fix: obtain cert

2025-05-11 02:15:48 +02:00 · 2023-04-11 11:35:47 +08:00 · 2023-04-11 11:35:47 +08:00 · d0c7cb0a32
commit d0c7cb0a32
parent 37d4588a8e
5 changed files with 83 additions and 106 deletions
--- a/frontend/src/views/domain/cert/IssueCert.vue
+++ b/frontend/src/views/domain/cert/IssueCert.vue
@ -6,7 +6,6 @@ import domain from '@/api/domain'
 import websocket from '@/lib/websocket'
 import Template from '@/views/template/Template.vue'
 import template from '@/api/template'
-import _ from 'lodash'

 const {$gettext, interpolate} = useGettext()

@ -35,7 +34,7 @@ function confirm() {
            $gettext('Do you want to enable auto-cert renewal?'),
        content: enabled.value ? $gettext('We need to add the HTTPChallenge configuration to ' +
                'this file and reload the Nginx. Are you sure you want to continue?') :
-            $gettext('We will need to remove the HTTPChallenge configuration from this file and ' +
+            $gettext('We will remove the HTTPChallenge configuration from this file and ' +
                'reload the Nginx configuration file. Are you sure you want to continue?'),
        mask: false,
        centered: true,
@ -60,7 +59,10 @@ async function onchange(r: boolean) {
                v.locations.push(...r.locations)
            })
        })
-        await save_site_config()
+        // if ssl_certificate is empty, do not save, just use the config from last step.
+        if (!props.directivesMap['ssl_certificate']?.[0]) {
+            await save_site_config()
+        }
        job()
    } else {
        await props.ngx_config.servers.forEach((v: any) => {
--- a/frontend/src/views/domain/ngx_conf/NgxConfigEditor.vue
+++ b/frontend/src/views/domain/ngx_conf/NgxConfigEditor.vue
@ -1,7 +1,7 @@
 <script setup lang="ts">
 import DirectiveEditor from '@/views/domain/ngx_conf/directive/DirectiveEditor.vue'
 import LocationEditor from '@/views/domain/ngx_conf/LocationEditor.vue'
-import {computed, onMounted, ref, watch} from 'vue'
+import {computed, inject, onMounted, ref, watch} from 'vue'
 import {useRoute, useRouter} from 'vue-router'
 import {useGettext} from 'vue3-gettext'
 import Cert from '@/views/domain/cert/Cert.vue'
@ -9,6 +9,8 @@ import LogEntry from '@/views/domain/ngx_conf/LogEntry.vue'
 import ConfigTemplate from '@/views/domain/ngx_conf/config_template/ConfigTemplate.vue'
 import CodeEditor from '@/components/CodeEditor/CodeEditor.vue'
 import {PlusOutlined} from '@ant-design/icons-vue'
+import {Modal} from 'ant-design-vue'
+import template from '@/api/template'

 const {$gettext} = useGettext()

@ -16,11 +18,34 @@ const props = defineProps(['ngx_config', 'auto_cert', 'enabled', 'cert_info'])

 const emit = defineEmits(['callback', 'update:auto_cert'])

+const save_site_config: Function = inject('save_site_config')!
+
 const route = useRoute()

 const current_server_index = ref(0)
 const name = ref(route.params.name)

+function confirm_change_tls(r: boolean) {
+    Modal.confirm({
+        title: $gettext('Do you want to enable TLS?'),
+        content: $gettext('To make sure the certification auto-renewal can work normally, ' +
+            'we need to add a location which can proxy the request from authority to backend, ' +
+            'and we need to save this file and reload the Nginx. Are you sure you want to continue?'),
+        mask: false,
+        centered: true,
+        async onOk() {
+            await template.get_block('letsencrypt.conf').then(r => {
+                const first = props.ngx_config.servers[0]
+                first.locations = first.locations.filter((l: any) => l.path !== '/.well-known/acme-challenge')
+                first.locations.push(...r.locations)
+            })
+            await save_site_config()
+
+            change_tls(r)
+        }
+    })
+}
+
 function change_tls(r: any) {
    if (r) {
        // deep copy servers[0] to servers[1]
@ -78,7 +103,7 @@ function change_tls(r: any) {
 }

 const current_server_directives = computed(() => {
-    return props.ngx_config.servers[current_server_index.value].directives
+    return props.ngx_config.servers?.[current_server_index.value]?.directives
 })

 const directivesMap = computed(() => {
@ -170,7 +195,7 @@ function add_server() {
 <template>
    <div>
        <a-form-item :label="$gettext('Enable TLS')" v-if="!support_ssl">
-            <a-switch @change="change_tls"/>
+            <a-switch @change="confirm_change_tls"/>
        </a-form-item>

