lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-23 19:57:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: 【破坏性更新】插件改为metadata加载模式,plugin-cert、plugin-lib包部分代码转移到certd-server中,影响自定义插件,需要修改相关import引用

Browse Source 
ssh、aliyun、tencent、qiniu、oss等 access和client需要转移import
This commit is contained in:
xiaojunnuo
2025-12-31 17:01:37 +08:00
parent 9c26598831
commit a3fb24993d
312 changed files with 14321 additions and 597 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/ui/certd-server/.env
+1
View File
@@ -1 +1,2 @@
LEGO_VERSION=4.30.1
certd_plugin_loadmode=metadata
packages/ui/certd-server/.env.production
+1
View File
@@ -0,0 +1 @@
certd_plugin_loadmode=metadata
packages/ui/certd-server/.env.production.yaml
-3
View File
@@ -15,6 +15,3 @@ typeorm:
account:
server:
baseUrl: 'https://app.handfree.work/subject'
plugin:
loadMode: metadata
packages/ui/certd-server/metadata/access_1panel.yaml
+102
View File
@@ -0,0 +1,102 @@
name: 1panel
title: 1panel授权
desc: 账号和密码
icon: svg:icon-onepanel
input:
baseUrl:
title: 1Panel面板的url
component:
placeholder: http://xxxx.com:1231
helper: 不要带安全入口
required: true
safeEnter:
title: 安全入口
component:
placeholder: 登录的安全入口
encrypt: true
required: false
type:
title: 授权方式
component:
name: a-select
vModel: value
options:
- label: 模拟登录【不推荐】
value: password
- label: 接口密钥【推荐】
value: apikey
required: true
apiVersion:
title: 接口版本
value: v1
component:
placeholder: v1 / v2
name: a-select
vModel: value
options:
- label: v1
value: v1
- label: v2
value: v2
required: true
username:
title: 用户名
component:
placeholder: username
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
required: true
password:
title: 密码
component:
placeholder: password
helper: ''
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
required: true
encrypt: true
apiKey:
title: 接口密钥
component:
placeholder: 接口密钥
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'apikey';
})
}
helper: 面板设置->API接口中获取
required: true
encrypt: true
skipSslVerify:
title: 忽略证书校验
value: true
component:
name: a-switch
vModel: checked
helper: 如果面板的url是https,且使用的是自签名证书,则需要开启此选项,其他情况可以关闭
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: |-
点击测试接口看是否正常
IP需要加白名单,如果是同一台机器部署的,可以试试面板的url使用网卡docker0的ip,白名单使用172.16.0.0/12
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/1panel/access.js
packages/ui/certd-server/metadata/access_aliesa.yaml
+29
View File
@@ -0,0 +1,29 @@
name: aliesa
title: 阿里云ESA授权
desc: ''
icon: ant-design:aliyun-outlined
order: 0
input:
accessId:
title: 阿里云授权
component:
name: access-selector
vModel: modelValue
type: aliyun
helper: 请选择阿里云授权
required: true
region:
title: 地区
component:
name: a-select
vModel: value
options:
- label: 杭州
value: cn-hangzhou
- label: 新加坡
value: ap-southeast-1
helper: 请选择ESA地区
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/aliyun/access/aliesa-access.js
packages/ui/certd-server/metadata/access_alioss.yaml
+85
View File
@@ -0,0 +1,85 @@
name: alioss
title: 阿里云OSS授权
desc: 包含地域和Bucket
icon: ant-design:aliyun-outlined
input:
accessId:
title: 阿里云授权
component:
name: access-selector
vModel: modelValue
type: aliyun
helper: 请选择阿里云授权
required: true
region:
title: 大区
component:
name: a-auto-complete
vModel: value
options:
- value: oss-cn-hangzhou
label: 华东1(杭州)
- value: oss-cn-shanghai
label: 华东2(上海)
- value: oss-cn-nanjing
label: 华东5(南京-本地地域)
- value: oss-cn-fuzhou
label: 华东6(福州-本地地域)
- value: oss-cn-wuhan-lr
label: 华中1(武汉-本地地域)
- value: oss-cn-qingdao
label: 华北1(青岛)
- value: oss-cn-beijing
label: 华北2(北京)
- value: oss-cn-zhangjiakou
label: 华北 3(张家口)
- value: oss-cn-huhehaote
label: 华北5(呼和浩特)
- value: oss-cn-wulanchabu
label: 华北6(乌兰察布)
- value: oss-cn-shenzhen
label: 华南1(深圳)
- value: oss-cn-heyuan
label: 华南2(河源)
- value: oss-cn-guangzhou
label: 华南3(广州)
- value: oss-cn-chengdu
label: 西南1(成都)
- value: oss-cn-hongkong
label: 中国香港
- value: oss-us-west-1
label: 美国(硅谷)①
- value: oss-us-east-1
label: 美国(弗吉尼亚)①
- value: oss-ap-northeast-1
label: 日本(东京)①
- value: oss-ap-northeast-2
label: 韩国(首尔)
- value: oss-ap-southeast-1
label: 新加坡①
- value: oss-ap-southeast-2
label: 澳大利亚(悉尼)①
- value: oss-ap-southeast-3
label: 马来西亚(吉隆坡)①
- value: oss-ap-southeast-5
label: 印度尼西亚(雅加达)①
- value: oss-ap-southeast-6
label: 菲律宾(马尼拉)
- value: oss-ap-southeast-7
label: 泰国(曼谷)
- value: oss-eu-central-1
label: 德国(法兰克福)①
- value: oss-eu-west-1
label: 英国(伦敦)
- value: oss-me-east-1
label: 阿联酋(迪拜)①
- value: oss-rg-china-mainland
label: 无地域属性(中国内地)
required: true
bucket:
title: Bucket
helper: 存储桶名称
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/aliyun/access/alioss-access.js
packages/ui/certd-server/metadata/access_alipay.yaml
+29
View File
@@ -0,0 +1,29 @@
name: alipay
title: 支付宝
icon: ion:logo-alipay
input:
appId:
title: AppId
component:
placeholder: 201909176714xxxx
required: true
encrypt: false
privateKey:
title: 应用私钥
component:
placeholder: MIIEvQIBADANB...
name: a-textarea
rows: 3
required: true
encrypt: true
alipayPublicKey:
title: 支付宝公钥
component:
name: a-textarea
rows: 3
placeholder: MIIBIjANBg...
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/alipay/access.js
packages/ui/certd-server/metadata/access_aliyun.yaml
+22
View File
@@ -0,0 +1,22 @@
name: aliyun
title: 阿里云授权
desc: ''
icon: ant-design:aliyun-outlined
order: 0
input:
accessKeyId:
title: accessKeyId
component:
placeholder: accessKeyId
helper: 登录阿里云控制台->AccessKey管理页面获取。
required: true
accessKeySecret:
title: accessKeySecret
component:
placeholder: accessKeySecret
required: true
encrypt: true
helper: 注意:证书申请需要dns解析权限;其他阿里云插件,需要对应的权限,比如证书上传需要证书管理权限;嫌麻烦就用主账号的全量权限的accessKey
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/aliyun/access/aliyun-access.js
packages/ui/certd-server/metadata/access_baidu.yaml
+29
View File
@@ -0,0 +1,29 @@
name: baidu
title: 百度云授权
desc: ''
icon: ant-design:baidu-outlined
order: 2
input:
accessKey:
title: AccessKey
component:
placeholder: AccessKey
helper: '[百度智能云->安全认证获取](https://console.bce.baidu.com/iam/#/iam/accesslist)'
required: true
encrypt: false
secretKey:
title: SecretKey
component:
placeholder: SecretKey
helper: ''
required: true
encrypt: true
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 点击测试接口看是否正常
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baidu/access.js
packages/ui/certd-server/metadata/access_baishan.yaml
+15
View File
@@ -0,0 +1,15 @@
name: baishan
title: 白山云授权
desc: ''
icon: material-symbols:shield-outline
input:
token:
title: token
component:
placeholder: token
helper: 自行联系提供商申请
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baishan/access.js
packages/ui/certd-server/metadata/access_baota.yaml
+44
View File
@@ -0,0 +1,44 @@
name: baota
title: baota授权
desc: ''
icon: svg:icon-bt
order: 2
input:
panelUrl:
title: 宝塔URL地址
component:
placeholder: http://192.168.42.237:41896
helper: 宝塔面板的url地址,不要带安全入口,例如:http://192.168.42.237:41896
required: true
apiSecret:
title: 接口密钥
component:
placeholder: 接口密钥
helper: |-
宝塔面板设置->面板设置->API接口->接口配置->接口密钥。
必须要加IP白名单,您可以点击下方测试按钮,报错之后会打印IP,将IP加入白名单之后再次测试即可
required: true
encrypt: true
skipSslVerify:
title: 忽略证书校验
value: true
component:
name: a-switch
vModel: checked
helper: 如果面板的url是https,且使用的是自签名证书,则需要开启此选项,其他情况可以关闭
isWindows:
title: windows版
value: false
component:
name: a-switch
vModel: checked
helper: 是否是windows版
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 点击测试接口看是否正常
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/access.js
packages/ui/certd-server/metadata/access_baotawaf.yaml
+36
View File
@@ -0,0 +1,36 @@
name: baotawaf
title: 宝塔云WAF授权
desc: 用于连接和管理宝塔云WAF服务的授权配置
icon: svg:icon-bt
input:
panelUrl:
title: 在宝塔WAF URL
component:
placeholder: http://192.168.42.237:41896
helper: 在宝塔WAF的URL地址,不要带安全入口,例如:http://192.168.42.237:41896
required: true
apiSecret:
title: WAF API 密钥
component:
placeholder: 请输入WAF API接口密钥
helper: |-
在宝塔WAF设置页面 - API接口中获取的API密钥。
必须添加IP白名单,请确保已将CertD服务器IP加入白名单
required: true
encrypt: true
skipSslVerify:
title: 忽略SSL证书校验
value: false
component:
name: a-switch
vModel: checked
helper: 如果面板使用的是自签名SSL证书,则需要开启此选项
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 点击测试WAF请求
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/waf-access.js
packages/ui/certd-server/metadata/access_cdnfly.yaml
+93
View File
@@ -0,0 +1,93 @@
name: cdnfly
title: cdnfly授权
desc: ''
icon: majesticons:cloud-line
input:
url:
title: cdnfly系统网址
component:
name: a-input
vModel: value
required: true
helper: 例如:http://demo.cdnfly.cn
type:
title: 授权方式
value: apikey
component:
name: a-select
vModel: value
options:
- label: 接口密钥
value: apikey
- label: 模拟登录
value: password
required: true
username:
title: 用户名
component:
placeholder: username
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
required: true
password:
title: 密码
component:
placeholder: password
helper: ''
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
required: true
encrypt: true
apiKey:
title: api_key
component:
placeholder: api_key
helper: 登录cdnfly控制台->账户中心->Api密钥,点击开启后获取
required: true
encrypt: true
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'apikey';
})
}
apiSecret:
title: api_secret
component:
placeholder: api_secret
helper: 登录cdnfly控制台->账户中心->Api密钥,点击开启后获取
required: true
encrypt: true
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.access.type === 'apikey';
})
}
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: |-
点击测试接口看是否正常
IP需要加白名单,如果是同一台机器部署的,可以试试面板的url使用网卡docker0的ip,白名单使用172.16.0.0/12
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/cdnfly/access.js
packages/ui/certd-server/metadata/access_ctyun.yaml
+22
View File
@@ -0,0 +1,22 @@
name: ctyun
title: 天翼云授权
desc: ''
icon: ant-design:aliyun-outlined
order: 2
input:
accessKeyId:
title: accessKeyId
component:
placeholder: accessKeyId
helper: '[前往创建天翼云AccessKey](https://iam.ctyun.cn/myAccessKey)'
required: true
securityKey:
title: securityKey
component:
placeholder: securityKey
required: true
encrypt: true
helper: ''
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/ctyun/access/ctyun-access.js
packages/ui/certd-server/metadata/access_eab.yaml
+31
View File
@@ -0,0 +1,31 @@
name: eab
title: EAB授权
desc: ZeroSSL证书申请需要EAB授权
icon: ic:outline-lock
input:
kid:
title: KID
component:
placeholder: kid / keyId
helper: EAB KID google的叫 keyIdssl.com的叫Account/ACME Key
required: true
encrypt: true
hmacKey:
title: HMACKey
component:
placeholder: HMAC Key / b64MacKey
helper: EAB HMAC Key google的叫b64MacKey
required: true
encrypt: true
email:
title: email
component:
placeholder: 绑定一个邮箱
rules:
- type: email
message: 请输入正确的邮箱
helper: Google的EAB申请证书,更换邮箱会导致EAB失效,可以在此处绑定一个邮箱避免此问题
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/access/eab-access.js
packages/ui/certd-server/metadata/access_ftp.yaml
+49
View File
@@ -0,0 +1,49 @@
name: ftp
title: FTP授权
desc: ''
icon: mdi:folder-upload-outline
input:
host:
title: host
component:
placeholder: ip / 域名
name: a-input
vModel: value
helper: FTP地址
required: true
port:
title: 端口
value: 21
component:
placeholder: '21'
name: a-input-number
vModel: value
helper: FTP端口
required: true
user:
title: user
component:
placeholder: 用户名
helper: FTP用户名
required: true
password:
title: password
component:
placeholder: 密码
component:
name: a-input-password
vModel: value
encrypt: true
helper: FTP密码
required: true
secure:
title: secure
value: false
component:
name: a-switch
vModel: checked
helper: 是否使用SSL
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/ftp/access.js
packages/ui/certd-server/metadata/access_google.yaml
+84
View File
@@ -0,0 +1,84 @@
name: google
title: google cloud
desc: 谷歌云授权
icon: flat-color-icons:google
input:
type:
title: 密钥类型
value: serviceAccount
component:
placeholder: 密钥类型
name: a-select
vModel: value
options:
- value: serviceAccount
label: 服务账号密钥
- value: apiKey
label: ApiKey,暂不可用
disabled: true
helper: 密钥类型
required: true
encrypt: false
projectId:
title: 项目ID
component:
placeholder: ProjectId
helper: ProjectId
required: true
encrypt: false
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'apiKey'
})
}
apiKey:
title: ApiKey
component:
placeholder: ApiKey
helper: 不要选,目前没有用
required: true
encrypt: true
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'apiKey'
})
}
serviceAccountSecret:
title: 服务账号密钥
component:
placeholder: serviceAccountSecret
name: a-textarea
vModel: value
rows: 4
helper: >-
[如何创建服务账号](https://cloud.google.com/iam/docs/service-accounts-create?hl=zh-CN)
[获取密钥](https://console.cloud.google.com/iam-admin/serviceaccounts?hl=zh-cn),点击详情,点击创建密钥,将下载json文件,把内容填在此处
required: true
encrypt: true
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'serviceAccount'
})
}
httpsProxy:
title: https代理
component:
placeholder: http://127.0.0.1:10811
helper: |-
Google的请求需要走代理,如果不配置,则会使用环境变量中的全局HTTPS_PROXY配置
或者服务器本身在海外,则不需要配置
required: false
