diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
index 949f046..0954c43 100644
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -58,6 +58,17 @@ jobs:
             --build-arg "ARG_PROFILE_JUPYTER=hub"
           push_image
 
+  ## OpenResty as gateway
+  qpod_openresty:
+    name: 'openresty'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          source ./tool.sh
+          build_image openresty latest docker_openresty/Dockerfile
+          push_image
+
   ## DevBox - base
   qpod_base-dev:
     name: 'developer,base-dev'
diff --git a/docker_dev_box/README.md b/docker_dev_box/README.md
new file mode 100644
index 0000000..2cd264e
--- /dev/null
+++ b/docker_dev_box/README.md
@@ -0,0 +1,18 @@
+# Developer Box
+
+## Develop and Debug - Single User
+
+```bash
+IMG="qpod/developer"
+# IMG="registry.cn-hangzhou.aliyuncs.com/qpod/full-stack-dev"
+
+docker run -d --restart=always \
+    --name=QPod-lab-dev \
+    --hostname=QPod \
+    -p 18888-18890:8888-8890 \
+    -v $(pwd):/root/ \
+    -w /root/ \
+    $IMG
+
+sleep 5s && docker logs QPod-lab-dev 2>&1|grep token=
+```
diff --git a/docker_openresty/Dockerfile b/docker_openresty/Dockerfile
new file mode 100644
index 0000000..c9fe5d2
--- /dev/null
+++ b/docker_openresty/Dockerfile
@@ -0,0 +1,16 @@
+# Distributed under the terms of the Modified BSD License.
+
+ARG BASE_NAMESPACE
+ARG BASE_IMG="base"
+FROM ${BASE_NAMESPACE:+$BASE_NAMESPACE/}${BASE_IMG}
+
+LABEL maintainer="haobibo@gmail.com"
+
+COPY work /opt/utils/
+
+RUN source /opt/utils/script-utils.sh && install_apt /opt/utils/install_list_daemon.apt \
+ && source /opt/utils/script-setup-lua.sh       && setup_lua_base && setup_lua_rocks \
+ && source /opt/utils/script-setup-openresty.sh && setup_openresty \
+ && source /opt/utils/script-setup-acme.sh      && setup_acme \
+ && pip install certbot \
+ && install__clean
diff --git a/docker_openresty/README.md b/docker_openresty/README.md
new file mode 100644
index 0000000..0d40b04
--- /dev/null
+++ b/docker_openresty/README.md
@@ -0,0 +1,9 @@
+# OpenResty with Lua and certbot
+
+## Debug
+
+```shell
+docker run -it --rm qpod/base bash
+
+docker build -t openresty --build-arg BASE_NAMESPACE=qpod .
+```
diff --git a/docker_openresty/work/install_list_daemon.apt b/docker_openresty/work/install_list_daemon.apt
new file mode 100644
index 0000000..721accf
--- /dev/null
+++ b/docker_openresty/work/install_list_daemon.apt
@@ -0,0 +1 @@
+cron
\ No newline at end of file
diff --git a/docker_openresty/work/install_list_nginx.apt b/docker_openresty/work/install_list_nginx.apt
new file mode 100644
index 0000000..14fa08a
--- /dev/null
+++ b/docker_openresty/work/install_list_nginx.apt
@@ -0,0 +1,3 @@
+libpcre3-dev
+libssl-dev
+zlib1g-dev
diff --git a/docker_openresty/work/script-setup-acme.sh b/docker_openresty/work/script-setup-acme.sh
new file mode 100644
index 0000000..51e4b4b
--- /dev/null
+++ b/docker_openresty/work/script-setup-acme.sh
@@ -0,0 +1,17 @@
+source /opt/utils/script-utils.sh
+
+setup_acme() {
+    install_tar_gz https://github.com/acmesh-official/acme.sh/archive/refs/heads/master.tar.gz \
+ && mv /opt/acme.sh-* /tmp/acme.sh && cd /tmp/acme.sh \
+ && export ACME_HOME="/opt/acme.sh" \
+ && ./acme.sh --install --force \
+      --home         ${ACME_HOME} \
+      --config-home  ${HOME_DIR}/acme/data \
+      --cert-home    ${HOME_DIR}/acme/certs \
+      --accountkey   ${HOME_DIR}/acme/account.key \
+      --accountconf  ${HOME_DIR}/acme/account.conf \
+      --useragent    "client acme.sh in docker" \
+ && ln -sf /opt/acme.sh/acme.sh /usr/bin/ \
+ && rm -rf /tmp/acme.sh && cd ${ACME_HOME} \
+ && echo "@ Version info of acme.sh: $(acme.sh -v)"
+}
diff --git a/docker_openresty/work/script-setup-lua.sh b/docker_openresty/work/script-setup-lua.sh