        <h2>{{ $gettext('Custom') }}</h2>
--- a/resources/development/nginx/sites-available/homework.jackyu.cn
+++ b/resources/development/nginx/sites-available/homework.jackyu.cn
@ -2,7 +2,7 @@ server {
    listen 80;
    listen [::]:80;
    server_name homework.jackyu.cn;
-    #                               rewrite ^(.*)$  https://$host$1 permanent;
+    #                 rewrite ^(.*)$  https://$host$1 permanent;
    return 307 https://$server_name$request_uri;
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
@ -17,58 +17,8 @@ server {
    server_name homework.jackyu.cn;
    ssl_certificate /etc/nginx/ssl/homework.jackyu.cn/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/homework.jackyu.cn/private.key;
-    root /var/www/homework/frontend;
-    #                               Add index.php to the list if you are using PHP
-    index index.html;
-    location / {
-        # First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
-        index index.html;
-        try_files $uri $uri/ /index.html;
-    }
-    location /student {
-        index manage.html;
-        try_files $uri $uri/ /student.html;
-    }
-    location /teacher {
-        index manage.html;
-        try_files $uri $uri/ /teacher.html;
-    }
-    location /admin {
-        index admin.html;
-        try_files $uri $uri/ /admin.html;
-    }
-    location ^~/upload/ {
-        alias /var/www/homework/api/upload/;
-    }
-    location /api/ {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection upgrade;
-        proxy_pass http://127.0.0.1:9008/;
-        proxy_redirect off;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        client_max_body_size 1000m;
-    }
-    location /zigbee-pi {
-        alias /var/www/zigbee-pi/frontend/;
-        index index.html;
-    }
-    location /zigbee-pi/api/ {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection upgrade;
-        proxy_pass http://127.0.0.1:9200/;
-        proxy_redirect off;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        client_max_body_size 1000m;
-    }
+    #                 rewrite ^(.*)$  https://$host$1 permanent;
+    return 307 https://$server_name$request_uri;
    location /.well-known/acme-challenge {
        proxy_set_header Host $host;
        proxy_set_header X-Real_IP $remote_addr;
--- a/resources/development/nginx/ssl/homework.jackyu.cn/fullchain.cer
+++ b/resources/development/nginx/ssl/homework.jackyu.cn/fullchain.cer
@ -1,34 +1,34 @@
 -----BEGIN CERTIFICATE-----
-MIIFgDCCBGigAwIBAgITAP+fPvVk323vgnW668+CqRlK/TANBgkqhkiG9w0BAQsF
+MIIFgDCCBGigAwIBAgITAP+S8fcCshdBkwAQnMp96YTVgjANBgkqhkiG9w0BAQsF
 ADBDMQswCQYDVQQGEwJVUzESMBAGA1UEChMJZ29vZCBndXlzMSAwHgYDVQQDExdD
-QSBpbnRlcm1lZGlhdGUgKFJTQSkgQTAeFw0yMzA0MTAwMTQ0NDdaFw0yMzA3MDkw
-MTQ0NDZaMB0xGzAZBgNVBAMTEmhvbWV3b3JrLmphY2t5dS5jbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBALY1L0I/3MccefOKLhhh8OASsv4lKoBl0FbE
-lxuSN+hCcuW96wniv+ofCBZqHqYiRiYPB7JC3DrwP8iZepBMBf0FAnffrJJSr2Uk