encrypt: false
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/access/google-access.js
packages/ui/certd-server/metadata/access_k8s.yaml
+23
View File
@@ -0,0 +1,23 @@
name: k8s
title: k8s授权
desc: ''
icon: mdi:kubernetes
input:
kubeconfig:
title: kubeconfig
component:
name: a-textarea
vModel: value
placeholder: kubeconfig
required: true
encrypt: true
skipTLSVerify:
title: 忽略证书校验
component:
name: a-switch
vModel: checked
required: false
encrypt: false
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/k8s/access.js
packages/ui/certd-server/metadata/access_kuocaicdn.yaml
+20
View File
@@ -0,0 +1,20 @@
name: kuocaicdn
title: 括彩云cdn授权
icon: material-symbols:shield-outline
desc: 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8)
input:
username:
title: 账户
component:
placeholder: 手机号
required: true
encrypt: true
password:
title: 密码
component:
placeholder: password
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/kuocai/access.js
packages/ui/certd-server/metadata/access_lecdn.yaml
+69
View File
@@ -0,0 +1,69 @@
name: lecdn
title: LeCDN授权
desc: ''
icon: material-symbols:shield-outline
input:
url:
title: LeCDN系统网址
component:
name: a-input
vModel: value
required: true
helper: 例如:http://demo.xxxx.cn
type:
title: 认证类型
component:
placeholder: 请选择
name: a-select
vModel: value
options:
- value: token
label: API访问令牌
- value: password
label: 账号密码(旧版本)
required: true
username:
title: 用户名
component:
placeholder: username
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
required: true
encrypt: false
password:
title: 登录密码
component:
placeholder: password
required: true
encrypt: true
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'password';
})
}
apiToken:
title: Api访问令牌
component:
placeholder: apiToken
required: true
encrypt: true
mergeScript: |2-
return {
show:ctx.compute(({form})=>{
return form.access.type === 'token';
})
}
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/lecdn/access.js
packages/ui/certd-server/metadata/access_lucky.yaml
+29
View File
@@ -0,0 +1,29 @@
name: lucky
title: lucky
desc: ''
icon: svg:icon-lucky
input:
url:
title: 访问url
component:
placeholder: http://xxx.xx.xx:16301
helper: 不要带安全入口
required: true
encrypt: false
safePath:
title: 安全入口
component:
placeholder: /your_safe_path
helper: 请参考lucky设置中关于安全入口的配置,
required: false
encrypt: true
openToken:
title: OpenToken
component:
placeholder: OpenToken
helper: 设置->最下面开发者设置->启用OpenToken
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/lucky/access.js
packages/ui/certd-server/metadata/access_maoyun.yaml
+35
View File
@@ -0,0 +1,35 @@
name: maoyun
title: 猫云授权
desc: ''
icon: svg:icon-lucky
input:
username:
title: 用户名
component:
placeholder: username/手机号/email
name: a-input
vModel: value
helper: 用户名
required: true
password:
title: password
component:
placeholder: 密码
component:
name: a-input-password
vModel: value
encrypt: true
helper: 密码
required: true
httpProxy:
title: HttpProxy
component:
placeholder: http://192.168.x.x:10811
component:
name: a-input
vModel: value
encrypt: false
required: false
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/maoyun/access.js
packages/ui/certd-server/metadata/access_plesk.yaml
+33
View File
@@ -0,0 +1,33 @@
name: plesk
title: plesk授权
desc: ''
icon: svg:icon-plesk
input:
url:
title: Plesk网址
component:
name: a-input
vModel: value
required: true
helper: 例如:https://xxxx.xxxxx:8443/
username:
title: 用户名
component:
placeholder: username
required: true
encrypt: false
password:
title: 登录密码
component:
placeholder: password
required: true
encrypt: true
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 点击测试接口看是否正常
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/plesk/access.js
packages/ui/certd-server/metadata/access_qiniu.yaml
+19
View File
@@ -0,0 +1,19 @@
name: qiniu
title: 七牛云授权
desc: ''
icon: svg:icon-qiniuyun
input:
accessKey:
title: AccessKey
rules:
- required: true
message: 此项必填
helper: AK,前往[密钥管理](https://portal.qiniu.com/developer/user/key)获取
secretKey:
title: SecretKey
encrypt: true
helper: SK
order: 2
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/qiniu/access.js
packages/ui/certd-server/metadata/access_qiniuoss.yaml
+20
View File
@@ -0,0 +1,20 @@
name: qiniuoss
title: 七牛OSS授权
desc: ''
icon: svg:icon-qiniuyun
input:
accessId:
title: 七牛云授权
component:
name: access-selector
vModel: modelValue
type: qiniu
helper: 请选择七牛云授权
required: true
bucket:
title: Bucket
helper: 存储桶名称
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/qiniu/access-oss.js
packages/ui/certd-server/metadata/access_s3.yaml
+53
View File
@@ -0,0 +1,53 @@
name: s3
title: s3/minio授权
desc: S3/minio oss授权
icon: mdi:folder-upload-outline
input:
endpoint:
title: endpoint
component:
placeholder: http://xxxxxx:9000
name: a-input
vModel: value
helper: Minio的地址,如果是aws s3 则无需填写
required: false
accessKeyId:
title: accessKeyId
component:
placeholder: accessKeyId
helper: accessKeyId
required: true
secretAccessKey:
title: secretAccessKey
component:
placeholder: secretAccessKey
component:
name: a-input
vModel: value
helper: secretAccessKey
encrypt: true
required: true
region:
title: 地区
value: us-east-1
component:
name: a-input
vModel: value
helper: region
required: true
bucket:
title: 存储桶
component:
name: a-input
vModel: value
helper: bucket 名称
required: true
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/s3/access.js
packages/ui/certd-server/metadata/access_safeline.yaml
+26
View File
@@ -0,0 +1,26 @@
name: safeline
title: 长亭雷池授权
icon: svg:icon-safeline
input:
baseUrl:
title: 雷池的访问url
component:
placeholder: https://xxxx.com:9443
required: true
apiToken:
title: ApiToken
component:
placeholder: apiToken
helper: ''
required: true
encrypt: true
skipSslVerify:
title: 忽略证书校验
value: true
component:
name: a-switch
vModel: checked
helper: 如果面板的url是https,且使用的是自签名证书,则需要开启此选项,其他情况可以关闭
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/safeline/access.js
packages/ui/certd-server/metadata/access_sftp.yaml
+23
View File
@@ -0,0 +1,23 @@
name: sftp
title: SFTP授权
desc: ''
icon: clarity:host-line
input:
sshAccess:
title: SSH授权
component:
name: access-selector
type: ssh
vModel: modelValue
helper: 请选择一个SSH授权
required: true
fileMode:
title: 文件权限
component:
name: a-input
vModel: value
placeholder: '777'
helper: 文件上传后是否修改文件权限
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/ssh/sftp-access.js
packages/ui/certd-server/metadata/access_ssh.yaml
+128
View File
@@ -0,0 +1,128 @@
name: ssh
title: 主机登录授权
desc: ''
icon: clarity:host-line
input:
host:
title: 主机地址
component:
placeholder: 主机域名或IP地址
required: true
port:
title: 端口
value: 22
component:
name: a-input-number
placeholder: '22'
rules:
- required: true
message: 此项必填
username:
title: 用户名
value: root
rules:
- required: true
message: 此项必填
password:
title: 密码
component:
name: a-input-password
vModel: value
encrypt: true
helper: 登录密码或密钥必填一项
privateKey:
title: 私钥登录
helper: 私钥或密码必填一项
component:
name: pem-input
vModel: modelValue
encrypt: true
passphrase:
title: 私钥密码
helper: 如果你的私钥有密码的话
component:
name: a-input-password
vModel: value
encrypt: true
scriptType:
title: 脚本类型
helper: bash 、sh 、fish
component:
name: a-select
vModel: value
options:
- value: default
label: 默认
- value: sh
label: sh
- value: bash
label: bash
- value: fish
label: fish(不支持set -e)
pty:
title: 伪终端
helper: >-
如果登录报错:all authentication methods
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
开启后对日志输出有一定的影响
component:
name: a-switch
vModel: checked
socksProxy:
title: socks代理
helper: socks代理配置,格式:socks5://user:password@host:port
component:
name: a-input
vModel: value
placeholder: socks5://user:password@host:port
encrypt: false
timeout:
title: 超时时间
helper: 执行命令的超时时间,单位秒,默认30分钟
component:
name: a-input-number
windows:
title: 是否Windows
helper: >-
如果是Windows主机,请勾选此项
并且需要windows[安装OpenSSH](https://certd.docmirror.cn/guide/use/host/windows.html)
component:
name: a-switch
vModel: checked
encoding:
title: 命令编码
helper: 如果是Windows主机,且出现乱码了,请尝试设置为GBK
component:
name: a-select
vModel: value
options:
- value: ''
label: 默认
- value: GBK
label: GBK
- value: UTF8
label: UTF-8
testRequest:
title: 测试
component:
name: api-test
type: access
typeName: ssh
action: TestRequest
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 点击测试
order: 0
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/ssh/ssh-access.js
packages/ui/certd-server/metadata/access_synology.yaml
+88
View File
@@ -0,0 +1,88 @@
name: synology
title: 群晖登录授权
desc: ''
icon: simple-icons:synology
input:
version:
title: 群晖版本
component:
name: a-select
vModel: value
options:
- label: 7.x
value: '7'
- label: 6.x
value: '6'
required: true
baseUrl:
title: 群晖面板的url
component:
placeholder: https://yourdomain:5006
helper: 群晖面板的访问地址,例如:https://yourdomain:5006
required: true
username:
title: 账号
component:
placeholder: 账号
helper: 群晖面板登录账号,必须是处于管理员用户组
required: true
password:
title: 密码
component:
placeholder: 密码
helper: 群晖面板登录密码
required: true
encrypt: true
otp:
title: 双重认证
value: false
component:
name: a-switch
vModel: checked
helper: 是否启用了双重认证
required: true
deviceId:
title: 设备ID
component:
placeholder: 设备ID
name: synology-device-id-getter
type: access
typeName: synology
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
show: ctx.compute(({form})=>{
return form.access.otp
})
}
helper: |-
1.如果开启了双重认证,需要获取设备ID
2.填好上面的必填项,然后点击获取设备ID,输入双重认证APP上的码,确认即可获得设备ID,此操作只需要做一次
3.注意:必须勾选‘安全性->允许网页浏览器的用户通过信任设备来跳过双重验证
4.注意:在群晖信任设备页面里面会生成一条记录,不要删除
5.注意:需要将流水线证书申请过期前多少天设置为30天以下,避免设备ID过期
required: false
encrypt: true
skipSslVerify:
title: 忽略证书校验
value: true
component:
name: a-switch
vModel: checked
helper: 如果面板的url是https,且使用的是自签名证书,则需要开启此选项,其他情况可以关闭
timeout:
title: 请求超时
value: 120
component:
name: a-input-number
vModel: value
helper: 请求超时时间,单位:秒
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/synology/access.js
packages/ui/certd-server/metadata/access_tencent.yaml
+46
View File
@@ -0,0 +1,46 @@
name: tencent
title: 腾讯云
icon: svg:icon-tencentcloud
order: 0
input:
secretId:
title: secretId
helper: |-
使用对应的插件需要有对应的权限,比如上传证书,需要证书管理权限;部署到clb需要clb相关权限
前往[密钥管理](https://console.cloud.tencent.com/cam/capi)进行创建
component:
placeholder: secretId
rules:
- required: true
message: 该项必填
secretKey:
title: secretKey
component:
placeholder: secretKey
encrypt: true
rules:
- required: true
message: 该项必填
accountType:
title: 站点类型
value: cn
component:
name: a-select
options:
- label: 国内站
value: cn
- label: 国际站
value: intl
encrypt: false
rules:
- required: true
message: 该项必填
closeExpiresNotify:
title: 关闭证书过期通知
value: true
component:
name: a-switch
vModel: checked
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/tencent/access.js
packages/ui/certd-server/metadata/access_tencentcos.yaml
+75
View File
@@ -0,0 +1,75 @@
name: tencentcos
title: 腾讯云COS授权
icon: svg:icon-tencentcloud
desc: 腾讯云对象存储授权,包含地域和存储桶
input:
accessId:
title: 腾讯云授权
component:
name: access-selector
vModel: modelValue
type: tencent
helper: 请选择腾讯云授权
required: true
region:
title: 所在地域
helper: 存储桶所在地域
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: '--------中国大陆地区-------'
disabled: true
- value: ap-beijing-1
label: 北京1区
- value: ap-beijing
label: 北京
- value: ap-nanjing
label: 南京
- value: ap-shanghai
label: 上海
- value: ap-guangzhou
label: 广州
- value: ap-chengdu
label: 成都
- value: ap-chongqing
label: 重庆
- value: ap-shenzhen-fsi
label: 深圳金融
- value: ap-shanghai-fsi
label: 上海金融
- value: ap-beijing-fsi
label: 北京金融
- value: ''
label: '--------中国香港及境外-------'
disabled: true
- value: ap-hongkong
label: 中国香港
- value: ap-singapore
label: 新加坡
- value: ap-mumbai
label: 孟买
- value: ap-jakarta
label: 雅加达
- value: ap-seoul
label: 首尔
- value: ap-bangkok
label: 曼谷
- value: ap-tokyo
label: 东京
- value: na-siliconvalley
label: 硅谷
- value: na-ashburn
label: 弗吉尼亚
- value: sa-saopaulo
label: 圣保罗
- value: eu-frankfurt
label: 法兰克福
bucket:
title: Bucket
helper: 存储桶名称
required: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-lib/tencent/access-cos.js
packages/ui/certd-server/metadata/access_unicloud.yaml
+21
View File
@@ -0,0 +1,21 @@
name: unicloud
title: uniCloud
icon: material-symbols:shield-outline
desc: unicloud授权
input:
email:
title: 账号
component:
placeholder: email
helper: 登录邮箱
required: true
encrypt: false
password:
title: 密码
component:
placeholder: 密码
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/unicloud/access.js
packages/ui/certd-server/metadata/access_wxpay.yaml
+40
View File
@@ -0,0 +1,40 @@
name: wxpay
title: 微信支付
icon: tdesign:logo-wechatpay-filled
input:
appId:
title: AppId
component:
placeholder: 201909176714xxxx
required: true
encrypt: false
mchid:
title: 商户ID
component:
placeholder: 201909176714xxxx
required: true
encrypt: false
publicKey:
title: 公钥
component:
name: a-textarea
rows: 3
placeholder: MIIBIjANBg...
