mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-12 02:45:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

feat: support SAN certification #49

Browse source
This commit is contained in:
0xJacky 2023-01-01 13:13:35 +08:00
parent e9f0835aea
commit 42d832cd9f
No known key found for this signature in database
GPG key ID: B6E4A6E4A561BAF0
4 changed files with 376 additions and 369 deletions
Download patch file Download diff file Expand all files Collapse all files

196
server/api/cert.go
View file

@ -1,141 +1,139 @@
package api package api
import ( import (
"github.com/0xJacky/Nginx-UI/server/model" "github.com/0xJacky/Nginx-UI/server/model"
"github.com/0xJacky/Nginx-UI/server/pkg/cert" "github.com/0xJacky/Nginx-UI/server/pkg/cert"
"github.com/0xJacky/Nginx-UI/server/pkg/nginx" "github.com/0xJacky/Nginx-UI/server/pkg/nginx"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"log" "log"
"net/http" "net/http"
"strings" "strings"
) )
const ( const (
Success = "success" Success = "success"
Info = "info" Info = "info"
Error = "error" Error = "error"
) )
type IssueCertResponse struct { type IssueCertResponse struct {
Status string `json:"status"` Status string `json:"status"`
Message string `json:"message"` Message string `json:"message"`
SSLCertificate string `json:"ssl_certificate,omitempty"` SSLCertificate string `json:"ssl_certificate,omitempty"`
SSLCertificateKey string `json:"ssl_certificate_key,omitempty"` SSLCertificateKey string `json:"ssl_certificate_key,omitempty"`
} }
func handleIssueCertLogChan(conn *websocket.Conn, logChan chan string) { func handleIssueCertLogChan(conn *websocket.Conn, logChan chan string) {
defer func() { defer func() {
if err := recover(); err != nil { if err := recover(); err != nil {
log.Println("api.handleIssueCertLogChan recover", err) log.Println("api.handleIssueCertLogChan recover", err)
} }
}() }()
for logString := range logChan { for logString := range logChan {
err := conn.WriteJSON(IssueCertResponse{ err := conn.WriteJSON(IssueCertResponse{
Status: Info, Status: Info,
Message: logString, Message: logString,
}) })
if err != nil { if err != nil {
log.Println("Error handleIssueCertLogChan", err) log.Println("Error handleIssueCertLogChan", err)
return return
} }
} }
} }
func IssueCert(c *gin.Context) { func IssueCert(c *gin.Context) {
var upGrader = websocket.Upgrader{ var upGrader = websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool { CheckOrigin: func(r *http.Request) bool {
return true return true
}, },
} }
// upgrade http to websocket // upgrade http to websocket
ws, err := upGrader.Upgrade(c.Writer, c.Request, nil) ws, err := upGrader.Upgrade(c.Writer, c.Request, nil)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
defer func(ws *websocket.Conn) { defer func(ws *websocket.Conn) {
err := ws.Close() err := ws.Close()
if err != nil { if err != nil {
log.Println("defer websocket close err", err) log.Println("defer websocket close err", err)
} }
}(ws) }(ws)
// read // read
var buffer struct { var buffer struct {
ServerName []string `json:"server_name"` ServerName []string `json:"server_name"`
} }
err = ws.ReadJSON(&buffer) err = ws.ReadJSON(&buffer)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
logChan := make(chan string, 1) logChan := make(chan string, 1)
errChan := make(chan error, 1) errChan := make(chan error, 1)
go cert.IssueCert(buffer.ServerName, logChan, errChan) go cert.IssueCert(buffer.ServerName, logChan, errChan)
domain := strings.Join(buffer.ServerName, "_") domain := strings.Join(buffer.ServerName, "_")
go handleIssueCertLogChan(ws, logChan) go handleIssueCertLogChan(ws, logChan)
// block, unless errChan closed // block, unless errChan closed
for err = range errChan { for err = range errChan {
log.Println("Error cert.IssueCert", err) log.Println("Error cert.IssueCert", err)
err = ws.WriteJSON(IssueCertResponse{ err = ws.WriteJSON(IssueCertResponse{
Status: Error, Status: Error,
Message: err.Error(), Message: err.Error(),
}) })
if err != nil { if err != nil {
log.Println(err) log.Println("Error WriteJSON", err)
return return
} }
return return
} }
close(logChan) close(logChan)
sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer") sslCertificatePath := nginx.GetNginxConfPath("ssl/" + domain + "/fullchain.cer")
sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/" + domain + ".key") sslCertificateKeyPath := nginx.GetNginxConfPath("ssl/" + domain + "/private.key")
certModel, err := model.FirstCert(domain) certModel, err := model.FirstOrCreateCert(domain)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return }
}
err = certModel.Updates(&model.Cert{ err = certModel.Updates(&model.Cert{
SSLCertificatePath: sslCertificatePath, SSLCertificatePath: sslCertificatePath,
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return }
}
err = ws.WriteJSON(IssueCertResponse{ err = ws.WriteJSON(IssueCertResponse{
Status: Success, Status: Success,
Message: "Issued certificate successfully", Message: "Issued certificate successfully",
SSLCertificate: sslCertificatePath, SSLCertificate: sslCertificatePath,
SSLCertificateKey: sslCertificateKeyPath, SSLCertificateKey: sslCertificateKeyPath,
}) })
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
} }

