feat(ssl): 实现自定义证书管理器并更新服务器配置

- 新增 LocalCertManager 结构体,实现自定义证书管理逻辑
- 更新服务器配置,支持自动 SSL 和 HTTP/2
- 修改证书缓存目录和服务器启动日志
- 更新测试静态网站配置,启用 SSL 并修改端口
- 调整 http-jump 配置,指向新的测试静态网站地址
This commit is contained in:
kingecg 2025-06-24 07:12:11 +08:00
parent 9ff927d323
commit eb64db6b30
5 changed files with 43 additions and 5 deletions

5
certs/acme_account+key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIJXWPH+aT7P8WOVHJwGYLkZ9RPElFxDh3Upk0tdS5KYBoAoGCCqGSM49
AwEHoUQDQgAESXk7ds4TGd+mthl+9OlMbtPVCRohOU0SjZTQo2lgoaAPfmI35rsY
FBd1POrihCooK0l0NLEPurVTy07q6DRpUg==
-----END EC PRIVATE KEY-----

View File

@ -1,9 +1,9 @@
{ {
"name": "http-jump", "name": "http-jump",
"server": "localhost", "server": "www.teststatic.com",
"port": 8083, "port": 80,
"directives":[ "directives":[
"Redirect https://playground.kingecg.top" "Redirect https://www.teststatic.com:8088/"
], ],
"paths": [ "paths": [
] ]

View File

@ -2,6 +2,7 @@
"name": "teststatic", "name": "teststatic",
"server": "www.teststatic.com", "server": "www.teststatic.com",
"port": 8088, "port": 8088,
"enable_ssl":true,
"paths": [ "paths": [
{ {
"path": "/", "path": "/",

View File

@ -5,17 +5,46 @@ import (
"crypto/tls" "crypto/tls"
"git.pyer.club/kingecg/gohttpd/utils" "git.pyer.club/kingecg/gohttpd/utils"
"git.pyer.club/kingecg/gologger"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert" "golang.org/x/crypto/acme/autocert"
) )
var CertManager *autocert.Manager type LocalCertManager struct {
*autocert.Manager
}
func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
logger := gologger.GetLogger("autocert")
cert, err := l.Manager.GetCertificate(hello)
if err != nil {
logger.Error("GetCertificate", err)
return nil, err
}
return cert, nil
}
func (l *LocalCertManager) TLSConfig() *tls.Config {
return &tls.Config{
GetCertificate: l.GetCertificate,
NextProtos: []string{
"h2", "http/1.1", // enable HTTP/2
acme.ALPNProto, // enable tls-alpn ACME challenges
},
MinVersion: tls.VersionTLS10, // minimum TLS version
}
}
var CertManager *LocalCertManager
func InitCertManager(certDir string) { func InitCertManager(certDir string) {
CertManager = &autocert.Manager{ logger := gologger.GetLogger("autocert")
logger.Debug("InitCertManager")
l := &autocert.Manager{
Prompt: autocert.AcceptTOS, Prompt: autocert.AcceptTOS,
HostPolicy: hostPolicy, HostPolicy: hostPolicy,
Cache: autocert.DirCache(utils.NormalizePath(certDir)), Cache: autocert.DirCache(utils.NormalizePath(certDir)),
} }
CertManager = &LocalCertManager{l}
} }
func GetTlsConfig() *tls.Config { func GetTlsConfig() *tls.Config {

View File

@ -79,6 +79,7 @@ func (s *ServerListener) ServerCount() int {
} }
func (s *ServerListener) StartServer(name string) { func (s *ServerListener) StartServer(name string) {
l := logger.GetLogger("ServerListener")
server, ok := s.servers[name] server, ok := s.servers[name]
serverName := server.Conf.ServerName serverName := server.Conf.ServerName
if !ok { if !ok {
@ -112,9 +113,11 @@ func (s *ServerListener) StartServer(name string) {
} }
if server.Conf.EnableSSL { if server.Conf.EnableSSL {
l.Info("Server start with ssl enable:", name)
if server.Conf.CertFile != "" && server.Conf.KeyFile != "" { if server.Conf.CertFile != "" && server.Conf.KeyFile != "" {
err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile) err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile)
} else { } else {
l.Info("Server start with auto ssl:", name)
server.Server.TLSConfig = GetTlsConfig() server.Server.TLSConfig = GetTlsConfig()
err = server.ServeTLS(server.l, "", "") err = server.ServeTLS(server.l, "", "")
} }