mirror of
https://github.com/certd/certd.git
synced 2026-04-24 20:57:26 +08:00
fix: 修复阿里云 waf tlsVersion参数缺失导致部署失败的问题
This commit is contained in:
@@ -99,27 +99,39 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
|
|||||||
|
|
||||||
|
|
||||||
@TaskInput({
|
@TaskInput({
|
||||||
title: "部署证书类型",
|
title: "部署证书类型",
|
||||||
value: "default",
|
value: "default",
|
||||||
component: {
|
component: {
|
||||||
name: "a-select",
|
name: "a-select",
|
||||||
vModel: "value",
|
vModel: "value",
|
||||||
options: [
|
options: [
|
||||||
{
|
{
|
||||||
label: "默认证书",
|
label: "默认证书",
|
||||||
value: "default"
|
value: "default"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
label: "扩展证书",
|
label: "扩展证书",
|
||||||
value: "extension"
|
value: "extension"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
required: true
|
required: true
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
deployType: string = "default";
|
deployType: string = "default";
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: "是否清理过期证书",
|
||||||
|
value: true,
|
||||||
|
component: {
|
||||||
|
name: "a-switch",
|
||||||
|
vModel: "checked",
|
||||||
|
},
|
||||||
|
required: true
|
||||||
|
}
|
||||||
|
)
|
||||||
|
clearExpiredCert: boolean;
|
||||||
|
|
||||||
|
|
||||||
async onInstance() {
|
async onInstance() {
|
||||||
}
|
}
|
||||||
@@ -155,17 +167,18 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
|
|||||||
const client = await this.getLBClient(access, this.regionId);
|
const client = await this.getLBClient(access, this.regionId);
|
||||||
await this.deployDefaultCert(certId, client);
|
await this.deployDefaultCert(certId, client);
|
||||||
}
|
}
|
||||||
this.logger.info(`准备开始清理过期证书`);
|
if (this.clearExpiredCert!==false) {
|
||||||
await this.ctx.utils.sleep(30000)
|
this.logger.info(`准备开始清理过期证书`);
|
||||||
for (const listener of this.listeners) {
|
await this.ctx.utils.sleep(30000)
|
||||||
try{
|
for (const listener of this.listeners) {
|
||||||
await this.clearInvalidCert(albClientV2, listener);
|
try {
|
||||||
}catch(e){
|
await this.clearInvalidCert(albClientV2, listener);
|
||||||
this.logger.error(`清理监听器${listener}的过期证书失败`, e);
|
} catch (e) {
|
||||||
|
this.logger.error(`清理监听器${listener}的过期证书失败`, e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
this.logger.info("执行完成");
|
this.logger.info("执行完成");
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -247,7 +260,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
|
|||||||
if (item.IsDefault) {
|
if (item.IsDefault) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
certIds.push( parseInt(item.CertificateId));
|
certIds.push(parseInt(item.CertificateId));
|
||||||
}
|
}
|
||||||
this.logger.info(`监听器${listener}绑定的证书${certIds}`);
|
this.logger.info(`监听器${listener}绑定的证书${certIds}`);
|
||||||
//检查是否过期,过期则删除
|
//检查是否过期,过期则删除
|
||||||
|
|||||||
@@ -90,6 +90,35 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
|
|||||||
)
|
)
|
||||||
cnameDomains!: string[];
|
cnameDomains!: string[];
|
||||||
|
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: 'TLS版本',
|
||||||
|
value: 'TLSv1.2',
|
||||||
|
component: {
|
||||||
|
name: 'a-select',
|
||||||
|
options: [
|
||||||
|
{ value: 'TLSv1', label: 'TLSv1' },
|
||||||
|
{ value: 'TLSv1.1', label: 'TLSv1.1' },
|
||||||
|
{ value: 'TLSv1.2', label: 'TLSv1.2' },
|
||||||
|
],
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
tlsVersion!: string;
|
||||||
|
|
||||||
|
@TaskInput({
|
||||||
|
title: '启用TLSv3',
|
||||||
|
value: true,
|
||||||
|
component: {
|
||||||
|
name: 'a-switch',
|
||||||
|
vModel: 'checked',
|
||||||
|
},
|
||||||
|
required: true,
|
||||||
|
})
|
||||||
|
enableTLSv3!: boolean;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
async onInstance() {}
|
async onInstance() {}
|
||||||
|
|
||||||
async getWafClient(access: AliyunAccess) {
|
async getWafClient(access: AliyunAccess) {
|
||||||
@@ -163,6 +192,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
|
|||||||
Redirect: JSON.stringify(redirect),
|
Redirect: JSON.stringify(redirect),
|
||||||
Listen: JSON.stringify(listen),
|
Listen: JSON.stringify(listen),
|
||||||
Domain: siteDomain,
|
Domain: siteDomain,
|
||||||
|
TLSVersion: this.tlsVersion || 'TLSv1.2',
|
||||||
|
EnableTLSv3: this.enableTLSv3 ?? true,
|
||||||
};
|
};
|
||||||
const res = await client.request('ModifyDomain', updateParams);
|
const res = await client.request('ModifyDomain', updateParams);
|
||||||
this.logger.info('部署成功', JSON.stringify(res));
|
this.logger.info('部署成功', JSON.stringify(res));
|
||||||
|
|||||||
@@ -24,10 +24,10 @@ const regionDict = [
|
|||||||
|
|
||||||
@IsTaskPlugin({
|
@IsTaskPlugin({
|
||||||
name: 'uploadCertToAliyun',
|
name: 'uploadCertToAliyun',
|
||||||
title: '阿里云-上传证书到阿里云CAS',
|
title: '阿里云-上传证书到CAS',
|
||||||
icon: 'svg:icon-aliyun',
|
icon: 'svg:icon-aliyun',
|
||||||
group: pluginGroups.aliyun.key,
|
group: pluginGroups.aliyun.key,
|
||||||
desc: '上传证书到阿里云数字证书管理服务(CAS),注意:不会部署到任何应用上;如果不想在阿里云上同一份证书上传多次,可以把此任务作为前置任务,其他阿里云任务证书那一项选择此任务的输出',
|
desc: '上传证书到阿里云证书管理服务(CAS),如果不想在阿里云上同一份证书上传多次,可以把此任务作为前置任务,其他阿里云任务证书那一项选择此任务的输出',
|
||||||
default: {
|
default: {
|
||||||
strategy: {
|
strategy: {
|
||||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||||
|
|||||||
Reference in New Issue
Block a user