diff --git a/internal/data/cert.go b/internal/data/cert.go index e816ca94..21171b1c 100644 --- a/internal/data/cert.go +++ b/internal/data/cert.go @@ -97,7 +97,7 @@ func (r *certRepo) ObtainAuto(id uint) (*acme.Certificate, error) { } } - ssl, err := client.ObtainSSL(context.Background(), cert.Domains, acme.KeyType(cert.Type)) + ssl, err := client.ObtainCertificate(context.Background(), cert.Domains, acme.KeyType(cert.Type)) if err != nil { return nil, err } @@ -126,7 +126,7 @@ func (r *certRepo) ObtainManual(id uint) (*acme.Certificate, error) { return nil, errors.New("请重新获取 DNS 解析记录") } - ssl, err := r.client.ObtainSSLManual() + ssl, err := r.client.ObtainCertificateManual() if err != nil { return nil, err } @@ -176,7 +176,7 @@ func (r *certRepo) Renew(id uint) (*acme.Certificate, error) { } } - ssl, err := client.RenewSSL(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type)) + ssl, err := client.RenewCertificate(context.Background(), cert.CertURL, cert.Domains, acme.KeyType(cert.Type)) if err != nil { return nil, err } @@ -236,10 +236,10 @@ func (r *certRepo) Deploy(ID, WebsiteID uint) error { return err } - if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.pem", app.Root, website.Name), cert.Cert, 0644); err != nil { + if err = io.Write(fmt.Sprintf("%s/server/vhost/cert/%s.pem", app.Root, website.Name), cert.Cert, 0644); err != nil { return err } - if err = io.Write(fmt.Sprintf("%s/server/vhost/ssl/%s.key", app.Root, website.Name), cert.Key, 0644); err != nil { + if err = io.Write(fmt.Sprintf("%s/server/vhost/cert/%s.key", app.Root, website.Name), cert.Key, 0644); err != nil { return err } if err = systemctl.Reload("nginx"); err != nil { diff --git a/internal/data/website.go b/internal/data/website.go index 1d7af111..a4cd82d1 100644 --- a/internal/data/website.go +++ b/internal/data/website.go @@ -131,9 +131,9 @@ func (r *websiteRepo) Get(id uint) (*types.WebsiteSetting, error) { setting.OCSP = p.GetOCSP() } // 证书 - crt, _ := io.Read(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem")) + crt, _ := io.Read(filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem")) setting.SSLCertificate = crt - key, _ := io.Read(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key")) + key, _ := io.Read(filepath.Join(app.Root, "server/vhost/cert", website.Name+".key")) setting.SSLCertificateKey = key // 解析证书信息 if decode, err := cert.ParseCert(crt); err == nil { @@ -208,13 +208,15 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) { if err = p.SetPHP(req.PHP); err != nil { return nil, err } - // 伪静态 + // 伪静态和acme includes, comments, err := p.GetIncludes() if err != nil { return nil, err } includes = append(includes, filepath.Join(app.Root, "server/vhost/rewrite", req.Name+".conf")) + includes = append(includes, filepath.Join(app.Root, "server/vhost/acme", req.Name+".conf")) comments = append(comments, []string{"# 伪静态规则"}) + comments = append(comments, []string{"# acme http-01"}) if err = p.SetIncludes(includes, comments); err != nil { return nil, err } @@ -252,10 +254,13 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) { if err = io.Write(filepath.Join(app.Root, "server/vhost/rewrite", req.Name+".conf"), "", 0644); err != nil { return nil, err } - if err = io.Write(filepath.Join(app.Root, "server/vhost/ssl", req.Name+".pem"), "", 0644); err != nil { + if err = io.Write(filepath.Join(app.Root, "server/vhost/acme", req.Name+".conf"), "", 0644); err != nil { return nil, err } - if err = io.Write(filepath.Join(app.Root, "server/vhost/ssl", req.Name+".key"), "", 0644); err != nil { + if err = io.Write(filepath.Join(app.Root, "server/vhost/cert", req.Name+".pem"), "", 0644); err != nil { + return nil, err + } + if err = io.Write(filepath.Join(app.Root, "server/vhost/cert", req.Name+".key"), "", 0644); err != nil { return nil, err } @@ -389,8 +394,8 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error { return err } // HTTPS - certPath := filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem") - keyPath := filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key") + certPath := filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem") + keyPath := filepath.Join(app.Root, "server/vhost/cert", website.Name+".key") if err = io.Write(certPath, req.SSLCertificate, 0644); err != nil { return err } @@ -471,14 +476,14 @@ func (r *websiteRepo) Delete(req *request.WebsiteDelete) error { return err } if website.Cert != nil { - return errors.New("网站" + website.Name + "已绑定SSL证书,请先删除证书") + return errors.New("网站" + website.Name + "已绑定证书,请先删除证书") } _ = io.Remove(filepath.Join(app.Root, "server/vhost", website.Name+".conf")) _ = io.Remove(filepath.Join(app.Root, "server/vhost/rewrite", website.Name+".conf")) _ = io.Remove(filepath.Join(app.Root, "server/vhost/acme", website.Name+".conf")) - _ = io.Remove(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".pem")) - _ = io.Remove(filepath.Join(app.Root, "server/vhost/ssl", website.Name+".key")) + _ = io.Remove(filepath.Join(app.Root, "server/vhost/cert", website.Name+".pem")) + _ = io.Remove(filepath.Join(app.Root, "server/vhost/cert", website.Name+".key")) if req.Path { _ = io.Remove(website.Path) diff --git a/pkg/acme/client.go b/pkg/acme/client.go index 71c669e5..458d7154 100644 --- a/pkg/acme/client.go +++ b/pkg/acme/client.go @@ -60,8 +60,8 @@ func (c *Client) UseHTTP(conf, path string) { } } -// ObtainSSL 签发 SSL 证书 -func (c *Client) ObtainSSL(ctx context.Context, domains []string, keyType KeyType) (Certificate, error) { +// ObtainCertificate 签发 SSL 证书 +func (c *Client) ObtainCertificate(ctx context.Context, domains []string, keyType KeyType) (Certificate, error) { certPrivateKey, err := generatePrivateKey(keyType) if err != nil { return Certificate{}, err @@ -76,12 +76,12 @@ func (c *Client) ObtainSSL(ctx context.Context, domains []string, keyType KeyTyp return Certificate{}, err } - cert := c.selectPreferredChain(certs) - return Certificate{PrivateKey: pemPrivateKey, Certificate: cert}, nil + crt := c.selectPreferredChain(certs) + return Certificate{PrivateKey: pemPrivateKey, Certificate: crt}, nil } -// ObtainSSLManual 手动验证 SSL 证书 -func (c *Client) ObtainSSLManual() (Certificate, error) { +// ObtainCertificateManual 手动验证 SSL 证书 +func (c *Client) ObtainCertificateManual() (Certificate, error) { // 发送信号,开始验证 c.controlChan <- struct{}{} // 等待验证完成 @@ -94,20 +94,20 @@ func (c *Client) ObtainSSLManual() (Certificate, error) { return data.(Certificate), nil } -// RenewSSL 续签 SSL 证书 -func (c *Client) RenewSSL(ctx context.Context, certUrl string, domains []string, keyType KeyType) (Certificate, error) { +// RenewCertificate 续签 SSL 证书 +func (c *Client) RenewCertificate(ctx context.Context, certUrl string, domains []string, keyType KeyType) (Certificate, error) { _, err := c.zClient.GetCertificateChain(ctx, c.Account, certUrl) if err != nil { return Certificate{}, err } - return c.ObtainSSL(ctx, domains, keyType) + return c.ObtainCertificate(ctx, domains, keyType) } // GetDNSRecords 获取 DNS 解析(手动设置) func (c *Client) GetDNSRecords(ctx context.Context, domains []string, keyType KeyType) ([]DNSRecord, error) { go func(ctx context.Context, domains []string, keyType KeyType) { - certs, err := c.ObtainSSL(ctx, domains, keyType) + certs, err := c.ObtainCertificate(ctx, domains, keyType) // 将证书和错误信息发送到 dataChan if err != nil { c.dataChan <- err diff --git a/pkg/acme/client_test.go b/pkg/acme/client_test.go index 1a68041f..8cdfd8f2 100644 --- a/pkg/acme/client_test.go +++ b/pkg/acme/client_test.go @@ -34,8 +34,8 @@ func (s *ClientTestSuite) TestObtainSSL() { time.Sleep(2 * time.Minute) - ssl, err := client.ObtainSSLManual()*/ - ssl, err := client.ObtainSSL(ctx, []string{"*.haozi.net", "haozi.net"}, KeyEC256) + ssl, err := client.ObtainCertificateManual()*/ + ssl, err := client.ObtainCertificate(ctx, []string{"*.haozi.net", "haozi.net"}, KeyEC256) s.Error(err) s.NotNil(ssl) } diff --git a/pkg/nginx/parser_test.go b/pkg/nginx/parser_test.go index 9e9f7da0..9cfefa43 