required: true
encrypt: true
privateKey:
title: 私钥
component:
placeholder: MIIEvQIBADANB...
name: a-textarea
rows: 3
required: true
encrypt: true
key:
title: APIv3密钥
helper: 微信商户平台—>账户设置—>API安全—>设置APIv3密钥
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/wxpay/access.js
packages/ui/certd-server/metadata/access_yfysms.yaml
+21
View File
@@ -0,0 +1,21 @@
name: yfysms
title: 易发云短信
icon: material-symbols:shield-outline
desc: sms.yfyidc.cn/
input:
keyId:
title: KeyID
component:
placeholder: api_key
helper: '[获取密钥](http://sms.yfyidc.cn/user/index#)'
required: true
encrypt: true
keySecret:
title: KeySecret
component:
placeholder: ''
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yidun/access-sms.js
packages/ui/certd-server/metadata/access_yidun.yaml
+22
View File
@@ -0,0 +1,22 @@
name: yidun
title: 易盾DCDN授权
icon: material-symbols:shield-outline
desc: https://user.yiduncdn.com
input:
apiKey:
title: api_key
component:
placeholder: api_key
helper: http://user.yiduncdn.com/console/index.html#/account/config/api,点击开启后获取
required: true
encrypt: true
apiSecret:
title: api_secret
component:
placeholder: api_secret
helper: http://user.yiduncdn.com/console/index.html#/account/config/api,点击开启后获取
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yidun/access.js
packages/ui/certd-server/metadata/access_yidunrcdn.yaml
+20
View File
@@ -0,0 +1,20 @@
name: yidunrcdn
title: 易盾rcdn授权
icon: material-symbols:shield-outline
desc: 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8)
input:
username:
title: 账户
component:
placeholder: 手机号
required: true
encrypt: true
password:
title: 密码
component:
placeholder: password
required: true
encrypt: true
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yidun/access-rcdn.js
packages/ui/certd-server/metadata/access_yizhifu.yaml
+45
View File
@@ -0,0 +1,45 @@
name: yizhifu
title: 易支付
icon: svg:icon-yizhifu
input:
url:
title: url
component:
placeholder: https://pay.xxxx.com
helper: 易支付系统地址
required: true
encrypt: false
pid:
title: 商户id
component:
placeholder: pid
required: true
encrypt: false
key:
title: key
component:
placeholder: key
required: true
encrypt: true
payType:
title: 固定支付方式
component:
placeholder: 固定一种支付方式,也就是submit.php中的type参数
helper: 不填则跳转到收银台由用户自己选择,如果您的易支付系统不支持收银台,则必须填写
required: false
encrypt: false
signType:
title: 签名方式
component:
name: a-select
vModel: value
options:
- label: MD5
value: MD5
- label: SHA256
value: SHA256
required: true
encrypt: false
pluginType: access
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yizhifu/access.js
packages/ui/certd-server/metadata/deploy_1PanelDeployToWebsitePlugin.yaml
+107
View File
@@ -0,0 +1,107 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: 1PanelDeployToWebsitePlugin
title: 1Panel-部署证书到1Panel
icon: svg:icon-onepanel
desc: 更新1Panel的证书
group: panel
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
accessId:
title: 1Panel授权
helper: 1Panel授权
component:
name: access-selector
type: 1panel
required: true
order: 0
currentNode:
title: 1Panel节点
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: OnePanelDeployToWebsitePlugin
action: onGetNodes
search: false
pager: false
watches:
- certDomains
- accessId
value: local
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 要更新的1Panel证书的节点信息,目前只有v2存在此概念
order: 0
sslIds:
title: 1Panel证书ID
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: 1PanelDeployToWebsitePlugin
action: onGetSSLIds
search: false
pager: false
watches:
- certDomains
- accessId
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: |-
要更新的1Panel证书id,选择授权之后,从下拉框中选择
IP需要加白名单,如果是同一台机器部署的,可以试试172.16.0.0/12
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/1panel/plugins/deploy-to-website.js
packages/ui/certd-server/metadata/deploy_AliyunDeployCertToAll.yaml
+177
View File
@@ -0,0 +1,177 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: AliyunDeployCertToAll
title: 阿里云-部署至任意云资源
icon: svg:icon-aliyun
group: aliyun
desc: >-
【不建议使用】需要消耗阿里云自动部署次数,支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品
needPlus: false
input:
cert:
title: 域名证书
helper: |-
请选择证书申请任务输出的域名证书
或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量
component:
name: output-selector
from:
- ':cert:'
- uploadCertToAliyun
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
endpoint:
title: 接入点
helper: 不会选就按默认
value: cas.aliyuncs.com
component:
name: a-select
options:
- value: cas.aliyuncs.com
label: 中国大陆
- value: cas.ap-southeast-1.aliyuncs.com
label: 新加坡
- value: cas.eu-central-1.aliyuncs.com
label: 德国(法兰克福)
required: true
order: 0
accessId:
title: Access授权
helper: 阿里云授权AccessKeyId、AccessKeySecret
component:
name: access-selector
type: aliyun
required: true
order: 0
cloudProduct:
title: 云产品类型
helper: 请选择云产品类型
component:
name: a-select
vModel: value
options:
- value: SLB
label: SLB-传统型负载均衡 CLB(仅中国站)
- value: LIVE
label: LIVE-视频直播(仅中国站)
- value: webHosting
label: webHosting-云虚拟主机(仅中国站)
- value: VOD
label: VOD-视频点播(仅中国站)
- value: CR
label: CR-容器镜像服务(仅中国站)
- value: DCDN
label: DCDN-全站加速
- value: DDoS
label: DDos 防护
- value: CDN
label: CDN-内容分发网络
- value: ALB
label: ALB-应用负载均衡
- value: APIGateway
label: APIGateway-API 网关
- value: FC
label: FC-函数计算
- value: GA
label: GA-全球加速
- value: MSE
label: MSE-微服务引擎
- value: NLB
label: NLB-网络型负载均衡
- value: OSS
label: OSS-对象存储
- value: SAE
label: SAE-Serverless应用引擎
- value: WAF
label: WAF-Web应用防火墙
required: true
order: 0
productIds:
title: 要部署证书的云产品
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: AliyunDeployCertToAll
action: onGetProductList
search: false
pager: false
watches:
- certDomains
- accessId
- cloudProduct
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 请选择要部署证书的云产品,注意:新创建的云产品资源可能需要过1-2小时才会在此处显示
order: 0
contactIds:
title: 联系人
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: AliyunDeployCertToAll
action: onGetContactList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: >-
请选择联系人,如果没有,需要先到[阿里云控制台创建联系人](https://yundun.console.aliyun.com/?p=cas#/informationManagement/person/)
order: 0
checkTimeout:
title: 检查超时时间
helper: 检查部署任务超时时间,单位分钟
value: 10
component:
name: a-input-number
vModel: value
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-aliyun/plugin/deploy-to-all/index.js
packages/ui/certd-server/metadata/deploy_BaiduDeployToBLB.yaml
+112
View File
@@ -0,0 +1,112 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaiduDeployToBLB
title: 百度云-部署证书到负载均衡
icon: ant-design:baidu-outlined
group: baidu
desc: 部署到百度云负载均衡,包括BLB、APPBLB
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
- BaiduUploadCert
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
region:
title: 区域
component:
name: a-select
vModel: value
options:
- value: bj
label: 北京
- value: fsh
label: 上海
- value: gz
label: 广州
- value: fwh
label: 武汉
- value: su
label: 苏州
- value: bd
label: 保定
- value: hkg
label: 香港
- value: sin
label: 新加坡
required: true
order: 0
blbType:
title: 负载均衡类型
component:
name: a-select
vModel: value
options:
- value: blb
label: 普通负载均衡
- value: appblb
label: 应用负载均衡
required: true
order: 0
accessId:
title: 百度云授权
helper: 百度云授权
component:
name: access-selector
type: baidu
required: true
order: 0
blbIds:
title: 负载均衡ID
component:
name: remote-select
vModel: value
mode: tags
action: GetBLBList
watches:
- certDomains
- blbType
- accessId
required: true
order: 0
listenerIds:
title: 监听器ID
component:
name: remote-select
vModel: value
mode: tags
action: GetListenerList
watches:
- certDomains
- accessId
- blbIds
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baidu/plugins/plugin-deploy-to-blb.js
packages/ui/certd-server/metadata/deploy_BaiduDeployToCDN.yaml
+62
View File
@@ -0,0 +1,62 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaiduDeployToCDN
title: 百度云-部署证书到CDN
icon: ant-design:baidu-outlined
group: baidu
desc: 部署到百度云CDN
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
- BaiduUploadCert
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
accessId:
title: 百度云授权
helper: 百度云授权
component:
name: access-selector
type: baidu
required: true
order: 0
domains:
title: CDN域名
component:
name: remote-select
vModel: value
mode: tags
action: GetDomainList
watches:
- certDomains
- accessId
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baidu/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_BaiduUploadCert.yaml
+33
View File
@@ -0,0 +1,33 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaiduUploadCert
title: 百度云-上传到证书托管
icon: ant-design:baidu-outlined
desc: 上传证书到百度云证书托管中心
group: baidu
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: Access授权
helper: access授权
component:
name: access-selector
type: baidu
required: true
order: 0
output:
baiduCertId:
title: 百度云CertId
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baidu/plugins/plugin-upload-to-baidu.js
packages/ui/certd-server/metadata/deploy_BaishanUpdateCert.yaml
+45
View File
@@ -0,0 +1,45 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaishanUpdateCert
title: 白山云-更新证书
icon: material-symbols:shield-outline
group: cdn
needPlus: false
input:
certId:
title: 证书ID
component:
name: a-input-number
vModel: value
helper: 证书ID,在证书管理页面查看,每条记录都有证书id
order: 0
certName:
title: 证书名称
component:
name: a-input
vModel: value
helper: 给证书设置一个名字,便于区分
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 白山云授权
helper: 白山云授权
component:
name: access-selector
type: baishan
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baishan/plugins/plugin-update-cert.js
packages/ui/certd-server/metadata/deploy_BaotaDeleteExpiringCert.yaml
+23
View File
@@ -0,0 +1,23 @@
showRunStrategy: true
default:
strategy:
runStrategy: 0
name: BaotaDeleteExpiringCert
title: 宝塔-删除过期证书
icon: svg:icon-bt
group: panel
desc: 删除证书夹中过期证书
needPlus: true
input:
accessId:
title: 宝塔授权
helper: baota的接口密钥
component:
name: access-selector
type: baota
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/plugins/plugin-delete-expiring-cert.js
packages/ui/certd-server/metadata/deploy_BaotaDeployPanelCert.yaml
+32
View File
@@ -0,0 +1,32 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaotaDeployPanelCert
title: 宝塔-面板证书部署
icon: svg:icon-bt
group: panel
desc: 部署宝塔面板本身的ssl证书
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 宝塔授权
helper: baota的接口密钥
component:
name: access-selector
type: baota
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/plugins/plugin-deploy-to-panel.js
packages/ui/certd-server/metadata/deploy_BaotaDeployWAF.yaml
+63
View File
@@ -0,0 +1,63 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaotaDeployWAF
title: 宝塔-WAF证书部署
icon: svg:icon-bt
group: panel
desc: 部署宝塔云WAF/aaWAF
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
accessId:
title: 宝塔WAF授权
helper: aaWAF的接口密钥
component:
name: access-selector
type: baotawaf
required: true
order: 0
siteIds:
title: 站点ID
component:
name: remote-select
vModel: value
mode: tags
action: onGetSiteList
search: true
watches:
- certDomains
- accessId
required: true
helper: 将会自动获取证书匹配的站点,请选择要部署证书的站点
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/plugins/plugin-deploy-to-aawaf.js
packages/ui/certd-server/metadata/deploy_BaotaDeployWebSiteCert.yaml
+84
View File
@@ -0,0 +1,84 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaotaDeployWebSiteCert
title: 宝塔-网站证书部署
icon: svg:icon-bt
group: panel
desc: 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
accessId:
title: 宝塔授权
helper: baota的接口密钥
component:
name: access-selector
type: baota
required: true
order: 0
isDockerSite:
title: 是否Docker站点
value: false
component:
name: a-switch
vModel: checked
helper: 是否为docker站点
required: true
order: 0
siteName:
title: 站点名称
component:
name: remote-select
vModel: value
mode: tags
action: GetSiteList
watches:
- certDomains
- accessId
- isDockerSite
