提升节点组合配置效率

2025-11-05 00:31:54 +08:00 · 2021-08-22 11:35:33 +08:00
parent 53f7a0b77e
commit 72d7ceb94e
36 changed files with 360 additions and 147 deletions
--- a/internal/db/models/api_node_model_ext.go
+++ b/internal/db/models/api_node_model_ext.go
@@ -4,9 +4,10 @@ import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 )
-// 解析HTTP配置
+// DecodeHTTP 解析HTTP配置
 func (this *APINode) DecodeHTTP() (*serverconfigs.HTTPProtocolConfig, error) {
 	if !IsNotNull(this.Http) {
 		return nil, nil
@@ -25,8 +26,12 @@ func (this *APINode) DecodeHTTP() (*serverconfigs.HTTPProtocolConfig, error) {
 	return config, nil
 }
-// 解析HTTPS配置
+// DecodeHTTPS 解析HTTPS配置
-func (this *APINode) DecodeHTTPS(tx *dbs.Tx) (*serverconfigs.HTTPSProtocolConfig, error) {
+func (this *APINode) DecodeHTTPS(tx *dbs.Tx, cacheMap maps.Map) (*serverconfigs.HTTPSProtocolConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	if !IsNotNull(this.Https) {
 		return nil, nil
 	}
@@ -44,7 +49,7 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx) (*serverconfigs.HTTPSProtocolConfig
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -62,7 +67,7 @@ func (this *APINode) DecodeHTTPS(tx *dbs.Tx) (*serverconfigs.HTTPSProtocolConfig
 	return config, nil
 }
-// 解析访问地址
+// DecodeAccessAddrs 解析访问地址
 func (this *APINode) DecodeAccessAddrs() ([]*serverconfigs.NetworkAddressConfig, error) {
 	if !IsNotNull(this.AccessAddrs) {
 		return nil, nil
@@ -82,7 +87,7 @@ func (this *APINode) DecodeAccessAddrs() ([]*serverconfigs.NetworkAddressConfig,
 	return addrConfigs, nil
 }
-// 解析访问地址，并返回字符串形式
+// DecodeAccessAddrStrings 解析访问地址，并返回字符串形式
 func (this *APINode) DecodeAccessAddrStrings() ([]string, error) {
 	addrs, err := this.DecodeAccessAddrs()
 	if err != nil {
@@ -95,7 +100,7 @@ func (this *APINode) DecodeAccessAddrStrings() ([]string, error) {
 	return result, nil
 }
-// 解析Rest HTTP配置
+// DecodeRestHTTP 解析Rest HTTP配置
 func (this *APINode) DecodeRestHTTP() (*serverconfigs.HTTPProtocolConfig, error) {
 	if this.RestIsOn != 1 {
 		return nil, nil
@@ -117,8 +122,11 @@ func (this *APINode) DecodeRestHTTP() (*serverconfigs.HTTPProtocolConfig, error)
 	return config, nil
 }
-// 解析HTTPS配置
+// DecodeRestHTTPS 解析HTTPS配置
-func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx) (*serverconfigs.HTTPSProtocolConfig, error) {
+func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx, cacheMap maps.Map) (*serverconfigs.HTTPSProtocolConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	if this.RestIsOn != 1 {
 		return nil, nil
 	}
@@ -139,7 +147,7 @@ func (this *APINode) DecodeRestHTTPS(tx *dbs.Tx) (*serverconfigs.HTTPSProtocolCo
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, policyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
--- a/internal/db/models/dns/dns_domain_dao.go
+++ b/internal/db/models/dns/dns_domain_dao.go
@@ -58,14 +58,24 @@ func (this *DNSDomainDAO) DisableDNSDomain(tx *dbs.Tx, id int64) error {
 }
 // FindEnabledDNSDomain 查找启用中的条目
-func (this *DNSDomainDAO) FindEnabledDNSDomain(tx *dbs.Tx, id int64) (*DNSDomain, error) {
+func (this *DNSDomainDAO) FindEnabledDNSDomain(tx *dbs.Tx, domainId int64, cacheMap maps.Map) (*DNSDomain, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":record:" + types.String(domainId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*DNSDomain), nil
 	}
 	result, err := this.Query(tx).
-		Pk(id).
+		Pk(domainId).
 		Attr("state", DNSDomainStateEnabled).
 		Find()
 	if result == nil {
 		return nil, err
 	}
 	cacheMap[cacheKey] = result
 	return result.(*DNSDomain), err
 }
--- a/internal/db/models/http_auth_policy_dao.go
+++ b/internal/db/models/http_auth_policy_dao.go
@@ -7,6 +7,8 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
 const (
@@ -94,7 +96,16 @@ func (this *HTTPAuthPolicyDAO) UpdateHTTPAuthPolicy(tx *dbs.Tx, policyId int64,
 }
 // ComposePolicyConfig 组合配置
-func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*serverconfigs.HTTPAuthPolicy, error) {
+func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheMap maps.Map) (*serverconfigs.HTTPAuthPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(policyId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.HTTPAuthPolicy), nil
 	}
 	policy, err := this.FindEnabledHTTPAuthPolicy(tx, policyId)
 	if err != nil {
 		return nil, err
@@ -119,6 +130,8 @@ func (this *HTTPAuthPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (
 	}
 	config.Params = params
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/http_cache_policy_dao.go
+++ b/internal/db/models/http_cache_policy_dao.go
@@ -8,6 +8,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
@@ -185,7 +186,16 @@ func (this *HTTPCachePolicyDAO) UpdateCachePolicy(tx *dbs.Tx, policyId int64, is
 }
 // ComposeCachePolicy 组合配置
-func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64) (*serverconfigs.HTTPCachePolicy, error) {
+func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64, cacheMap maps.Map) (*serverconfigs.HTTPCachePolicy, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(policyId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.HTTPCachePolicy), nil
 	}
 	policy, err := this.FindEnabledHTTPCachePolicy(tx, policyId)
 	if err != nil {
 		return nil, err
@@ -243,6 +253,8 @@ func (this *HTTPCachePolicyDAO) ComposeCachePolicy(tx *dbs.Tx, policyId int64) (
 		config.CacheRefs = refs
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
@@ -284,7 +296,7 @@ func (this *HTTPCachePolicyDAO) ListEnabledHTTPCachePolicies(tx *dbs.Tx, keyword
 	cachePolicies := []*serverconfigs.HTTPCachePolicy{}
 	for _, policyId := range cachePolicyIds {
-		cachePolicyConfig, err := this.ComposeCachePolicy(tx, policyId)
+		cachePolicyConfig, err := this.ComposeCachePolicy(tx, policyId, nil)
 		if err != nil {
 			return nil, errors.Wrap(err)
 		}
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -223,7 +223,16 @@ func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, keywo
 }
 // ComposeFirewallPolicy 组合策略配置
-func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64) (*firewallconfigs.HTTPFirewallPolicy, error) {
+func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId int64, cacheMap maps.Map) (*firewallconfigs.HTTPFirewallPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(policyId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*firewallconfigs.HTTPFirewallPolicy), nil
 	}
 	policy, err := this.FindEnabledHTTPFirewallPolicy(tx, policyId)
 	if err != nil {
 		return nil, err
@@ -304,6 +313,8 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.BlockOptions = blockAction
