mirror of
https://github.com/acepanel/panel.git
synced 2026-02-04 11:27:17 +08:00
refactor: 重构证书目录为cert
This commit is contained in:
耗子
@@ -97,7 +97,7 @@ func (r *certRepo) ObtainAuto(id uint) (*acme.Certificate, error) {
|
||||
}
|
||||
}
|
||||
|
||||
ssl, err := client.ObtainSSL(context.Background(), cert.Domains, acme.KeyType(cert.Type))
|
||||
ssl, err := client.ObtainCertificate(context.Background(), cert.Domains, acme.KeyType(cert.Type))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -126,7 +126,7 @@ func (r *certRepo) ObtainManual(id uint) (*acme.Certificate, error) {
|
||||
return nil, errors.New("请重新获取 DNS 解析记录")
|
||||
}
|
||||
|
||||
ssl, err := r.client.ObtainSSLManual()
|
||||
ssl, err := r.client.ObtainCertificateManual()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -176,7 +176,7 @@ func (r *certRepo) Renew(id uint) (*acme.Certificate, error) {
|
||||
}
|
||||
}
|
||||
|
||||
ssl, err := client.RenewSSL(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type))
|
||||
ssl, err := client.RenewCertificate(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -236,10 +236,10 @@ func (r *certRepo) Deploy(ID, WebsiteID uint) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.pem", app.Root, website.Name), cert.Cert, 0644); err != nil {
|
||||
if err = io.Write(fmt.Sprintf("%s/server/vhost/cert/%s.pem", app.Root, website.Name), cert.Cert, 0644); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.key", app.Root, website.Name), cert.Key, 0644); err != nil {
|
||||
if err = io.Write(fmt.Sprintf("%s/server/vhost/cert/%s.key", app.Root, website.Name), cert.Key, 0644); err != nil {
|
||||
return err
|
||||
}
|
||||
if err = systemctl.Reload("nginx"); err != nil {
|
||||
|
||||
@@ -131,9 +131,9 @@ func (r *websiteRepo) Get(id uint) (*types.WebsiteSetting, error) {
|
||||
setting.OCSP = p.GetOCSP()
|
||||
}
|
||||
// 证书
|
||||
crt, _ := io.Read(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem"))
|
||||
crt, _ := io.Read(filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem"))
|
||||
setting.SSLCertificate = crt
|
||||
key, _ := io.Read(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key"))
|
||||
key, _ := io.Read(filepath.Join(app.Root, "server/vhost/cert", website.Name+".key"))
|
||||
setting.SSLCertificateKey = key
|
||||
// 解析证书信息
|
||||
if decode, err := cert.ParseCert(crt); err == nil {
|
||||
@@ -208,13 +208,15 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) {
|
||||
if err = p.SetPHP(req.PHP); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// 伪静态
|
||||
// 伪静态和acme
|
||||
includes, comments, err := p.GetIncludes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
includes = append(includes, filepath.Join(app.Root, "server/vhost/rewrite", req.Name+".conf"))
|
||||
includes = append(includes, filepath.Join(app.Root, "server/vhost/acme", req.Name+".conf"))
|
||||
comments = append(comments, []string{"# 伪静态规则"})
|
||||
comments = append(comments, []string{"# acme http-01"})
|
||||
if err = p.SetIncludes(includes, comments); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -252,10 +254,13 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) {
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/rewrite", req.Name+".conf"), "", 0644); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/ssl", req.Name+".pem"), "", 0644); err != nil {
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/acme", req.Name+".conf"), "", 0644); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/ssl", req.Name+".key"), "", 0644); err != nil {
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/cert", req.Name+".pem"), "", 0644); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err = io.Write(filepath.Join(app.Root, "server/vhost/cert", req.Name+".key"), "", 0644); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -389,8 +394,8 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error {
|
||||
return err
|
||||
}
|
||||
// HTTPS
|
||||