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: |-
将会自动获取证书匹配的站点名称
宝塔版本低于9.0.0时,此处会获取失败,忽略错误,手动输入站点域名即可
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/plugins/plugin-deploy-to-website.js
packages/ui/certd-server/metadata/deploy_BaotaDeployWebSiteWin.yaml
+72
View File
@@ -0,0 +1,72 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: BaotaDeployWebSiteWin
title: 宝塔win-网站证书部署
icon: svg:icon-bt
group: panel
desc: 部署到Windows版宝塔管理的站点的ssl证书
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
accessId:
title: 宝塔授权
helper: baota的接口密钥
component:
name: access-selector
type: baota
required: true
order: 0
siteIds:
title: 站点Id
component:
name: remote-select
vModel: value
mode: tags
action: GetSiteList
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 将会自动获取证书匹配的站点名称
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/baota/plugins/plugin-deploy-to-website-win.js
packages/ui/certd-server/metadata/deploy_CdnflyDeployToCDN.yaml
+116
View File
@@ -0,0 +1,116 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: CdnflyDeployToCDN
title: cdnfly-部署证书到cdnfly
icon: majesticons:cloud-line
group: cdn
desc: cdnfly
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: cdnfly授权
helper: cdnfly授权
component:
name: access-selector
type: cdnfly
required: true
order: 0
autoMatch:
title: 自动匹配站点
component:
name: a-switch
vModel: checked
helper: |-
是否自动匹配站点进行部署
如果选择自动匹配,则下方参数无需填写
order: 0
certId:
title: 证书ID
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: CdnflyDeployToCDNPlugin
action: onGetCertList
search: true
pager: false
watches:
- certDomains
- accessId
- cert
- accessId
required: false
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 请选择证书Id,需要先手动上传一次证书,后续可以自动更新证书【推荐】
order: 0
siteId:
title: 网站Id
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetSiteList
search: true
pager: false
watches:
- certDomains
- accessId
- url
- cert
- accessId
required: false
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 请选择要部署证书的网站Id
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/cdnfly/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_CertApply.yaml
+443
View File
@@ -0,0 +1,443 @@
showRunStrategy: false
default:
strategy:
runStrategy: 0
input:
renewDays: 18
forceUpdate: false
name: CertApply
title: 证书申请(JS版)
icon: ph:certificate
group: cert
desc: 免费通配符域名证书申请,支持多个域名打到同一个证书上
input:
domains:
title: 证书域名
component:
name: a-select
vModel: value
mode: tags
open: false
placeholder: foo.com / *.foo.com / *.bar.com
tokenSeparators:
- ','
- ' '
-
-
- '|'
rules:
- type: domains
required: true
col:
span: 24
order: -999
helper: |-
1、支持多个域名打到一个证书上,例如: foo.com*.foo.com*.bar.com
2、子域名被通配符包含的不要填写,例如:www.foo.com已经被*.foo.com包含,不要填写www.foo.com
3、泛域名只能通配*号那一级(*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com
4、输入一个,空格之后,再输入下一个
5、如果设置了子域托管解析(比如免费的二级域名托管在CF或者阿里云),请先[设置托管子域名](#/certd/pipeline/subDomain)
email:
title: 邮箱
component:
name: email-selector
vModel: value
rules:
- type: email
message: 请输入正确的邮箱
required: true
order: -1
helper: 请输入邮箱
challengeType:
title: 域名验证方式
value: dns
component:
name: a-select
vModel: value
options:
- value: dns
label: DNS直接验证
- value: cname
label: CNAME代理验证
- value: http
label: HTTP文件验证(IP证书只能选它)
- value: dnses
label: 多DNS提供商
- value: auto
label: 自动匹配
required: true
helper: >
1. <b>DNS直接验证</b>:当域名dns解析已被本系统支持时(即下方DNS解析服务商选项中可选),推荐选择此方式
2.
<b>CNAME代理验证</b>:支持任何注册商的域名,第一次需要手动添加[CNAME记录](#/certd/cname/record)(如果经常申请失败,建议将DNS服务器修改为阿里云/腾讯云的,然后使用DNS直接验证)
3. <b>HTTP文件验证</b>:不支持泛域名,需要配置网站文件上传(IP证书必须选它)
4. <b>多DNS提供商</b>:每个域名可以选择独立的DNS提供商
5. <b>自动匹配</b>:此处无需选择校验方式,需要在[域名管理](#/certd/cert/domain)中提前配置好校验方式
order: 0
sslProvider:
title: 证书颁发机构
value: letsencrypt
component:
name: icon-select
vModel: value
options:
- value: letsencrypt
label: Let's Encrypt(免费,新手推荐,支持IP证书)
icon: simple-icons:letsencrypt
- value: google
label: Google(免费)
icon: flat-color-icons:google
- value: zerossl
label: ZeroSSL(免费)
icon: emojione:digit-zero
- value: litessl
label: litessl(免费)
icon: roentgen:free
- value: sslcom
label: SSL.com(仅主域名和www免费)
icon: la:expeditedssl
- value: letsencrypt_staging
label: Let's Encrypt测试环境(仅供测试)
icon: simple-icons:letsencrypt
helper: |-
Let's Encrypt:申请最简单
Google:大厂光环,兼容性好,仅首次需要翻墙获取EAB授权
ZeroSSL:需要EAB授权,无需翻墙
SSL.com:仅主域名和www免费,必须设置CAA记录
required: true
order: 0
dnsProviderType:
title: DNS解析服务商
component:
name: dns-provider-selector
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
}),
component:{
onSelectedChange: ctx.compute(({form})=>{
return ($event)=>{
form.dnsProviderAccessType = $event.accessType
}
})
}
}
required: true
helper: |-
您的域名注册商,或者域名的dns服务器属于哪个平台
如果这里没有,请选择CNAME代理验证校验方式
order: 0
dnsProviderAccess:
title: DNS解析授权
component:
name: access-selector
required: true
helper: 请选择dns解析服务商授权
mergeScript: |-
return {
component:{
type: ctx.compute(({form})=>{
return form.dnsProviderAccessType || form.dnsProviderType
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
})
}
order: 0
domainsVerifyPlan:
title: 域名验证配置
component:
name: domains-verify-plan-editor
rules:
- type: checkDomainVerifyPlan
required: true
col:
span: 24
mergeScript: |-
return {
component:{
domains: ctx.compute(({form})=>{
return form.domains
}),
defaultType: ctx.compute(({form})=>{
return form.challengeType || 'cname'
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'cname' || form.challengeType === 'http' || form.challengeType === 'dnses'
}),
helper: ctx.compute(({form})=>{
if(form.challengeType === 'cname' ){
return '请按照上面的提示,给要申请证书的域名添加CNAME记录,添加后,点击验证,验证成功后不要删除记录,申请和续期证书会一直用它'
}else if (form.challengeType === 'http'){
return '请按照上面的提示,给每个域名设置文件上传配置,证书申请过程中会上传校验文件到网站根目录的.well-known/acme-challenge/目录下'
}else if (form.challengeType === 'http'){
return '给每个域名单独配置dns提供商'
}
})
}
order: 0
googleCommonEabAccessId:
title: Google公共EAB授权
isSys: true
show: false
order: 0
zerosslCommonEabAccessId:
title: ZeroSSL公共EAB授权
isSys: true
show: false
order: 0
sslcomCommonEabAccessId:
title: SSL.com公共EAB授权
isSys: true
show: false
order: 0
litesslCommonEabAccessId:
title: litessl公共EAB授权
isSys: true
show: false
order: 0
eabAccessId:
title: EAB授权
component:
name: access-selector
type: eab
maybeNeed: true
required: false
helper: >-
需要提供EAB授权
ZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB
Credentials'
Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱
SSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api
credentials链接,然后点击编辑按钮,查看Secret key和HMAC key
litessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|| (form.sslProvider === 'litessl' && !form.litesslCommonEabAccessId)
})
}
order: 0
googleAccessId:
title: 服务账号授权
component:
name: access-selector
type: google
maybeNeed: true
required: false
helper: >-
google服务账号授权与EAB授权选填其中一个,[服务账号授权获取方法](https://certd.docmirror.cn/guide/use/google/)
服务账号授权需要配置代理或者服务器本身在海外
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.sslProvider === 'google' && !form.googleCommonEabAccessId
})
}
order: 0
privateKeyType:
title: 加密算法
value: rsa_2048
component:
name: a-select
vModel: value
options:
- value: rsa_1024
label: RSA 1024
- value: rsa_2048
label: RSA 2048
- value: rsa_3072
label: RSA 3072
- value: rsa_4096
label: RSA 4096
- value: rsa_2048_pkcs1
label: RSA 2048 pkcs1 (旧版)
- value: ec_256
label: EC 256
- value: ec_384
label: EC 384
helper: |-
如无特殊需求,默认即可
选择RSA 2048 pkcs1可以获得旧版RSA证书
required: true
order: 0
certProfile:
title: 证书配置
value: classic
component:
name: a-select
vModel: value
options:
- value: classic
label: 经典(classic
- value: tlsserver
label: TLS服务器(tlsserver
- value: shortlived
label: 短暂的(shortlived
helper: 如无特殊需求,默认即可
required: false
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.sslProvider === 'letsencrypt'
})
}
order: 0
preferredChain:
title: 首选链
component:
name: a-select
vModel: value
options:
- value: ISRG Root X1
label: ISRG Root X1
- value: ISRG Root X2
label: ISRG Root X2
helper: 如无特殊需求保持默认即可
required: false
mergeScript: |2-
const chainConfigs = {"letsencrypt":{"helper":"如无特殊需求保持默认即可","options":[{"value":"ISRG Root X1","label":"ISRG Root X1"},{"value":"ISRG Root X2","label":"ISRG Root X2"}]},"google":{"helper":"GlobalSign 提供对老旧设备更好的兼容性,但证书链会变长","options":[{"value":"GTS Root R1","label":"GTS Root R1"},{"value":"GlobalSign","label":"GlobalSign"}]}};
const supportedProviders = ["letsencrypt","google"];
const defaultProvider = "letsencrypt";
const getConfig = (provider)=> chainConfigs[provider] || chainConfigs[defaultProvider];
return {
show: ctx.compute(({form})=> supportedProviders.includes(form.sslProvider)),
component: {
options: ctx.compute(({form})=> getConfig(form.sslProvider).options)
},
helper: ctx.compute(({form})=> getConfig(form.sslProvider).helper),
value: ctx.compute(({form})=>{
const { options } = getConfig(form.sslProvider);
const allowed = options.map(item=>item.value);
const current = form.preferredChain;
if(allowed.includes(current)){
return current;
}
return allowed[0];
})
};
order: 0
useProxy:
title: 使用代理
value: false
component:
name: a-switch
vModel: checked
helper: |-
如果acme-v02.api.letsencrypt.org或dv.acme-v02.api.pki.goog被墙无法访问,请尝试开启此选项
默认情况会进行测试,如果无法访问,将会自动使用代理
order: 0
reverseProxy:
title: 自定义反代地址
component:
placeholder: google.yourproxy.com
helper: |-
填写你的自定义反代地址,不要带http://
letsencrypt反代目标:acme-v02.api.letsencrypt.org
google反代目标:dv.acme-v02.api.pki.goog
order: 0
skipLocalVerify:
title: 跳过本地校验DNS
value: false
component:
name: a-switch
vModel: checked
helper: 跳过本地校验可以加快申请速度,同时也会增加失败概率。
order: 0
maxCheckRetryCount:
title: 检查解析重试次数
value: 20
component:
name: a-input-number
vModel: value
helper: 检查域名验证解析记录重试次数,如果你的域名服务商解析生效速度慢,可以适当增加此值
order: 0
waitDnsDiffuseTime:
title: 等待解析生效时长
value: 30
component:
name: a-input-number
vModel: value
helper: 等待解析生效时长(秒),如果使用CNAME方式校验,本地验证失败,可以尝试延长此时间(比如5-10分钟)
order: 0
pfxPassword:
title: 证书加密密码
component:
name: input-password
vModel: value
required: false
order: 100
helper: |-
转换成PFX、jks格式证书是否需要加密
jks必须设置密码,不传则默认123456
pfx不传则为空密码
pfxArgs:
title: PFX证书转换参数
value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: 兼容 Windows Server 最新
- value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2016
- value: '-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2008
required: false
order: 100
helper: 兼容Windows Server各个版本
renewDays:
title: 更新天数
value: 18
component:
name: a-input-number
vModel: value
required: true
order: 100
helper: 到期前多少天后更新证书,注意:流水线默认不会自动运行,请设置定时器,每天定时运行本流水线
successNotify:
title: 证书申请成功通知
value: false
component:
name: a-switch
vModel: checked
order: 100
helper: 证书申请成功后是否发送通知,优先使用默认通知渠道
output:
cert:
title: 域名证书
type: cert
certZip:
title: 域名证书压缩文件
type: certZip
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/plugin/cert-plugin/index.js
packages/ui/certd-server/metadata/deploy_CertApplyGetFormAliyun.yaml
+136
View File
@@ -0,0 +1,136 @@
showRunStrategy: false
default:
strategy:
runStrategy: 0
name: CertApplyGetFormAliyun
icon: ph:certificate
title: 获取阿里云订阅证书
group: cert
desc: 从阿里云拉取订阅模式的商用证书
input:
domains:
title: 证书域名
component:
name: a-select
vModel: value
mode: tags
open: false
placeholder: foo.com / *.foo.com / *.bar.com
tokenSeparators:
- ','
- ' '
-
-
- '|'
rules:
- type: domains
required: true
col:
span: 24
order: -999
helper: |-
1、支持多个域名打到一个证书上,例如: foo.com*.foo.com*.bar.com
2、子域名被通配符包含的不要填写,例如:www.foo.com已经被*.foo.com包含,不要填写www.foo.com
3、泛域名只能通配*号那一级(*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com
4、输入一个,空格之后,再输入下一个
5、如果设置了子域托管解析(比如免费的二级域名托管在CF或者阿里云),请先[设置托管子域名](#/certd/pipeline/subDomain)
email:
title: 邮箱
component:
name: email-selector
vModel: value
rules:
- type: email
message: 请输入正确的邮箱
required: true
order: -1
helper: 请输入邮箱
accessId:
title: Access授权
helper: 阿里云授权AccessKeyId、AccessKeySecret
component:
name: access-selector
type: aliyun
required: true
