mirrors/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2025-05-12 19:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

wip: support SAN certifications

Browse source
This commit is contained in:
0xJacky 2022-12-20 18:07:07 +08:00
parent d7ce452b8b
commit 7d4999f83a
No known key found for this signature in database
GPG key ID: B6E4A6E4A561BAF0
5 changed files with 114 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

31
frontend/src/views/domain/cert/IssueCert.vue
View file

@ -31,12 +31,6 @@ function job() {
return return
} }
if (server_name_more_than_one.value) {
message.error($gettext('server_name parameters more than one'))
issuing_cert.value = false
return
}
const server_name = props.directivesMap['server_name'][0] const server_name = props.directivesMap['server_name'][0]
if (!props.directivesMap['ssl_certificate']) { if (!props.directivesMap['ssl_certificate']) {
@ -102,10 +96,12 @@ const issue_cert = async (server_name: string, callback: Function) => {
log($gettext('Getting the certificate, please wait...')) log($gettext('Getting the certificate, please wait...'))
const ws = websocket('/api/cert/issue/' + server_name, false) const ws = websocket('/api/cert/issue', false)
ws.onopen = () => { ws.onopen = () => {
ws.send('go') ws.send(JSON.stringify({
server_name: server_name.trim().split(' ')
}))
} }
ws.onmessage = m => { ws.onmessage = m => {
@ -132,11 +128,6 @@ const issue_cert = async (server_name: string, callback: Function) => {
} }
} }
const server_name_more_than_one = computed(() => {
return props.directivesMap['server_name'] && (props.directivesMap['server_name'].length > 1 ||
props.directivesMap['server_name'][0].params.trim().indexOf(' ') > 0)
})
const no_server_name = computed(() => { const no_server_name = computed(() => {
return props.directivesMap['server_name'].length === 0 return props.directivesMap['server_name'].length === 0
}) })
@ -154,11 +145,6 @@ const enabled = computed({
} }
}) })
watch(server_name_more_than_one, () => {
emit('update:enabled', false)
onchange(false)
})
watch(no_server_name, () => { watch(no_server_name, () => {
emit('update:enabled', false) emit('update:enabled', false)
onchange(false) onchange(false)
@ -166,7 +152,7 @@ watch(no_server_name, () => {
const progressStrokeColor = { const progressStrokeColor = {
from: '#108ee9', from: '#108ee9',
to: '#87d068', to: '#87d068'
} }
const progressPercent = ref(0) const progressPercent = ref(0)
@ -197,10 +183,10 @@ const modalClosable = ref(false)
:loading="issuing_cert" :loading="issuing_cert"
v-model:checked="enabled" v-model:checked="enabled"
@change="onchange" @change="onchange"
:disabled="no_server_name||server_name_more_than_one" :disabled="no_server_name"
/> />
<a-alert <a-alert
v-if="no_server_name||server_name_more_than_one" v-if="no_server_name"
:message="$gettext('Warning')" :message="$gettext('Warning')"
type="warning" type="warning"
show-icon show-icon
@ -209,9 +195,6 @@ const modalClosable = ref(false)
<span v-if="no_server_name" v-translate> <span v-if="no_server_name" v-translate>
server_name parameter is required server_name parameter is required
</span> </span>
<span v-if="server_name_more_than_one" v-translate>
server_name parameters more than one
</span>
</template> </template>
</a-alert> </a-alert>
</a-form-item> </a-form-item>

