github
/
allinssl
mirror of https://github.com/allinssl/allinssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

【修复】修复部署到阿里云waf失败导致panic 

【调整】https监控禁止重定向
【调整】https监控增加失败重试3次
1.0.7
v-me-50 2025-07-30 09:46:10 +08:00
parent e2d0986616
commit 533df1b4b7
5 changed files with 88 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/cert/deploy/btpanel.go
View File

@ -243,7 +243,7 @@ func BtPanelSiteList(providerID string) ([]response.AccessSiteList, error) {
data.Set("cert_list", "")
siteList, err := RequestBt(&data, "POST", providerID, "ssl?action=GetSiteDomain")
if err != nil {
fmt.Println("获取网站列表失败:", err)
//fmt.Println("获取网站列表失败:", err)
return nil, err
}

82
backend/internal/cert/deploy/client/aliyun/aliyunWaf.go
View File

@ -18,7 +18,7 @@ type AliyunWafClient struct {
func ClientAliWaf(accessKey, accessSecret, region string) (_result *AliyunWafClient, err error) {
//region:[cn-hangzhou,ap-southeast-1]
config := &openapi.Config{
AccessKeyId: tea.String(accessKey),
AccessKeySecret: tea.String(accessSecret),
@ -28,7 +28,7 @@ func ClientAliWaf(accessKey, accessSecret, region string) (_result *AliyunWafCli
if err != nil {
return nil, err
}
aliyunwafClient := &AliyunWafClient{
Client: *client,
accessKey: accessKey,
@ -56,7 +56,7 @@ func (client *AliyunWafClient) ICreateCerts(certName, certContent, certKey, inst
"CertKey": certKey,
"InstanceId": instanceId,
}
req := &openapi.OpenApiRequest{
Query: openapiutil.Query(query),
}
@ -71,7 +71,7 @@ func (client *AliyunWafClient) ICreateCerts(certName, certContent, certKey, inst
ReqBodyType: tea.String("formData"),
BodyType: tea.String("json"),
}
createCertsResponse := &CreateCertsResponse{}
runtime := &util.RuntimeOptions{}
_body, _err := client.CallApi(params, req, runtime)
@ -88,8 +88,11 @@ func (client *AliyunWafClient) IGetInstanceId() (instanceId *string, _err error)
RegionId: tea.String(client.region),
}
response, _err := client.DescribeInstance(req)
if _err != nil {
return nil, _err
}
instanceId = response.Body.InstanceId
return instanceId, _err
}
@ -100,8 +103,11 @@ func (client *AliyunWafClient) IDescribeDomainDetail(instanceId, domain string)
Domain: tea.String(domain),
}
response, _err := client.DescribeDomainDetail(req)
if _err != nil {
return nil, _err
}
describeDomainDetailResponseBody = response.Body
return describeDomainDetailResponseBody, _err
}
@ -124,56 +130,56 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
if from == nil {
return to
}
if from.Listen != nil {
if to.Listen == nil {
to.Listen = &aliyunwaf.ModifyDomainRequestListen{}
}
if from.Listen.CipherSuite != nil {
to.Listen.CipherSuite = tea.Int32(int32(*from.Listen.CipherSuite))
}
if from.Listen.CustomCiphers != nil {
to.Listen.CustomCiphers = from.Listen.CustomCiphers
}
if from.Listen.EnableTLSv3 != nil {
to.Listen.EnableTLSv3 = from.Listen.EnableTLSv3
}
if from.Listen.ExclusiveIp != nil {
to.Listen.ExclusiveIp = from.Listen.ExclusiveIp
}
if from.Listen.FocusHttps != nil {
to.Listen.FocusHttps = from.Listen.FocusHttps
}
if from.Listen.Http2Enabled != nil {
to.Listen.Http2Enabled = from.Listen.Http2Enabled
}
if from.Listen.IPv6Enabled != nil {
to.Listen.IPv6Enabled = from.Listen.IPv6Enabled
}
if from.Listen.ProtectionResource != nil {
to.Listen.ProtectionResource = from.Listen.ProtectionResource
}
if from.Listen.TLSVersion != nil {
to.Listen.TLSVersion = from.Listen.TLSVersion
}
if from.Listen.XffHeaderMode != nil {
to.Listen.XffHeaderMode = tea.Int32(int32(*from.Listen.XffHeaderMode))
}
if from.Listen.XffHeaders != nil {
to.Listen.XffHeaders = from.Listen.XffHeaders
}
if from.Listen.HttpPorts != nil {
to.Listen.HttpPorts = make([]*int32, len(from.Listen.HttpPorts))
for i, port := range from.Listen.HttpPorts {
@ -182,7 +188,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
}
}
}
if from.Listen.HttpsPorts != nil {
to.Listen.HttpsPorts = make([]*int32, len(from.Listen.HttpsPorts))
for i, port := range from.Listen.HttpsPorts {
@ -191,62 +197,62 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
}
}
}
}
if from.Redirect != nil {
if to.Redirect == nil {
to.Redirect = &aliyunwaf.ModifyDomainRequestRedirect{}
}
if from.Redirect.ConnectTimeout != nil {
to.Redirect.ConnectTimeout = from.Redirect.ConnectTimeout
}
if from.Redirect.FocusHttpBackend != nil {
to.Redirect.FocusHttpBackend = from.Redirect.FocusHttpBackend
}
if from.Redirect.Keepalive != nil {
to.Redirect.Keepalive = from.Redirect.Keepalive
}
if from.Redirect.KeepaliveRequests != nil {
to.Redirect.KeepaliveRequests = from.Redirect.KeepaliveRequests
}
if from.Redirect.KeepaliveTimeout != nil {
to.Redirect.KeepaliveTimeout = from.Redirect.KeepaliveTimeout
}
if from.Redirect.Loadbalance != nil {
to.Redirect.Loadbalance = from.Redirect.Loadbalance
}
if from.Redirect.ReadTimeout != nil {
to.Redirect.ReadTimeout = from.Redirect.ReadTimeout
}
if from.Redirect.Retry != nil {
to.Redirect.Retry = from.Redirect.Retry
}
if from.Redirect.SniEnabled != nil {
to.Redirect.SniEnabled = from.Redirect.SniEnabled
}
if from.Redirect.SniHost != nil {
to.Redirect.SniHost = from.Redirect.SniHost
}
if from.Redirect.WriteTimeout != nil {
to.Redirect.WriteTimeout = from.Redirect.WriteTimeout
}
if from.Redirect.XffProto != nil {
to.Redirect.XffProto = from.Redirect.XffProto
}
if from.Redirect.Backends != nil {
to.Redirect.Backends = make([]*string, len(from.Redirect.Backends))
for i, backend := range from.Redirect.Backends {
@ -255,7 +261,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
}
}
}
if from.Redirect.BackupBackends != nil {
to.Redirect.BackupBackends = make([]*string, len(from.Redirect.BackupBackends))
for i, backend := range from.Redirect.BackupBackends {
@ -264,7 +270,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
}
}
}
if from.Redirect.RequestHeaders != nil {
to.Redirect.RequestHeaders = make([]*aliyunwaf.ModifyDomainRequestRedirectRequestHeaders, len(from.Redirect.RequestHeaders))
for i, header := range from.Redirect.RequestHeaders {
@ -277,6 +283,6 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa
}
}
}
return to
}