certPath := filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem")
|
||||
keyPath := filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key")
|
||||
certPath := filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem")
|
||||
keyPath := filepath.Join(app.Root, "server/vhost/cert", website.Name+".key")
|
||||
if err = io.Write(certPath, req.SSLCertificate, 0644); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -471,14 +476,14 @@ func (r *websiteRepo) Delete(req *request.WebsiteDelete) error {
|
||||
return err
|
||||
}
|
||||
if website.Cert != nil {
|
||||
return errors.New("网站" + website.Name + "已绑定SSL证书,请先删除证书")
|
||||
return errors.New("网站" + website.Name + "已绑定证书,请先删除证书")
|
||||
}
|
||||
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost", website.Name+".conf"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/rewrite", website.Name+".conf"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/acme", website.Name+".conf"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem"))
|
||||
_ = io.Remove(filepath.Join(app.Root, "server/vhost/cert", website.Name+".key"))
|
||||
|
||||
if req.Path {
|
||||
_ = io.Remove(website.Path)
|
||||
|
||||
@@ -60,8 +60,8 @@ func (c *Client) UseHTTP(conf, path string) {
|
||||
}
|
||||
}
|
||||
|
||||
// ObtainSSL 签发 SSL 证书
|
||||
func (c *Client) ObtainSSL(ctx context.Context, domains []string, keyType KeyType) (Certificate, error) {
|
||||
// ObtainCertificate 签发 SSL 证书
|
||||
func (c *Client) ObtainCertificate(ctx context.Context, domains []string, keyType KeyType) (Certificate, error) {
|
||||
certPrivateKey, err := generatePrivateKey(keyType)
|
||||
if err != nil {
|
||||
return Certificate{}, err
|
||||
@@ -76,12 +76,12 @@ func (c *Client) ObtainSSL(ctx context.Context, domains []string, keyType KeyTyp
|
||||
return Certificate{}, err
|
||||
}
|
||||
|
||||
cert := c.selectPreferredChain(certs)
|
||||
return Certificate{PrivateKey: pemPrivateKey, Certificate: cert}, nil
|
||||
crt := c.selectPreferredChain(certs)
|
||||
return Certificate{PrivateKey: pemPrivateKey, Certificate: crt}, nil
|
||||
}
|
||||
|
||||
// ObtainSSLManual 手动验证 SSL 证书
|
||||
func (c *Client) ObtainSSLManual() (Certificate, error) {
|
||||
// ObtainCertificateManual 手动验证 SSL 证书
|
||||
func (c *Client) ObtainCertificateManual() (Certificate, error) {
|
||||
// 发送信号,开始验证
|
||||
c.controlChan <- struct{}{}
|
||||
// 等待验证完成
|
||||
@@ -94,20 +94,20 @@ func (c *Client) ObtainSSLManual() (Certificate, error) {
|
||||
return data.(Certificate), nil
|
||||
}
|
||||
|
||||
// RenewSSL 续签 SSL 证书
|
||||
func (c *Client) RenewSSL(ctx context.Context, certUrl string, domains []string, keyType KeyType) (Certificate, error) {
|
||||
// RenewCertificate 续签 SSL 证书
|
||||
func (c *Client) RenewCertificate(ctx context.Context, certUrl string, domains []string, keyType KeyType) (Certificate, error) {
|
||||
_, err := c.zClient.GetCertificateChain(ctx, c.Account, certUrl)
|
||||
if err != nil {
|
||||
return Certificate{}, err
|
||||
}
|
||||
|
||||
return c.ObtainSSL(ctx, domains, keyType)
|
||||
return c.ObtainCertificate(ctx, domains, keyType)
|
||||
}
|
||||
|
||||
// GetDNSRecords 获取 DNS 解析(手动设置)
|
||||
func (c *Client) GetDNSRecords(ctx context.Context, domains []string, keyType KeyType) ([]DNSRecord, error) {
|
||||
go func(ctx context.Context, domains []string, keyType KeyType) {
|
||||
certs, err := c.ObtainSSL(ctx, domains, keyType)
|
||||
certs, err := c.ObtainCertificate(ctx, domains, keyType)
|
||||
// 将证书和错误信息发送到 dataChan
|
||||
if err != nil {
|
||||
c.dataChan <- err
|
||||
|
||||
@@ -34,8 +34,8 @@ func (s *ClientTestSuite) TestObtainSSL() {
|
||||
|
||||
time.Sleep(2 * time.Minute)
|
||||
|
||||
ssl, err := client.ObtainSSLManual()*/
|
||||
ssl, err := client.ObtainSSL(ctx, []string{"*.haozi.net", "haozi.net"}, KeyEC256)
|
||||
ssl, err := client.ObtainCertificateManual()*/
|
||||
ssl, err := client.ObtainCertificate(ctx, []string{"*.haozi.net", "haozi.net"}, KeyEC256)
|
||||