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/http_location_dao.go
+++ b/internal/db/models/http_location_dao.go
@@ -131,7 +131,16 @@ func (this *HTTPLocationDAO) UpdateLocation(tx *dbs.Tx, locationId int64, name s
 }
 // ComposeLocationConfig 组合配置
-func (this *HTTPLocationDAO) ComposeLocationConfig(tx *dbs.Tx, locationId int64) (*serverconfigs.HTTPLocationConfig, error) {
+func (this *HTTPLocationDAO) ComposeLocationConfig(tx *dbs.Tx, locationId int64, cacheMap maps.Map) (*serverconfigs.HTTPLocationConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(locationId)
 	var cacheConfig = cacheMap.Get(cacheKey)
 	if cacheConfig != nil {
 		return cacheConfig.(*serverconfigs.HTTPLocationConfig), nil
 	}
 	location, err := this.FindEnabledHTTPLocation(tx, locationId)
 	if err != nil {
 		return nil, err
@@ -151,7 +160,7 @@ func (this *HTTPLocationDAO) ComposeLocationConfig(tx *dbs.Tx, locationId int64)
 	// web
 	if location.WebId > 0 {
-		webConfig, err := SharedHTTPWebDAO.ComposeWebConfig(tx, int64(location.WebId))
+		webConfig, err := SharedHTTPWebDAO.ComposeWebConfig(tx, int64(location.WebId), cacheMap)
 		if err != nil {
 			return nil, err
 		}
@@ -167,7 +176,7 @@ func (this *HTTPLocationDAO) ComposeLocationConfig(tx *dbs.Tx, locationId int64)
 		}
 		config.ReverseProxyRef = ref
 		if ref.ReverseProxyId > 0 {
-			reverseProxyConfig, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, ref.ReverseProxyId)
+			reverseProxyConfig, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, ref.ReverseProxyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -185,6 +194,8 @@ func (this *HTTPLocationDAO) ComposeLocationConfig(tx *dbs.Tx, locationId int64)
 		config.Conds = conds
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
@@ -248,13 +259,13 @@ func (this *HTTPLocationDAO) UpdateLocationWeb(tx *dbs.Tx, locationId int64, web
 }
 // ConvertLocationRefs 转换引用为配置
-func (this *HTTPLocationDAO) ConvertLocationRefs(tx *dbs.Tx, refs []*serverconfigs.HTTPLocationRef) (locations []*serverconfigs.HTTPLocationConfig, err error) {
+func (this *HTTPLocationDAO) ConvertLocationRefs(tx *dbs.Tx, refs []*serverconfigs.HTTPLocationRef, cacheMap maps.Map) (locations []*serverconfigs.HTTPLocationConfig, err error) {
 	for _, ref := range refs {
-		config, err := this.ComposeLocationConfig(tx, ref.LocationId)
+		config, err := this.ComposeLocationConfig(tx, ref.LocationId, cacheMap)
 		if err != nil {
 			return nil, err
 		}
-		children, err := this.ConvertLocationRefs(tx, ref.Children)
+		children, err := this.ConvertLocationRefs(tx, ref.Children, cacheMap)
 		if err != nil {
 			return nil, err
 		}
@@ -286,7 +297,6 @@ func (this *HTTPLocationDAO) FindEnabledLocationIdWithReverseProxyId(tx *dbs.Tx,
 		FindInt64Col(0)
 }
 // NotifyUpdate 通知更新
 func (this *HTTPLocationDAO) NotifyUpdate(tx *dbs.Tx, locationId int64) error {
 	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithLocationId(tx, locationId)
--- a/internal/db/models/http_page_dao.go
+++ b/internal/db/models/http_page_dao.go
@@ -7,6 +7,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
@@ -36,12 +37,12 @@ func init() {
 	})
 }
-// 初始化
+// Init 初始化
 func (this *HTTPPageDAO) Init() {
 	_ = this.DAOObject.Init()
 }
-// 启用条目
+// EnableHTTPPage 启用条目
 func (this *HTTPPageDAO) EnableHTTPPage(tx *dbs.Tx, pageId int64) error {
 	_, err := this.Query(tx).
 		Pk(pageId).
@@ -53,7 +54,7 @@ func (this *HTTPPageDAO) EnableHTTPPage(tx *dbs.Tx, pageId int64) error {
 	return this.NotifyUpdate(tx, pageId)
 }
-// 禁用条目
+// DisableHTTPPage 禁用条目
 func (this *HTTPPageDAO) DisableHTTPPage(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -62,7 +63,7 @@ func (this *HTTPPageDAO) DisableHTTPPage(tx *dbs.Tx, id int64) error {
 	return err
 }
-// 查找启用中的条目
+// FindEnabledHTTPPage 查找启用中的条目
 func (this *HTTPPageDAO) FindEnabledHTTPPage(tx *dbs.Tx, id int64) (*HTTPPage, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -74,7 +75,7 @@ func (this *HTTPPageDAO) FindEnabledHTTPPage(tx *dbs.Tx, id int64) (*HTTPPage, e
 	return result.(*HTTPPage), err
 }
-// 创建Page
+// CreatePage 创建Page
 func (this *HTTPPageDAO) CreatePage(tx *dbs.Tx, statusList []string, url string, newStatus int) (pageId int64, err error) {
 	op := NewHTTPPageOperator()
 	op.IsOn = true
@@ -97,7 +98,7 @@ func (this *HTTPPageDAO) CreatePage(tx *dbs.Tx, statusList []string, url string,
 	return types.Int64(op.Id), nil
 }
-// 修改Page
+// UpdatePage 修改Page
 func (this *HTTPPageDAO) UpdatePage(tx *dbs.Tx, pageId int64, statusList []string, url string, newStatus int) error {
 	if pageId <= 0 {
 		return errors.New("invalid pageId")
@@ -126,8 +127,17 @@ func (this *HTTPPageDAO) UpdatePage(tx *dbs.Tx, pageId int64, statusList []strin
 	return this.NotifyUpdate(tx, pageId)
 }
-// 组合配置
+// ComposePageConfig 组合配置
-func (this *HTTPPageDAO) ComposePageConfig(tx *dbs.Tx, pageId int64) (*serverconfigs.HTTPPageConfig, error) {
+func (this *HTTPPageDAO) ComposePageConfig(tx *dbs.Tx, pageId int64, cacheMap maps.Map) (*serverconfigs.HTTPPageConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(pageId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.HTTPPageConfig), nil
 	}
 	page, err := this.FindEnabledHTTPPage(tx, pageId)
 	if err != nil {
 		return nil, err
@@ -154,10 +164,12 @@ func (this *HTTPPageDAO) ComposePageConfig(tx *dbs.Tx, pageId int64) (*servercon
 		}
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
-// 通知更新
+// NotifyUpdate 通知更新
 func (this *HTTPPageDAO) NotifyUpdate(tx *dbs.Tx, pageId int64) error {
 	webId, err := SharedHTTPWebDAO.FindEnabledWebIdWithPageId(tx, pageId)
 	if err != nil {
--- a/internal/db/models/http_rewrite_rule_dao.go
+++ b/internal/db/models/http_rewrite_rule_dao.go
@@ -8,6 +8,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
@@ -76,7 +77,16 @@ func (this *HTTPRewriteRuleDAO) FindEnabledHTTPRewriteRule(tx *dbs.Tx, id int64)
 }
 // ComposeRewriteRule 构造配置
-func (this *HTTPRewriteRuleDAO) ComposeRewriteRule(tx *dbs.Tx, rewriteRuleId int64) (*serverconfigs.HTTPRewriteRule, error) {
+func (this *HTTPRewriteRuleDAO) ComposeRewriteRule(tx *dbs.Tx, rewriteRuleId int64, cacheMap maps.Map) (*serverconfigs.HTTPRewriteRule, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(rewriteRuleId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.HTTPRewriteRule), nil
 	}
 	rule, err := this.FindEnabledHTTPRewriteRule(tx, rewriteRuleId)
 	if err != nil {
 		return nil, err
@@ -105,6 +115,9 @@ func (this *HTTPRewriteRuleDAO) ComposeRewriteRule(tx *dbs.Tx, rewriteRuleId int