20
backend/internal/monitor/check.go
View File

@ -132,18 +132,34 @@ func CheckHttps(target string, advanceDay int) (result *CertInfo, err error) {
// 构建 HTTP 客户端
client := &http.Client{
// 禁止重定向,确保获取到原始证书链
CheckRedirect: func(req *http.Request, via []*http.Request) error {
// 返回错误以阻止重定向
return http.ErrUseLastResponse
},
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
Timeout: 5 * time.Second,
//Timeout: 5 * time.Second,
}
// 发送请求
resp, err := client.Get(url)
if err != nil {
return nil, fmt.Errorf("无法建立 HTTPS 连接:%v", err)
// 如果无法建立 HTTPS 连接重试3次
retryCount := 3
for i := 0; i < retryCount; i++ {
resp, err = client.Get(url)
if err == nil {
break // 成功则退出重试
}
time.Sleep(1 * time.Second) // 等待1秒后重试
}
if err != nil {
return nil, fmt.Errorf("无法建立 HTTPS 连接:%v", err)
}
}
defer resp.Body.Close()

2
backend/internal/setting/setting.go
View File

@ -108,7 +108,7 @@ func Save(setting *Setting) error {
public.TimeOut = setting.Timeout
restart = true
}
if setting.Https != "" && setting.Https != public.GetSettingIgnoreError("https") {
if setting.Https != "" {
if setting.Https == "1" {
if setting.Key == "" || setting.Cert == "" {
return fmt.Errorf("key or cert is empty")

24
cmd/main.go
View File

@ -28,6 +28,30 @@ var envVars = map[string]string{
"scheduler": "start",
}
/*
_ooOoo_
o8888888o
88" . "88
(| -_- |)
O\ = /O
____/`---'\____
.' \\| |// `.
/ \\||| : |||// \
/ _||||| -:- |||||- \
| | \\\ - /// | |
| \_| ''\---/'' | |
\ .-\__ `-` ___/-. /
___`. .' /--.--\ `. . ___
."" '< `.___\_<|>_/___.' >' "".
| | : `- \`.;`\ _ /`;.`/ -` : | |
\ \ `-. \_ __\ /__ _/ .-` / /
=====`-.____`-.___\_____/___.-`____.-'======
`=---=' `=---='
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BUG
*/
func main() {
if len(os.Args) < 2 {
//fmt.Println(`请不要直接运行本程序`)