-gotVoUqeNjIEmUir5dbsDrCaLQkMaXo2FUUDn74GcQjf7YG4BAUAkYQn7VJsn8+M
-W7NrMy22/NZHSfS0OHbF6F7qwVlOIW98h7PxXpqqYo1keOfRICfIalU4+0+Tb0VT
-MVr5oUSFuvlnJCrNTUtzgnvPLAmTfQ94RzMhwfxXMW1hD6KGaganoqrWYpJfZiWW
-zrNyNVubTulJZxzAaGZFqihoyfLhvbHKDCXb00H5tXQdecVA6GECAwEAAaOCApEw
+QSBpbnRlcm1lZGlhdGUgKFJTQSkgQTAeFw0yMzA0MTEwMjM0NDdaFw0yMzA3MTAw
+MjM0NDZaMB0xGzAZBgNVBAMTEmhvbWV3b3JrLmphY2t5dS5jbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANBS8mLu4uB9MtEXBhXe0kqYJ8KOgjVA4YxI
+4yFaF7OCj+BgQaKPPIinBv30nb9om2aTH9gZogG4pUoLTnzQenkWwcbrneZxzJjA
+6zvjRWzc+5dC/Pnc9aiJTIxTOcb+IEw6Tk6siId9LYg6bzWwivnOpzotSq1Alcaq
+64jhE2MRlyabIPzEU90fIbaH6T9GyAw3pJNhTLaWQFA7OmH0pxGD/jkIYVjqBQ9B
+3l36Boje6ZkqzBjFFLZMIrB8pD17siPj0evi9wYwHFEe1EzYVjbxEd+RC/fu6uwv
+zVu1XjDzI1cWwH9CjsfCH+GRY2IXZ+qsmvxDtafjO2jWX+RmKTkCAwEAAaOCApEw
 ggKNMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUNJ6N89H1XafFYuLtMOX+in4MIPYw
+AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKNg5JLU2qrEGibB6e7Izs9KkGhww
 KwYDVR0jBCQwIoAgYjWGqKXC1CgUyRtbS1bZxpMqaNdKnoY33nyaZdVEQ/IwcQYI
 KwYBBQUHAQEEZTBjMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjQwMDIv
 MD0GCCsGAQUFBzAChjFodHRwOi8vMTI3LjAuMC4xOjQwMDEvYWlhL2lzc3Vlci82
 NjA1NDQwNDk4MzY5NzQxMB0GA1UdEQQWMBSCEmhvbWV3b3JrLmphY2t5dS5jbjAn
 BgNVHR8EIDAeMBygGqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMEAGA1UdIAQ5
 MDcwCAYGZ4EMAQIBMCsGAyoDBDAkMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBs
-ZS5jb20vY3BzMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAUtToynGEyMkkXDMQ
-ei8Ll54oMwWHI0IieDEKs12/Td4AAAGHaQ06EQAABAMARjBEAiBCQaL1zYJtbVW4
-Csnc2C3Vc5kbMWwpRVK6rxTJhP0j2AIgVHSwpnVphjLT136M35Kobj1DwlfJ4O9/
-sWKyrAwlMC4AdgA6qT9O/RxRKcQnhtlrR6mubchBDheA1y/bT9teLGXGdAAAAYdp
-DToRAAAEAwBHMEUCIDEnWPSbMr9PgnJ43lbYLyPeRUk8S4jXoWpTHFzVPK6ZAiEA
-2nsrYbRsJFgPVxW6kqKth89EhMtLP9uJD50OQWzQsb4wDQYJKoZIhvcNAQELBQAD
-ggEBAEcjUOtRmA8c1pqjEkiIo4vsmJT4Zwy4BhpmGoqRqCfq6IUP+HSjVokJGCGp
-mNh16k4vaAgpA1Nu0wXsfaMklR0nuGvqyZ1+/o9iqbEpkBhgxI+kliAbwMtCB8y+
-UOcv4GOkOpbqlmvQgoSb5q25hQ3i4nxxhmN2KV9WS6+mYrCs09FjUIx6fTK05DQQ
-u9/q94glVMqteOj0fiyaHuPZbyy/NeF/5KjLVZGfWypFDOHUpZn58FpAw33XQIxL
-Yurjh7dbyk/Rv6qcoT89EYmUwEegjQne2XTIljpvlR1WEvZE/BcHqIyvZ6WTIZAB
-NKhxlKkKY7tAq43RAigiJjNdjFU=
+ZS5jb20vY3BzMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUAOqk/Tv0cUSnEJ4bZ
+a0eprm3IQQ4XgNcv20/bXixlxnQAAAGHbmFdrQAABAMARjBEAiBe95hlRBC+3fHj
+vTttV2T84ZrdD4FEH+RDiR5ilgHDjgIgR1yxRvPPoQCI9RiRyTMXtxZspChz6dw+
+wMa3ybElJxsAdgB73SBPJzgqRmke/amB5I5Lbbgx3r/bVSZYjFEX2Ze94gAAAYdu
+YV2tAAAEAwBHMEUCIQCogKHQIFrGwxctsf+Sy6AnY/mPhokU1J+NQxdCR2t4HAIg
+N9YJzdLCJ7/QLPr2zZqmqwLY5ubeTyLhh91ggY4INXQwDQYJKoZIhvcNAQELBQAD
+ggEBABhY4I9o0u8Sv+y9MWZ2whVBAV0/Bz2dMFDr/wNv1Xgv0lbiEvgWFOzF74Cp
+fxPQCharuR35qDX6pUkF7e6b52yR4D0K/9Mk7WtGVtTdCFyMJq9JOk08iWiJD2wf
+fFgCt2RezPImA2+of7BrIxkwPIRLpQTnXLY+MA+nHnqMQp0NFRZP3nT7xTDNf8Rt
+VyvMM+MxzwqOi2V067oW9NdUitrqMhGiyfNRXPc0BbSt4+utO7qRQKH+DBhr2HNi
+55yj3nQJQXPRbXvJubZBrrHd+XitVknSpeg8AQlUKNUVfakQrhEgvwE3yCljs+Cr
+wLfk+hSzwwA73NSZilfBNIMR9fg=
 -----END CERTIFICATE-----