 		}
 		config.Conds = conds
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/http_web_dao.go
+++ b/internal/db/models/http_web_dao.go
@@ -75,7 +75,16 @@ func (this *HTTPWebDAO) FindEnabledHTTPWeb(tx *dbs.Tx, id int64) (*HTTPWeb, erro
 }
 // ComposeWebConfig 组合配置
-func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfigs.HTTPWebConfig, error) {
+func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64, cacheMap maps.Map) (*serverconfigs.HTTPWebConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(webId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.HTTPWebConfig), nil
 	}
 	web, err := SharedHTTPWebDAO.FindEnabledHTTPWeb(tx, webId)
 	if err != nil {
 		return nil, err
@@ -181,7 +190,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 			return nil, err
 		}
 		for index, page := range pages {
-			pageConfig, err := SharedHTTPPageDAO.ComposePageConfig(tx, page.Id)
+			pageConfig, err := SharedHTTPPageDAO.ComposePageConfig(tx, page.Id, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -235,7 +244,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		// 自定义防火墙设置
 		if firewallRef.FirewallPolicyId > 0 {
-			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, firewallRef.FirewallPolicyId)
+			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, firewallRef.FirewallPolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -257,7 +266,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		if len(refs) > 0 {
 			config.LocationRefs = refs
-			locations, err := SharedHTTPLocationDAO.ConvertLocationRefs(tx, refs)
+			locations, err := SharedHTTPLocationDAO.ConvertLocationRefs(tx, refs, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -302,7 +311,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 			return nil, err
 		}
 		for _, ref := range refs {
-			rewriteRule, err := SharedHTTPRewriteRuleDAO.ComposeRewriteRule(tx, ref.RewriteRuleId)
+			rewriteRule, err := SharedHTTPRewriteRuleDAO.ComposeRewriteRule(tx, ref.RewriteRuleId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -356,7 +365,7 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		}
 		var newRefs []*serverconfigs.HTTPAuthPolicyRef
 		for _, ref := range authConfig.PolicyRefs {
-			policyConfig, err := SharedHTTPAuthPolicyDAO.ComposePolicyConfig(tx, ref.AuthPolicyId)
+			policyConfig, err := SharedHTTPAuthPolicyDAO.ComposePolicyConfig(tx, ref.AuthPolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -368,6 +377,8 @@ func (this *HTTPWebDAO) ComposeWebConfig(tx *dbs.Tx, webId int64) (*serverconfig
 		config.Auth = authConfig
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/node_cluster_dao.go
+++ b/internal/db/models/node_cluster_dao.go
@@ -406,7 +406,16 @@ func (this *NodeClusterDAO) FindClusterGrantId(tx *dbs.Tx, clusterId int64) (int
 }
 // FindClusterDNSInfo 查找DNS信息
-func (this *NodeClusterDAO) FindClusterDNSInfo(tx *dbs.Tx, clusterId int64) (*NodeCluster, error) {
+func (this *NodeClusterDAO) FindClusterDNSInfo(tx *dbs.Tx, clusterId int64, cacheMap maps.Map) (*NodeCluster, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":record:" + types.String(clusterId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*NodeCluster), nil
 	}
 	one, err := this.Query(tx).
 		Pk(clusterId).
 		Result("id", "name", "dnsName", "dnsDomainId", "dns", "isOn").
@@ -417,6 +426,7 @@ func (this *NodeClusterDAO) FindClusterDNSInfo(tx *dbs.Tx, clusterId int64) (*No
 	if one == nil {
 		return nil, nil
 	}
 	cacheMap[cacheKey] = one
 	return one.(*NodeCluster), nil
 }
@@ -467,7 +477,7 @@ func (this *NodeClusterDAO) CheckClusterDNS(tx *dbs.Tx, cluster *NodeCluster) (i
 	domainId := int64(cluster.DnsDomainId)
 	// 检查域名
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId)
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -682,11 +692,27 @@ func (this *NodeClusterDAO) FindAllEnabledNodeClusterIdsWithCachePolicyId(tx *db
 }
 // FindClusterHTTPFirewallPolicyId 获取集群的WAF策略ID
-func (this *NodeClusterDAO) FindClusterHTTPFirewallPolicyId(tx *dbs.Tx, clusterId int64) (int64, error) {
+func (this *NodeClusterDAO) FindClusterHTTPFirewallPolicyId(tx *dbs.Tx, clusterId int64, cacheMap maps.Map) (int64, error) {
-	return this.Query(tx).
+	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":FindClusterHTTPFirewallPolicyId:" + types.String(clusterId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(int64), nil
 	}
 	firewallPolicyId, err := this.Query(tx).
 		Pk(clusterId).
 		Result("httpFirewallPolicyId").
 		FindInt64Col(0)
 	if err != nil {
 		return 0, err
 	}
 	cacheMap[cacheKey] = firewallPolicyId
 	return firewallPolicyId, nil
 }
 // UpdateNodeClusterHTTPCachePolicyId 设置集群的缓存策略
@@ -702,11 +728,27 @@ func (this *NodeClusterDAO) UpdateNodeClusterHTTPCachePolicyId(tx *dbs.Tx, clust
 }
 // FindClusterHTTPCachePolicyId 获取集群的缓存策略ID
-func (this *NodeClusterDAO) FindClusterHTTPCachePolicyId(tx *dbs.Tx, clusterId int64) (int64, error) {
+func (this *NodeClusterDAO) FindClusterHTTPCachePolicyId(tx *dbs.Tx, clusterId int64, cacheMap maps.Map) (int64, error) {
-	return this.Query(tx).
+	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":FindClusterHTTPCachePolicyId:" + types.String(clusterId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(int64), nil
 	}
 	cachePolicyId, err := this.Query(tx).
 		Pk(clusterId).
 		Result("cachePolicyId").
 		FindInt64Col(0)
 	if err != nil {
 		return 0, err
 	}
 	cacheMap[cacheKey] = cachePolicyId
 	return cachePolicyId, nil
 }
 // UpdateNodeClusterHTTPFirewallPolicyId 设置集群的WAF策略
--- a/internal/db/models/node_dao.go
+++ b/internal/db/models/node_dao.go
@@ -614,7 +614,7 @@ func (this *NodeDAO) UpdateNodeInstallStatus(tx *dbs.Tx, nodeId int64, status *N
 // ComposeNodeConfig 组合配置
 // TODO 提升运行速度
-func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.NodeConfig, error) {
+func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64, cacheMap maps.Map) (*nodeconfigs.NodeConfig, error) {
 	node, err := this.FindEnabledNode(tx, nodeId)
 	if err != nil {
 		return nil, err
@@ -642,7 +642,7 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N
 	}
 	for _, server := range servers {
-		serverConfig, err := SharedServerDAO.ComposeServerConfig(tx, server)
+		serverConfig, err := SharedServerDAO.ComposeServerConfig(tx, server, cacheMap)
 		if err != nil {
 			return nil, err
 		}
@@ -671,12 +671,12 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N
 	var clusterIds = []int64{primaryClusterId}
 	clusterIds = append(clusterIds, node.DecodeSecondaryClusterIds()...)