17
server/api/cert.go
View file

@ -8,6 +8,7 @@ import (
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"log" "log"
"net/http" "net/http"
"strings"
) )
const ( const (
@ -46,8 +47,6 @@ func handleIssueCertLogChan(conn *websocket.Conn, logChan chan string) {
} }
func IssueCert(c *gin.Context) { func IssueCert(c *gin.Context) {
domain := c.Param("domain")
var upGrader = websocket.Upgrader{ var upGrader = websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool { CheckOrigin: func(r *http.Request) bool {
return true return true
@ -69,21 +68,23 @@ func IssueCert(c *gin.Context) {
}(ws) }(ws)
// read // read
mt, message, err := ws.ReadMessage() var buffer struct {
ServerName []string `json:"server_name"`
}
err = ws.ReadJSON(&buffer)
if err != nil { if err != nil {
log.Println(err) log.Println(err)
return return
} }
if mt != websocket.TextMessage || string(message) != "go" {
return
}
logChan := make(chan string, 1) logChan := make(chan string, 1)
errChan := make(chan error, 1) errChan := make(chan error, 1)
go cert.IssueCert(domain, logChan, errChan) go cert.IssueCert(buffer.ServerName, logChan, errChan)
domain := strings.Join(buffer.ServerName, "_")
go handleIssueCertLogChan(ws, logChan) go handleIssueCertLogChan(ws, logChan)

2
server/pkg/cert/auto_cert.go
View file

@ -56,7 +56,7 @@ func AutoCert() {
logChan := make(chan string, 1) logChan := make(chan string, 1)
errChan := make(chan error, 1) errChan := make(chan error, 1)
go IssueCert(domain, logChan, errChan) go IssueCert([]string{domain}, logChan, errChan)
go handleIssueCertLogChan(logChan) go handleIssueCertLogChan(logChan)

10
server/pkg/cert/cert.go
View file

@ -16,6 +16,7 @@ import (
"log" "log"
"os" "os"
"path/filepath" "path/filepath"
"strings"
) )
// MyUser You'll need a user or account type that implements acme.User // MyUser You'll need a user or account type that implements acme.User
@ -35,7 +36,7 @@ func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
return u.key return u.key
} }
func IssueCert(domain string, logChan chan string, errChan chan error) { func IssueCert(domain []string, logChan chan string, errChan chan error) {
defer func() { defer func() {
if err := recover(); err != nil { if err := recover(); err != nil {
log.Println("Issue Cert recover", err) log.Println("Issue Cert recover", err)
@ -94,7 +95,7 @@ func IssueCert(domain string, logChan chan string, errChan chan error) {
myUser.Registration = reg myUser.Registration = reg
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: []string{domain}, Domains: domain,
Bundle: true, Bundle: true,
} }
@ -104,7 +105,8 @@ func IssueCert(domain string, logChan chan string, errChan chan error) {
errChan <- errors.Wrap(err, "issue cert fail to obtain") errChan <- errors.Wrap(err, "issue cert fail to obtain")
return return
} }
saveDir := nginx.GetNginxConfPath("ssl/" + domain) name := strings.Join(domain, "_")
saveDir := nginx.GetNginxConfPath("ssl/" + name)
if _, err = os.Stat(saveDir); os.IsNotExist(err) { if _, err = os.Stat(saveDir); os.IsNotExist(err) {
err = os.MkdirAll(saveDir, 0755) err = os.MkdirAll(saveDir, 0755)
if err != nil { if err != nil {
@ -125,7 +127,7 @@ func IssueCert(domain string, logChan chan string, errChan chan error) {
} }
logChan <- "Writing certificate private key to disk" logChan <- "Writing certificate private key to disk"
err = os.WriteFile(filepath.Join(saveDir, domain+".key"), err = os.WriteFile(filepath.Join(saveDir, name+".key"),
certificates.PrivateKey, 0644) certificates.PrivateKey, 0644)
if err != nil { if err != nil {

2
server/router/routers.go
View file

@ -83,7 +83,7 @@ func InitRouter() *gin.Engine {
g.GET("template", api.GetTemplate) g.GET("template", api.GetTemplate)
g.GET("cert/issue/:domain", api.IssueCert) g.GET("cert/issue", api.IssueCert)
// Add domain to auto-renew cert list // Add domain to auto-renew cert list
g.POST("cert/:domain", api.AddDomainToAutoCert) g.POST("cert/:domain", api.AddDomainToAutoCert)