 -----BEGIN CERTIFICATE-----
--- a/resources/development/nginx/ssl/homework.jackyu.cn/private.key
+++ b/resources/development/nginx/ssl/homework.jackyu.cn/private.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAtjUvQj/cxxx584ouGGHw4BKy/iUqgGXQVsSXG5I36EJy5b3r
-CeK/6h8IFmoepiJGJg8HskLcOvA/yJl6kEwF/QUCd9+sklKvZSSCi1WhSp42MgSZ
-SKvl1uwOsJotCQxpejYVRQOfvgZxCN/tgbgEBQCRhCftUmyfz4xbs2szLbb81kdJ
-9LQ4dsXoXurBWU4hb3yHs/FemqpijWR459EgJ8hqVTj7T5NvRVMxWvmhRIW6+Wck
-Ks1NS3OCe88sCZN9D3hHMyHB/FcxbWEPooZqBqeiqtZikl9mJZbOs3I1W5tO6Uln
-HMBoZkWqKGjJ8uG9scoMJdvTQfm1dB15xUDoYQIDAQABAoIBAFAflReJ47j/EbWB
-lwGL2BOAxYsyprztiK8PJe+u3bzZs5LJcBjZyFDYsoLAyZd+zOAhjd3avuOAEFxS
-+W2IsL1xvYMfLdDuYUiVxH4m+pVIe0aFdS5awOhAx7jrI1CuT5e5PqMpk85JIN2p
-MtTvKX1Voae+swKi16e57f0477ly1s3+xftR+v94PQAvUrxdB0xRQiz5145XpfQ8
-vutA0BrNYPUm5LnvGAgLzJckrCjJ2MMxwIojzT5EPmu+fO091mwzuUE1KC20DdLO
-qBgdW66a0tH2jX5FLH1RU+kFsjBanrTZunNAvYVycCKJmc96iPMrdfk0YWJfRBuk
-w8UEnBECgYEA6BISJACsjxK3P4bLEJfbjG98SUHR2z/k6R8svotwXhPaOuxebH5N
-KttS2l2cq5Zj7iYWmtOXVcN9yYDih0Zs3MRm/1XRCkvp9MKiok6TOEbV4Xfi8s1/
-yMkpIa3muaO+Xlh40iwmkVnitxIQffdqsHSAI4UL5Y3YUqdV7Wqv5U0CgYEAyP7k
-hGfY4X33iq6+Z3t6YmPr04ubvM7xGuqHimR7TmpU0mQDiU/ArPmWjhd1iU2b5ryj
-+iWvVRPhiMNhLteugQHBK2Uf0CLx1Ero0543issIvKKSXiEAmXmMcdS35YO/fe9V
-0M/GxbvTom36dBIYjyN4keo+vTRZ5T98tsWstWUCgYEArdWTdxp2J7nKQDC0/Vnz
-IBAGlk1SaBxFWQZ8GsMSSbYvOwIBfN1i6l5dgqqqh7Fga2xmdFVYv+pu17jOdqwf
-MYOA73SV4FObDTeaYV/gUUBmR7zo6B1cwcdFIzBDav0nxT4aSry9qxUciStj5Sem
-6ERsE68+iRYmW0tzRyMqXOUCgYAYN12g9kITKPIiK1uVbDMal59aJX/mB6jU7VzX
-N7QDhpwhnRsv+APm00toYzsuB8O40RGQmem9/l818xRKaIIF2QhFCjIDCbLJOR1E
-IdPfTQcIcy3fWWqREyvwqwhdBrqTmbplJiN0v2SINWfvhB6hYEyuh+J3OU97Z2LH
-QpnEYQKBgQCz08jYIxPAMc1HReNCv2gFvUkaKa0QMdkuqIyyBcMUvE24E1xgp9tI
-7BGkSu+GGV8m/e/9ll37O5iEXU2y9Y+8O/ZEimRG++e9miqVdpt449xWcr62HluV