 	for _, clusterId := range clusterIds {
-		httpFirewallPolicyId, err := SharedNodeClusterDAO.FindClusterHTTPFirewallPolicyId(tx, clusterId)
+		httpFirewallPolicyId, err := SharedNodeClusterDAO.FindClusterHTTPFirewallPolicyId(tx, clusterId, cacheMap)
 		if err != nil {
 			return nil, err
 		}
 		if httpFirewallPolicyId > 0 {
-			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, httpFirewallPolicyId)
+			firewallPolicy, err := SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, httpFirewallPolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -686,12 +686,12 @@ func (this *NodeDAO) ComposeNodeConfig(tx *dbs.Tx, nodeId int64) (*nodeconfigs.N
 		}
 		// 缓存策略
-		httpCachePolicyId, err := SharedNodeClusterDAO.FindClusterHTTPCachePolicyId(tx, clusterId)
+		httpCachePolicyId, err := SharedNodeClusterDAO.FindClusterHTTPCachePolicyId(tx, clusterId, cacheMap)
 		if err != nil {
 			return nil, err
 		}
 		if httpCachePolicyId > 0 {
-			cachePolicy, err := SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, httpCachePolicyId)
+			cachePolicy, err := SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, httpCachePolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -1298,7 +1298,7 @@ func (this *NodeDAO) NotifyDNSUpdate(tx *dbs.Tx, nodeId int64) error {
 		return err
 	}
 	for _, clusterId := range clusterIds {
-		dnsInfo, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId)
+		dnsInfo, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId, nil)
 		if err != nil {
 			return err
 		}
--- a/internal/db/models/node_dao_test.go
+++ b/internal/db/models/node_dao_test.go
@@ -3,7 +3,9 @@ package models
 import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"testing"
 	"time"
 )
 func TestNodeDAO_FindAllNodeIdsMatch(t *testing.T) {
@@ -34,3 +36,23 @@ func TestNodeDAO_FindEnabledNodeClusterIds(t *testing.T) {
 	}
 	t.Log(clusterIds)
 }
 func TestNodeDAO_ComposeNodeConfig(t *testing.T) {
 	dbs.NotifyReady()
 	before := time.Now()
 	defer func() {
 		t.Log(time.Since(before).Seconds()*1000, "ms")
 	}()
 	var tx *dbs.Tx
 	var cacheMap = maps.Map{}
 	nodeConfig, err := SharedNodeDAO.ComposeNodeConfig(tx, 48, cacheMap)
 	if err != nil {
 		t.Fatal(err)
 	}
 	t.Log(len(nodeConfig.Servers), "servers")
 	t.Log(len(cacheMap), "items")
 	// old: 77ms => new: 56ms
 }
--- a/internal/db/models/origin_dao.go
+++ b/internal/db/models/origin_dao.go
@@ -9,6 +9,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 )
@@ -197,7 +198,16 @@ func (this *OriginDAO) UpdateOrigin(tx *dbs.Tx, originId int64, name string, add
 }
 // ComposeOriginConfig 将源站信息转换为配置
-func (this *OriginDAO) ComposeOriginConfig(tx *dbs.Tx, originId int64) (*serverconfigs.OriginConfig, error) {
+func (this *OriginDAO) ComposeOriginConfig(tx *dbs.Tx, originId int64, cacheMap maps.Map) (*serverconfigs.OriginConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(originId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.OriginConfig), nil
 	}
 	origin, err := this.FindEnabledOrigin(tx, originId)
 	if err != nil {
 		return nil, err
@@ -313,7 +323,7 @@ func (this *OriginDAO) ComposeOriginConfig(tx *dbs.Tx, originId int64) (*serverc
 		}
 		config.CertRef = ref
 		if ref.CertId > 0 {
-			certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId)
+			certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -325,6 +335,8 @@ func (this *OriginDAO) ComposeOriginConfig(tx *dbs.Tx, originId int64) (*serverc
 		// TODO
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/origin_dao_test.go
+++ b/internal/db/models/origin_dao_test.go
@@ -8,7 +8,7 @@ import (
 func TestOriginServerDAO_ComposeOriginConfig(t *testing.T) {
 	var tx *dbs.Tx
-	config, err := SharedOriginDAO.ComposeOriginConfig(tx, 1)
+	config, err := SharedOriginDAO.ComposeOriginConfig(tx, 1, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/reverse_proxy_dao.go
+++ b/internal/db/models/reverse_proxy_dao.go
@@ -80,7 +80,16 @@ func (this *ReverseProxyDAO) FindEnabledReverseProxy(tx *dbs.Tx, id int64) (*Rev
 }
 // ComposeReverseProxyConfig 根据ID组合配置
-func (this *ReverseProxyDAO) ComposeReverseProxyConfig(tx *dbs.Tx, reverseProxyId int64) (*serverconfigs.ReverseProxyConfig, error) {
+func (this *ReverseProxyDAO) ComposeReverseProxyConfig(tx *dbs.Tx, reverseProxyId int64, cacheMap maps.Map) (*serverconfigs.ReverseProxyConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(reverseProxyId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*serverconfigs.ReverseProxyConfig), nil
 	}
 	reverseProxy, err := this.FindEnabledReverseProxy(tx, reverseProxyId)
 	if err != nil {
 		return nil, err
@@ -113,7 +122,7 @@ func (this *ReverseProxyDAO) ComposeReverseProxyConfig(tx *dbs.Tx, reverseProxyI
 			return nil, err
 		}
 		for _, ref := range originRefs {
-			originConfig, err := SharedOriginDAO.ComposeOriginConfig(tx, ref.OriginId)
+			originConfig, err := SharedOriginDAO.ComposeOriginConfig(tx, ref.OriginId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -130,7 +139,7 @@ func (this *ReverseProxyDAO) ComposeReverseProxyConfig(tx *dbs.Tx, reverseProxyI
 			return nil, err
 		}
 		for _, originConfig := range originRefs {
-			originConfig, err := SharedOriginDAO.ComposeOriginConfig(tx, originConfig.OriginId)
+			originConfig, err := SharedOriginDAO.ComposeOriginConfig(tx, originConfig.OriginId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -181,6 +190,8 @@ func (this *ReverseProxyDAO) ComposeReverseProxyConfig(tx *dbs.Tx, reverseProxyI
 		config.IdleTimeout = idleTimeout
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
--- a/internal/db/models/reverse_proxy_dao_test.go
+++ b/internal/db/models/reverse_proxy_dao_test.go
@@ -8,7 +8,7 @@ import (
 func TestReverseProxyDAO_ComposeReverseProxyConfig(t *testing.T) {
 	var tx *dbs.Tx
-	config, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, 1)
+	config, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, 1, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/internal/db/models/server_dao.go
+++ b/internal/db/models/server_dao.go
@@ -739,15 +739,19 @@ func (this *ServerDAO) ComposeServerConfigWithServerId(tx *dbs.Tx, serverId int6
 	if server == nil {
 		return nil, ErrNotFound
 	}
-	return this.ComposeServerConfig(tx, server)
+	return this.ComposeServerConfig(tx, server, nil)
 }
 // ComposeServerConfig 构造服务的Config
-func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverconfigs.ServerConfig, error) {
+func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server, cacheMap maps.Map) (*serverconfigs.ServerConfig, error) {
 	if server == nil {
 		return nil, ErrNotFound
 	}
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	config := &serverconfigs.ServerConfig{}
 	config.Id = int64(server.Id)
 	config.ClusterId = int64(server.ClusterId)
@@ -768,12 +772,12 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 	// CNAME
 	if server.ClusterId > 0 && len(server.DnsName) > 0 {
-		clusterDNS, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, int64(server.ClusterId))
+		clusterDNS, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, int64(server.ClusterId), cacheMap)
 		if err != nil {
 			return nil, err
 		}
 		if clusterDNS != nil && clusterDNS.DnsDomainId > 0 {
-			domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(clusterDNS.DnsDomainId))
+			domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(clusterDNS.DnsDomainId), cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -804,7 +808,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 		// SSL
 		if httpsConfig.SSLPolicyRef != nil && httpsConfig.SSLPolicyRef.SSLPolicyId > 0 {
-			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, httpsConfig.SSLPolicyRef.SSLPolicyId)
+			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, httpsConfig.SSLPolicyRef.SSLPolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -836,7 +840,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 		// SSL
 		if tlsConfig.SSLPolicyRef != nil {
-			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId)
+			sslPolicyConfig, err := SharedSSLPolicyDAO.ComposePolicyConfig(tx, tlsConfig.SSLPolicyRef.SSLPolicyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -870,7 +874,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 	// Web
 	if server.WebId > 0 {
-		webConfig, err := SharedHTTPWebDAO.ComposeWebConfig(tx, int64(server.WebId))
+		webConfig, err := SharedHTTPWebDAO.ComposeWebConfig(tx, int64(server.WebId), cacheMap)
 		if err != nil {
 			return nil, err
 		}
@@ -888,7 +892,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 		}
 		config.ReverseProxyRef = reverseProxyRef
-		reverseProxyConfig, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId)
+		reverseProxyConfig, err := SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId, cacheMap)
 		if err != nil {
 			return nil, err
 		}
@@ -899,7 +903,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 	// WAF策略
 	clusterId := int64(server.ClusterId)
-	httpFirewallPolicyId, err := SharedNodeClusterDAO.FindClusterHTTPFirewallPolicyId(tx, clusterId)
+	httpFirewallPolicyId, err := SharedNodeClusterDAO.FindClusterHTTPFirewallPolicyId(tx, clusterId, cacheMap)
 	if err != nil {
 		return nil, err
 	}
@@ -908,7 +912,7 @@ func (this *ServerDAO) ComposeServerConfig(tx *dbs.Tx, server *Server) (*serverc
 	}
 	// 缓存策略
-	httpCachePolicyId, err := SharedNodeClusterDAO.FindClusterHTTPCachePolicyId(tx, clusterId)
+	httpCachePolicyId, err := SharedNodeClusterDAO.FindClusterHTTPCachePolicyId(tx, clusterId, cacheMap)
 	if err != nil {
 		return nil, err
 	}
@@ -1388,7 +1392,7 @@ func (this *ServerDAO) NotifyDNSUpdate(tx *dbs.Tx, serverId int64) error {
 	if clusterId <= 0 {
 		return nil
 	}
-	dnsInfo, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId)
+	dnsInfo, err := SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId, nil)
 	if err != nil {
 		return err
 	}
--- a/internal/db/models/server_dao_test.go
+++ b/internal/db/models/server_dao_test.go
@@ -41,10 +41,7 @@ func TestServerDAO_UpdateServerConfig(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = SharedServerDAO.UpdateServerConfig(tx, 1, configJSON, false)
+	t.Log(string(configJSON))
 	if err != nil {
 		t.Fatal(err)
 	}
 	t.Log("ok")
 }
--- a/internal/db/models/ssl_cert_dao.go
+++ b/internal/db/models/ssl_cert_dao.go
@@ -7,6 +7,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -38,12 +39,12 @@ func init() {
 	})
 }
-// 初始化
+// Init 初始化
 func (this *SSLCertDAO) Init() {
 	_ = this.DAOObject.Init()
 }
-// 启用条目
+// EnableSSLCert 启用条目
 func (this *SSLCertDAO) EnableSSLCert(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -52,7 +53,7 @@ func (this *SSLCertDAO) EnableSSLCert(tx *dbs.Tx, id int64) error {
 	return err
 }
-// 禁用条目
+// DisableSSLCert 禁用条目
 func (this *SSLCertDAO) DisableSSLCert(tx *dbs.Tx, certId int64) error {
 	_, err := this.Query(tx).
 		Pk(certId).
@@ -64,7 +65,7 @@ func (this *SSLCertDAO) DisableSSLCert(tx *dbs.Tx, certId int64) error {
 	return this.NotifyUpdate(tx, certId)
 }
-// 查找启用中的条目
+// FindEnabledSSLCert 查找启用中的条目
 func (this *SSLCertDAO) FindEnabledSSLCert(tx *dbs.Tx, id int64) (*SSLCert, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -76,7 +77,7 @@ func (this *SSLCertDAO) FindEnabledSSLCert(tx *dbs.Tx, id int64) (*SSLCert, erro
 	return result.(*SSLCert), err
 }
-// 根据主键查找名称
+// FindSSLCertName 根据主键查找名称
 func (this *SSLCertDAO) FindSSLCertName(tx *dbs.Tx, id int64) (string, error) {
 	return this.Query(tx).
 		Pk(id).
@@ -84,7 +85,7 @@ func (this *SSLCertDAO) FindSSLCertName(tx *dbs.Tx, id int64) (string, error) {
 		FindStringCol("")
 }
-// 创建证书
+// CreateCert 创建证书
 func (this *SSLCertDAO) CreateCert(tx *dbs.Tx, adminId int64, userId int64, isOn bool, name string, description string, serverName string, isCA bool, certData []byte, keyData []byte, timeBeginAt int64, timeEndAt int64, dnsNames []string, commonNames []string) (int64, error) {
 	op := NewSSLCertOperator()
 	op.AdminId = adminId
@@ -119,7 +120,7 @@ func (this *SSLCertDAO) CreateCert(tx *dbs.Tx, adminId int64, userId int64, isOn
 	return types.Int64(op.Id), nil
 }
-// 修改证书
+// UpdateCert 修改证书
 func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx, certId int64, isOn bool, name string, description string, serverName string, isCA bool, certData []byte, keyData []byte, timeBeginAt int64, timeEndAt int64, dnsNames []string, commonNames []string) error {
 	if certId <= 0 {
 		return errors.New("invalid certId")
@@ -162,8 +163,17 @@ func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx, certId int64, isOn bool, name str
 	return this.NotifyUpdate(tx, certId)
 }
-// 组合配置
+// ComposeCertConfig 组合配置
-func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64) (*sslconfigs.SSLCertConfig, error) {
+func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap maps.Map) (*sslconfigs.SSLCertConfig, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(certId)
 	var cache = cacheMap.Get(cacheKey)
 	if cache != nil {
 		return cache.(*sslconfigs.SSLCertConfig), nil
 	}
 	cert, err := this.FindEnabledSSLCert(tx, certId)
 	if err != nil {
 		return nil, err
@@ -203,10 +213,12 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64) (*sslconfigs
 		config.CommonNames = commonNames
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
-// 计算符合条件的证书数量
+// CountCerts 计算符合条件的证书数量
 func (this *SSLCertDAO) CountCerts(tx *dbs.Tx, isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userId int64) (int64, error) {
 	query := this.Query(tx).
