 ff55:75 ff56:76 ff57:77 ff58:78 ff59:79 ff5a:7a ff5b:7b ff5c:7c ff5d:7d ff5e:7e 
+
+932   (ANSI/OEM - Japanese Shift-JIS)
+00a1:21 00a5:5c 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:64 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 
+
+936   (ANSI/OEM - Simplified Chinese GBK)
+00a6:7c 00aa:61 00ad:2d 00b2:32 00b3:33 00b9:31 00ba:6f 00d0:44 00dd:59 00de:54 00e2:61 00f0:65 00fd:79 00fe:74 
+
+949   (ANSI/OEM - Korean)
+00a6:7c 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00ff:79 20a9:5c 
+
+950   (ANSI/OEM - Traditional Chinese Big5)
+00a1:21 00a6:7c 00a9:63 00aa:61 00ad:2d 00ae:52 00b2:32 00b3:33 00b9:31 00ba:6f 00c0:41 00c1:41 00c2:41 00c3:41 00c4:41 00c5:41 00c6:41 00c7:43 00c8:45 00c9:45 00ca:45 00cb:45 00cc:49 00cd:49 00ce:49 00cf:49 00d0:44 00d1:4e 00d2:4f 00d3:4f 00d4:4f 00d5:4f 00d6:4f 00d8:4f 00d9:55 00da:55 00db:55 00dc:55 00dd:59 00de:54 00df:73 00e0:61 00e1:61 00e2:61 00e3:61 00e4:61 00e5:61 00e6:61 00e7:63 00e8:65 00e9:65 00ea:65 00eb:65 00ec:69 00ed:69 00ee:69 00ef:69 00f0:65 00f1:6e 00f2:6f 00f3:6f 00f4:6f 00f5:6f 00f6:6f 00f8:6f 00f9:75 00fa:75 00fb:75 00fc:75 00fd:79 00fe:74 00ff:79 
+
+(UTF-7)
+
+
+(UTF-8)
+
+

static/nginx/live/default

@@ -0,0 +1,68 @@
+    server {
+        listen       80;
+        server_name  localhost;
+        testcookie on;
+        root /hostdata/default/public_html/;
+
+        modsecurity on;
+        modsecurity_rules_file /nginx/modsec/tester.conf;
+
+        location ^~ /cdn {
+            testcookie off;
+        }
+
+        location / {
+            SecRulesEnabled;
+            DeniedUrl "/denied/";
+            CheckRule "$SQL >= 8" BLOCK;
+            CheckRule "$RFI >= 8" BLOCK;
+            CheckRule "$TRAVERSAL >= 4" BLOCK;
+            CheckRule "$EVADE >= 4" BLOCK;
+            CheckRule "$XSS >= 8" BLOCK;
+
+            index  index.html index.htm;
+        }
+      
+        location /lua-test {
+            default_type 'text/plain';
+            content_by_lua_block {
+                ngx.say('Hello, world!')
+            }
+        }
+      
+        location /denied/ {
+          return 403;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }

static/nginx/nginx.conf

@@ -0,0 +1,115 @@
+user nginx;
+pid /run/nginx.pid;
+worker_processes auto;
+worker_cpu_affinity auto;
+worker_rlimit_nofile 65535;
+
+events {
+    multi_accept on;
+    use epoll;
+    worker_connections 65535;
+}
+
+http {
+    # =================== LOAD LUA ========================= #
+    lua_package_path "/usr/nginx_lua/lib/lua/?.lua;;";
+    lua_package_cpath "/usr/nginx_lua/lib/lua/5.1/?.so;;";
+    # =================== END LUA ========================== #
+
+    # =================== LOAD L7 ========================== #
+    include modsec/l7.conf;
+    # =================== END L7 =========================== #
+
+    # ===================== LOGS =========================== #
+    map $upstream_cache_status $log_cache_status {
+        ""      "STATIC";
+        default $upstream_cache_status;
+    }
+    more_set_headers "X-Cache-Status: $log_cache_status";
+    log_format main 'DATE: $time_local FROM: $remote_addr  | STATUS: $status | TO: $request | CACHE: $log_cache_status | A: $http_user_agent';
+    # =================== END LOGS ========================= #
+
+    # ==================== GENERAL ========================= #
+    client_header_buffer_size      4k;
+    large_client_header_buffers    4 16k;
+    client_body_buffer_size        16k;
+    client_max_body_size           2M;
+    client_body_timeout            30s;
+    client_header_timeout          30s;
+    send_timeout                   30s;
+    reset_timedout_connection      on;
+    keepalive_timeout              65s;
+    keepalive_requests             2000;
+    max_headers                    100;
+    port_in_redirect               off;
+    sendfile                       on;
+    sendfile_max_chunk             1m;
+    tcp_nodelay                    on;
+    tcp_nopush                     on;
+    server_tokens                  off;
+    server_name_in_redirect        off;
+
+    server_names_hash_bucket_size  128;
+    server_names_hash_max_size     32768;
+    types_hash_max_size            4096;
+
+    # File metadata cache — biggest single win for static-heavy shared hosting.
+    open_file_cache                max=200000 inactive=30s;
+    open_file_cache_valid          30s;
+    open_file_cache_min_uses       2;
+    open_file_cache_errors         on;
+
+    # ===================== TLS ============================ #
+    ssl_protocols                  TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers      off;
+    ssl_session_cache              shared:SSL:200m;
+    ssl_session_timeout            1d;
+    ssl_session_tickets            off;
+    ssl_stapling                   on;
+    ssl_stapling_verify            on;
+
+    # Cloudflare dynamic TLS record sizing (build/patches/nginx-X-dynamic-tls-records.patch).
+    # Small records up front cut TTFB by ~1 RTT, then ramp up to amortise TLS
+    # overhead once the connection is past head-of-line blocking.
+    ssl_dyn_rec_enable             on;
+    ssl_dyn_rec_size_lo            1369;
+    ssl_dyn_rec_size_hi            4229;
+    ssl_dyn_rec_threshold          40;
+    ssl_dyn_rec_timeout            1000;
+    # ===================== END TLS ======================== #
+    resolver                       1.1.1.1 1.0.0.1 valid=300s;
+    resolver_timeout               5s;
+    default_type                   application/octet-stream;
+    include                        /nginx/mime.types;
+
+    map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+    }
+
+    # ==================== COMPRESSION ===================== #
+    gzip                           on;
+    gzip_vary                      on;
+    gzip_proxied                   any;
+    gzip_comp_level                4;
+    gzip_min_length                256;
+    gzip_types                     text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss application/atom+xml image/svg+xml font/ttf font/otf font/woff font/woff2;
+
+    brotli                         on;
+    brotli_comp_level              4;
+    brotli_min_length              256;
+    brotli_types                   text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss application/atom+xml image/svg+xml font/ttf font/otf font/woff font/woff2;
+
+    zstd                           on;
+    zstd_comp_level                4;
+    zstd_min_length                256;
+    zstd_types                     text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss application/atom+xml image/svg+xml font/ttf font/otf font/woff font/woff2;
+    # =================== END COMPRESSION ================== #
+    # =================== END GENERAL ====================== #
+
+    # ================ LOAD VHOST +CONFIGS ================= #
+    include live/*;
+    include conf.d/*;
+    include modsec/naxi.core;
+    # =================== END CONFIGS ====================== #
+}

