chore: 优化https server重启

2024-10-26 18:01:06 +08:00 · 2024-10-26 18:01:06 +08:00 · be2f0aa435
parent 513a5b49c1
commit be2f0aa435
7 changed files with 78 additions and 58 deletions
--- a/docs/guide/use/https/images/3.png
+++ b/docs/guide/use/https/images/3.png
--- a/docs/guide/use/https/images/ok.png
+++ b/docs/guide/use/https/images/ok.png
--- a/docs/guide/use/https/index.md
+++ b/docs/guide/use/https/index.md
@ -17,20 +17,22 @@ CERTD_HTTPS_port=7002
 参考Certd顶部的创建证书流水线教程

 ### 2、配置复制到本机任务
+将证书复制到certd的证书安装位置
+
 ![](./images/1.png)
 ![](./images/2.png)

 ### 3、配置重启Certd任务
-:::warning
-1. 重启Certd插件，并不具备重启自己的能力，而是`杀死自己`，然后靠`Docker`来重启自己
-2. 源码部署情况下，需要通过`执行主机脚本`插件来自己写脚本重启`certd`
-3. 建议将本流水线的触发时间与其他流水线时间错开，避免重启时影响其他流水线的执行
-:::
-
+重启certd的https server，让证书生效
 ![img.png](./images/3.png)


+
 ### 4、配置定时任务
 每天定时执行，最终效果如下

-![](./images/ok.png)
+![](./images/ok.png)
+
+:::warning   
+建议将本流水线的触发时间与其他流水线时间错开，避免重启时影响其他流水线的执行   
+:::
--- a/packages/core/basic/src/utils/util.request.ts
+++ b/packages/core/basic/src/utils/util.request.ts
@ -86,7 +86,7 @@ export function createAxiosService({ logger }: { logger: Logger }) {
  service.interceptors.request.use(
    (config: any) => {
      logger.info(`http request:${config.url}，method:${config.method}`);
-      if (config.logParams !== false) {
+      if (config.logParams !== false && config.params) {
        logger.info(`params:${JSON.stringify(config.params)}`);
      }
      if (config.timeout == null) {
@ -182,7 +182,7 @@ export function createAxiosService({ logger }: { logger: Logger }) {

 export const http = createAxiosService({ logger }) as HttpClient;
 export type HttpClientResponse<R> = any;
-export type HttpRequestConfig<D=any> = {
+export type HttpRequestConfig<D = any> = {
  skipSslVerify?: boolean;
  skipCheckRes?: boolean;
  logParams?: boolean;
--- a/packages/ui/certd-server/src/modules/auto/auto-z.ts
+++ b/packages/ui/certd-server/src/modules/auto/auto-z.ts
@ -4,7 +4,7 @@ import { SysInstallInfo, SysSettingsService } from '@certd/lib-server';
 import { getVersion } from '../../utils/version.js';
 import dayjs from 'dayjs';
 import { Application } from '@midwayjs/koa';
-import { HttpsServerOptions, startHttpsServer } from './https/server.js';
+import { httpsServer, HttpsServerOptions } from './https/server.js';

@Autoload()
@Scope(ScopeEnum.Singleton)
@ -41,7 +41,7 @@ export class AutoZPrint {
      logger.info('Https server is not enabled');
      return;
    }
-    await startHttpsServer({
+    httpsServer.start({
      ...this.httpsConfig,
      app: this.app,
    });
--- a/packages/ui/certd-server/src/modules/auto/https/server.ts
+++ b/packages/ui/certd-server/src/modules/auto/https/server.ts
@ -12,38 +12,67 @@ export type HttpsServerOptions = {
  cert: string;
 };

-export async function startHttpsServer(opts: HttpsServerOptions) {
-  logger.info('=========================================');
-  if (!opts.key || !opts.cert) {
-    logger.error('证书路径未配置，无法启动https服务，请先配置：koa.https.key和koa.https.cert');
-    return;
+export class HttpsServer {
+  server: https.Server;
+  opts: HttpsServerOptions;
+  constructor() {}
+
+  async restart() {
+    await this.close();
+    return this.start(this.opts);
  }

