feat(ssl): 实现自定义证书管理器并更新服务器配置

- 新增 LocalCertManager 结构体，实现自定义证书管理逻辑 - 更新服务器配置，支持自动 SSL 和 HTTP/2 - 修改证书缓存目录和服务器启动日志 - 更新测试静态网站配置，启用 SSL 并修改端口 - 调整 http-jump 配置，指向新的测试静态网站地址
2025-06-24 07:12:11 +08:00 · 2025-06-24 07:12:11 +08:00 · eb64db6b30
parent 9ff927d323
commit eb64db6b30
5 changed files with 43 additions and 5 deletions
--- a/certs/acme_account+key
+++ b/certs/acme_account+key
@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJXWPH+aT7P8WOVHJwGYLkZ9RPElFxDh3Upk0tdS5KYBoAoGCCqGSM49
+AwEHoUQDQgAESXk7ds4TGd+mthl+9OlMbtPVCRohOU0SjZTQo2lgoaAPfmI35rsY
+FBd1POrihCooK0l0NLEPurVTy07q6DRpUg==
+-----END EC PRIVATE KEY-----
--- a/include/http-jump.json
+++ b/include/http-jump.json
@ -1,9 +1,9 @@
 {
    "name": "http-jump",
-    "server": "localhost",
-    "port": 8083,
+    "server": "www.teststatic.com",
+    "port": 80,
    "directives":[
-        "Redirect https://playground.kingecg.top"
+        "Redirect https://www.teststatic.com:8088/"
    ],
    "paths": [
    ]
--- a/include/www.teststatic.com.json
+++ b/include/www.teststatic.com.json
@ -2,6 +2,7 @@
    "name": "teststatic",
    "server": "www.teststatic.com",
    "port": 8088,
+    "enable_ssl":true,
    "paths": [
        {
            "path": "/",
--- a/server/autossl.go
+++ b/server/autossl.go
@ -5,17 +5,46 @@ import (
 	"crypto/tls"

 	"git.pyer.club/kingecg/gohttpd/utils"
+	"git.pyer.club/kingecg/gologger"
+	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 )

-var CertManager *autocert.Manager
+type LocalCertManager struct {
+	*autocert.Manager
+}
+
+func (l *LocalCertManager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	logger := gologger.GetLogger("autocert")
+	cert, err := l.Manager.GetCertificate(hello)
+	if err != nil {
+		logger.Error("GetCertificate", err)
+		return nil, err
+	}
+	return cert, nil
+}
+func (l *LocalCertManager) TLSConfig() *tls.Config {
+	return &tls.Config{
+		GetCertificate: l.GetCertificate,
+		NextProtos: []string{
+			"h2", "http/1.1", // enable HTTP/2
+			acme.ALPNProto, // enable tls-alpn ACME challenges
+		},
+		MinVersion: tls.VersionTLS10, // minimum TLS version
+	}
+}
+
+var CertManager *LocalCertManager

 func InitCertManager(certDir string) {
-	CertManager = &autocert.Manager{
+	logger := gologger.GetLogger("autocert")
+	logger.Debug("InitCertManager")
+	l := &autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		HostPolicy: hostPolicy,
 		Cache:      autocert.DirCache(utils.NormalizePath(certDir)),
 	}
+	CertManager = &LocalCertManager{l}
 }

 func GetTlsConfig() *tls.Config {
--- a/server/manager.go
+++ b/server/manager.go
@ -79,6 +79,7 @@ func (s *ServerListener) ServerCount() int {
 }

 func (s *ServerListener) StartServer(name string) {
+	l := logger.GetLogger("ServerListener")
 	server, ok := s.servers[name]
 	serverName := server.Conf.ServerName
 	if !ok {
@ -112,9 +113,11 @@ func (s *ServerListener) StartServer(name string) {
 		}

 		if server.Conf.EnableSSL {
+			l.Info("Server start with ssl enable:", name)
 			if server.Conf.CertFile != "" && server.Conf.KeyFile != "" {
 				err = server.ServeTLS(server.l, server.Conf.CertFile, server.Conf.KeyFile)
 			} else {
+				l.Info("Server start with auto ssl:", name)
 				server.Server.TLSConfig = GetTlsConfig()
 				err = server.ServeTLS(server.l, "", "")
 			}