version

@@ -0,0 +1,88 @@
+export NGINX="1.31.1"
+
+# Lua Path
+export LUA_SCRIPTS="/usr/nginx_lua"
+
+# https://github.com/openresty/lua-nginx-module/tags
+export NGX_MOD_LUA="0.10.29"
+
+# https://github.com/vision5/ngx_devel_kit/tags
+export NGX_MOD_DEVELKIT="0.3.4"
+
+# https://github.com/leev/ngx_http_geoip2_module/releases
+export NGX_MOD_GEOIP2="3.4"
+
+# https://github.com/owasp-modsecurity/ModSecurity-nginx/releases
+export NGX_MOD_MODSECURITY="1.0.4"
+
+# https://github.com/winshining/nginx-http-flv-module/releases
+export NGX_MOD_HTTPFLV="1.2.13"
+
+# https://github.com/openresty/headers-more-nginx-module/tags
+export NGX_MOD_HEADERS_MORE="0.39"
+
+# https://github.com/openresty/set-misc-nginx-module/releases
+export NGX_MOD_SETMISC="0.33"
+
+# https://github.com/openresty/lua-resty-core/tags
+export LUA_SCRIPTS_RESTYCORE="0.1.32"
+
+# https://github.com/openresty/lua-resty-lrucache/tags
+export LUA_SCRIPTS_LRUCACHE="0.15"
+
+# https://github.com/openresty/luajit2/tags
+export SYSTEM_LUAJIT="2.1-20260311"
+
+# https://github.com/PCRE2Project/pcre2/releases
+export SYSTEM_PCRE="10.47"
+
+# https://github.com/aws/aws-lc/tags
+# AWS-LC = Amazon's BoringSSL fork. Supported natively in nginx since 1.29.2.
+# Picked over quictls (EOL OpenSSL 3.1 base) and over OpenSSL 3.5 native QUIC
+# because of better TLS handshake throughput and clean release tagging.
+export SYSTEM_AWSLC="1.72.0"
+
+# https://github.com/SpiderLabs/ModSecurity/releases 3.0.12
+export SYSTEM_MODSECURITY="3.0.14"
+
+# https://github.com/openresty/lua-resty-mysql/tags
+export NGX_MOD_LUA_MYSQL="0.29"
+
+# https://github.com/openresty/lua-resty-lock/tags
+export NGX_MOD_LUA_LOCK="0.09"
+
+# https://github.com/openresty/srcache-nginx-module/tags
+export NGX_MOD_LUA_SRCACHE="0.33"
+
+# https://github.com/tokers/zstd-nginx-module/tags
+# Zstandard compression module. Chrome 123+ and Firefox 126+ send
+# `Accept-Encoding: zstd`; older clients fall back to brotli/gzip.
+export NGX_MOD_ZSTD="0.1.1"
+
+# https://github.com/zlib-ng/zlib-ng/releases
+# Drop-in libz replacement with SIMD-accelerated DEFLATE. Built in --zlib-compat
+# mode, installed to /usr/local/zlib-ng/. ~2-3x faster gzip CPU vs stock zlib.
+export SYSTEM_ZLIBNG="2.3.3"
+
+# ---------------------------------------------------------------------------
+# Patches applied on top of upstream nginx source (committed at build/patches/).
+# 1 = apply, 0 = skip. Each patch's filename embeds the nginx version it was
+# authored against — bumping NGINX above means reviewing/refreshing every patch
+# in build/patches/.
+# ---------------------------------------------------------------------------
+# Required for Type=notify in the systemd unit. Mainline nginx has the
+# #if (NGX_HAVE_SYSTEMD) guards but no actual sd_notify call sites; every distro
+# carries their own patch. Without this, `Type=notify` times out at startup.
+export APPLY_PATCH_SYSTEMD_NOTIFY=1
+
+# Cloudflare's dynamic TLS records: ssl_dyn_rec_* directives. Varies TLS record
+# size based on connection state. -1 RTT TTFB on first byte, +reduced overhead
+# at steady state. Patch shipped at build/patches/.
+export APPLY_PATCH_DYNAMIC_TLS_RECORDS=1
+
+# Cloudflare's HPACK dynamic-table encoder: --with-http_v2_hpack_enc. Smaller
+# HTTP/2 response headers on the wire. Upstream patch is stale (last touched
+# 2017; nginx 1.31 has already absorbed parts of it upstream and the remaining
+# hunks reference internals that have drifted). Patch NOT yet shipped — would
+# need a full rebase. Keep toggle here for the day someone ports it.
+export APPLY_PATCH_HTTP2_HPACK_ENC=0