From eb64db6b303ab072742c4f5899e0be526c8a3f41 Mon Sep 17 00:00:00 2001 From: kingecg Date: Tue, 24 Jun 2025 07:12:11 +0800 Subject: [PATCH] =?UTF-8?q?feat(ssl):=20=E5=AE=9E=E7=8E=B0=E8=87=AA?= =?UTF-8?q?=E5=AE=9A=E4=B9=89=E8=AF=81=E4=B9=A6=E7=AE=A1=E7=90=86=E5=99=A8?= =?UTF-8?q?=E5=B9=B6=E6=9B=B4=E6=96=B0=E6=9C=8D=E5=8A=A1=E5=99=A8=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 新增 LocalCertManager 结构体,实现自定义证书管理逻辑 - 更新服务器配置,支持自动 SSL 和 HTTP/2 - 修改证书缓存目录和服务器启动日志 - 更新测试静态网站配置,启用 SSL 并修改端口 - 调整 http-jump 配置,指向新的测试静态网站地址 --- certs/acme_account+key | 5 +++++ include/http-jump.json | 6 +++--- include/www.teststatic.com.json | 1 + server/autossl.go | 33 +++++++++++++++++++++++++++++++-- server/manager.go | 3 +++ 5 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 certs/acme_account+key diff --git a/certs/acme_account+key b/certs/acme_account+key new file mode 100644 index 0000000..9936b8b --- /dev/null +++ b/certs/acme_account+key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJXWPH+aT7P8WOVHJwGYLkZ9RPElFxDh3Upk0tdS5KYBoAoGCCqGSM49 +AwEHoUQDQgAESXk7ds4TGd+mthl+9OlMbtPVCRohOU0SjZTQo2lgoaAPfmI35rsY +FBd1POrihCooK0l0NLEPurVTy07q6DRpUg== +-----END EC PRIVATE KEY----- diff --git a/include/http-jump.json b/include/http-jump.json index e77ab69..94f5b45 100644 --- a/include/http-jump.json +++ b/include/http-jump.json @@ -1,9 +1,9 @@ { "name": "http-jump", - "server": "localhost", - "port": 8083, + "server": "www.teststatic.com", + "port": 80, "directives":[ - "Redirect https://playground.kingecg.top" + "Redirect https://www.teststatic.com:8088/" ], "paths": [ ] diff --git a/include/www.teststatic.com.json b/include/www.teststatic.com.json index 29240f6..59e567b 100644 --- a/include/www.teststatic.com.json +++ b/include/www.teststatic.com.json @@ -2,6 +2,7 @@ "name": "teststatic", "server": "www.teststatic.com", "port": 8088, + "enable_ssl":true, "paths": [ { "path": "/", diff --git a/server/autossl.go b/server/autossl.go index 9de31b3..0e4f52d 100644 --- a/server/autossl.go +++ b/server/autossl.go @@ -5,17 +5,46 @@ import ( "crypto/tls" "git.pyer.club/kingecg/gohttpd/utils" + "git.pyer.club/kingecg/gologger" + "golang.org/x/crypto/acme" "golang.org/x/crypto/acme/autocert" ) -var CertManager *autocert.Manager +type LocalCertManager struct { + *autocert.Manager +} + +func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { + logger := gologger.GetLogger("autocert") + cert, err := l.Manager.GetCertificate(hello) + if err != nil { + logger.Error("GetCertificate", err) + return nil, err + } + return cert, nil +} +func (l *LocalCertManager) TLSConfig() *tls.Config { + return &tls.Config{ + GetCertificate: l.GetCertificate, + NextProtos: []string{ + "h2", "http/1.1", // enable HTTP/2 + acme.ALPNProto, // enable tls-alpn ACME challenges + }, + MinVersion: tls.VersionTLS10, // minimum TLS version + } +} + +var CertManager *LocalCertManager func InitCertManager(certDir string) { - CertManager = &autocert.Manager{ + logger := gologger.GetLogger("autocert") + logger.Debug("InitCertManager") + l := &autocert.Manager{ Prompt: autocert.AcceptTOS, HostPolicy: hostPolicy, Cache: autocert.DirCache(utils.NormalizePath(certDir)), } + CertManager = &LocalCertManager{l} } func GetTlsConfig() *tls.Config { diff --git a/server/manager.go b/server/manager.go index 0d72642..4506360 100644 --- a/server/manager.go +++ b/server/manager.go @@ -79,6 +79,7 @@ func (s *ServerListener) ServerCount() int { } func (s *ServerListener) StartServer(name string) { + l := logger.GetLogger("ServerListener") server, ok := s.servers[name] serverName := server.Conf.ServerName if !ok { @@ -112,9 +113,11 @@ func (s *ServerListener) StartServer(name string) { } if server.Conf.EnableSSL { + l.Info("Server start with ssl enable:", name) if server.Conf.CertFile != "" && server.Conf.KeyFile != "" { err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile) } else { + l.Info("Server start with auto ssl:", name) server.Server.TLSConfig = GetTlsConfig() err = server.ServeTLS(server.l, "", "") }