-CjzA5WBT5NZIVdTIiHe2HKFuKMXdyWkRWN5SClSSZ6aWzO8awf6UbA==
+MIIEowIBAAKCAQEA0FLyYu7i4H0y0RcGFd7SSpgnwo6CNUDhjEjjIVoXs4KP4GBB
+oo88iKcG/fSdv2ibZpMf2BmiAbilSgtOfNB6eRbBxuud5nHMmMDrO+NFbNz7l0L8
+dz1qIlMjFM5xv4gTDpOTqyIh30tiDpvNbCK+c6nOi1KrUCVxqrriOETYxGXJpsg
+/MRT3R8htofpP0bIDDekk2FMtpZAUDs6YfSnEYP+OQhhWOoFD0HeXfoGiN7pmSrM
+GMUUtkwisHykPXuyI+PR6+L3BjAcUR7UTNhWNvER35EL9+7q7C/NW7VeMPMjVxbA
+f0KOx8If4ZFjYhdn6qya/EO1p+M7aNZf5GYpOQIDAQABAoIBAAQU2/LcQ02qpkg6
+b0AWcYBMotrI9/wbHVAmTWzl2vkFYdQ/jomkzMbQnu5y0HRjlEfaMhGFzwrBl1tw
+BUWkwAGHVJyVGS7eo+eKQBGYTk/ntHYuNc6faaC3r+w/5S3k5LUZn1cjQjmFVlMI
+8gzXPKHQTq5xHLlwPn758ktoPXz/XihnaKq1agepiV50Y94XEBN0V8WOTgV6Z1AB
+puyebcojoCqMG0TjaIVbowpC2suEV3LTwEdBuAIxdAKEHyTqgedFcULsXfLfkWrH
+Y5sU/gos+3pn9ssNLzfZmoXE9EZnJn6AcQVKfG81YpDnnrcvsa03H8P0NnQNX7iv
+sSuV2kECgYEA99TiQZ0X6C9Dd63BXWhnPg5cuSX0w27COlejtSghLWw4JdBQWBfg
+8Qu+Iv4WcLnnO+aTgYU/WUMdsHX7aW4/OHNibVK4XagK36Ovfd+x6hSUaVXoHHIZ
+O8CcQDwsjlf1RpEpHiWXePifcKT7U43A55gd5jkIryMdiJzQFRdoXMUCgYEA1zC2
+RDwrE70Y3d/AgC4DyuKoCI6BWxGDUUD5B5B8EQ8VJ7oCo8WvefEj856DrHadxDGN
+5knA5PAZRZMAf/xdaJZRb7DEWB+jL3MOXRx7iDZ+nxbuFGeIq8YhCNyl6X784tLm
+jUUIDLLcJmgDZWaZUeK/KJXG6CkX4wjAifKrSeUCgYBE8vQznvn8vdF+ZVfrndVD
+XYmMdTPgf1sIEkPYbZ61XWtNkeQYbiRFy6eNYrVpjT742lBlc2XJdrO22Uwl6+co
+1Gko0x+55ruHtqlnUqnT3v/fQmg+Kbw9dHvEHzmiLHRvuoj++yRmIn1xQGUvvLtT
+c222FF4HI7TewgneJFIDpQKBgDviZHasv9goYYktQWbqZ0fIt7ZZ4gmz3/V2vVar
+kLs2lU6O5zkoRGMNBlI/pKkUAWed2r1hfPq5Dm9cL2Fum5gFbPhGGv3jIAiOXkrv
+KDmJ4MbpHKw0+8XBx2Ot88X8/ucohdx+f3T5OWa+v2MyoCw3i7cBp27oMKuPvfUl
+wSE5AoGBALd3efbe2//0GP8Cxjf3FYjb8xDYNF3RKMbQVfbGDcLQX/surxAdpqUR
+NqWTiqUKcu7sUQO1nOwC33m2464MQbsWxtNp2zMmLaAGNKOtD6FpltA2Nup3K5HW
+FsP0kSm0NgWVyyEX/jScECLtSBNT3kC4q+DKyxC1wqQrq0cSe6gd
 -----END RSA PRIVATE KEY-----