new file mode 100644
index 0000000..d67e25d
--- /dev/null
+++ b/docker_openresty/work/script-setup-lua.sh
@@ -0,0 +1,28 @@
+source /opt/utils/script-utils.sh
+
+export LUA_HOME=/opt/lua
+
+setup_lua_base() {
+    VERSION_LUA=$(curl -sL https://www.lua.org/download.html | grep "cd lua" | head -1 | grep -Po '(\d[\d|.]+)') \
+ && URL_LUA="http://www.lua.org/ftp/lua-${VERSION_LUA}.tar.gz" \
+ && echo "Downloading LUA ${VERSION_LUA} from ${URL_LUA}" \
+ && install_tar_gz $URL_LUA \
+ && mv /opt/lua-* /tmp/lua && cd /tmp/lua \
+ && make linux test && make install INSTALL_TOP=${LUA_HOME} \
+ && ln -sf ${LUA_HOME}/bin/lua* /usr/bin/ \
+ && rm -rf /tmp/lua \
+ && echo "@ Version of LUA installed: $(lua -v)"
+}
+
+setup_lua_rocks() {
+ ## https://github.com/luarocks/luarocks/wiki/Installation-instructions-for-Unix
+    VERSION_LUA_ROCKS=$(curl -sL https://luarocks.github.io/luarocks/releases/ | grep "linux-x86_64" | head -1 | grep -Po '(\d[\d|.]+)' | head -1) \
+ && URL_LUA_ROCKS="http://luarocks.github.io/luarocks/releases/luarocks-${VERSION_LUA_ROCKS}.tar.gz" \
+ && echo "Downloading luarocks ${VERSION_LUA_ROCKS} from ${URL_LUA_ROCKS}" \
+ && install_tar_gz $URL_LUA_ROCKS \
+ && mv /opt/luarocks-* /tmp/luarocks && cd /tmp/luarocks \
+ && ./configure --prefix=${LUA_HOME} --with-lua-include=${LUA_HOME}/include && make install \
+ && ln -sf /opt/lua/bin/lua* /usr/bin/ \
+ && rm -rf /tmp/luarocks \
+ && echo "@ Version of luarocks: $(luarocks --version)"
+}
diff --git a/docker_openresty/work/script-setup-openresty.sh b/docker_openresty/work/script-setup-openresty.sh
new file mode 100644
index 0000000..a4dd191
--- /dev/null
+++ b/docker_openresty/work/script-setup-openresty.sh
@@ -0,0 +1,53 @@
+source /opt/utils/script-utils.sh
+
+setup_openresty() {
+    install_apt /opt/utils/install_list_nginx.apt \
+ && VERSION_OR=$(curl -sL https://github.com/openresty/openresty/releases.atom | grep "releases/tag" | head -1 | grep -Po '(\d[\d|.]+)') \
+ && URL_OR="https://openresty.org/download/openresty-${VERSION_OR}.tar.gz" \
+ && echo "Downloading OpenResty ${VERSION_OR} from ${URL_OR}" \
+ && install_tar_gz $URL_OR \
+ && mv /opt/openresty-* /tmp/openresty && cd /tmp/openresty \
+ && export NGINX_HOME=/opt/nginx \
+ && ./configure \
+	--prefix=${NGINX_HOME}/etc \
+	--sbin-path=${NGINX_HOME}/bin/nginx \
+	--modules-path=${NGINX_HOME}/modules \
+	--conf-path=${NGINX_HOME}/nginx.conf \
+	--error-log-path=/var/log/nginx/error.log \
+	--http-log-path=/var/log/nginx/access.log \
+	--pid-path=/var/run/nginx.pid \
+	--lock-path=/var/run/nginx.lock \
+	--http-client-body-temp-path=/var/cache/nginx/client_temp \
+	--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+	--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
+	--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+	--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
+	--user=nginx \
+	--group=nginx \
+	--with-compat \
+	--with-threads \
+	--with-http_addition_module \
+	--with-http_auth_request_module \
+	--with-http_dav_module \
+	--with-http_flv_module \
+	--with-http_gunzip_module \
+	--with-http_gzip_static_module \
+	--with-http_mp4_module \
+	--with-http_random_index_module \
+	--with-http_realip_module \
+	--with-http_secure_link_module \
+	--with-http_slice_module \
+	--with-http_ssl_module \
+	--with-http_stub_status_module \
+	--with-http_sub_module \
+	--with-http_v2_module \
+	--with-mail \
+	--with-mail_ssl_module \
+	--with-stream \
+	--with-stream_realip_module \
+	--with-stream_ssl_module \
+	--with-stream_ssl_preread_module \
+ && make -j8 && make install \
+ && ln -sf ${NGINX_HOME}/bin/nginx /usr/bin/ \
+ && echo "@ Version info of Nginx: $(nginx -version)"
+}