-  if (!fs.existsSync(opts.key) || !fs.existsSync(opts.cert)) {
-    logger.info('证书文件不存在,将生成自签名证书');
-    createSelfCertificate({
-      crtPath: opts.cert,
-      keyPath: opts.key,
+  async close() {
+    return new Promise((resolve, reject) => {
+      this.server.close(() => {
+        resolve(true);
+      });
    });
  }
-  logger.info('准备启动https服务');
-  const httpServer = https.createServer(
-    {
-      cert: fs.readFileSync(opts.cert),
-      key: fs.readFileSync(opts.key),
-    },
-    opts.app.callback()
-  );
-  const hostname = '0.0.0.0';
-  // A function that runs in the context of the http server
-  // and reports what type of server listens on which port
-  function listeningReporter() {
-    // `this` refers to the http server here
-    logger.info(`Https server is listening on https://${hostname}:${opts.port}`);
-  }
-  try {
-    httpServer.listen(opts.port, hostname, listeningReporter);
-  } catch (e) {
-    logger.error('启动https服务失败', e);
+
+  start(opts: HttpsServerOptions) {
+    if (!opts) {
+      logger.error('https配置不能为空');
+      return;
+    }
+    this.opts = opts;
+    logger.info('=========================================');
+    if (!opts.key || !opts.cert) {
+      logger.error('证书路径未配置，无法启动https服务，请先配置：koa.https.key和koa.https.cert');
+      return;
+    }
+
+    if (!fs.existsSync(opts.key) || !fs.existsSync(opts.cert)) {
+      logger.info('证书文件不存在,将生成自签名证书');
+      createSelfCertificate({
+        crtPath: opts.cert,
+        keyPath: opts.key,
+      });
+    }
+    logger.info('准备启动https服务');
+    const httpServer = https.createServer(
+      {
+        cert: fs.readFileSync(opts.cert),
+        key: fs.readFileSync(opts.key),
+      },
+      opts.app.callback()
+    );
+    this.server = httpServer;
+    const hostname = '0.0.0.0';
+    // A function that runs in the context of the http server
+    // and reports what type of server listens on which port
+    function listeningReporter() {
+      // `this` refers to the http server here
+      logger.info(`Https server is listening on https://${hostname}:${opts.port}`);
+    }
+
+    try {
+      httpServer.listen(opts.port, hostname, listeningReporter);
+      return httpServer;
+    } catch (e) {
+      logger.error('启动https服务失败', e);
+    }
  }
 }
+
+export const httpsServer = new HttpsServer();
--- a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts
@ -1,10 +1,11 @@
-import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy } from '@certd/pipeline';
+import { httpsServer } from '../../../modules/auto/https/server.js';

@IsTaskPlugin({
  name: 'RestartCertd',
-  title: '重启Certd',
+  title: '重启 Certd',
  icon: 'mdi:restart',
-  desc: '【仅管理员】延迟一定时间后自动杀死自己，然后通过Docker来自动重启',
+  desc: '【仅管理员可用】 重启 certd的https服务，用于更新 Certd 的 ssl 证书',
  group: pluginGroups.other.key,
  default: {
    strategy: {
@ -13,26 +14,14 @@ import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput
  },
 })
 export class RestartCertdPlugin extends AbstractTaskPlugin {
-  @TaskInput({
-    title: '延迟时间',
-    value: 30,
-    component: {
-      placeholder: '30',
-    },
-    helper: '延迟多少秒后执行',
-    required: true,
-  })
-  delay = 30;
  async onInstance() {}
  async execute(): Promise<void> {
    if (!this.isAdmin()) {
      throw new Error('只有管理员才能运行此任务');
    }
-    this.logger.info(`Certd 将在 ${this.delay} 秒后关闭`);
-    setTimeout(() => {
-      this.logger.info('关闭 Certd');
-      process.exit(1);
-    }, this.delay * 1000);
+    this.logger.info('Certd https server 将在 3 秒后重启');
+    await this.ctx.utils.sleep(3000);
+    await httpsServer.restart();
  }
 }
 new RestartCertdPlugin();