feat(ssl): 实现自定义证书管理器并更新服务器配置
- 新增 LocalCertManager 结构体,实现自定义证书管理逻辑 - 更新服务器配置,支持自动 SSL 和 HTTP/2 - 修改证书缓存目录和服务器启动日志 - 更新测试静态网站配置,启用 SSL 并修改端口 - 调整 http-jump 配置,指向新的测试静态网站地址
This commit is contained in:
parent
9ff927d323
commit
eb64db6b30
|
@ -0,0 +1,5 @@
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIJXWPH+aT7P8WOVHJwGYLkZ9RPElFxDh3Upk0tdS5KYBoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAESXk7ds4TGd+mthl+9OlMbtPVCRohOU0SjZTQo2lgoaAPfmI35rsY
|
||||||
|
FBd1POrihCooK0l0NLEPurVTy07q6DRpUg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
|
@ -1,9 +1,9 @@
|
||||||
{
|
{
|
||||||
"name": "http-jump",
|
"name": "http-jump",
|
||||||
"server": "localhost",
|
"server": "www.teststatic.com",
|
||||||
"port": 8083,
|
"port": 80,
|
||||||
"directives":[
|
"directives":[
|
||||||
"Redirect https://playground.kingecg.top"
|
"Redirect https://www.teststatic.com:8088/"
|
||||||
],
|
],
|
||||||
"paths": [
|
"paths": [
|
||||||
]
|
]
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
"name": "teststatic",
|
"name": "teststatic",
|
||||||
"server": "www.teststatic.com",
|
"server": "www.teststatic.com",
|
||||||
"port": 8088,
|
"port": 8088,
|
||||||
|
"enable_ssl":true,
|
||||||
"paths": [
|
"paths": [
|
||||||
{
|
{
|
||||||
"path": "/",
|
"path": "/",
|
||||||
|
|
|
@ -5,17 +5,46 @@ import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
|
||||||
"git.pyer.club/kingecg/gohttpd/utils"
|
"git.pyer.club/kingecg/gohttpd/utils"
|
||||||
|
"git.pyer.club/kingecg/gologger"
|
||||||
|
"golang.org/x/crypto/acme"
|
||||||
"golang.org/x/crypto/acme/autocert"
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
|
||||||
var CertManager *autocert.Manager
|
type LocalCertManager struct {
|
||||||
|
*autocert.Manager
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
logger := gologger.GetLogger("autocert")
|
||||||
|
cert, err := l.Manager.GetCertificate(hello)
|
||||||
|
if err != nil {
|
||||||
|
logger.Error("GetCertificate", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return cert, nil
|
||||||
|
}
|
||||||
|
func (l *LocalCertManager) TLSConfig() *tls.Config {
|
||||||
|
return &tls.Config{
|
||||||
|
GetCertificate: l.GetCertificate,
|
||||||
|
NextProtos: []string{
|
||||||
|
"h2", "http/1.1", // enable HTTP/2
|
||||||
|
acme.ALPNProto, // enable tls-alpn ACME challenges
|
||||||
|
},
|
||||||
|
MinVersion: tls.VersionTLS10, // minimum TLS version
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var CertManager *LocalCertManager
|
||||||
|
|
||||||
func InitCertManager(certDir string) {
|
func InitCertManager(certDir string) {
|
||||||
CertManager = &autocert.Manager{
|
logger := gologger.GetLogger("autocert")
|
||||||
|
logger.Debug("InitCertManager")
|
||||||
|
l := &autocert.Manager{
|
||||||
Prompt: autocert.AcceptTOS,
|
Prompt: autocert.AcceptTOS,
|
||||||
HostPolicy: hostPolicy,
|
HostPolicy: hostPolicy,
|
||||||
Cache: autocert.DirCache(utils.NormalizePath(certDir)),
|
Cache: autocert.DirCache(utils.NormalizePath(certDir)),
|
||||||
}
|
}
|
||||||
|
CertManager = &LocalCertManager{l}
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetTlsConfig() *tls.Config {
|
func GetTlsConfig() *tls.Config {
|
||||||
|
|
|
@ -79,6 +79,7 @@ func (s *ServerListener) ServerCount() int {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *ServerListener) StartServer(name string) {
|
func (s *ServerListener) StartServer(name string) {
|
||||||
|
l := logger.GetLogger("ServerListener")
|
||||||
server, ok := s.servers[name]
|
server, ok := s.servers[name]
|
||||||
serverName := server.Conf.ServerName
|
serverName := server.Conf.ServerName
|
||||||
if !ok {
|
if !ok {
|
||||||
|
@ -112,9 +113,11 @@ func (s *ServerListener) StartServer(name string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if server.Conf.EnableSSL {
|
if server.Conf.EnableSSL {
|
||||||
|
l.Info("Server start with ssl enable:", name)
|
||||||
if server.Conf.CertFile != "" && server.Conf.KeyFile != "" {
|
if server.Conf.CertFile != "" && server.Conf.KeyFile != "" {
|
||||||
err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile)
|
err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile)
|
||||||
} else {
|
} else {
|
||||||
|
l.Info("Server start with auto ssl:", name)
|
||||||
server.Server.TLSConfig = GetTlsConfig()
|
server.Server.TLSConfig = GetTlsConfig()
|
||||||
err = server.ServeTLS(server.l, "", "")
|
err = server.ServeTLS(server.l, "", "")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue