可以设置是否自动安装nftables

2025-11-15 13:00:25 +08:00 · 2022-09-17 21:04:45 +08:00
parent 703fb2de90
commit 0531dfeffb
4 changed files with 50 additions and 31 deletions
--- a/internal/web/actions/default/clusters/cluster/settings/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/index.go
@@ -80,14 +80,15 @@ func (this *IndexAction) RunGet(params struct {
 	}

 	this.Data["cluster"] = maps.Map{
-		"id":              cluster.Id,
-		"name":            cluster.Name,
-		"installDir":      cluster.InstallDir,
-		"timeZone":        cluster.TimeZone,
-		"nodeMaxThreads":  cluster.NodeMaxThreads,
-		"autoOpenPorts":   cluster.AutoOpenPorts,
-		"clock":           clockConfig,
-		"autoRemoteStart": cluster.AutoRemoteStart,
+		"id":                  cluster.Id,
+		"name":                cluster.Name,
+		"installDir":          cluster.InstallDir,
+		"timeZone":            cluster.TimeZone,
+		"nodeMaxThreads":      cluster.NodeMaxThreads,
+		"autoOpenPorts":       cluster.AutoOpenPorts,
+		"clock":               clockConfig,
+		"autoRemoteStart":     cluster.AutoRemoteStart,
+		"autoInstallNftables": cluster.AutoInstallNftables,
 	}

 	// 默认值
@@ -100,16 +101,17 @@ func (this *IndexAction) RunGet(params struct {

 // RunPost 保存设置
 func (this *IndexAction) RunPost(params struct {
-	ClusterId       int64
-	Name            string
-	GrantId         int64
-	InstallDir      string
-	TimeZone        string
-	NodeMaxThreads  int32
-	AutoOpenPorts   bool
-	ClockAutoSync   bool
-	ClockServer     string
-	AutoRemoteStart bool
+	ClusterId           int64
+	Name                string
+	GrantId             int64
+	InstallDir          string
+	TimeZone            string
+	NodeMaxThreads      int32
+	AutoOpenPorts       bool
+	ClockAutoSync       bool
+	ClockServer         string
+	AutoRemoteStart     bool
+	AutoInstallNftables bool

 	Must *actions.Must
 }) {
@@ -143,15 +145,16 @@ func (this *IndexAction) RunPost(params struct {
 	}

 	_, err = this.RPC().NodeClusterRPC().UpdateNodeCluster(this.AdminContext(), &pb.UpdateNodeClusterRequest{
-		NodeClusterId:   params.ClusterId,
-		Name:            params.Name,
-		NodeGrantId:     params.GrantId,
-		InstallDir:      params.InstallDir,
-		TimeZone:        params.TimeZone,
-		NodeMaxThreads:  params.NodeMaxThreads,
-		AutoOpenPorts:   params.AutoOpenPorts,
-		ClockJSON:       clockConfigJSON,
-		AutoRemoteStart: params.AutoRemoteStart,
+		NodeClusterId:       params.ClusterId,
+		Name:                params.Name,
+		NodeGrantId:         params.GrantId,
+		InstallDir:          params.InstallDir,
+		TimeZone:            params.TimeZone,
+		NodeMaxThreads:      params.NodeMaxThreads,
+		AutoOpenPorts:       params.AutoOpenPorts,
+		ClockJSON:           clockConfigJSON,
+		AutoRemoteStart:     params.AutoRemoteStart,
+		AutoInstallNftables: params.AutoInstallNftables,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/clusters/create.go
+++ b/internal/web/actions/default/clusters/create.go
@@ -60,9 +60,10 @@ func (this *CreateAction) RunPost(params struct {
 	MatchDomainStrictly bool

 	// SSH相关
-	GrantId            int64
-	InstallDir         string
-	SystemdServiceIsOn bool
+	GrantId             int64
+	InstallDir          string
+	SystemdServiceIsOn  bool
+	AutoInstallNftables bool

 	// DNS相关
 	DnsDomainId int64
@@ -130,6 +131,7 @@ func (this *CreateAction) RunPost(params struct {
 		HttpFirewallPolicyId:   params.HttpFirewallPolicyId,
 		SystemServicesJSON:     systemServicesJSON,
 		GlobalServerConfigJSON: globalServerConfigJSON,
+		AutoInstallNftables:    params.AutoInstallNftables,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/web/views/@default/clusters/cluster/settings/index.html
+++ b/web/views/@default/clusters/cluster/settings/index.html
@@ -85,6 +85,13 @@
                        <p class="comment">当检测到节点离线时，自动尝试远程启动（前提是节点已经设置了SSH登录认证）。</p>
                    </td>
                </tr>
+                <tr>
+                    <td>自动安装nftables</td>
+                    <td>
+                        <checkbox name="autoInstallNftables" v-model="cluster.autoInstallNftables"></checkbox>
+                        <p class="comment">在Linux系统中自动尝试安装<code-label>nftables</code-label>用于安全防御；此功能需要联网从Ubuntu、CentOS等软件库中下载安装包。</p>
+                    </td>
+                </tr>
            </tbody>
 		</table>
 		<submit-btn></submit-btn>
--- a/web/views/@default/clusters/create.html
+++ b/web/views/@default/clusters/create.html
@@ -45,7 +45,7 @@
 			<td>节点安装目录</td>
 			<td>
 				<input type="text" name="installDir" maxlength="100"/>
-				<p class="comment">当节点没有单独设置安装目录时，默认使用此设置。如果集群和节点都没有设置安装目录，则使用<span class="ui label tiny">$登录用户HOME路径/edge-node</span>
+				<p class="comment">当节点没有单独设置安装目录时，默认使用此设置。如果集群和节点都没有设置安装目录，则使用<code-label>$登录用户HOME路径/edge-node</code-label>
 					目录。</p>
 			</td>
 		</tr>
@@ -56,6 +56,13 @@
                <p class="comment">加入后可以利用systemd对节点进程进行管理，并可自动随开机启动。</p>
            </td>
        </tr>
+        <tr>
+            <td>自动安装nftables</td>
+            <td>
+                <checkbox name="autoInstallNftables" value="1"></checkbox>
+                <p class="comment">在Linux系统中自动尝试安装<code-label>nftables</code-label>用于安全防御；此功能需要联网从Ubuntu、CentOS等软件库中下载安装包。</p>
+            </td>
+        </tr>
 	</table>

 	<h4>DNS设置选项 &nbsp;<span class="grey small">（可选）</span></h4>