From 2099d2ca57ecb694fbfab257cdfd4e2908cdb54f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=97=E5=AD=90?= Date: Thu, 8 Jan 2026 19:28:06 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BD=BF=E7=94=A8=E7=9F=AD=E6=9C=9F?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/data/cert.go | 2 +- internal/http/middleware/must_install.go | 2 +- pkg/acme/client.go | 35 +++++++++++++++++++++-- web/src/router/guard/app-install-guard.ts | 12 ++++---- web/src/views/setting/IndexView.vue | 1 + web/src/views/setting/SettingSafe.vue | 22 ++++++++++++-- 6 files changed, 63 insertions(+), 11 deletions(-) diff --git a/internal/data/cert.go b/internal/data/cert.go index 83b7f273..e6e59040 100644 --- a/internal/data/cert.go +++ b/internal/data/cert.go @@ -241,7 +241,7 @@ func (r *certRepo) ObtainPanel(account *biz.CertAccount, ips []string) ([]byte, } client.UsePanel(ips, filepath.Join(app.Root, "server/nginx/conf/acme.conf")) - ssl, err := client.ObtainCertificate(context.Background(), ips, acme.KeyEC256) + ssl, err := client.ObtainShortCertificate(context.Background(), ips, acme.KeyEC256) if err != nil { return nil, nil, err } diff --git a/internal/http/middleware/must_install.go b/internal/http/middleware/must_install.go index 0403d220..930d3cf3 100644 --- a/internal/http/middleware/must_install.go +++ b/internal/http/middleware/must_install.go @@ -15,7 +15,7 @@ func MustInstall(t *gotext.Locale, app biz.AppRepo) func(next http.Handler) http return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var slugs []string if strings.HasPrefix(r.URL.Path, "/api/website") { - slugs = append(slugs, "nginx") + slugs = append(slugs, "nginx", "openresty", "apache", "openlitespeed", "caddy") } else if strings.HasPrefix(r.URL.Path, "/api/container") { slugs = append(slugs, "podman", "docker") } else if strings.HasPrefix(r.URL.Path, "/api/apps/") { diff --git a/pkg/acme/client.go b/pkg/acme/client.go index 8211f8f3..a92c922a 100644 --- a/pkg/acme/client.go +++ b/pkg/acme/client.go @@ -73,7 +73,7 @@ func (c *Client) UsePanel(ip []string, conf string) { } // ObtainCertificate 签发 SSL 证书 -func (c *Client) ObtainCertificate(ctx context.Context, domains []string, keyType KeyType) (Certificate, error) { +func (c *Client) ObtainCertificate(ctx context.Context, sans []string, keyType KeyType) (Certificate, error) { certPrivateKey, err := generatePrivateKey(keyType) if err != nil { return Certificate{}, err @@ -83,7 +83,38 @@ func (c *Client) ObtainCertificate(ctx context.Context, domains []string, keyTyp return Certificate{}, err } - certs, err := c.zClient.ObtainCertificateForSANs(ctx, c.Account, certPrivateKey, domains) + certs, err := c.zClient.ObtainCertificateForSANs(ctx, c.Account, certPrivateKey, sans) + if err != nil { + return Certificate{}, err + } + + crt := c.selectPreferredChain(certs) + return Certificate{PrivateKey: pemPrivateKey, Certificate: crt}, nil +} + +// ObtainShortCertificate 签发短期 SSL 证书 +func (c *Client) ObtainShortCertificate(ctx context.Context, sans []string, keyType KeyType) (Certificate, error) { + certPrivateKey, err := generatePrivateKey(keyType) + if err != nil { + return Certificate{}, err + } + pemPrivateKey, err := cert.EncodeKey(certPrivateKey) + if err != nil { + return Certificate{}, err + } + + csr, err := acmez.NewCSR(certPrivateKey, sans) + if err != nil { + return Certificate{}, err + } + + params, err := acmez.OrderParametersFromCSR(c.Account, csr) + if err != nil { + return Certificate{}, err + } + params.Profile = "shortlived" + + certs, err := c.zClient.ObtainCertificate(ctx, params) if err != nil { return Certificate{}, err } diff --git a/web/src/router/guard/app-install-guard.ts b/web/src/router/guard/app-install-guard.ts index 7093b8d0..433ca2d5 100644 --- a/web/src/router/guard/app-install-guard.ts +++ b/web/src/router/guard/app-install-guard.ts @@ -29,12 +29,14 @@ export function createAppInstallGuard(router: Router) { // 网站 if (to.path.startsWith('/website')) { - await useRequest(app.isInstalled('nginx')).onSuccess(({ data }) => { - if (!data) { - showErrorMessage(`Web 服务器未安装`) - return router.push({ name: 'app-index' }) + await useRequest(app.isInstalled('nginx,openresty,apache,openlitespeed,caddy')).onSuccess( + ({ data }) => { + if (!data) { + showErrorMessage(`Web 服务器未安装`) + return router.push({ name: 'app-index' }) + } } - }) + ) } // 容器 diff --git a/web/src/views/setting/IndexView.vue b/web/src/views/setting/IndexView.vue index d87d54ee..7308e514 100644 --- a/web/src/views/setting/IndexView.vue +++ b/web/src/views/setting/IndexView.vue @@ -35,6 +35,7 @@ const { data: model } = useRequest(setting.list, { website_path: '', backup_path: '', https: false, + acme: false, cert: '', key: '' } diff --git a/web/src/views/setting/SettingSafe.vue b/web/src/views/setting/SettingSafe.vue index e4a69f30..50375478 100644 --- a/web/src/views/setting/SettingSafe.vue +++ b/web/src/views/setting/SettingSafe.vue @@ -189,14 +189,32 @@ const model = defineModel('model', { type: Object, required: true }) - + + + + + - +