order: 0
orderId:
title: 证书订单ID
component:
name: RemoteAutoComplete
vModel: value
mode: tags
type: plugin
typeName: CertApplyGetFormAliyun
action: onGetOrderList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 订阅模式的证书订单Id
order: 0
pfxPassword:
title: 证书加密密码
component:
name: input-password
vModel: value
required: false
order: 100
helper: |-
转换成PFX、jks格式证书是否需要加密
jks必须设置密码,不传则默认123456
pfx不传则为空密码
pfxArgs:
title: PFX证书转换参数
value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: 兼容 Windows Server 最新
- value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2016
- value: '-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2008
required: false
order: 100
helper: 兼容Windows Server各个版本
renewDays:
title: 更新天数
value: 18
component:
name: a-input-number
vModel: value
required: true
order: 100
helper: 到期前多少天后更新证书,注意:流水线默认不会自动运行,请设置定时器,每天定时运行本流水线
successNotify:
title: 证书申请成功通知
value: false
component:
name: a-switch
vModel: checked
order: 100
helper: 证书申请成功后是否发送通知,优先使用默认通知渠道
output:
cert:
title: 域名证书
type: cert
certZip:
title: 域名证书压缩文件
type: certZip
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/plugin/cert-plugin/getter/aliyun.js
packages/ui/certd-server/metadata/deploy_CertApplyLego.yaml
+173
View File
@@ -0,0 +1,173 @@
showRunStrategy: false
default:
strategy:
runStrategy: 0
input:
renewDays: 35
forceUpdate: false
name: CertApplyLego
icon: ph:certificate
title: 证书申请(Lego
group: cert
desc: 支持海量DNS解析提供商,推荐使用,一样的免费通配符域名证书申请,支持多个域名打到同一个证书上
input:
domains:
title: 证书域名
component:
name: a-select
vModel: value
mode: tags
open: false
placeholder: foo.com / *.foo.com / *.bar.com
tokenSeparators:
- ','
- ' '
-
-
- '|'
rules:
- type: domains
required: true
col:
span: 24
order: -999
helper: |-
1、支持多个域名打到一个证书上,例如: foo.com*.foo.com*.bar.com
2、子域名被通配符包含的不要填写,例如:www.foo.com已经被*.foo.com包含,不要填写www.foo.com
3、泛域名只能通配*号那一级(*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com
4、输入一个,空格之后,再输入下一个
5、如果设置了子域托管解析(比如免费的二级域名托管在CF或者阿里云),请先[设置托管子域名](#/certd/pipeline/subDomain)
email:
title: 邮箱
component:
name: email-selector
vModel: value
rules:
- type: email
message: 请输入正确的邮箱
required: true
order: -1
helper: 请输入邮箱
dnsType:
title: DNS类型
component:
name: a-input
vModel: value
placeholder: alidns
helper: 你的域名是通过哪家提供商进行解析的,具体应该配置什么请参考lego文档:https://go-acme.github.io/lego/dns/
required: true
order: 0
environment:
title: 环境变量
component:
name: a-textarea
vModel: value
rows: 4
placeholder: |-
ALICLOUD_ACCESS_KEY=abcdefghijklmnopqrstuvwx
ALICLOUD_SECRET_KEY=your-secret-key
required: true
helper: 一行一条,例如 appKeyId=xxxxx,具体配置请参考lego文档:https://go-acme.github.io/lego/dns/
order: 0
legoEabAccessId:
title: EAB授权
component:
name: access-selector
type: eab
maybeNeed: true
helper: 如果需要提供EAB授权
order: 0
customArgs:
title: 自定义LEGO全局参数
component:
name: a-input
vModel: value
placeholder: '--dns-timeout 30'
helper: 额外的lego全局命令行参数,参考文档:https://go-acme.github.io/lego/usage/cli/options/
maybeNeed: true
order: 0
customCommandOptions:
title: 自定义LEGO签名参数
component:
name: a-input
vModel: value
placeholder: '--no-bundle'
helper: 额外的lego签名命令行参数,参考文档:https://go-acme.github.io/lego/usage/cli/options/
maybeNeed: true
order: 0
privateKeyType:
title: 加密算法
value: ec256
component:
name: a-select
vModel: value
options:
- value: rsa2048
label: RSA 2048
- value: rsa3072
label: RSA 3072
- value: rsa4096
label: RSA 4096
- value: rsa8192
label: RSA 8192
- value: ec256
label: EC 256
- value: ec384
label: EC 384
helper: 如无特殊需求,默认即可
required: true
order: 0
pfxPassword:
title: 证书加密密码
component:
name: input-password
vModel: value
required: false
order: 100
helper: |-
转换成PFX、jks格式证书是否需要加密
jks必须设置密码,不传则默认123456
pfx不传则为空密码
pfxArgs:
title: PFX证书转换参数
value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: 兼容 Windows Server 最新
- value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2016
- value: '-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2008
required: false
order: 100
helper: 兼容Windows Server各个版本
renewDays:
title: 更新天数
value: 18
component:
name: a-input-number
vModel: value
required: true
order: 100
helper: 到期前多少天后更新证书,注意:流水线默认不会自动运行,请设置定时器,每天定时运行本流水线
successNotify:
title: 证书申请成功通知
value: false
component:
name: a-switch
vModel: checked
order: 100
helper: 证书申请成功后是否发送通知,优先使用默认通知渠道
output:
cert:
title: 域名证书
type: cert
certZip:
title: 域名证书压缩文件
type: certZip
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/plugin/cert-plugin/lego/index.js
packages/ui/certd-server/metadata/deploy_CertApplyUpload.yaml
+150
View File
@@ -0,0 +1,150 @@
showRunStrategy: false
default:
strategy:
runStrategy: 0
name: CertApplyUpload
icon: ph:certificate
title: 商用证书托管
group: cert
desc: 手动上传自定义证书后,自动部署(每次证书有更新,都需要手动上传一次)
shortcut:
certUpdate:
title: 更新证书
icon: ion:upload
action: onCertUpdate
form:
columns:
crt:
title: 证书
type: text
form:
component:
name: pem-input
vModel: modelValue
textarea:
rows: 4
placeholder: |-
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
rules:
- required: true
message: 此项必填
col:
span: 24
key:
title: 私钥
type: text
form:
component:
name: pem-input
vModel: modelValue
textarea:
rows: 4
placeholder: |-
-----BEGIN PRIVATE KEY-----
...
...
-----END PRIVATE KEY-----
rules:
- required: true
message: 此项必填
col:
span: 24
input:
uploadCert:
title: 手动上传证书
component:
name: cert-info-updater
vModel: modelValue
helper: 手动上传证书
order: -9999
required: true
mergeScript: |2-
return {
component:{
on:{
updated(scope){
scope.form.input.domains = scope.$event?.domains
}
}
}
}
domains:
title: 证书域名
component:
name: a-select
vModel: value
mode: tags
open: false
placeholder: foo.com / *.foo.com / *.bar.com
tokenSeparators:
- ','
- ' '
-
-
- '|'
rules:
- type: domains
required: true
col:
span: 24
order: -999
helper: |-
1、支持多个域名打到一个证书上,例如: foo.com*.foo.com*.bar.com
2、子域名被通配符包含的不要填写,例如:www.foo.com已经被*.foo.com包含,不要填写www.foo.com
3、泛域名只能通配*号那一级(*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com
4、输入一个,空格之后,再输入下一个
5、如果设置了子域托管解析(比如免费的二级域名托管在CF或者阿里云),请先[设置托管子域名](#/certd/pipeline/subDomain)
pfxPassword:
title: 证书加密密码
component:
name: input-password
vModel: value
required: false
order: 100
helper: |-
转换成PFX、jks格式证书是否需要加密
jks必须设置密码,不传则默认123456
pfx不传则为空密码
pfxArgs:
title: PFX证书转换参数
value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
component:
name: a-auto-complete
vModel: value
options:
- value: ''
label: 兼容 Windows Server 最新
- value: '-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2016
- value: '-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES'
label: 兼容 Windows Server 2008
required: false
order: 100
helper: 兼容Windows Server各个版本
renewDays:
title: 过期前提醒
value: 10
component:
name: a-input-number
vModel: value
required: true
order: 100
helper: 到期前多少天提醒
output:
cert:
title: 域名证书
type: cert
certZip:
title: 域名证书压缩文件
type: certZip
certMd5:
title: 证书MD5
type: certMd5
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-cert/plugin/cert-plugin/custom/index.js
packages/ui/certd-server/metadata/deploy_CtyunDeployToCDN.yaml
+98
View File
@@ -0,0 +1,98 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: CtyunDeployToCDN
title: 天翼云-部署证书到CDN
icon: svg:icon-ctyun
group: cdn
desc: 部署证书到天翼云CDN和全站加速
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: true
order: 0
productCode:
title: 产品类型
helper: 加速产品类型
component:
name: a-select
options:
- label: 静态加速
value: '001'
- label: 下载加速
value: '003'
- label: 视频点播加速
value: '004'
- label: CDN加速
value: '008'
- label: 全站加速
value: '006'
- label: 安全加速
value: '007'
- label: 下载加速闲时
value: '014'
required: true
order: 0
accessId:
title: 天翼云授权
helper: 天翼云授权
component:
name: access-selector
type: ctyun
required: true
order: 0
domains:
title: 加速域名
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: CtyunDeployToCDN
action: onGetDomainList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 请选择加速域名
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/ctyun/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_DeployCertToAliyunAck.yaml
+137
View File
@@ -0,0 +1,137 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: DeployCertToAliyunAck
title: 阿里云-部署到Ack
icon: svg:icon-aliyun
desc: 部署到阿里云Ack集群Ingress等通过Secret管理证书的应用
group: aliyun
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: Access授权
helper: 阿里云授权AccessKeyId、AccessKeySecret
component:
name: access-selector
type: aliyun
required: true
order: 0
regionId:
title: 大区
component:
name: a-auto-complete
vModel: value
options:
- value: cn-qingdao
label: 华北1(青岛)
- value: cn-beijing
label: 华北2(北京)
- value: cn-zhangjiakou
label: 华北3(张家口)
- value: cn-huhehaote
label: 华北5(呼和浩特)
- value: cn-wulanchabu
label: 华北6(乌兰察布)
- value: cn-hangzhou
label: 华东1(杭州)
- value: cn-shanghai
label: 华东2(上海)
- value: cn-shenzhen
label: 华南1(深圳)
- value: cn-guangzhou
label: 华南3(广州)
- value: ap-southeast-2
label: 澳大利亚(悉尼)
- value: ap-southeast-3
label: 马来西亚(吉隆坡)
- value: ap-northeast-1
label: 日本(东京)
- value: cn-chengdu
label: 西南1(成都)
- value: ap-southeast-1
label: 新加坡
- value: ap-southeast-5
label: 印度尼西亚(雅加达)
- value: cn-hongkong
label: 中国香港
- value: eu-central-1
label: 德国(法兰克福)
- value: us-east-1
label: 美国(弗吉尼亚)
- value: us-west-1
label: 美国(硅谷)
- value: eu-west-1
label: 英国(伦敦)
- value: me-east-1
label: 阿联酋(迪拜)
- value: cn-beijing-finance-1
label: 华北2 金融云(邀测)
- value: cn-hangzhou-finance
label: 华东1 金融云
- value: cn-shanghai-finance-1
label: 华东2 金融云
- value: cn-shenzhen-finance-1
label: 华南1 金融云
placeholder: 集群所属大区
required: true
order: 0
clusterId:
title: 集群id
component:
placeholder: 集群id
required: true
order: 0
secretName:
title: 保密字典Id
component:
placeholder: 保密字典Id
helper: 原本存储证书的secret的name
required: true
order: 0
namespace:
title: 命名空间
value: default
component:
placeholder: 命名空间
required: true
order: 0
isPrivateIpAddress:
title: 是否私网ip
value: false
component:
name: a-switch
vModel: checked
placeholder: 集群连接端点是否是私网ip
helper: 如果您当前certd运行在同一个私网下,可以选择是。
required: true
order: 0
skipTLSVerify:
title: 忽略证书校验
required: false
helper: 是否忽略证书校验
component:
name: a-switch
vModel: checked
order: 0
createOnNotFound:
title: Secret自动创建
helper: 如果Secret不存在,则创建
value: false
component:
name: a-switch
vModel: checked
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-aliyun/plugin/deploy-to-ack/index.js
packages/ui/certd-server/metadata/deploy_HostDeployToIIS.yaml
+77
View File
@@ -0,0 +1,77 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: HostDeployToIIS
title: IIS-部署到IIS站点
icon: devicon:windows8
group: host
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: 主机SSH授权
component:
name: access-selector
type: ssh
required: true
order: 0
siteNames:
title: 站点名称
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetSiteList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择或手动输入网站名称
order: 0
pfxPassword:
title: 证书密码
required: false
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-host/plugin/plugin-deploy-to-iis.js
packages/ui/certd-server/metadata/deploy_K8sApply.yaml
+52
View File
@@ -0,0 +1,52 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: K8sApply
title: K8S-Apply自定义yaml
icon: mdi:kubernetes
desc: apply自定义yaml到k8s
needPlus: true
group: panel
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
preOutput:
title: 前置任务输出
helper: 请选择前置任务输出的内容
component:
name: output-selector
from:
- '::'
required: false
order: 0
accessId:
title: k8s授权
helper: kubeconfig
component:
name: access-selector
type: k8s
required: true
order: 0
yamlContent:
title: yaml
required: true
helper: >-
apply
yaml,模板变量:主域名=${mainDomain}、全部域名=${domains}、过期时间=${expiresTime}、证书PEM=${crt}、证书私钥=${key}、中间证书/CA证书=${ic}、前置任务输出=${preOutput}
component:
name: a-textarea
vModel: value
rows: 6
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/k8s/plugins/plugin-apply.js
packages/ui/certd-server/metadata/deploy_K8sDeployToIngress.yaml