 		State(SSLCertStateEnabled)
@@ -236,7 +248,7 @@ func (this *SSLCertDAO) CountCerts(tx *dbs.Tx, isCA bool, isAvailable bool, isEx
 	return query.Count()
 }
-// 列出符合条件的证书
+// ListCertIds 列出符合条件的证书
 func (this *SSLCertDAO) ListCertIds(tx *dbs.Tx, isCA bool, isAvailable bool, isExpired bool, expiringDays int64, keyword string, userId int64, offset int64, size int64) (certIds []int64, err error) {
 	query := this.Query(tx).
 		State(SSLCertStateEnabled)
@@ -281,7 +293,7 @@ func (this *SSLCertDAO) ListCertIds(tx *dbs.Tx, isCA bool, isAvailable bool, isE
 	return result, nil
 }
-// 设置证书的ACME信息
+// UpdateCertACME 设置证书的ACME信息
 func (this *SSLCertDAO) UpdateCertACME(tx *dbs.Tx, certId int64, acmeTaskId int64) error {
 	if certId <= 0 {
 		return errors.New("invalid certId")
@@ -294,7 +306,7 @@ func (this *SSLCertDAO) UpdateCertACME(tx *dbs.Tx, certId int64, acmeTaskId int6
 	return err
 }
-// 查找需要自动更新的任务
+// FindAllExpiringCerts 查找需要自动更新的任务
 // 这里我们只返回有限的字段以节省内存
 func (this *SSLCertDAO) FindAllExpiringCerts(tx *dbs.Tx, days int) (result []*SSLCert, err error) {
 	if days < 0 {
@@ -314,7 +326,7 @@ func (this *SSLCertDAO) FindAllExpiringCerts(tx *dbs.Tx, days int) (result []*SS
 	return
 }
-// 设置当前证书事件通知时间
+// UpdateCertNotifiedAt 设置当前证书事件通知时间
 func (this *SSLCertDAO) UpdateCertNotifiedAt(tx *dbs.Tx, certId int64) error {
 	_, err := this.Query(tx).
 		Pk(certId).
@@ -323,7 +335,7 @@ func (this *SSLCertDAO) UpdateCertNotifiedAt(tx *dbs.Tx, certId int64) error {
 	return err
 }
-// 检查用户权限
+// CheckUserCert 检查用户权限
 func (this *SSLCertDAO) CheckUserCert(tx *dbs.Tx, certId int64, userId int64) error {
 	if certId <= 0 || userId <= 0 {
 		return errors.New("not found")
@@ -342,7 +354,7 @@ func (this *SSLCertDAO) CheckUserCert(tx *dbs.Tx, certId int64, userId int64) er
 	return nil
 }
-// 通知更新
+// NotifyUpdate 通知更新
 func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
 	policyIds, err := SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(tx, certId)
 	if err != nil {
--- a/internal/db/models/ssl_policy_dao.go
+++ b/internal/db/models/ssl_policy_dao.go
@@ -7,6 +7,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/dbs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	"strconv"
 )
@@ -37,12 +38,12 @@ func init() {
 	})
 }
-// 初始化
+// Init 初始化
 func (this *SSLPolicyDAO) Init() {
 	_ = this.DAOObject.Init()
 }
-// 启用条目
+// EnableSSLPolicy 启用条目
 func (this *SSLPolicyDAO) EnableSSLPolicy(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -51,7 +52,7 @@ func (this *SSLPolicyDAO) EnableSSLPolicy(tx *dbs.Tx, id int64) error {
 	return err
 }
-// 禁用条目
+// DisableSSLPolicy 禁用条目
 func (this *SSLPolicyDAO) DisableSSLPolicy(tx *dbs.Tx, policyId int64) error {
 	_, err := this.Query(tx).
 		Pk(policyId).
@@ -63,7 +64,7 @@ func (this *SSLPolicyDAO) DisableSSLPolicy(tx *dbs.Tx, policyId int64) error {
 	return this.NotifyUpdate(tx, policyId)
 }
-// 查找启用中的条目
+// FindEnabledSSLPolicy 查找启用中的条目
 func (this *SSLPolicyDAO) FindEnabledSSLPolicy(tx *dbs.Tx, id int64) (*SSLPolicy, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -75,8 +76,18 @@ func (this *SSLPolicyDAO) FindEnabledSSLPolicy(tx *dbs.Tx, id int64) (*SSLPolicy
 	return result.(*SSLPolicy), err
 }
-// 组合配置
+// ComposePolicyConfig 组合配置
-func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*sslconfigs.SSLPolicy, error) {
+func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64, cacheMap maps.Map) (*sslconfigs.SSLPolicy, error) {
 	if cacheMap == nil {
 		cacheMap = maps.Map{}
 	}
 	var cacheKey = this.Table + ":config:" + types.String(policyId)
 	var cacheConfig = cacheMap.Get(cacheKey)
 	if cacheConfig != nil {
 		return cacheConfig.(*sslconfigs.SSLPolicy), nil
 	}
 	policy, err := this.FindEnabledSSLPolicy(tx, policyId)
 	if err != nil {
 		return nil, err
@@ -100,7 +111,7 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*sslc
 		}
 		if len(refs) > 0 {
 			for _, ref := range refs {
-				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId)
+				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
 				if err != nil {
 					return nil, err
 				}
@@ -122,7 +133,7 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*sslc
 		}
 		if len(refs) > 0 {
 			for _, ref := range refs {
-				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId)
+				certConfig, err := SharedSSLCertDAO.ComposeCertConfig(tx, ref.CertId, cacheMap)
 				if err != nil {
 					return nil, err
 				}
@@ -156,10 +167,12 @@ func (this *SSLPolicyDAO) ComposePolicyConfig(tx *dbs.Tx, policyId int64) (*sslc
 		config.HSTS = hstsConfig
 	}
 	cacheMap[cacheKey] = config
 	return config, nil
 }
-// 查询使用单个证书的所有策略ID
+// FindAllEnabledPolicyIdsWithCertId 查询使用单个证书的所有策略ID
 func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(tx *dbs.Tx, certId int64) (policyIds []int64, err error) {
 	if certId <= 0 {
 		return
@@ -180,7 +193,7 @@ func (this *SSLPolicyDAO) FindAllEnabledPolicyIdsWithCertId(tx *dbs.Tx, certId i
 	return policyIds, nil
 }
-// 创建Policy
+// CreatePolicy 创建Policy
 func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) (int64, error) {
 	op := NewSSLPolicyOperator()
 	op.State = SSLPolicyStateEnabled
@@ -218,8 +231,7 @@ func (this *SSLPolicyDAO) CreatePolicy(tx *dbs.Tx, adminId int64, userId int64,
 	return types.Int64(op.Id), nil
 }
-// 修改Policy
+// UpdatePolicy 修改Policy
 // 创建Policy
 func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled bool, minVersion string, certsJSON []byte, hstsJSON []byte, clientAuthType int32, clientCACertsJSON []byte, cipherSuitesIsOn bool, cipherSuites []string) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
@@ -259,7 +271,7 @@ func (this *SSLPolicyDAO) UpdatePolicy(tx *dbs.Tx, policyId int64, http2Enabled
 	return this.NotifyUpdate(tx, policyId)
 }
-// 检查是否为用户所属策略
+// CheckUserPolicy 检查是否为用户所属策略
 func (this *SSLPolicyDAO) CheckUserPolicy(tx *dbs.Tx, policyId int64, userId int64) error {
 	if policyId <= 0 || userId <= 0 {
 		return errors.New("not found")
@@ -278,7 +290,7 @@ func (this *SSLPolicyDAO) CheckUserPolicy(tx *dbs.Tx, policyId int64, userId int
 	return nil
 }
-// 通知更新
+// NotifyUpdate 通知更新
 func (this *SSLPolicyDAO) NotifyUpdate(tx *dbs.Tx, policyId int64) error {
 	serverIds, err := SharedServerDAO.FindAllEnabledServerIdsWithSSLPolicyIds(tx, []int64{policyId})
 	if err != nil {
--- a/internal/db/models/user_node_model_ext.go
+++ b/internal/db/models/user_node_model_ext.go
@@ -3,9 +3,10 @@ package models
 import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/maps"
 )
-// 解析HTTP配置
+// DecodeHTTP 解析HTTP配置
 func (this *UserNode) DecodeHTTP() (*serverconfigs.HTTPProtocolConfig, error) {
 	if !IsNotNull(this.Http) {
 		return nil, nil
@@ -24,8 +25,8 @@ func (this *UserNode) DecodeHTTP() (*serverconfigs.HTTPProtocolConfig, error) {
 	return config, nil
 }
-// 解析HTTPS配置
+// DecodeHTTPS 解析HTTPS配置
