From 533df1b4b76634db3850d045b96ca5da2de495e8 Mon Sep 17 00:00:00 2001 From: v-me-50 Date: Wed, 30 Jul 2025 09:46:10 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=90=E4=BF=AE=E5=A4=8D=E3=80=91=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D=E9=83=A8=E7=BD=B2=E5=88=B0=E9=98=BF=E9=87=8C=E4=BA=91?= =?UTF-8?q?waf=E5=A4=B1=E8=B4=A5=E5=AF=BC=E8=87=B4panic=20=E3=80=90?= =?UTF-8?q?=E8=B0=83=E6=95=B4=E3=80=91https=E7=9B=91=E6=8E=A7=E7=A6=81?= =?UTF-8?q?=E6=AD=A2=E9=87=8D=E5=AE=9A=E5=90=91=20=E3=80=90=E8=B0=83?= =?UTF-8?q?=E6=95=B4=E3=80=91https=E7=9B=91=E6=8E=A7=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E9=87=8D=E8=AF=953=E6=AC=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/internal/cert/deploy/btpanel.go | 2 +- .../cert/deploy/client/aliyun/aliyunWaf.go | 82 ++++++++++--------- backend/internal/monitor/check.go | 20 ++++- backend/internal/setting/setting.go | 2 +- cmd/main.go | 24 ++++++ 5 files changed, 88 insertions(+), 42 deletions(-) diff --git a/backend/internal/cert/deploy/btpanel.go b/backend/internal/cert/deploy/btpanel.go index 06193de..72a0d50 100644 --- a/backend/internal/cert/deploy/btpanel.go +++ b/backend/internal/cert/deploy/btpanel.go @@ -243,7 +243,7 @@ func BtPanelSiteList(providerID string) ([]response.AccessSiteList, error) { data.Set("cert_list", "") siteList, err := RequestBt(&data, "POST", providerID, "ssl?action=GetSiteDomain") if err != nil { - fmt.Println("获取网站列表失败:", err) + //fmt.Println("获取网站列表失败:", err) return nil, err } diff --git a/backend/internal/cert/deploy/client/aliyun/aliyunWaf.go b/backend/internal/cert/deploy/client/aliyun/aliyunWaf.go index fa26822..763a3be 100644 --- a/backend/internal/cert/deploy/client/aliyun/aliyunWaf.go +++ b/backend/internal/cert/deploy/client/aliyun/aliyunWaf.go @@ -18,7 +18,7 @@ type AliyunWafClient struct { func ClientAliWaf(accessKey, accessSecret, region string) (_result *AliyunWafClient, err error) { //region:[cn-hangzhou,ap-southeast-1] - + config := &openapi.Config{ AccessKeyId: tea.String(accessKey), AccessKeySecret: tea.String(accessSecret), @@ -28,7 +28,7 @@ func ClientAliWaf(accessKey, accessSecret, region string) (_result *AliyunWafCli if err != nil { return nil, err } - + aliyunwafClient := &AliyunWafClient{ Client: *client, accessKey: accessKey, @@ -56,7 +56,7 @@ func (client *AliyunWafClient) ICreateCerts(certName, certContent, certKey, inst "CertKey": certKey, "InstanceId": instanceId, } - + req := &openapi.OpenApiRequest{ Query: openapiutil.Query(query), } @@ -71,7 +71,7 @@ func (client *AliyunWafClient) ICreateCerts(certName, certContent, certKey, inst ReqBodyType: tea.String("formData"), BodyType: tea.String("json"), } - + createCertsResponse := &CreateCertsResponse{} runtime := &util.RuntimeOptions{} _body, _err := client.CallApi(params, req, runtime) @@ -88,8 +88,11 @@ func (client *AliyunWafClient) IGetInstanceId() (instanceId *string, _err error) RegionId: tea.String(client.region), } response, _err := client.DescribeInstance(req) + if _err != nil { + return nil, _err + } instanceId = response.Body.InstanceId - + return instanceId, _err } @@ -100,8 +103,11 @@ func (client *AliyunWafClient) IDescribeDomainDetail(instanceId, domain