100644 --- a/pkg/nginx/parser_test.go +++ b/pkg/nginx/parser_test.go @@ -133,7 +133,7 @@ func (s *NginxTestSuite) TestHTTPS() { parser, err := NewParser() s.NoError(err) s.False(parser.GetHTTPS()) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.True(parser.GetHTTPS()) expect, err := io.Read("testdata/https.conf") s.NoError(err) @@ -143,7 +143,7 @@ func (s *NginxTestSuite) TestHTTPS() { func (s *NginxTestSuite) TestHTTPSProtocols() { parser, err := NewParser() s.NoError(err) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.Equal([]string{"TLSv1.2", "TLSv1.3"}, parser.GetHTTPSProtocols()) s.NoError(parser.SetHTTPSProtocols([]string{"TLSv1.3"})) s.Equal([]string{"TLSv1.3"}, parser.GetHTTPSProtocols()) @@ -152,7 +152,7 @@ func (s *NginxTestSuite) TestHTTPSProtocols() { func (s *NginxTestSuite) TestHTTPSCiphers() { parser, err := NewParser() s.NoError(err) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.Equal("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305", parser.GetHTTPSCiphers()) s.NoError(parser.SetHTTPSCiphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")) s.Equal("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384", parser.GetHTTPSCiphers()) @@ -162,7 +162,7 @@ func (s *NginxTestSuite) TestOCSP() { parser, err := NewParser() s.NoError(err) s.NoError(err) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.False(parser.GetOCSP()) s.NoError(parser.SetOCSP(false)) s.False(parser.GetOCSP()) @@ -175,7 +175,7 @@ func (s *NginxTestSuite) TestOCSP() { func (s *NginxTestSuite) TestHSTS() { parser, err := NewParser() s.NoError(err) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.False(parser.GetHSTS()) s.NoError(parser.SetHSTS(false)) s.False(parser.GetHSTS()) @@ -188,7 +188,7 @@ func (s *NginxTestSuite) TestHSTS() { func (s *NginxTestSuite) TestHTTPSRedirect() { parser, err := NewParser() s.NoError(err) - s.NoError(parser.SetHTTPS("/www/server/vhost/ssl/default.pem", "/www/server/vhost/ssl/default.key")) + s.NoError(parser.SetHTTPS("/www/server/vhost/cert/default.pem", "/www/server/vhost/cert/default.key")) s.False(parser.GetHTTPSRedirect()) s.NoError(parser.SetHTTPRedirect(false)) s.False(parser.GetHTTPSRedirect()) diff --git a/pkg/nginx/testdata/https.conf b/pkg/nginx/testdata/https.conf index 2769e653..86292622 100644 --- a/pkg/nginx/testdata/https.conf +++ b/pkg/nginx/testdata/https.conf @@ -3,8 +3,8 @@ server { server_name localhost; index index.php index.html index.htm; root /www/wwwroot/default; - ssl_certificate /www/server/vhost/ssl/default.pem; - ssl_certificate_key /www/server/vhost/ssl/default.key; + ssl_certificate /www/server/vhost/cert/default.pem; + ssl_certificate_key /www/server/vhost/cert/default.key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_protocols TLSv1.2 TLSv1.3; diff --git a/web/src/views/cert/CertView.vue b/web/src/views/cert/CertView.vue index 07b3df96..39dca82e 100644 --- a/web/src/views/cert/CertView.vue +++ b/web/src/views/cert/CertView.vue @@ -215,7 +215,7 @@ const certColumns: any = [ cert .obtain(row.id) .then(() => { - window.$message.success('签发成功,请前往网站管理启用 SSL') + window.$message.success('签发成功,请前往网站管理启用HTTPS') onCertPageChange(1) }) .finally(() => { @@ -228,7 +228,7 @@ const certColumns: any = [ cert .obtain(row.id) .then(() => { - window.$message.success('签发成功,请前往网站管理启用 SSL') + window.$message.success('签发成功,请前往网站管理启用HTTPS') onCertPageChange(1) }) .finally(() => { @@ -276,7 +276,7 @@ const certColumns: any = [ }) await cert.renew(row.id) messageReactive.destroy() - window.$message.success('续签成功,请前往网站管理启用 SSL') + window.$message.success('续签成功') onCertPageChange(1) } }, @@ -417,7 +417,7 @@ const handleUpdateCert = async () => { const handleDeployCert = async () => { await cert.deploy(deployCertModel.value.id, deployCertModel.value.website_id) - window.$message.success('部署成功,请前往网站管理启用 SSL') + window.$message.success('部署成功,请前往网站管理启用HTTPS') deployCertModal.value = false deployCertModel.value.id = 0 deployCertModel.value.website_id = 0