-func (this *UserNode) DecodeHTTPS() (*serverconfigs.HTTPSProtocolConfig, error) {
+func (this *UserNode) DecodeHTTPS(cacheMap maps.Map) (*serverconfigs.HTTPSProtocolConfig, error) {
 	if !IsNotNull(this.Https) {
 		return nil, nil
 	}
@@ -43,7 +44,7 @@ func (this *UserNode) DecodeHTTPS() (*serverconfigs.HTTPSProtocolConfig, error)
 	if config.SSLPolicyRef != nil {
 		policyId := config.SSLPolicyRef.SSLPolicyId
 		if policyId > 0 {
-			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(nil, policyId)
+			sslPolicy, err := SharedSSLPolicyDAO.ComposePolicyConfig(nil, policyId, cacheMap)
 			if err != nil {
 				return nil, err
 			}
@@ -61,7 +62,7 @@ func (this *UserNode) DecodeHTTPS() (*serverconfigs.HTTPSProtocolConfig, error)
 	return config, nil
 }
-// 解析访问地址
+// DecodeAccessAddrs 解析访问地址
 func (this *UserNode) DecodeAccessAddrs() ([]*serverconfigs.NetworkAddressConfig, error) {
 	if !IsNotNull(this.AccessAddrs) {
 		return nil, nil
@@ -81,7 +82,7 @@ func (this *UserNode) DecodeAccessAddrs() ([]*serverconfigs.NetworkAddressConfig
 	return addrConfigs, nil
 }
-// 解析访问地址，并返回字符串形式
+// DecodeAccessAddrStrings 解析访问地址，并返回字符串形式
 func (this *UserNode) DecodeAccessAddrStrings() ([]string, error) {
 	addrs, err := this.DecodeAccessAddrs()
 	if err != nil {
--- a/internal/nodes/api_node.go
+++ b/internal/nodes/api_node.go
@@ -356,7 +356,7 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 	}
 	// HTTPS
-	httpsConfig, err := apiNode.DecodeHTTPS(nil)
+	httpsConfig, err := apiNode.DecodeHTTPS(nil, nil)
 	if err != nil {
 		remotelogs.Error("API_NODE", "decode https config: "+err.Error())
 		return
@@ -433,7 +433,7 @@ func (this *APINode) listenPorts(apiNode *models.APINode) (isListening bool) {
 	}
 	// Rest HTTPS
-	restHTTPSConfig, err := apiNode.DecodeRestHTTPS(nil)
+	restHTTPSConfig, err := apiNode.DecodeRestHTTPS(nil, nil)
 	if err != nil {
 		remotelogs.Error("API_NODE", "decode REST https config: "+err.Error())
 		return
--- a/internal/rpc/services/service_dns_domain.go
+++ b/internal/rpc/services/service_dns_domain.go
@@ -137,7 +137,7 @@ func (this *DNSDomainService) FindEnabledDNSDomain(ctx context.Context, req *pb.
 	tx := this.NullTx()
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId)
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -159,7 +159,7 @@ func (this *DNSDomainService) FindEnabledBasicDNSDomain(ctx context.Context, req
 	tx := this.NullTx()
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId)
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -565,7 +565,7 @@ func (this *DNSDomainService) syncClusterDNS(req *pb.SyncDNSDomainDataRequest) (
 	}
 	// 域名信息
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId)
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, req.DnsDomainId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_cache_policy.go
+++ b/internal/rpc/services/service_http_cache_policy.go
@@ -137,7 +137,7 @@ func (this *HTTPCachePolicyService) FindEnabledHTTPCachePolicyConfig(ctx context
 	tx := this.NullTx()
-	cachePolicy, err := models.SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, req.HttpCachePolicyId)
+	cachePolicy, err := models.SharedHTTPCachePolicyDAO.ComposeCachePolicy(tx, req.HttpCachePolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -176,7 +176,7 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 	tx := this.NullTx()
 	// 已经有的数据
-	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId)
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -424,7 +424,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicyConfig(ctx c
 	tx := this.NullTx()
-	config, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId)
+	config, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -485,7 +485,7 @@ func (this *HTTPFirewallPolicyService) ImportHTTPFirewallPolicy(ctx context.Cont
 	tx := this.NullTx()
-	oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId)
+	oldConfig, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -650,7 +650,7 @@ func (this *HTTPFirewallPolicyService) CheckHTTPFirewallPolicyIPStatus(ctx conte
 	ipLong := utils.IP2Long(req.Ip)
 	tx := this.NullTx()
-	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId)
+	firewallPolicy, err := models.SharedHTTPFirewallPolicyDAO.ComposeFirewallPolicy(tx, req.HttpFirewallPolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_location.go
+++ b/internal/rpc/services/service_http_location.go
@@ -60,7 +60,7 @@ func (this *HTTPLocationService) FindEnabledHTTPLocationConfig(ctx context.Conte
 	tx := this.NullTx()
-	config, err := models.SharedHTTPLocationDAO.ComposeLocationConfig(tx, req.LocationId)
+	config, err := models.SharedHTTPLocationDAO.ComposeLocationConfig(tx, req.LocationId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -121,7 +121,7 @@ func (this *HTTPLocationService) FindAndInitHTTPLocationReverseProxyConfig(ctx c
 		}
 	}
-	reverseProxyConfig, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId)
+	reverseProxyConfig, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -167,7 +167,7 @@ func (this *HTTPLocationService) FindAndInitHTTPLocationWebConfig(ctx context.Co
 		}
 	}
-	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, webId)
+	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, webId, nil)
 	if err != nil {
 		return nil, rpcutils.Wrap("ComposeWebConfig()", err)
 	}
--- a/internal/rpc/services/service_http_page.go
+++ b/internal/rpc/services/service_http_page.go
@@ -58,7 +58,7 @@ func (this *HTTPPageService) FindEnabledHTTPPageConfig(ctx context.Context, req
 	tx := this.NullTx()
-	config, err := models.SharedHTTPPageDAO.ComposePageConfig(tx, req.PageId)
+	config, err := models.SharedHTTPPageDAO.ComposePageConfig(tx, req.PageId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_http_web.go
+++ b/internal/rpc/services/service_http_web.go
@@ -83,7 +83,7 @@ func (this *HTTPWebService) FindEnabledHTTPWebConfig(ctx context.Context, req *p
 	tx := this.NullTx()
-	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, req.WebId)
+	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, req.WebId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_node.go
+++ b/internal/rpc/services/service_node.go
@@ -165,7 +165,7 @@ func (this *NodeService) ListEnabledNodesMatch(ctx context.Context, req *pb.List
 	tx := this.NullTx()
-	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId)
+	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -654,7 +654,7 @@ func (this *NodeService) FindCurrentNodeConfig(ctx context.Context, req *pb.Find
 		return &pb.FindCurrentNodeConfigResponse{IsChanged: false}, nil
 	}
-	nodeConfig, err := models.SharedNodeDAO.ComposeNodeConfig(tx, nodeId)
+	nodeConfig, err := models.SharedNodeDAO.ComposeNodeConfig(tx, nodeId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -1183,7 +1183,7 @@ func (this *NodeService) FindAllEnabledNodesDNSWithNodeClusterId(ctx context.Con