string) Domain: tea.String(domain), } response, _err := client.DescribeDomainDetail(req) + if _err != nil { + return nil, _err + } describeDomainDetailResponseBody = response.Body - + return describeDomainDetailResponseBody, _err } @@ -124,56 +130,56 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa if from == nil { return to } - + if from.Listen != nil { if to.Listen == nil { to.Listen = &aliyunwaf.ModifyDomainRequestListen{} } - + if from.Listen.CipherSuite != nil { to.Listen.CipherSuite = tea.Int32(int32(*from.Listen.CipherSuite)) } - + if from.Listen.CustomCiphers != nil { to.Listen.CustomCiphers = from.Listen.CustomCiphers } - + if from.Listen.EnableTLSv3 != nil { to.Listen.EnableTLSv3 = from.Listen.EnableTLSv3 } - + if from.Listen.ExclusiveIp != nil { to.Listen.ExclusiveIp = from.Listen.ExclusiveIp } - + if from.Listen.FocusHttps != nil { to.Listen.FocusHttps = from.Listen.FocusHttps } - + if from.Listen.Http2Enabled != nil { to.Listen.Http2Enabled = from.Listen.Http2Enabled } - + if from.Listen.IPv6Enabled != nil { to.Listen.IPv6Enabled = from.Listen.IPv6Enabled } - + if from.Listen.ProtectionResource != nil { to.Listen.ProtectionResource = from.Listen.ProtectionResource } - + if from.Listen.TLSVersion != nil { to.Listen.TLSVersion = from.Listen.TLSVersion } - + if from.Listen.XffHeaderMode != nil { to.Listen.XffHeaderMode = tea.Int32(int32(*from.Listen.XffHeaderMode)) } - + if from.Listen.XffHeaders != nil { to.Listen.XffHeaders = from.Listen.XffHeaders } - + if from.Listen.HttpPorts != nil { to.Listen.HttpPorts = make([]*int32, len(from.Listen.HttpPorts)) for i, port := range from.Listen.HttpPorts { @@ -182,7 +188,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa } } } - + if from.Listen.HttpsPorts != nil { to.Listen.HttpsPorts = make([]*int32, len(from.Listen.HttpsPorts)) for i, port := range from.Listen.HttpsPorts { @@ -191,62 +197,62 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa } } } - + } - + if from.Redirect != nil { if to.Redirect == nil { to.Redirect = &aliyunwaf.ModifyDomainRequestRedirect{} } - + if from.Redirect.ConnectTimeout != nil { to.Redirect.ConnectTimeout = from.Redirect.ConnectTimeout } - + if from.Redirect.FocusHttpBackend != nil { to.Redirect.FocusHttpBackend = from.Redirect.FocusHttpBackend } - + if from.Redirect.Keepalive != nil { to.Redirect.Keepalive = from.Redirect.Keepalive } - + if from.Redirect.KeepaliveRequests != nil { to.Redirect.KeepaliveRequests = from.Redirect.KeepaliveRequests } - + if from.Redirect.KeepaliveTimeout != nil { to.Redirect.KeepaliveTimeout = from.Redirect.KeepaliveTimeout } - + if from.Redirect.Loadbalance != nil { to.Redirect.Loadbalance = from.Redirect.Loadbalance } - + if from.Redirect.ReadTimeout != nil { to.Redirect.ReadTimeout = from.Redirect.ReadTimeout } - + if from.Redirect.Retry != nil { to.Redirect.Retry = from.Redirect.Retry } - + if from.Redirect.SniEnabled != nil { to.Redirect.SniEnabled = from.Redirect.SniEnabled } - + if from.Redirect.SniHost != nil { to.Redirect.SniHost = from.Redirect.SniHost } - + if from.Redirect.WriteTimeout != nil { to.Redirect.WriteTimeout = from.Redirect.WriteTimeout } - + if from.Redirect.XffProto != nil { to.Redirect.XffProto = from.Redirect.XffProto } - + if from.Redirect.Backends != nil { to.Redirect.Backends = make([]*string, len(from.Redirect.Backends)) for i, backend := range from.Redirect.Backends { @@ -255,7 +261,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa } } } - + if from.Redirect.BackupBackends != nil { to.Redirect.BackupBackends = make([]*string, len(from.Redirect.BackupBackends)) for i, backend := range from.Redirect.BackupBackends { @@ -264,7 +270,7 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa } } } - + if from.Redirect.RequestHeaders != nil { to.Redirect.RequestHeaders = make([]*aliyunwaf.ModifyDomainRequestRedirectRequestHeaders, len(from.Redirect.RequestHeaders)) for i, header := range from.Redirect.RequestHeaders { @@ -277,6 +283,6 @@ func assignDomain(from *aliyunwaf.DescribeDomainDetailResponseBody, to *aliyunwa } } } - + return to } diff --git a/backend/internal/monitor/check.go b/backend/internal/monitor/check.go index 2b395af..d3da881 100644 --- a/backend/internal/monitor/check.go +++ b/backend/internal/monitor/check.go @@ -132,18 +132,34 @@ func CheckHttps(target string, advanceDay int) (result *CertInfo, err error) { // 构建 HTTP 客户端 client := &http.Client{ + // 禁止重定向,确保获取到原始证书链 + CheckRedirect: func(req *http.Request, via []*http.Request) error { + // 返回错误以阻止重定向 + return http.ErrUseLastResponse + }, Transport: &http.Transport{ TLSClientConfig: &tls.Config{ InsecureSkipVerify: true, }, }, - Timeout: 5 * time.Second, + //Timeout: 5 * time.Second, } // 发送请求 resp, err := client.Get(url) if err != nil { - return nil, fmt.Errorf("无法建立 HTTPS 连接:%v", err) + // 如果无法建立 HTTPS 连接,重试3次 + retryCount := 3 + for i := 0; i < retryCount; i++ { + resp, err = client.Get(url) + if err == nil { + break // 成功则退出重试 + } + time.Sleep(1 * time.Second) // 等待1秒后重试 + } + if err != nil { + return nil, fmt.Errorf("无法建立 HTTPS 连接:%v", err) + } } defer resp.Body.Close() diff --git a/backend/internal/setting/setting.go b/backend/internal/setting/setting.go index 033ed37..8c0997c 100644 --- a/backend/internal/setting/setting.go +++ b/backend/internal/setting/setting.go @@ -108,7 +108,7 @@ func Save(setting *Setting) error { public.TimeOut = setting.Timeout restart = true } - if setting.Https != "" && setting.Https != public.GetSettingIgnoreError("https") { + if setting.Https != "" { if setting.Https == "1" { if setting.Key == "" || setting.Cert == "" { return fmt.Errorf("key or cert is empty") diff --git a/cmd/main.go b/cmd/main.go index 10c0ebd..5de52a2 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -28,6 +28,30 @@ var envVars = map[string]string{ "scheduler": "start", } +/* + _ooOoo_ + o8888888o + 88" . "88 + (| -_- |) + O\ = /O + ____/`---'\____ + .' \\| |// `. + / \\||| : |||// \ + / _||||| -:- |||||- \ + | | \\\ - /// | | + | \_| ''\---/'' | | + \ .-\__ `-` ___/-. / + ___`. .' /--.--\ `. . ___ + ."" '< `.___\_<|>_/___.' >' "". + | | : `- \`.;`\ _ /`;.`/ -` : | | + \ \ `-. \_ __\ /__ _/ .-` / / +=====`-.____`-.___\_____/___.-`____.-'====== + `=---=' `=---=' + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + 佛祖保佑 永无BUG +*/ + func main() { if len(os.Args) < 2 { //fmt.Println(`请不要直接运行本程序`)