实现TLS配置

2025-11-03 20:40:26 +08:00 · 2020-10-01 16:51:32 +08:00
parent 140d73420c
commit d44a0b1cbf
4 changed files with 129 additions and 7 deletions
--- a/internal/web/actions/default/servers/create.go
+++ b/internal/web/actions/default/servers/create.go
@@ -159,15 +159,30 @@ func (this *CreateAction) RunPost(params struct {
 	reverseProxyRefJSON := []byte{}
 	switch params.ServerType {
 	case serverconfigs.ServerTypeHTTPProxy, serverconfigs.ServerTypeTCPProxy:
-		origins := []*serverconfigs.OriginConfig{}
-		err := json.Unmarshal([]byte(params.Origins), &origins)
+		originConfigs := []*serverconfigs.OriginConfig{}
+		err := json.Unmarshal([]byte(params.Origins), &originConfigs)
 		if err != nil {
 			this.Fail("源站地址解析失败：" + err.Error())
 		}

+		originRefs := []*serverconfigs.OriginRef{}
+		for _, originConfig := range originConfigs {
+			if originConfig.Id > 0 {
+				originRefs = append(originRefs, &serverconfigs.OriginRef{
+					IsOn:     true,
+					OriginId: originConfig.Id,
+				})
+			}
+		}
+		originRefsJSON, err := json.Marshal(originRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
 		resp, err := this.RPC().ReverseProxyRPC().CreateReverseProxy(this.AdminContext(), &pb.CreateReverseProxyRequest{
 			SchedulingJSON:     nil,
-			PrimaryOriginsJSON: []byte(params.Origins),
+			PrimaryOriginsJSON: originRefsJSON,
 			BackupOriginsJSON:  nil,
 		})
 		if err != nil {
--- a/internal/web/actions/default/servers/server/settings/tls/index.go
+++ b/internal/web/actions/default/servers/server/settings/tls/index.go
@@ -2,11 +2,15 @@ package tls

 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )

 // TLS设置
@@ -36,8 +40,31 @@ func (this *IndexAction) RunGet(params struct {
 		tlsConfig.IsOn = true
 	}

+	// SSL配置
+	var sslPolicy *sslconfigs.SSLPolicy
+	if tlsConfig.SSLPolicyRef != nil && tlsConfig.SSLPolicyRef.SSLPolicyId > 0 {
+		sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{SslPolicyId: tlsConfig.SSLPolicyRef.SSLPolicyId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		sslPolicyConfigJSON := sslPolicyConfigResp.SslPolicyJSON
+		if len(sslPolicyConfigJSON) > 0 {
+			sslPolicy = &sslconfigs.SSLPolicy{}
+			err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+	}
+
 	this.Data["serverType"] = server.Type
-	this.Data["tlsConfig"] = tlsConfig
+	this.Data["tlsConfig"] = maps.Map{
+		"isOn":      tlsConfig.IsOn,
+		"listen":    tlsConfig.Listen,
+		"sslPolicy": sslPolicy,
+	}

 	this.Show()
 }
@@ -47,6 +74,8 @@ func (this *IndexAction) RunPost(params struct {
 	ServerType string
 	Addresses  string

+	SslPolicyJSON []byte
+
 	Must *actions.Must
 }) {
 	server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
@@ -60,6 +89,71 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("端口地址解析失败：" + err.Error())
 	}

+	// 校验SSL
+	var sslPolicyId = int64(0)
+	if params.SslPolicyJSON != nil {
+		sslPolicy := &sslconfigs.SSLPolicy{}
+		err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
+		if err != nil {
+			this.ErrorPage(errors.New("解析SSL配置时发生了错误：" + err.Error()))
+			return
+		}
+
+		sslPolicyId = sslPolicy.Id
+
+		certsJSON, err := json.Marshal(sslPolicy.CertRefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		hstsJSON, err := json.Marshal(sslPolicy.HSTS)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		if sslPolicyId > 0 {
+			_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
+				SslPolicyId:       sslPolicyId,
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		} else {
+			resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
+				Http2Enabled:      sslPolicy.HTTP2Enabled,
+				MinVersion:        sslPolicy.MinVersion,
+				CertsJSON:         certsJSON,
+				HstsJSON:          hstsJSON,
+				ClientAuthType:    types.Int32(sslPolicy.ClientAuthType),
+				ClientCACertsJSON: clientCACertsJSON,
+				CipherSuitesIsOn:  sslPolicy.CipherSuitesIsOn,
+				CipherSuites:      sslPolicy.CipherSuites,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			sslPolicyId = resp.SslPolicyId
+		}
+	}
+
 	tlsConfig := &serverconfigs.TLSProtocolConfig{}
 	if len(server.TlsJSON) > 0 {
 		err := json.Unmarshal(server.TlsJSON, tlsConfig)
@@ -71,6 +165,11 @@ func (this *IndexAction) RunPost(params struct {
 	}
 	tlsConfig.Listen = addresses

+	tlsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
+		IsOn:        true,
+		SSLPolicyId: sslPolicyId,
+	}
+
 	configData, err := json.Marshal(tlsConfig)
 	if err != nil {
 		this.ErrorPage(err)