541
server/api/domain.go
View file

@ -1,358 +1,365 @@
package api package api
import ( import (
"github.com/0xJacky/Nginx-UI/server/model" "github.com/0xJacky/Nginx-UI/server/model"
"github.com/0xJacky/Nginx-UI/server/pkg/cert" "github.com/0xJacky/Nginx-UI/server/pkg/cert"
"github.com/0xJacky/Nginx-UI/server/pkg/config_list" "github.com/0xJacky/Nginx-UI/server/pkg/config_list"
"github.com/0xJacky/Nginx-UI/server/pkg/nginx" "github.com/0xJacky/Nginx-UI/server/pkg/nginx"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"log" "log"
"net/http" "net/http"
"os" "os"
"path/filepath" "path/filepath"
"strings" "strings"
"time" "time"
) )
func GetDomains(c *gin.Context) { func GetDomains(c *gin.Context) {
name := c.Query("name") name := c.Query("name")
orderBy := c.Query("order_by") orderBy := c.Query("order_by")
sort := c.DefaultQuery("sort", "desc") sort := c.DefaultQuery("sort", "desc")
mySort := map[string]string{ mySort := map[string]string{
"enabled": "bool", "enabled": "bool",
"name": "string", "name": "string",
"modify": "time", "modify": "time",
} }
configFiles, err := os.ReadDir(nginx.GetNginxConfPath("sites-available")) configFiles, err := os.ReadDir(nginx.GetNginxConfPath("sites-available"))
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
enabledConfig, err := os.ReadDir(filepath.Join(nginx.GetNginxConfPath("sites-enabled"))) enabledConfig, err := os.ReadDir(filepath.Join(nginx.GetNginxConfPath("sites-enabled")))
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
enabledConfigMap := make(map[string]bool) enabledConfigMap := make(map[string]bool)
for i := range enabledConfig { for i := range enabledConfig {
enabledConfigMap[enabledConfig[i].Name()] = true enabledConfigMap[enabledConfig[i].Name()] = true
} }
var configs []gin.H var configs []gin.H
for i := range configFiles { for i := range configFiles {
file := configFiles[i] file := configFiles[i]
fileInfo, _ := file.Info() fileInfo, _ := file.Info()
if !file.IsDir() { if !file.IsDir() {
if name != "" && !strings.Contains(file.Name(), name) { if name != "" && !strings.Contains(file.Name(), name) {
continue continue
} }
configs = append(configs, gin.H{ configs = append(configs, gin.H{
"name": file.Name(), "name": file.Name(),
"size": fileInfo.Size(), "size": fileInfo.Size(),
"modify": fileInfo.ModTime(), "modify": fileInfo.ModTime(),
"enabled": enabledConfigMap[file.Name()], "enabled": enabledConfigMap[file.Name()],
}) })
} }
} }
configs = config_list.Sort(orderBy, sort, mySort[orderBy], configs) configs = config_list.Sort(orderBy, sort, mySort[orderBy], configs)
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"data": configs, "data": configs,
}) })
} }
type CertificateInfo struct { type CertificateInfo struct {
SubjectName string `json:"subject_name"` SubjectName string `json:"subject_name"`
IssuerName string `json:"issuer_name"` IssuerName string `json:"issuer_name"`
NotAfter time.Time `json:"not_after"` NotAfter time.Time `json:"not_after"`
NotBefore time.Time `json:"not_before"` NotBefore time.Time `json:"not_before"`
} }
func GetDomain(c *gin.Context) { func GetDomain(c *gin.Context) {
rewriteName, ok := c.Get("rewriteConfigFileName") rewriteName, ok := c.Get("rewriteConfigFileName")
name := c.Param("name") name := c.Param("name")
// for modify filename // for modify filename
if ok { if ok {
name = rewriteName.(string) name = rewriteName.(string)
} }
path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name) path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
enabled := true enabled := true
if _, err := os.Stat(filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)); os.IsNotExist(err) { if _, err := os.Stat(filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)); os.IsNotExist(err) {
enabled = false enabled = false
} }
config, err := nginx.ParseNgxConfig(path) config, err := nginx.ParseNgxConfig(path)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
certInfoMap := make(map[int]CertificateInfo) certInfoMap := make(map[int]CertificateInfo)
for serverIdx, server := range config.Servers { var serverName string
for _, directive := range server.Directives { for serverIdx, server := range config.Servers {
if directive.Directive == "ssl_certificate" { for _, directive := range server.Directives {
pubKey, err := cert.GetCertInfo(directive.Params) if directive.Directive == "server_name" {
