TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-06 06:40:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

实现TLS配置

Browse Source
This commit is contained in:
GoEdgeLab
2020-10-01 16:51:32 +08:00
parent 140d73420c
commit d44a0b1cbf
4 changed files with 129 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/web/actions/default/servers/create.go
View File

@@ -159,15 +159,30 @@ func (this *CreateAction) RunPost(params struct {
reverseProxyRefJSON := []byte{} reverseProxyRefJSON := []byte{}
switch params.ServerType { switch params.ServerType {
case serverconfigs.ServerTypeHTTPProxy, serverconfigs.ServerTypeTCPProxy: case serverconfigs.ServerTypeHTTPProxy, serverconfigs.ServerTypeTCPProxy:
origins := []*serverconfigs.OriginConfig{} originConfigs := []*serverconfigs.OriginConfig{}
err := json.Unmarshal([]byte(params.Origins), &origins) err := json.Unmarshal([]byte(params.Origins), &originConfigs)
if err != nil { if err != nil {
this.Fail("源站地址解析失败:" + err.Error()) this.Fail("源站地址解析失败:" + err.Error())
} }
originRefs := []*serverconfigs.OriginRef{}
for _, originConfig := range originConfigs {
if originConfig.Id > 0 {
originRefs = append(originRefs, &serverconfigs.OriginRef{
IsOn: true,
OriginId: originConfig.Id,
})
}
}
originRefsJSON, err := json.Marshal(originRefs)
if err != nil {
this.ErrorPage(err)
return
}
resp, err := this.RPC().ReverseProxyRPC().CreateReverseProxy(this.AdminContext(), &pb.CreateReverseProxyRequest{ resp, err := this.RPC().ReverseProxyRPC().CreateReverseProxy(this.AdminContext(), &pb.CreateReverseProxyRequest{
SchedulingJSON: nil, SchedulingJSON: nil,
PrimaryOriginsJSON: []byte(params.Origins), PrimaryOriginsJSON: originRefsJSON,
BackupOriginsJSON: nil, BackupOriginsJSON: nil,
}) })
if err != nil { if err != nil {

101
internal/web/actions/default/servers/server/settings/tls/index.go
View File

@@ -2,11 +2,15 @@ package tls
import ( import (
"encoding/json" "encoding/json"
"errors"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils" "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
"github.com/iwind/TeaGo/actions" "github.com/iwind/TeaGo/actions"
"github.com/iwind/TeaGo/maps"
"github.com/iwind/TeaGo/types"
) )
// TLS设置 // TLS设置
@@ -36,8 +40,31 @@ func (this *IndexAction) RunGet(params struct {
tlsConfig.IsOn = true tlsConfig.IsOn = true
} }
// SSL配置
var sslPolicy *sslconfigs.SSLPolicy
if tlsConfig.SSLPolicyRef != nil && tlsConfig.SSLPolicyRef.SSLPolicyId > 0 {
sslPolicyConfigResp, err := this.RPC().SSLPolicyRPC().FindEnabledSSLPolicyConfig(this.AdminContext(), &pb.FindEnabledSSLPolicyConfigRequest{SslPolicyId: tlsConfig.SSLPolicyRef.SSLPolicyId})
if err != nil {
this.ErrorPage(err)
return
}
sslPolicyConfigJSON := sslPolicyConfigResp.SslPolicyJSON
if len(sslPolicyConfigJSON) > 0 {
sslPolicy = &sslconfigs.SSLPolicy{}
err = json.Unmarshal(sslPolicyConfigJSON, sslPolicy)
if err != nil {
this.ErrorPage(err)
return
}
}
}
this.Data["serverType"] = server.Type this.Data["serverType"] = server.Type
this.Data["tlsConfig"] = tlsConfig this.Data["tlsConfig"] = maps.Map{
"isOn": tlsConfig.IsOn,
"listen": tlsConfig.Listen,
"sslPolicy": sslPolicy,
}
this.Show() this.Show()
} }
@@ -47,6 +74,8 @@ func (this *IndexAction) RunPost(params struct {
ServerType string ServerType string
Addresses string Addresses string
SslPolicyJSON []byte
Must *actions.Must Must *actions.Must
}) { }) {
server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId) server, _, isOk := serverutils.FindServer(this.Parent(), params.ServerId)
@@ -60,6 +89,71 @@ func (this *IndexAction) RunPost(params struct {
this.Fail("端口地址解析失败:" + err.Error()) this.Fail("端口地址解析失败:" + err.Error())
} }
// 校验SSL
var sslPolicyId = int64(0)
if params.SslPolicyJSON != nil {
sslPolicy := &sslconfigs.SSLPolicy{}
err = json.Unmarshal(params.SslPolicyJSON, sslPolicy)
if err != nil {
this.ErrorPage(errors.New("解析SSL配置时发生了错误" + err.Error()))
return
}
sslPolicyId = sslPolicy.Id
certsJSON, err := json.Marshal(sslPolicy.CertRefs)
if err != nil {
this.ErrorPage(err)
return
}
hstsJSON, err := json.Marshal(sslPolicy.HSTS)
if err != nil {
this.ErrorPage(err)
return
}
clientCACertsJSON, err := json.Marshal(sslPolicy.ClientCARefs)
if err != nil {
this.ErrorPage(err)
return
}
if sslPolicyId > 0 {
_, err := this.RPC().SSLPolicyRPC().UpdateSSLPolicy(this.AdminContext(), &pb.UpdateSSLPolicyRequest{
SslPolicyId: sslPolicyId,
Http2Enabled: sslPolicy.HTTP2Enabled,
MinVersion: sslPolicy.MinVersion,
CertsJSON: certsJSON,
HstsJSON: hstsJSON,
ClientAuthType: types.Int32(sslPolicy.ClientAuthType),
ClientCACertsJSON: clientCACertsJSON,
CipherSuitesIsOn: sslPolicy.CipherSuitesIsOn,
CipherSuites: sslPolicy.CipherSuites,
})
if err != nil {
this.ErrorPage(err)
return
}
} else {
resp, err := this.RPC().SSLPolicyRPC().CreateSSLPolicy(this.AdminContext(), &pb.CreateSSLPolicyRequest{
Http2Enabled: sslPolicy.HTTP2Enabled,
MinVersion: sslPolicy.MinVersion,
CertsJSON: certsJSON,
HstsJSON: hstsJSON,
ClientAuthType: types.Int32(sslPolicy.ClientAuthType),
ClientCACertsJSON: clientCACertsJSON,
CipherSuitesIsOn: sslPolicy.CipherSuitesIsOn,
CipherSuites: sslPolicy.CipherSuites,
})
if err != nil {
this.ErrorPage(err)
return
}
sslPolicyId = resp.SslPolicyId
}
}
tlsConfig := &serverconfigs.TLSProtocolConfig{} tlsConfig := &serverconfigs.TLSProtocolConfig{}
if len(server.TlsJSON) > 0 { if len(server.TlsJSON) > 0 {
err := json.Unmarshal(server.TlsJSON, tlsConfig) err := json.Unmarshal(server.TlsJSON, tlsConfig)
@@ -71,6 +165,11 @@ func (this *IndexAction) RunPost(params struct {
} }
tlsConfig.Listen = addresses tlsConfig.Listen = addresses
tlsConfig.SSLPolicyRef = &sslconfigs.SSLPolicyRef{
IsOn: true,
SSLPolicyId: sslPolicyId,
}
configData, err := json.Marshal(tlsConfig) configData, err := json.Marshal(tlsConfig)
if err != nil { if err != nil {
this.ErrorPage(err) this.ErrorPage(err)

