perf: 优化证书申请速度和成功率，反代地址优化，google基本可以稳定请求。增加请求重试。

2024-10-22 16:21:35 +08:00 · 2024-10-22 16:21:35 +08:00 · 41d9c3ac83
parent a705182b85
commit 41d9c3ac83
11 changed files with 66 additions and 18 deletions
--- a/docs/guide/use/rerun/images/rerun.png
+++ b/docs/guide/use/rerun/images/rerun.png
--- a/docs/guide/use/rerun/index.md
+++ b/docs/guide/use/rerun/index.md
@ -0,0 +1,5 @@
 # 如何强制重新执行任务
 ## 强制重新执行任务
 ![](./images/rerun.png)
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@ -182,12 +182,19 @@ module.exports = async (client, userOpts) => {
    authorizations.forEach((authz) => {
        const d = authz.identifier.value;
        log(`authorization:domain = ${d}, value = ${JSON.stringify(authz)}`);
        if (authz.status === 'valid') {
            log(`[auto] [${d}] Authorization already has valid status, no need to complete challenges`);
            return;
        }
        let setd = false;
        // eslint-disable-next-line no-restricted-syntax
        for (const group of domainSets) {
            if (!group[d]) {
                group[d] = authz;
                setd = true;
                break;
            }
        }
        if (!setd) {
@ -197,6 +204,8 @@ module.exports = async (client, userOpts) => {
        }
    });
    // log(`domainSets:${JSON.stringify(domainSets)}`);
    const allChallengePromises = [];
    // eslint-disable-next-line no-restricted-syntax
    for (const domainSet of domainSets) {
@ -252,17 +261,34 @@ module.exports = async (client, userOpts) => {
                log(`证书申请失败${e.message}`);
                throw e;
            }
            finally {
                if (client.opts.sslProvider !== 'google') {
                    // letsencrypt 如果同时检出两个TXT记录，会以第一个为准，就会校验失败，所以需要提前删除
                    log(`清理challenge痕迹，length:${clearTasks.length}`);
                    try {
                        // eslint-disable-next-line no-await-in-loop
                        await runAllPromise(clearTasks);
                    }
                    catch (e) {
                        log('清理challenge失败');
                        log(e);
                    }
                }
            }
        }
    }
    finally {
-        log(`清理challenge痕迹，length:${clearTasks.length}`);
+        if (client.opts.sslProvider === 'google') {
-        try {
+            // google 相同的域名txt记录是一样的，不能提前删除，否则校验失败
            log(`清理challenge痕迹，length:${clearTasks.length}`);
            try {
            // eslint-disable-next-line no-await-in-loop
-            await runAllPromise(clearTasks);
+                await runAllPromise(clearTasks);
-        }
+            }
-        catch (e) {
+            catch (e) {
-            log('清理challenge失败');
+                log('清理challenge失败');
-            log(e);
+                log(e);
            }
        }
    }
--- a/packages/core/acme-client/src/client.js
+++ b/packages/core/acme-client/src/client.js
@ -558,6 +558,7 @@ class AcmeClient {
        const verifyFn = async (abort) => {
            if (this.opts.signal && this.opts.signal.aborted) {
                abort();
                throw new Error('用户取消');
            }
--- a/packages/core/acme-client/src/logger.js
+++ b/packages/core/acme-client/src/logger.js
@ -22,7 +22,7 @@ exports.setLogger = (fn) => {
 * @param {string} msg Message
 */
-exports.log = (msg) => {
+exports.log = (...msg) => {
-    debug(msg);
+    debug(...msg);
-    logger(msg);
+    logger(...msg);
 };
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@ -37,6 +37,7 @@ export type UrlMapping={
 */
 export interface ClientOptions {
    sslProvider:string;
    directoryUrl: string;
    accountKey: PrivateKeyBuffer | PrivateKeyString;
    accountUrl?: string;
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@ -89,12 +89,15 @@ export class AcmeService {
  }
  async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
    const mappings = {};
    if (this.sslProvider === "google") {
      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
    } else if (this.sslProvider === "letsencrypt") {
      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
    }
    const urlMapping: UrlMapping = {
      enabled: false,
-      mappings: {
+      mappings,
        "acme-v02.api.letsencrypt.org": this.options.reverseProxy || "le.px.certd.handfree.work",
        "dv.acme-v02.api.pki.goog": this.options.reverseProxy || "gg.px.certd.handfree.work",
      },
    };
    const conf = await this.getAccountConfig(email, urlMapping);
    if (conf.key == null) {
@ -119,6 +122,7 @@ export class AcmeService {
      }
    }
    const client = new acme.Client({
      sslProvider: this.sslProvider,
      directoryUrl: directoryUrl,
      accountKey: conf.key,
      accountUrl: conf.accountUrl,
@ -172,7 +176,7 @@ export class AcmeService {
      this.logger.info(`Would create TXT record "${fullRecord}" with value "${recordValue}"`);
      let domain = parseDomain(fullDomain);
-      this.logger.info("解析到域名domain=", domain);
+      this.logger.info("解析到域名domain=" + domain);
      if (domainsVerifyPlan) {
        //按照计划执行
--- a/packages/ui/certd-client/src/router/source/header.ts
+++ b/packages/ui/certd-client/src/router/source/header.ts
@ -1,7 +1,10 @@
 export const headerResource = [
  {
    title: "文档",
-    path: "https://certd.docmirror.cn"
+    path: "https://certd.docmirror.cn",
    meta: {
      icon: "ion:document-text-outline"
    },
  },
  {
    title: "源码",
--- a/packages/ui/certd-client/src/style/common.less
+++ b/packages/ui/certd-client/src/style/common.less
@ -170,6 +170,9 @@ h1, h2, h3, h4, h5, h6 {
  color: #1890ff;
 }
 .iconify{
    //font-size: 16px;
 }
 .icon-box {
  display: inline-flex;
--- a/packages/ui/certd-client/src/views/certd/pipeline/pipeline/index.vue
+++ b/packages/ui/certd-client/src/views/certd/pipeline/pipeline/index.vue
@ -101,8 +101,9 @@
                                  <fs-icon
                                    v-if="!editMode"
                                    class="pointer color-blue ml-2"
-                                    title="完全重新运行此步骤"
+                                    style="font-size: 16px"
-                                    icon="SyncOutlined"
+                                    title="强制重新执行此步骤"
                                    icon="icon-park-outline:replay-music"
                                    @click="run(item.id)"
                                  ></fs-icon>
                                </div>
--- a/packages/ui/certd-server/src/plugins/plugin-cloudflare/dns-provider.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-cloudflare/dns-provider.ts
@ -37,8 +37,12 @@ export class CloudflareDnsProvider extends AbstractDnsProvider<CloudflareRecord>
  }
  async getZoneId(domain: string) {
    this.logger.info('获取zoneId:', domain);
    const url = `https://api.cloudflare.com/client/v4/zones?name=${domain}`;
    const res = await this.doRequestApi(url, null, 'get');
    if (res.result.length === 0) {
      throw new Error(`未找到域名${domain}的zoneId`);
    }
    return res.result[0].id;
  }