fix: 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题

2026-04-24 20:57:26 +08:00 · 2025-11-27 22:36:33 +08:00
parent cf4632045c
commit 2fabee647a
3 changed files with 73 additions and 29 deletions
@@ -99,27 +99,39 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
  @TaskInput({
-      title: "部署证书类型",
+    title: "部署证书类型",
-      value: "default",
+    value: "default",
-      component: {
+    component: {
-        name: "a-select",
+      name: "a-select",
-        vModel: "value",
+      vModel: "value",
-        options: [
+      options: [
-          {
+        {
-            label: "默认证书",
+          label: "默认证书",
-            value: "default"
+          value: "default"
-          },
+        },
-          {
+        {
-            label: "扩展证书",
+          label: "扩展证书",
-            value: "extension"
+          value: "extension"
-          }
+        }
-        ]
+      ]
-      },
+    },
-      required: true
+    required: true
-    }
+  }
  )
  deployType: string = "default";
  @TaskInput({
    title: "是否清理过期证书",
    value: true,
    component: {
      name: "a-switch",
      vModel: "checked",
    },
    required: true
  }
  )
  clearExpiredCert: boolean;
  async onInstance() {
  }
@@ -155,17 +167,18 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
      const client = await this.getLBClient(access, this.regionId);
      await this.deployDefaultCert(certId, client);
    }
-    this.logger.info(`准备开始清理过期证书`);
+    if (this.clearExpiredCert!==false) {
-    await this.ctx.utils.sleep(30000)
+      this.logger.info(`准备开始清理过期证书`);
-    for (const listener of this.listeners) {
+      await this.ctx.utils.sleep(30000)
-      try{
+      for (const listener of this.listeners) {
-        await this.clearInvalidCert(albClientV2, listener);
+        try {
-      }catch(e){
+          await this.clearInvalidCert(albClientV2, listener);
-        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+        } catch (e) {
          this.logger.error(`清理监听器${listener}的过期证书失败`, e);
        }
      }
    }
    this.logger.info("执行完成");
  }
@@ -247,7 +260,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
      if (item.IsDefault) {
        continue;
      }
-      certIds.push( parseInt(item.CertificateId));
+      certIds.push(parseInt(item.CertificateId));
    }
    this.logger.info(`监听器${listener}绑定的证书${certIds}`);
    //检查是否过期，过期则删除
@@ -90,6 +90,35 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
  )
  cnameDomains!: string[];
  @TaskInput({
    title: 'TLS版本',
    value: 'TLSv1.2',
    component: {
      name: 'a-select',
      options: [
        { value: 'TLSv1', label: 'TLSv1' },
        { value: 'TLSv1.1', label: 'TLSv1.1' },
        { value: 'TLSv1.2', label: 'TLSv1.2' },
      ],
    },
    required: true,
  })
  tlsVersion!: string;
    @TaskInput({
    title: '启用TLSv3',
    value: true,
    component: {
      name: 'a-switch',
      vModel: 'checked',
    },
    required: true,
  })
  enableTLSv3!: boolean;
  async onInstance() {}
  async getWafClient(access: AliyunAccess) {
@@ -163,6 +192,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
        Redirect: JSON.stringify(redirect),
        Listen: JSON.stringify(listen),
        Domain: siteDomain,
        TLSVersion: this.tlsVersion || 'TLSv1.2',
        EnableTLSv3: this.enableTLSv3 ?? true,
      };
      const res = await client.request('ModifyDomain', updateParams);
      this.logger.info('部署成功', JSON.stringify(res));
@@ -24,10 +24,10 @@ const regionDict = [
@IsTaskPlugin({
  name: 'uploadCertToAliyun',
-  title: '阿里云-上传证书到阿里云CAS',
+  title: '阿里云-上传证书到CAS',
  icon: 'svg:icon-aliyun',
  group: pluginGroups.aliyun.key,
-  desc: '上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
+  desc: '上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
  default: {
    strategy: {
      runStrategy: RunStrategy.SkipWhenSucceed,