4
web/public/js/components/server/ssl-config-box.js
View File

@@ -315,7 +315,7 @@ Vue.component("ssl-config-box", {
<input type="hidden" name="sslPolicyJSON" :value="JSON.stringify(policy)"/> <input type="hidden" name="sslPolicyJSON" :value="JSON.stringify(policy)"/>
<table class="ui table definition selectable"> <table class="ui table definition selectable">
<tbody> <tbody>
<tr> <tr v-show="vProtocol == 'https'">
<td class="title">用HTTP/2</td> <td class="title">用HTTP/2</td>
<td> <td>
<div class="ui checkbox"> <div class="ui checkbox">
@@ -325,7 +325,7 @@ Vue.component("ssl-config-box", {
</td> </td>
</tr> </tr>
<tr> <tr>
<td>选择证书</td> <td class="title">选择证书</td>
<td> <td>
<div v-if="policy.certs != null && policy.certs.length > 0"> <div v-if="policy.certs != null && policy.certs.length > 0">
<div class="ui label small" v-for="(cert, index) in policy.certs"> <div class="ui label small" v-for="(cert, index) in policy.certs">

10
web/views/@default/servers/server/settings/tls/index.html
View File

@@ -1,7 +1,11 @@
{$layout} {$layout}
{$template "/left_menu"} {$template "/left_menu"}
{$var "header"}
<script src="/servers/components/ssl/datajs" type="text/javascript"></script>
<script src="/js/sortable.min.js" type="text/javascript"></script>
{$end}
<div class="right-box"> <div class="right-box">
<form class="ui form" data-tea-action="$" data-tea-success="success"> <form class="ui form" data-tea-action="$" data-tea-success="success">
<input type="hidden" name="serverId" :value="serverId"/> <input type="hidden" name="serverId" :value="serverId"/>
@@ -14,6 +18,10 @@
</td> </td>
</tr> </tr>
</table> </table>
<!-- SSL配置 -->
<ssl-config-box :v-ssl-policy="tlsConfig.sslPolicy" :v-protocol="'tls'" v-show="tlsConfig.isOn"></ssl-config-box>
<submit-btn></submit-btn> <submit-btn></submit-btn>
</form> </form>
</div> </div>