serverName = strings.ReplaceAll(directive.Params, " ", "_")
continue
}
if err != nil { if directive.Directive == "ssl_certificate" {
log.Println("Failed to get certificate information", err)
break
}
certInfoMap[serverIdx] = CertificateInfo{ pubKey, err := cert.GetCertInfo(directive.Params)
SubjectName: pubKey.Subject.CommonName,
IssuerName: pubKey.Issuer.CommonName,
NotAfter: pubKey.NotAfter,
NotBefore: pubKey.NotBefore,
}
break if err != nil {
} log.Println("Failed to get certificate information", err)
} break
} }
_, err = model.FirstCert(name) certInfoMap[serverIdx] = CertificateInfo{
SubjectName: pubKey.Subject.CommonName,
IssuerName: pubKey.Issuer.CommonName,
NotAfter: pubKey.NotAfter,
NotBefore: pubKey.NotBefore,
}
c.JSON(http.StatusOK, gin.H{ break
"enabled": enabled, }
"name": name, }
"config": config.BuildConfig(), }
"tokenized": config,
"auto_cert": err == nil, _, err = model.FirstCert(serverName)
"cert_info": certInfoMap,
}) c.JSON(http.StatusOK, gin.H{
"enabled": enabled,
"name": name,
"config": config.BuildConfig(),
"tokenized": config,
"auto_cert": err == nil,
"cert_info": certInfoMap,
})
} }
func EditDomain(c *gin.Context) { func EditDomain(c *gin.Context) {
name := c.Param("name") name := c.Param("name")
if name == "" { if name == "" {
c.JSON(http.StatusNotAcceptable, gin.H{ c.JSON(http.StatusNotAcceptable, gin.H{
"message": "param name is empty", "message": "param name is empty",
}) })
return return
} }
var json struct { var json struct {
Name string `json:"name" binding:"required"` Name string `json:"name" binding:"required"`
Content string `json:"content"` Content string `json:"content"`
} }
if !BindAndValid(c, &json) { if !BindAndValid(c, &json) {
return return
} }
path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name) path := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
err := os.WriteFile(path, []byte(json.Content), 0644) err := os.WriteFile(path, []byte(json.Content), 0644)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)
// rename the config file if needed // rename the config file if needed
if name != json.Name { if name != json.Name {
newPath := filepath.Join(nginx.GetNginxConfPath("sites-available"), json.Name) newPath := filepath.Join(nginx.GetNginxConfPath("sites-available"), json.Name)
// recreate soft link // recreate soft link
log.Println(enabledConfigFilePath) log.Println(enabledConfigFilePath)
if _, err = os.Stat(enabledConfigFilePath); err == nil { if _, err = os.Stat(enabledConfigFilePath); err == nil {
log.Println(enabledConfigFilePath) log.Println(enabledConfigFilePath)
_ = os.Remove(enabledConfigFilePath) _ = os.Remove(enabledConfigFilePath)
enabledConfigFilePath = filepath.Join(nginx.GetNginxConfPath("sites-enabled"), json.Name) enabledConfigFilePath = filepath.Join(nginx.GetNginxConfPath("sites-enabled"), json.Name)
err = os.Symlink(newPath, enabledConfigFilePath) err = os.Symlink(newPath, enabledConfigFilePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
} }
err = os.Rename(path, newPath) err = os.Rename(path, newPath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
name = json.Name name = json.Name
c.Set("rewriteConfigFileName", name) c.Set("rewriteConfigFileName", name)
} }
enabledConfigFilePath = filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name) enabledConfigFilePath = filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)
if _, err = os.Stat(enabledConfigFilePath); err == nil { if _, err = os.Stat(enabledConfigFilePath); err == nil {
// Test nginx configuration // Test nginx configuration
err = nginx.TestNginxConf() err = nginx.TestNginxConf()
if err != nil { if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": err.Error(), "message": err.Error(),
}) })
return return
} }
output := nginx.ReloadNginx() output := nginx.ReloadNginx()
if output != "" && strings.Contains(output, "error") { if output != "" && strings.Contains(output, "error") {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": output, "message": output,
}) })
return return
} }
} }
GetDomain(c) GetDomain(c)
} }
func EnableDomain(c *gin.Context) { func EnableDomain(c *gin.Context) {
configFilePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), c.Param("name")) configFilePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), c.Param("name"))
enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name")) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name"))
_, err := os.Stat(configFilePath) _, err := os.Stat(configFilePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
if _, err = os.Stat(enabledConfigFilePath); os.IsNotExist(err) { if _, err = os.Stat(enabledConfigFilePath); os.IsNotExist(err) {
err = os.Symlink(configFilePath, enabledConfigFilePath) err = os.Symlink(configFilePath, enabledConfigFilePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
} }
// Test nginx config, if not pass then rollback. // Test nginx config, if not pass then rollback.
err = nginx.TestNginxConf() err = nginx.TestNginxConf()
if err != nil { if err != nil {
_ = os.Remove(enabledConfigFilePath) _ = os.Remove(enabledConfigFilePath)
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": err.Error(), "message": err.Error(),
}) })
return return
} }
output := nginx.ReloadNginx() output := nginx.ReloadNginx()
if output != "" && strings.Contains(output, "error") { if output != "" && strings.Contains(output, "error") {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": output, "message": output,
}) })
return return
} }
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"message": "ok", "message": "ok",
}) })
} }
func DisableDomain(c *gin.Context) { func DisableDomain(c *gin.Context) {
enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name")) enabledConfigFilePath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), c.Param("name"))
_, err := os.Stat(enabledConfigFilePath) _, err := os.Stat(enabledConfigFilePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
err = os.Remove(enabledConfigFilePath) err = os.Remove(enabledConfigFilePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
// delete auto cert record // delete auto cert record
certModel := model.Cert{Domain: c.Param("name")} certModel := model.Cert{Domain: c.Param("name")}
err = certModel.Remove() err = certModel.Remove()
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
output := nginx.ReloadNginx() output := nginx.ReloadNginx()
if output != "" { if output != "" {
c.JSON(http.StatusInternalServerError, gin.H{ c.JSON(http.StatusInternalServerError, gin.H{
"message": output, "message": output,
}) })
return return
} }
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"message": "ok", "message": "ok",
}) })
} }
func DeleteDomain(c *gin.Context) { func DeleteDomain(c *gin.Context) {
var err error var err error
name := c.Param("name") name := c.Param("name")
availablePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), name) availablePath := filepath.Join(nginx.GetNginxConfPath("sites-available"), name)
enabledPath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name) enabledPath := filepath.Join(nginx.GetNginxConfPath("sites-enabled"), name)
if _, err = os.Stat(availablePath); os.IsNotExist(err) { if _, err = os.Stat(availablePath); os.IsNotExist(err) {
c.JSON(http.StatusNotFound, gin.H{ c.JSON(http.StatusNotFound, gin.H{
"message": "site not found", "message": "site not found",
}) })
return return
} }
if _, err = os.Stat(enabledPath); err == nil { if _, err = os.Stat(enabledPath); err == nil {
c.JSON(http.StatusNotAcceptable, gin.H{ c.JSON(http.StatusNotAcceptable, gin.H{
"message": "site is enabled", "message": "site is enabled",
}) })
return return
} }
certModel := model.Cert{Domain: name} certModel := model.Cert{Domain: name}
_ = certModel.Remove() _ = certModel.Remove()
err = os.Remove(availablePath) err = os.Remove(availablePath)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"message": "ok", "message": "ok",
}) })
} }
func AddDomainToAutoCert(c *gin.Context) { func AddDomainToAutoCert(c *gin.Context) {
domain := c.Param("domain") domain := c.Param("domain")
certModel, err := model.FirstOrCreateCert(domain) certModel, err := model.FirstOrCreateCert(domain)
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
c.JSON(http.StatusOK, certModel) c.JSON(http.StatusOK, certModel)
} }
func RemoveDomainFromAutoCert(c *gin.Context) { func RemoveDomainFromAutoCert(c *gin.Context) {
certModel := model.Cert{ certModel := model.Cert{
Domain: c.Param("domain"), Domain: c.Param("domain"),
} }
err := certModel.Remove() err := certModel.Remove()
if err != nil { if err != nil {
ErrHandler(c, err) ErrHandler(c, err)
return return
} }
c.JSON(http.StatusOK, nil) c.JSON(http.StatusOK, nil)
} }

4
server/pkg/cert/auto_cert.go
View file

@ -3,6 +3,7 @@ package cert
import ( import (
"github.com/0xJacky/Nginx-UI/server/model" "github.com/0xJacky/Nginx-UI/server/model"
"log" "log"
"strings"
"time" "time"
) )
@ -56,7 +57,8 @@ func AutoCert() {
logChan := make(chan string, 1) logChan := make(chan string, 1)
errChan := make(chan error, 1) errChan := make(chan error, 1)
go IssueCert([]string{domain}, logChan, errChan) // support SAN certification
go IssueCert(strings.Split(domain, "_"), logChan, errChan)
go handleIssueCertLogChan(logChan) go handleIssueCertLogChan(logChan)

4
server/pkg/cert/cert.go
View file

@ -105,7 +105,7 @@ func IssueCert(domain []string, logChan chan string, errChan chan error) {
errChan <- errors.Wrap(err, "issue cert fail to obtain") errChan <- errors.Wrap(err, "issue cert fail to obtain")
return return
} }
name := strings.Join(domain, "_") name := strings.Join(domain, " ")
saveDir := nginx.GetNginxConfPath("ssl/" + name) saveDir := nginx.GetNginxConfPath("ssl/" + name)
if _, err = os.Stat(saveDir); os.IsNotExist(err) { if _, err = os.Stat(saveDir); os.IsNotExist(err) {
err = os.MkdirAll(saveDir, 0755) err = os.MkdirAll(saveDir, 0755)
@ -127,7 +127,7 @@ func IssueCert(domain []string, logChan chan string, errChan chan error) {
} }
logChan <- "Writing certificate private key to disk" logChan <- "Writing certificate private key to disk"
err = os.WriteFile(filepath.Join(saveDir, name+".key"), err = os.WriteFile(filepath.Join(saveDir, "private.key"),
certificates.PrivateKey, 0644) certificates.PrivateKey, 0644)
if err != nil { if err != nil {