s.Error(err)
|
||||
s.NotNil(ssl)
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ func (s *NginxTestSuite) TestHTTPS() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.False(parser.GetHTTPS())
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.True(parser.GetHTTPS())
|
||||
expect, err := io.Read("testdata/https.conf")
|
||||
s.NoError(err)
|
||||
@@ -143,7 +143,7 @@ func (s *NginxTestSuite) TestHTTPS() {
|
||||
func (s *NginxTestSuite) TestHTTPSProtocols() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.Equal([]string{"TLSv1.2", "TLSv1.3"}, parser.GetHTTPSProtocols())
|
||||
s.NoError(parser.SetHTTPSProtocols([]string{"TLSv1.3"}))
|
||||
s.Equal([]string{"TLSv1.3"}, parser.GetHTTPSProtocols())
|
||||
@@ -152,7 +152,7 @@ func (s *NginxTestSuite) TestHTTPSProtocols() {
|
||||
func (s *NginxTestSuite) TestHTTPSCiphers() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.Equal("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305", parser.GetHTTPSCiphers())
|
||||
s.NoError(parser.SetHTTPSCiphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
|
||||
s.Equal("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384", parser.GetHTTPSCiphers())
|
||||
@@ -162,7 +162,7 @@ func (s *NginxTestSuite) TestOCSP() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.NoError(err)
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.False(parser.GetOCSP())
|
||||
s.NoError(parser.SetOCSP(false))
|
||||
s.False(parser.GetOCSP())
|
||||
@@ -175,7 +175,7 @@ func (s *NginxTestSuite) TestOCSP() {
|
||||
func (s *NginxTestSuite) TestHSTS() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.False(parser.GetHSTS())
|
||||
s.NoError(parser.SetHSTS(false))
|
||||
s.False(parser.GetHSTS())
|
||||
@@ -188,7 +188,7 @@ func (s *NginxTestSuite) TestHSTS() {
|
||||
func (s *NginxTestSuite) TestHTTPSRedirect() {
|
||||
parser, err := NewParser()
|
||||
s.NoError(err)
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key"))
|
||||
s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key"))
|
||||
s.False(parser.GetHTTPSRedirect())
|
||||
s.NoError(parser.SetHTTPRedirect(false))
|
||||
s.False(parser.GetHTTPSRedirect())
|
||||
|
||||
4
pkg/nginx/testdata/https.conf
vendored
4
pkg/nginx/testdata/https.conf
vendored
@@ -3,8 +3,8 @@ server {
|
||||
server_name localhost;
|
||||
index index.php index.html index.htm;
|
||||
root /www/wwwroot/default;
|
||||
ssl_certificate /www/server/vhost/ssl/default.pem;
|
||||
ssl_certificate_key /www/server/vhost/ssl/default.key;
|
||||
ssl_certificate /www/server/vhost/cert/default.pem;
|
||||
ssl_certificate_key /www/server/vhost/cert/default.key;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
@@ -215,7 +215,7 @@ const certColumns: any = [
|
||||
cert
|
||||
.obtain(row.id)
|
||||
.then(() => {
|
||||
window.$message.success('签发成功,请前往网站管理启用 SSL')
|
||||
window.$message.success('签发成功,请前往网站管理启用HTTPS')
|
||||
onCertPageChange(1)
|
||||
})
|
||||
.finally(() => {
|
||||
@@ -228,7 +228,7 @@ const certColumns: any = [
|
||||
cert
|
||||
.obtain(row.id)
|
||||
.then(() => {
|
||||
window.$message.success('签发成功,请前往网站管理启用 SSL')
|
||||
window.$message.success('签发成功,请前往网站管理启用HTTPS')
|
||||
onCertPageChange(1)
|
||||
})
|
||||
.finally(() => {
|
||||
@@ -276,7 +276,7 @@ const certColumns: any = [
|
||||
})
|
||||
await cert.renew(row.id)
|
||||
messageReactive.destroy()
|
||||
window.$message.success('续签成功,请前往网站管理启用 SSL')
|
||||
window.$message.success('续签成功')
|
||||
onCertPageChange(1)
|
||||
}
|
||||
},
|
||||
@@ -417,7 +417,7 @@ const handleUpdateCert = async () => {
|
||||
|
||||
const handleDeployCert = async () => {
|
||||
await cert.deploy(deployCertModel.value.id, deployCertModel.value.website_id)
|
||||
window.$message.success('部署成功,请前往网站管理启用 SSL')
|
||||
window.$message.success('部署成功,请前往网站管理启用HTTPS')
|
||||
deployCertModal.value = false
|
||||
deployCertModel.value.id = 0
|
||||
deployCertModel.value.website_id = 0
|
||||
|
||||
Reference in New Issue
Block a user