+52
View File
@@ -0,0 +1,52 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: K8sDeployToIngress
title: K8S-Ingress 证书部署
icon: mdi:kubernetes
desc: 部署证书到k8s的Ingress
needPlus: false
group: panel
input:
namespace:
title: 命名空间
value: default
component:
placeholder: 命名空间
required: true
order: 0
ingressName:
title: IngressName
required: true
helper: Ingress名称,根据名称查找证书Secret,然后更新
order: 0
accessId:
title: k8s授权
helper: kubeconfig
component:
name: access-selector
type: k8s
required: true
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
createOnNotFound:
title: Secret自动创建
helper: 如果Secret不存在,则创建
value: false
component:
name: a-switch
vModel: checked
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/k8s/plugins/plugin-ingress.js
packages/ui/certd-server/metadata/deploy_K8sDeployToSecret.yaml
+67
View File
@@ -0,0 +1,67 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: K8sDeployToSecret
title: K8S-部署证书到Secret
icon: mdi:kubernetes
desc: 部署证书到k8s的secret
needPlus: false
group: panel
input:
namespace:
title: 命名空间
value: default
component:
placeholder: 命名空间
required: true
order: 0
secretName:
title: 保密字典Id
component:
name: a-select
vModel: value
mode: tags
open: false
helper: 原本存储证书的secret的name
required: true
order: 0
accessId:
title: k8s授权
helper: kubeconfig
component:
name: access-selector
type: k8s
required: true
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
ingressName:
title: ingress名称
required: false
helper: 填写之后会自动重启ingress
component:
name: a-select
vModel: value
mode: tags
open: false
order: 0
createOnNotFound:
title: Secret自动创建
helper: 如果Secret不存在,则创建
value: false
component:
name: a-switch
vModel: checked
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/k8s/plugins/plugin-secret.js
packages/ui/certd-server/metadata/deploy_KuocaiDeployToRCDN.yaml
+59
View File
@@ -0,0 +1,59 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: KuocaiDeployToRCDN
title: 括彩云-部署到括彩云CDN
icon: material-symbols:shield-outline
group: cdn
desc: 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8)
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 括彩云CDN授权
helper: 括彩云CDN授权
component:
name: access-selector
type: kuocaicdn
required: true
order: 0
domains:
title: 域名列表
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: KuocaiDeployToCDNPlugin
action: onGetDomainList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要部署证书的站点域名
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/kuocai/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_LeCDNUpdateCert.yaml
+57
View File
@@ -0,0 +1,57 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: LeCDNUpdateCert
title: LeCDN-更新证书
icon: material-symbols:shield-outline
group: cdn
needPlus: false
input:
accessId:
title: LeCDN授权
component:
name: access-selector
type: lecdn
required: true
order: 0
certIds:
title: 证书ID
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: LeCDNUpdateCert
action: onGetCertList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要更新的证书id,注意域名是否与证书匹配
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/lecdn/plugins/plugin-update-cert.js
packages/ui/certd-server/metadata/deploy_LeCDNUpdateCertV2.yaml
+58
View File
@@ -0,0 +1,58 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: LeCDNUpdateCertV2
title: LeCDN-更新证书V2
desc: 支持新版本LeCDN
icon: material-symbols:shield-outline
group: cdn
needPlus: false
input:
accessId:
title: LeCDN授权
component:
name: access-selector
type: lecdn
required: true
order: 0
certIds:
title: 证书ID
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: LeCDNUpdateCertV2
action: onGetCertList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要更新的证书id,注意域名是否与证书匹配
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/lecdn/plugins/plugin-update-cert-v2.js
packages/ui/certd-server/metadata/deploy_LuckyUpdateCert.yaml
+74
View File
@@ -0,0 +1,74 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: LuckyUpdateCert
title: lucky-更新Lucky证书
icon: svg:icon-lucky
group: panel
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: Lucky授权
component:
name: access-selector
type: lucky
required: true
order: 0
certList:
title: Lucky证书
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: LuckyUpdateCert
action: onGetCertList
search: false
pager: false
watches:
- certDomains
- accessId
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 要更新的Lucky证书
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/lucky/plugins/plugin-upload.js
packages/ui/certd-server/metadata/deploy_MaoyunDeployToCdn.yaml
+73
View File
@@ -0,0 +1,73 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: MaoyunDeployToCdn
title: Maoyun-更新猫云CDN证书
icon: svg:icon-lucky
group: cdn
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: Maoyun授权
component:
name: access-selector
type: maoyun
required: true
order: 0
domainList:
title: CDN加速域名
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetDomainList
search: false
pager: false
watches:
- certDomains
- accessId
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 要部署证书的域名
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/maoyun/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_PleskDeploySiteCert.yaml
+80
View File
@@ -0,0 +1,80 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: PleskDeploySiteCert
title: Plesk-部署Plesk网站证书
icon: svg:icon-plesk
group: panel
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: Plesk授权
component:
name: access-selector
type: plesk
required: true
order: 0
siteDomainIds:
title: 网站域名列表
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetDomainList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要更新的站点域名,注意域名是否与证书匹配
order: 0
clearUnused:
title: 删除未使用证书
component:
name: a-switch
vModel: checked
required: false
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/plesk/plugins/plugin-deploy-cert.js
packages/ui/certd-server/metadata/deploy_PleskRefreshCert.yaml
+74
View File
@@ -0,0 +1,74 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: PleskRefreshCert
title: Plesk-更新证书
icon: svg:icon-plesk
desc: 不会创建新证书记录,直接更新旧的证书
group: panel
needPlus: true
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: Plesk授权
component:
name: access-selector
type: plesk
required: true
order: 0
domainCertIds:
title: 证书列表
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetCertList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要更新的站点域名,注意域名是否与证书匹配
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/plesk/plugins/plugin-refresh-cert.js
packages/ui/certd-server/metadata/deploy_QiniuDeployCertToOSS.yaml
+37
View File
@@ -0,0 +1,37 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: QiniuDeployCertToOSS
title: 七牛云-部署证书至OSS
icon: svg:icon-qiniuyun
group: qiniu
desc: 自动部署域名证书至七牛云KODO,注意是自定义源站域名,不是CDN域名
input:
domainName:
title: 自定义源站域名
helper: 你在七牛云上配置的OSS域名,比如:certd.handsfree.work
required: true
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书,或者上传到七牛云的证书id
component:
name: output-selector
from:
- ':cert:'
- QiniuCertUpload
required: true
order: 0
accessId:
title: Access授权
helper: 七牛云授权
component:
name: access-selector
type: qiniu
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-qiniu/plugin/plugin-deploy-to-oss.js
packages/ui/certd-server/metadata/deploy_SafelineDeployToWebsitePlugin.yaml
+76
View File
@@ -0,0 +1,76 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: SafelineDeployToWebsitePlugin
title: 雷池-更新证书
icon: svg:icon-safeline
desc: 更新长亭雷池WAF的证书
group: panel
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 当前证书域名
component:
name: cert-domains-getter
mergeScript: |2-
return {
component:{
inputKey: ctx.compute(({form})=>{
return form.cert
}),
}
}
template: false
required: false
order: 0
accessId:
title: 雷池授权
helper: 长亭雷池授权
component:
name: access-selector
type: safeline
required: true
order: 0
certIds:
title: 雷池证书
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: SafelineDeployToWebsitePlugin
action: onGetCertIds
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 请选择要更新的雷池的证书Id,需要先手动到雷池控制台上传一次
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/safeline/plugins/deploy-to-website.js
packages/ui/certd-server/metadata/deploy_SynologyDeployToPanel.yaml
+43
View File
@@ -0,0 +1,43 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: SynologyDeployToPanel
title: 群晖-部署证书到群晖面板
icon: simple-icons:synology
group: panel
desc: Synology,支持6.x以上版本
needPlus: true
input:
certName:
title: 群晖证书描述
component:
name: a-input
vModel: value
placeholder: 群晖证书描述
required: false
helper: |-
在群晖证书管理页面里面,选择证书,点击操作,给证书设置描述,然后填写到这里
如果不填,则覆盖更新全部证书
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 群晖授权
helper: 群晖登录授权,请确保账户是管理员用户组
component:
name: access-selector
type: synology
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/synology/plugins/plugin-deploy-to-panel.js
packages/ui/certd-server/metadata/deploy_UniCloudDeployToSpace.yaml
+62
View File
@@ -0,0 +1,62 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: UniCloudDeployToSpace
title: uniCloud-部署到服务空间
icon: material-symbols:shield-outline
group: panel
desc: 部署到服务空间
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: uniCloud授权
helper: uniCloud授权
component:
name: access-selector
type: unicloud
required: true
order: 0
spaceId:
title: 服务空间ID
component:
name: a-input
vModel: value
helper: spaceId
order: 0
provider:
title: 空间提供商
component:
name: a-select
vModel: value
options:
- label: 阿里云
value: aliyun
- label: 腾讯云
value: tencent
- label: 支付宝云
value: alipay
helper: 空间提供商
order: 0
domains:
title: 空间域名
component:
name: a-select
vModel: value
mode: tags
open: false
helper: 空间域名
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/unicloud/plugins/plugin-deploy-to-space.js
packages/ui/certd-server/metadata/deploy_UploadCertToFTP.yaml
+169
View File
@@ -0,0 +1,169 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: UploadCertToFTP
title: FTP-上传证书到FTP
icon: mdi:folder-upload-outline
group: host
desc: 将证书上传到FTP服务器
needPlus: false
input:
certType:
title: 证书格式
helper: 要部署的证书格式,支持pem、pfx、der、jks
component:
name: a-select
options:
- value: pem
label: pemNginx等大部分应用
- value: pfx
label: pfx,一般用于IIS
- value: der
label: der,一般用于Apache
- value: jks
label: jks,一般用于JAVA应用
- value: one
label: 一体化证书,证书和私钥合并为一个pem文件
required: true
order: 0
crtPath:
title: PEM证书保存路径
helper: 需要有写入权限,路径要包含文件名
component:
placeholder: /test/fullchain.pem
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'pem';
})
}
required: true
rules:
- type: filepath
order: 0
keyPath:
title: 私钥保存路径
helper: 需要有写入权限,路径要包含文件名
component:
placeholder: /test/privatekey.pem
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'pem';
})
}
required: true
rules:
- type: filepath
order: 0
icPath:
title: 中间证书保存路径
helper: 需要有写入权限,路径要包含文件名
component:
placeholder: /test/immediate.pem
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'pem';
})
}
rules:
- type: filepath
order: 0
pfxPath:
title: PFX证书保存路径
helper: 需要有写入权限,路径要包含文件名
component:
placeholder: /test/cert.pfx
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'pfx';
})
}
required: true
rules:
- type: filepath
order: 0
derPath:
title: DER证书保存路径
helper: |-
需要有写入权限,路径要包含文件名
.der和.cer是相同的东西,改个后缀名即可
component:
placeholder: /test/cert.der 或 /test/cert.cer
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'der';
})
}
required: true
rules:
- type: filepath
order: 0
jksPath:
title: jks证书保存路径
helper: 证书原本的保存路径,路径要包含文件名
component:
placeholder: /test/javaapp/cert.jks
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'jks';
})
}
required: true
rules:
- type: filepath
order: 0
onePath:
title: 一体化证书保存路径
helper: 证书原本的保存路径,路径要包含文件名
component:
placeholder: /app/ssl/one.pem
mergeScript: |2-
return {
show: ctx.compute(({form})=>{
return form.certType === 'one';
})
}
required: true
rules:
- type: filepath
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: FTP授权
component:
name: access-selector
type: ftp
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/ftp/plugins/plugin-upload-to-ftp.js
packages/ui/certd-server/metadata/deploy_YidunDeployToCDN.yaml
+46
View File
@@ -0,0 +1,46 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: YidunDeployToCDN
title: 易盾-部署到易盾DCDN
icon: material-symbols:shield-outline
group: cdn
desc: 主要是防御,http://user.yiduncdn.com/
needPlus: false
input:
certId:
title: 证书ID
component:
name: a-input-number
vModel: value
helper: 证书ID,在证书管理页面查看,每条记录都有证书id
order: 0
domain:
title: 网站域名
component:
name: a-input
vModel: value
helper: 网站域名和证书ID选填其中一个,填了证书ID,则忽略网站域名
order: 0
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 易盾授权
helper: 易盾CDN授权
component:
name: access-selector
type: yidun
required: true
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yidun/plugins/plugin-deploy-to-cdn.js
packages/ui/certd-server/metadata/deploy_YidunDeployToRCDN.yaml
+59
View File
@@ -0,0 +1,59 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: YidunDeployToRCDN
title: 易盾-部署到易盾RCDN
icon: material-symbols:shield-outline
group: cdn
desc: 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8)
needPlus: false
input:
cert:
title: 域名证书
helper: 请选择前置任务输出的域名证书
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
accessId:
title: 易盾RCDN授权
helper: 易盾RCDN授权
component:
name: access-selector
type: yidunrcdn
required: true
order: 0
domains:
title: 域名列表
component:
name: remote-select
vModel: value
mode: tags
type: plugin
typeName: YidunDeployToRCDNPlugin
action: onGetDomainList
search: false
pager: false
watches:
- certDomains
- accessId
required: true
mergeScript: |2-
return {
component:{
form: ctx.compute(({form})=>{
return form
})
},
}
helper: 选择要部署证书的站点域名
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: ../../../plugins/plugin-plus/yidun/plugins/plugin-deploy-to-rcdn.js
packages/ui/certd-server/package.json
+6 -3
View File
@@ -111,7 +111,7 @@
"openid-client": "^6.8.1",
"otplib": "^12.0.1",
"pg": "^8.12.0",
"psl": "^1.9.0",
"psl": "^1.15.0",
"punycode.js": "^2.3.1",
"qiniu": "^7.12.0",
"qrcode": "^1.5.4",
@@ -126,7 +126,11 @@
"tencentcloud-sdk-nodejs": "^4.1.112",
"typeorm": "^0.3.20",
"uuid": "^10.0.0",
"xml2js": "^0.6.2"
"xml2js": "^0.6.2",
"@google-cloud/publicca": "^1.3.0",
"jsrsasign": "^11.1.0",
"ssh2": "^1.17.0",
"@alicloud/openapi-util": "^0.3.2"
},
"devDependencies": {
"@midwayjs/mock": "3.20.11",
@@ -138,7 +142,6 @@
"@types/mocha": "^10.0.1",
"@types/node": "^18",
"@types/nodemailer": "^6.4.8",
"@types/ssh2": "^1.15.0",
"c8": "^10.1.2",
"mocha": "^10.2.0",
"prettier": "^2.8.8",
packages/ui/certd-server/src/modules/auto/auto-b-load-plugins.ts
+7 -3
View File
@@ -11,11 +11,15 @@ export class AutoBLoadPlugins {
@Init()
async init() {
logger.info('加载插件开始');
await this.pluginService.registerFromLocal("./metadata")
logger.info(`加载插件开始,加载模式:${process.env.certd_plugin_loadmode}`);
if (process.env.certd_plugin_loadmode === "metadata") {
await this.pluginService.registerFromLocal("./metadata")
}else{
await import("../../plugins/index.js")
}
// await import("../../plugins/index.js")
await this.pluginService.registerFromDb()
logger.info('加载插件完成');
logger.info(`加载插件完成,加载模式:${process.env.certd_plugin_loadmode}`);
}
}
packages/ui/certd-server/src/modules/basic/sms/aliyun-sms.ts
+1 -1
View File
@@ -1,6 +1,6 @@
import { logger } from '@certd/basic';
import { ISmsService, PluginInputs, SmsPluginCtx } from './api.js';
import { AliyunAccess, AliyunClient } from '@certd/plugin-lib';
import { AliyunAccess, AliyunClient } from '../../../plugins/plugin-lib/aliyun/index.js';
export type AliyunSmsConfig = {
accessId: string;
packages/ui/certd-server/src/modules/basic/sms/tencent-sms.ts
+1 -1
View File
@@ -1,5 +1,5 @@
import { TencentAccess } from '../../../plugins/plugin-lib/tencent/access.js';
import {ISmsService, PluginInputs, SmsPluginCtx} from './api.js';
import {TencentAccess} from "@certd/plugin-lib";
export type TencentSmsConfig = {
accessId: string;
packages/ui/certd-server/src/modules/basic/sms/yfy-sms.ts
+1 -1
View File
@@ -1,6 +1,6 @@
import { http, utils } from '@certd/basic';
import { ISmsService, PluginInputs, SmsPluginCtx } from './api.js';
import { YfySmsAccess } from '@certd/plugin-plus';
import { YfySmsAccess } from '../../../plugins/plugin-plus/yidun/access-sms.js';
export type YfySmsConfig = {
accessId: string;
packages/ui/certd-server/src/plugins/index.ts
+3 -2
View File
@@ -1,5 +1,3 @@
export * from '@certd/plugin-cert';
export * from '@certd/plugin-plus';
export * from './plugin-aliyun/index.js';
export * from './plugin-tencent/index.js';
export * from './plugin-host/index.js';
@@ -43,3 +41,6 @@ export * from './plugin-cmcc/index.js'
export * from './plugin-template/index.js'
export * from './plugin-ucloud/index.js'
export * from './plugin-goedge/index.js'
export * from './plugin-lib/index.js'
export * from './plugin-plus/index.js'
export * from './plugin-cert/index.js'
packages/ui/certd-server/src/plugins/plugin-admin/plugin-db-backup.ts
+3 -2
View File
@@ -2,10 +2,11 @@ import { IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipel
import fs from "fs";
import path from "path";
import dayjs from "dayjs";
import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
import { AbstractPlusTaskPlugin } from "@certd/plugin-lib";
import JSZip from "jszip";
import * as os from "node:os";
import { OssClientContext, ossClientFactory, OssClientRemoveByOpts, SshAccess, SshClient } from "@certd/plugin-lib";
import { OssClientContext, ossClientFactory, OssClientRemoveByOpts} from "../plugin-lib/oss/index.js";
import { SshAccess, SshClient } from "../plugin-lib/ssh/index.js";
import { pipeline } from "stream/promises";
const defaultBackupDir = "certd_backup";
const defaultFilePrefix = "db_backup";
packages/ui/certd-server/src/plugins/plugin-aliyun/dns-provider/aliesa-dns-provider.ts
+1 -1
View File
@@ -1,7 +1,7 @@
import { IAccessService } from '@certd/pipeline';
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { AliesaAccess, AliyunAccess, AliyunClientV2 } from '../../plugin-lib/aliyun/index.js';
import { AliesaAccess, AliyunAccess, AliyunClientV2 } from '@certd/plugin-lib';
@IsDnsProvider({
name: 'aliesa',
packages/ui/certd-server/src/plugins/plugin-aliyun/dns-provider/aliyun-dns-provider.ts
+2 -1
View File
@@ -1,6 +1,7 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { AliyunAccess } from '../../plugin-lib/aliyun/access/aliyun-access.js';
import { AliyunClient } from '../../plugin-lib/aliyun/index.js';
import { AliyunAccess, AliyunClient } from '@certd/plugin-lib';
@IsDnsProvider({
name: 'aliyun',
packages/ui/certd-server/src/plugins/plugin-aliyun/index.ts
+1 -1
View File
@@ -1,2 +1,2 @@
export * from './dns-provider/index.js';
export * from './plugin/index.js';
export * from './plugin/index.js';
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-ack/index.ts
+277
View File
@@ -0,0 +1,277 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { utils } from "@certd/basic";
import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
import { AliyunAccess, AliyunClient } from "../../../plugin-lib/aliyun/index.js";
@IsTaskPlugin({
name: "DeployCertToAliyunAck",
title: "阿里云-部署到Ack",
icon: "svg:icon-aliyun",
desc: "部署到阿里云Ack集群Ingress等通过Secret管理证书的应用",
group: pluginGroups.aliyun.key,
needPlus: false,
input: {},
output: {},
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class DeployCertToAliyunAckPlugin extends AbstractTaskPlugin {
@TaskInput({
title: "域名证书",
helper: "请选择前置任务输出的域名证书",
component: {
name: "output-selector",
from: [...CertApplyPluginNames],
},
required: true,
})
cert!: CertInfo;
@TaskInput({
title: "Access授权",
helper: "阿里云授权AccessKeyId、AccessKeySecret",
component: {
name: "access-selector",
type: "aliyun",
},
required: true,
})
accessId!: string;
@TaskInput({
title: "大区",
component: {
name: "a-auto-complete",
vModel: "value",
options: [
{ value: "cn-qingdao", label: "华北1(青岛)" },
{ value: "cn-beijing", label: "华北2(北京)" },
{ value: "cn-zhangjiakou", label: "华北3(张家口)" },
{ value: "cn-huhehaote", label: "华北5(呼和浩特)" },
{ value: "cn-wulanchabu", label: "华北6(乌兰察布)" },
{ value: "cn-hangzhou", label: "华东1(杭州)" },
{ value: "cn-shanghai", label: "华东2(上海)" },
{ value: "cn-shenzhen", label: "华南1(深圳)" },
{ value: "cn-guangzhou", label: "华南3(广州)" },
{ value: "ap-southeast-2", label: "澳大利亚(悉尼)" },
{ value: "ap-southeast-3", label: "马来西亚(吉隆坡)" },
{ value: "ap-northeast-1", label: "日本(东京)" },
{ value: "cn-chengdu", label: "西南1(成都)" },
{ value: "ap-southeast-1", label: "新加坡" },
{ value: "ap-southeast-5", label: "印度尼西亚(雅加达)" },
{ value: "cn-hongkong", label: "中国香港" },
{ value: "eu-central-1", label: "德国(法兰克福)" },
{ value: "us-east-1", label: "美国(弗吉尼亚)" },
{ value: "us-west-1", label: "美国(硅谷)" },
{ value: "eu-west-1", label: "英国(伦敦)" },
{ value: "me-east-1", label: "阿联酋(迪拜)" },
//金融云
{ value: "cn-beijing-finance-1", label: "华北2 金融云(邀测)" },
{ value: "cn-hangzhou-finance", label: "华东1 金融云" },
{ value: "cn-shanghai-finance-1", label: "华东2 金融云" },
{ value: "cn-shenzhen-finance-1", label: "华南1 金融云" },
],
placeholder: "集群所属大区",
},
required: true,
})
regionId!: string;
@TaskInput({
title: "集群id",
component: {
placeholder: "集群id",
},
required: true,
})
clusterId!: string;
@TaskInput({
title: "保密字典Id",
component: {
placeholder: "保密字典Id",
},
helper: "原本存储证书的secret的name",
required: true,
})
secretName!: string | string[];
@TaskInput({
title: "命名空间",
value: "default",
component: {
placeholder: "命名空间",
},
required: true,
})
namespace = "default";
@TaskInput({
title: "是否私网ip",
value: false,
component: {
name: "a-switch",
vModel: "checked",
placeholder: "集群连接端点是否是私网ip",
},
helper: "如果您当前certd运行在同一个私网下,可以选择是。",
required: true,
})
isPrivateIpAddress!: boolean;
@TaskInput({
title: "忽略证书校验",
required: false,
helper: "是否忽略证书校验",
component: {
name: "a-switch",
vModel: "checked",
},
})
skipTLSVerify!: boolean;
@TaskInput({
title: "Secret自动创建",
helper: "如果Secret不存在,则创建",
value: false,
component: {
name: "a-switch",
vModel: "checked",
},
})
createOnNotFound: boolean;
K8sClient: any;
async onInstance() {
const sdk = await import("@certd/lib-k8s");
this.K8sClient = sdk.K8sClient;
}
async execute(): Promise<void> {
this.logger.info("开始部署证书到阿里云Ack");
const { regionId, clusterId, isPrivateIpAddress, cert } = this;
const access = (await this.getAccess(this.accessId)) as AliyunAccess;
const client = await this.getClient(access, regionId);
const kubeConfigStr = await this.getKubeConfig(client, clusterId, isPrivateIpAddress);
this.logger.info("kubeconfig已成功获取");
const k8sClient = new this.K8sClient({
kubeConfigStr,
logger: this.logger,
skipTLSVerify: this.skipTLSVerify,
});
await this.patchCertSecret({ cert, k8sClient });
await utils.sleep(5000); // 停留5秒,等待secret部署完成
try {
await this.restartIngress({ k8sClient });
} catch (e) {
this.logger.warn(`重启ingress失败:${e.message}`);
}
}
async restartIngress(options: { k8sClient: any }) {
const { k8sClient } = options;
const { namespace } = this;
const body = {
metadata: {
labels: {
certd: this.appendTimeSuffix("certd"),
},
},
};
const ingressList = await k8sClient.getIngressList({ namespace });
this.logger.info("ingressList:", ingressList);
if (!ingressList || !ingressList.items) {
return;
}
const ingressNames = ingressList.items
.filter((item: any) => {
if (!item.spec.tls) {
return false;
}
for (const tls of item.spec.tls) {
if (tls.secretName === this.secretName) {
return true;
}
}
return false;
})
.map((item: any) => {
return item.metadata.name;
});
for (const ingress of ingressNames) {
