diff --git a/docs/guide/use/https/images/3.png b/docs/guide/use/https/images/3.png index 3e25793f..a4a42b1b 100644 Binary files a/docs/guide/use/https/images/3.png and b/docs/guide/use/https/images/3.png differ diff --git a/docs/guide/use/https/images/ok.png b/docs/guide/use/https/images/ok.png index 3ad9c8df..4d52b215 100644 Binary files a/docs/guide/use/https/images/ok.png and b/docs/guide/use/https/images/ok.png differ diff --git a/docs/guide/use/https/index.md b/docs/guide/use/https/index.md index d6b18e71..5205f988 100644 --- a/docs/guide/use/https/index.md +++ b/docs/guide/use/https/index.md @@ -17,20 +17,22 @@ CERTD_HTTPS_port=7002 参考Certd顶部的创建证书流水线教程 ### 2、配置复制到本机任务 +将证书复制到certd的证书安装位置 + ![](./images/1.png) ![](./images/2.png) ### 3、配置重启Certd任务 -:::warning -1. 重启Certd插件,并不具备重启自己的能力,而是`杀死自己`,然后靠`Docker`来重启自己 -2. 源码部署情况下,需要通过`执行主机脚本`插件来自己写脚本重启`certd` -3. 建议将本流水线的触发时间与其他流水线时间错开,避免重启时影响其他流水线的执行 -::: - +重启certd的https server,让证书生效 ![img.png](./images/3.png) + ### 4、配置定时任务 每天定时执行,最终效果如下 -![](./images/ok.png) \ No newline at end of file +![](./images/ok.png) + +:::warning +建议将本流水线的触发时间与其他流水线时间错开,避免重启时影响其他流水线的执行 +::: \ No newline at end of file diff --git a/packages/core/basic/src/utils/util.request.ts b/packages/core/basic/src/utils/util.request.ts index 30503771..9810e7f7 100644 --- a/packages/core/basic/src/utils/util.request.ts +++ b/packages/core/basic/src/utils/util.request.ts @@ -86,7 +86,7 @@ export function createAxiosService({ logger }: { logger: Logger }) { service.interceptors.request.use( (config: any) => { logger.info(`http request:${config.url},method:${config.method}`); - if (config.logParams !== false) { + if (config.logParams !== false && config.params) { logger.info(`params:${JSON.stringify(config.params)}`); } if (config.timeout == null) { @@ -182,7 +182,7 @@ export function createAxiosService({ logger }: { logger: Logger }) { export const http = createAxiosService({ logger }) as HttpClient; export type HttpClientResponse = any; -export type HttpRequestConfig = { +export type HttpRequestConfig = { skipSslVerify?: boolean; skipCheckRes?: boolean; logParams?: boolean; diff --git a/packages/ui/certd-server/src/modules/auto/auto-z.ts b/packages/ui/certd-server/src/modules/auto/auto-z.ts index 9a222cfa..d064211b 100644 --- a/packages/ui/certd-server/src/modules/auto/auto-z.ts +++ b/packages/ui/certd-server/src/modules/auto/auto-z.ts @@ -4,7 +4,7 @@ import { SysInstallInfo, SysSettingsService } from '@certd/lib-server'; import { getVersion } from '../../utils/version.js'; import dayjs from 'dayjs'; import { Application } from '@midwayjs/koa'; -import { HttpsServerOptions, startHttpsServer } from './https/server.js'; +import { httpsServer, HttpsServerOptions } from './https/server.js'; @Autoload() @Scope(ScopeEnum.Singleton) @@ -41,7 +41,7 @@ export class AutoZPrint { logger.info('Https server is not enabled'); return; } - await startHttpsServer({ + httpsServer.start({ ...this.httpsConfig, app: this.app, }); diff --git a/packages/ui/certd-server/src/modules/auto/https/server.ts b/packages/ui/certd-server/src/modules/auto/https/server.ts index 8a4954ba..f654c639 100644 --- a/packages/ui/certd-server/src/modules/auto/https/server.ts +++ b/packages/ui/certd-server/src/modules/auto/https/server.ts @@ -12,38 +12,67 @@ export type HttpsServerOptions = { cert: string; }; -export async function startHttpsServer(opts: HttpsServerOptions) { - logger.info('========================================='); - if (!opts.key || !opts.cert) { - logger.error('证书路径未配置,无法启动https服务,请先配置:koa.https.key和koa.https.cert'); - return; +export class HttpsServer { + server: https.Server; + opts: HttpsServerOptions; + constructor() {} + + async restart() { + await this.close(); + return this.start(this.opts); } - if (!fs.existsSync(opts.key) || !fs.existsSync(opts.cert)) { - logger.info('证书文件不存在,将生成自签名证书'); - createSelfCertificate({ - crtPath: opts.cert, - keyPath: opts.key, + async close() { + return new Promise((resolve, reject) => { + this.server.close(() => { + resolve(true); + }); }); } - logger.info('准备启动https服务'); - const httpServer = https.createServer( - { - cert: fs.readFileSync(opts.cert), - key: fs.readFileSync(opts.key), - }, - opts.app.callback() - ); - const hostname = '0.0.0.0'; - // A function that runs in the context of the http server - // and reports what type of server listens on which port - function listeningReporter() { - // `this` refers to the http server here - logger.info(`Https server is listening on https://${hostname}:${opts.port}`); - } - try { - httpServer.listen(opts.port, hostname, listeningReporter); - } catch (e) { - logger.error('启动https服务失败', e); + + start(opts: HttpsServerOptions) { + if (!opts) { + logger.error('https配置不能为空'); + return; + } + this.opts = opts; + logger.info('========================================='); + if (!opts.key || !opts.cert) { + logger.error('证书路径未配置,无法启动https服务,请先配置:koa.https.key和koa.https.cert'); + return; + } + + if (!fs.existsSync(opts.key) || !fs.existsSync(opts.cert)) { + logger.info('证书文件不存在,将生成自签名证书'); + createSelfCertificate({ + crtPath: opts.cert, + keyPath: opts.key, + }); + } + logger.info('准备启动https服务'); + const httpServer = https.createServer( + { + cert: fs.readFileSync(opts.cert), + key: fs.readFileSync(opts.key), + }, + opts.app.callback() + ); + this.server = httpServer; + const hostname = '0.0.0.0'; + // A function that runs in the context of the http server + // and reports what type of server listens on which port + function listeningReporter() { + // `this` refers to the http server here + logger.info(`Https server is listening on https://${hostname}:${opts.port}`); + } + + try { + httpServer.listen(opts.port, hostname, listeningReporter); + return httpServer; + } catch (e) { + logger.error('启动https服务失败', e); + } } } + +export const httpsServer = new HttpsServer(); diff --git a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts index 41cb5456..1813eab8 100644 --- a/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts +++ b/packages/ui/certd-server/src/plugins/plugin-other/plugins/plugin-restart.ts @@ -1,10 +1,11 @@ -import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline'; +import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy } from '@certd/pipeline'; +import { httpsServer } from '../../../modules/auto/https/server.js'; @IsTaskPlugin({ name: 'RestartCertd', - title: '重启Certd', + title: '重启 Certd', icon: 'mdi:restart', - desc: '【仅管理员】延迟一定时间后自动杀死自己,然后通过Docker来自动重启', + desc: '【仅管理员可用】 重启 certd的https服务,用于更新 Certd 的 ssl 证书', group: pluginGroups.other.key, default: { strategy: { @@ -13,26 +14,14 @@ import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput }, }) export class RestartCertdPlugin extends AbstractTaskPlugin { - @TaskInput({ - title: '延迟时间', - value: 30, - component: { - placeholder: '30', - }, - helper: '延迟多少秒后执行', - required: true, - }) - delay = 30; async onInstance() {} async execute(): Promise { if (!this.isAdmin()) { throw new Error('只有管理员才能运行此任务'); } - this.logger.info(`Certd 将在 ${this.delay} 秒后关闭`); - setTimeout(() => { - this.logger.info('关闭 Certd'); - process.exit(1); - }, this.delay * 1000); + this.logger.info('Certd https server 将在 3 秒后重启'); + await this.ctx.utils.sleep(3000); + await httpsServer.restart(); } } new RestartCertdPlugin();