 	tx := this.NullTx()
-	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId)
+	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -1275,7 +1275,7 @@ func (this *NodeService) FindEnabledNodeDNS(ctx context.Context, req *pb.FindEna
 		clusterId = req.NodeClusterId
 	}
-	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId)
+	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_node_cluster.go
+++ b/internal/rpc/services/service_node_cluster.go
@@ -402,7 +402,7 @@ func (this *NodeClusterService) FindEnabledNodeClusterDNS(ctx context.Context, r
 	tx := this.NullTx()
-	dnsInfo, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId)
+	dnsInfo, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -429,7 +429,7 @@ func (this *NodeClusterService) FindEnabledNodeClusterDNS(ctx context.Context, r
 		}, nil
 	}
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(dnsInfo.DnsDomainId))
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(dnsInfo.DnsDomainId), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -576,7 +576,7 @@ func (this *NodeClusterService) CheckNodeClusterDNSChanges(ctx context.Context,
 	tx := this.NullTx()
-	cluster, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId)
+	cluster, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, req.NodeClusterId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -586,7 +586,7 @@ func (this *NodeClusterService) CheckNodeClusterDNSChanges(ctx context.Context,
 	}
 	domainId := int64(cluster.DnsDomainId)
-	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId)
+	domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_origin.go
+++ b/internal/rpc/services/service_origin.go
@@ -174,7 +174,7 @@ func (this *OriginService) FindEnabledOriginConfig(ctx context.Context, req *pb.
 	tx := this.NullTx()
-	config, err := models.SharedOriginDAO.ComposeOriginConfig(tx, req.OriginId)
+	config, err := models.SharedOriginDAO.ComposeOriginConfig(tx, req.OriginId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_reverse_proxy.go
+++ b/internal/rpc/services/service_reverse_proxy.go
@@ -86,7 +86,7 @@ func (this *ReverseProxyService) FindEnabledReverseProxyConfig(ctx context.Conte
 	tx := this.NullTx()
-	config, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, req.ReverseProxyId)
+	config, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, req.ReverseProxyId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_server.go
+++ b/internal/rpc/services/service_server.go
@@ -555,7 +555,7 @@ func (this *ServerService) ListEnabledServersMatch(ctx context.Context, req *pb.
 		}
 		// 配置
-		config, err := models.SharedServerDAO.ComposeServerConfig(tx, server)
+		config, err := models.SharedServerDAO.ComposeServerConfig(tx, server, nil)
 		if err != nil {
 			return nil, err
 		}
@@ -696,7 +696,7 @@ func (this *ServerService) FindEnabledServer(ctx context.Context, req *pb.FindEn
 	}
 	// 配置
-	config, err := models.SharedServerDAO.ComposeServerConfig(tx, server)
+	config, err := models.SharedServerDAO.ComposeServerConfig(tx, server, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -829,7 +829,7 @@ func (this *ServerService) FindAndInitServerReverseProxyConfig(ctx context.Conte
 		}
 	}
-	reverseProxyConfig, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId)
+	reverseProxyConfig, err := models.SharedReverseProxyDAO.ComposeReverseProxyConfig(tx, reverseProxyRef.ReverseProxyId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -876,7 +876,7 @@ func (this *ServerService) FindAndInitServerWebConfig(ctx context.Context, req *
 		}
 	}
-	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, webId)
+	config, err := models.SharedHTTPWebDAO.ComposeWebConfig(tx, webId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -1071,14 +1071,14 @@ func (this *ServerService) FindEnabledServerDNS(ctx context.Context, req *pb.Fin
 	}
 	var pbDomain *pb.DNSDomain = nil
 	if clusterId > 0 {
-		clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId)
+		clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId, nil)
 		if err != nil {
 			return nil, err
 		}
 		if clusterDNS != nil {
 			domainId := int64(clusterDNS.DnsDomainId)
 			if domainId > 0 {
-				domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId)
+				domain, err := dns.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId, nil)
 				if err != nil {
 					return nil, err
 				}
--- a/internal/rpc/services/service_ssl_cert.go
+++ b/internal/rpc/services/service_ssl_cert.go
@@ -76,7 +76,7 @@ func (this *SSLCertService) FindEnabledSSLCertConfig(ctx context.Context, req *p
 		}
 	}
-	config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId)
+	config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -155,7 +155,7 @@ func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCer
 	certConfigs := []*sslconfigs.SSLCertConfig{}
 	for _, certId := range certIds {
-		certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId)
+		certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId, nil)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/rpc/services/service_ssl_policy.go
+++ b/internal/rpc/services/service_ssl_policy.go
@@ -87,7 +87,7 @@ func (this *SSLPolicyService) FindEnabledSSLPolicyConfig(ctx context.Context, re
 	tx := this.NullTx()
-	config, err := models.SharedSSLPolicyDAO.ComposePolicyConfig(tx, req.SslPolicyId)
+	config, err := models.SharedSSLPolicyDAO.ComposePolicyConfig(tx, req.SslPolicyId, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/tasks/dns_task_executor.go
+++ b/internal/tasks/dns_task_executor.go
@@ -383,7 +383,7 @@ func (this *DNSTaskExecutor) doDomain(taskId int64, domainId int64) error {
 		}
 	}()
-	dnsDomain, err := dnsmodels.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId)
+	dnsDomain, err := dnsmodels.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, domainId, nil)
 	if err != nil {
 		return err
 	}
@@ -437,7 +437,7 @@ func (this *DNSTaskExecutor) doDomain(taskId int64, domainId int64) error {
 }
 func (this *DNSTaskExecutor) findDNSManager(tx *dbs.Tx, clusterId int64) (manager dnsclients.ProviderInterface, domainId int64, domain string, clusterDNSName string, err error) {
-	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId)
+	clusterDNS, err := models.SharedNodeClusterDAO.FindClusterDNSInfo(tx, clusterId, nil)
 	if err != nil {
 		return nil, 0, "", "", err
 	}
@@ -445,7 +445,7 @@ func (this *DNSTaskExecutor) findDNSManager(tx *dbs.Tx, clusterId int64) (manage
 		return nil, 0, "", "", nil
 	}
-	dnsDomain, err := dnsmodels.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(clusterDNS.DnsDomainId))
+	dnsDomain, err := dnsmodels.SharedDNSDomainDAO.FindEnabledDNSDomain(tx, int64(clusterDNS.DnsDomainId), nil)
 	if err != nil {
 		return nil, 0, "", "", err
 	}