await k8sClient.patchIngress({ namespace, ingressName: ingress, body, createOnNotFound: this.createOnNotFound });
this.logger.info(`ingress已重启:${ingress}`);
}
}
async patchCertSecret(options: { cert: CertInfo; k8sClient: any }) {
const { cert, k8sClient } = options;
const crt = cert.crt;
const key = cert.key;
const crtBase64 = Buffer.from(crt).toString("base64");
const keyBase64 = Buffer.from(key).toString("base64");
const { namespace, secretName } = this;
const body = {
data: {
"tls.crt": crtBase64,
"tls.key": keyBase64,
},
metadata: {
labels: {
certd: this.appendTimeSuffix("certd"),
},
},
};
let secretNames: any = secretName;
if (typeof secretName === "string") {
secretNames = [secretName];
}
for (const secret of secretNames) {
await k8sClient.patchSecret({ namespace, secretName: secret, body });
this.logger.info(`cert secret已更新: ${secret}`);
}
}
async getClient(aliyunProvider: any, regionId: string) {
const client = new AliyunClient({ logger: this.logger, useROAClient: true });
await client.init({
accessKeyId: aliyunProvider.accessKeyId,
accessKeySecret: aliyunProvider.accessKeySecret,
endpoint: `https://cs.${regionId}.aliyuncs.com`,
apiVersion: "2015-12-15",
});
return client;
}
async getKubeConfig(client: any, clusterId: string, isPrivateIpAddress = false) {
const httpMethod = "GET";
const uriPath = `/k8s/${clusterId}/user_config`;
const queries = {
PrivateIpAddress: isPrivateIpAddress,
TemporaryDurationMinutes: 15,
};
const body = {};
const headers = {
"Content-Type": "application/json",
};
const requestOption = {};
try {
const res = await client.request(httpMethod, uriPath, queries, body, headers, requestOption);
return res.config;
} catch (e) {
console.error("请求出错:", e);
throw e;
}
}
}
new DeployCertToAliyunAckPlugin();
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts
+2 -4
View File
@@ -1,13 +1,11 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
AliyunAccess,
AliyunClient,
AliyunClientV2,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess, AliyunClientV2 } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: "AliyunDeployCertToALB",
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-all/index.ts
+307
View File
@@ -0,0 +1,307 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
@IsTaskPlugin({
name: "AliyunDeployCertToAll",
title: "阿里云-部署至任意云资源",
icon: "svg:icon-aliyun",
group: pluginGroups.aliyun.key,
desc: "【不建议使用】需要消耗阿里云自动部署次数,支持SLB、LIVE、webHosting、VOD、CR、DCDN、DDoS、CDN、ALB、APIGateway、FC、GA、MSE、NLB、OSS、SAE、WAF等云产品",
needPlus: false,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class AliyunDeployCertToAll extends AbstractTaskPlugin {
@TaskInput({
title: "域名证书",
helper: "请选择证书申请任务输出的域名证书\n或者选择前置任务“上传证书到阿里云”任务的证书ID,可以减少上传到阿里云的证书数量",
component: {
name: "output-selector",
from: [...CertApplyPluginNames, "uploadCertToAliyun"],
},
required: true,
})
cert!: CertInfo | number;
@TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
certDomains!: string[];
@TaskInput({
title: "接入点",
helper: "不会选就按默认",
value: "cas.aliyuncs.com",
component: {
name: "a-select",
options: [
{ value: "cas.aliyuncs.com", label: "中国大陆" },
{ value: "cas.ap-southeast-1.aliyuncs.com", label: "新加坡" },
{ value: "cas.eu-central-1.aliyuncs.com", label: "德国(法兰克福)" },
],
},
required: true,
})
endpoint!: string;
@TaskInput({
title: "Access授权",
helper: "阿里云授权AccessKeyId、AccessKeySecret",
component: {
name: "access-selector",
type: "aliyun",
},
required: true,
})
accessId!: string;
/**
* SLB:传统型负载均衡 CLB(仅中国站)
* LIVE:视频直播(仅中国站)
* webHosting:云虚拟主机(仅中国站)
* VOD:视频点播(仅中国站)
* CR:容器镜像服务(仅中国站)
* DCDN:全站加速
* DDoSDDos 防护
* CDN:内容分发网络
* ALB:应用负载均衡
* APIGatewayAPI 网关
* FC:函数计算
* GA:全球加速
* MSE:微服务引擎
* NLB:网络型负载均衡
* OSS:对象存储
* SAEServerless 应用引擎
* WAFWeb 应用防火墙
*/
@TaskInput({
title: "云产品类型",
helper: "请选择云产品类型",
component: {
name: "a-select",
vModel: "value",
options: [
{ value: "SLB", label: "SLB-传统型负载均衡 CLB(仅中国站)" },
{ value: "LIVE", label: "LIVE-视频直播(仅中国站)" },
{ value: "webHosting", label: "webHosting-云虚拟主机(仅中国站)" },
{ value: "VOD", label: "VOD-视频点播(仅中国站)" },
{ value: "CR", label: "CR-容器镜像服务(仅中国站)" },
{ value: "DCDN", label: "DCDN-全站加速" },
{ value: "DDoS", label: "DDos 防护" },
{ value: "CDN", label: "CDN-内容分发网络" },
{ value: "ALB", label: "ALB-应用负载均衡" },
{ value: "APIGateway", label: "APIGateway-API 网关" },
{ value: "FC", label: "FC-函数计算" },
{ value: "GA", label: "GA-全球加速" },
{ value: "MSE", label: "MSE-微服务引擎" },
{ value: "NLB", label: "NLB-网络型负载均衡" },
{ value: "OSS", label: "OSS-对象存储" },
{ value: "SAE", label: "SAE-Serverless应用引擎" },
{ value: "WAF", label: "WAF-Web应用防火墙" },
],
},
required: true,
})
cloudProduct!: string;
@TaskInput(
createRemoteSelectInputDefine({
title: "要部署证书的云产品",
helper: "请选择要部署证书的云产品,注意:新创建的云产品资源可能需要过1-2小时才会在此处显示",
typeName: "AliyunDeployCertToAll",
action: AliyunDeployCertToAll.prototype.onGetProductList.name,
watches: ["cloudProduct", "accessId"],
})
)
productIds!: string[];
@TaskInput(
createRemoteSelectInputDefine({
title: "联系人",
helper: "请选择联系人,如果没有,需要先到[阿里云控制台创建联系人](https://yundun.console.aliyun.com/?p=cas#/informationManagement/person/)",
typeName: "AliyunDeployCertToAll",
action: AliyunDeployCertToAll.prototype.onGetContactList.name,
})
)
contactIds!: string[];
@TaskInput({
title: "检查超时时间",
helper: "检查部署任务超时时间,单位分钟",
value: 10,
component: {
name: "a-input-number",
vModel: "value",
},
required: true,
})
checkTimeout!: number;
async onInstance() {}
async execute(): Promise<void> {
this.logger.info("开始部署证书到阿里云");
const access = await this.getAccess<AliyunAccess>(this.accessId);
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.endpoint,
});
//
let certId: any = this.cert;
if (typeof this.cert === "object") {
certId = await sslClient.uploadCert({
name: this.appendTimeSuffix("certd"),
cert: this.cert,
});
}
const jobId = await this.createDeployJob(sslClient, certId);
await this.updateJobStatus(sslClient, jobId, "scheduling");
this.logger.info("开始检查部署任务执行结果");
const startTime = Date.now();
while (Date.now() < startTime + this.checkTimeout * 60 * 1000) {
this.checkSignal();
await this.ctx.utils.sleep(10000);
let res: any = {};
try {
res = await this.getJobDetail(sslClient, jobId);
} catch (e: any) {
this.logger.error(e);
break;
}
const status = res.Status;
if (status == "success") {
this.logger.info("部署任务执行成功:", status);
return;
} else if (status == "error") {
this.logger.error(`部署任务执行失败,请前往 https://yundun.console.aliyun.com/?p=cas#/deployDetail/user/${jobId} 查看失败原因: `, res);
throw new Error("部署任务执行失败,");
} else {
/**
* pending:待执行
* editing:编辑中
* scheduling:调度中
* processing:部署中
* error:部署失败
* success:部署成功
*/
this.logger.info("部署任务正在执行中: ", status);
}
}
throw new Error("部署任务执行超时,请手动检查任务状态");
}
async updateJobStatus(sslClient: AliyunSslClient, jobId: string, status: string) {
const params = {
JobId: jobId,
Status: status,
};
const requestOption = {
method: "POST",
formatParams: false,
};
const res = await sslClient.doRequest("UpdateDeploymentJobStatus", params, requestOption);
this.logger.info("部署任务开始执行,部署需要时间,RequestId=", res.RequestId);
}
async onGetProductList(data: any) {
if (!this.accessId) {
throw new Error("请选择Access授权");
}
const access = await this.getAccess<AliyunAccess>(this.accessId);
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.endpoint,
});
if (!this.cloudProduct) {
throw new Error("请选择云产品类型");
}
const res = await sslClient.getResourceList({
cloudProduct: this.cloudProduct,
});
if (!res?.Data || res?.Data.length === 0) {
throw new Error("没有找到对应类型的云资源");
}
const options = res.Data.map((item: any) => {
return {
label: `${item.Domain}<${item.Id}>`,
value: item.Id,
title: `${item.CloudProduct}:${item.CertName || "证书未命名"}`,
domain: item.Domain,
};
});
return this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
}
async onGetContactList(data: any) {
if (!this.accessId) {
throw new Error("请选择Access授权");
}
const access = await this.getAccess<AliyunAccess>(this.accessId);
const sslClient = new AliyunSslClient({
access,
logger: this.logger,
endpoint: this.endpoint,
});
const res = await sslClient.getContactList();
/*
"Email": "@qq.com",
"EmailStatus": 0,
"MobileStatus": 0,
"ContactId": 378992,
"Mobile": "",
"Name": ""
*/
if (!res?.ContactList || res?.ContactList.length === 0) {
throw new Error("没有找到联系人");
}
return res.ContactList.map((item: any) => {
return {
label: `${item.Name}<${item.Email}:${item.ContactId}>`,
value: item.ContactId,
};
});
}
async getJobDetail(sslClient: AliyunSslClient, jobId: number) {
const params = {
JobId: jobId,
};
const requestOption = {
method: "POST",
formatParams: false,
};
return await sslClient.doRequest("DescribeDeploymentJob", params, requestOption);
}
private async createDeployJob(sslClient: AliyunSslClient, certId: any) {
const res = await sslClient.createDeploymentJob({
name: "自动部署证书(By Certd)",
jobType: "user",
contactIds: this.contactIds,
resourceIds: this.productIds,
certIds: [certId],
});
const jobId = res.JobId;
this.logger.info("部署任务创建成功: jobId=", jobId);
return jobId;
}
}
new AliyunDeployCertToAll();
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-apig/index.ts
+2 -2
View File
@@ -1,10 +1,10 @@
import {AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
import {
AliyunAccess,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {optionsUtils} from "@certd/basic";
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-apigateway/index.ts
+2 -1
View File
@@ -1,7 +1,8 @@
import {AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
import {AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine} from "@certd/plugin-lib";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine} from "@certd/plugin-lib";
import {CertApplyPluginNames, CertInfo} from '@certd/plugin-cert';
import {optionsUtils} from "@certd/basic";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
@IsTaskPlugin({
name: 'DeployCertToAliyunApiGateway',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-cdn/index.ts
+3 -1
View File
@@ -1,7 +1,9 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { AliyunAccess, AliyunClient, AliyunSslClient, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { optionsUtils } from '@certd/basic';
import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'DeployCertToAliyunCDN',
title: '阿里云-部署证书至CDN',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-dcdn/index.ts
+3 -2
View File
@@ -1,14 +1,15 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import dayjs from 'dayjs';
import {
AliyunAccess,
AliyunClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { CertInfo } from '@certd/plugin-cert';
import { CertApplyPluginNames} from '@certd/plugin-cert';
import { optionsUtils } from "@certd/basic";
import { AliyunClient } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'DeployCertToAliyunDCDN',
title: '阿里云-部署证书至DCDN',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-esa/index.ts
+2 -2
View File
@@ -1,11 +1,11 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
AliyunAccess, AliyunClientV2,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess, AliyunClientV2 } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
@IsTaskPlugin({
name: "AliyunDeployCertToESA",
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts
+2 -1
View File
@@ -1,10 +1,11 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import { AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import fs from "fs";
import path from "path";
import { tmpdir } from "node:os";
import { sp } from "@certd/basic";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToFC',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-nlb/index.ts
+2 -4
View File
@@ -1,14 +1,12 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
import { CertInfo, CertReader } from "@certd/plugin-cert";
import {
AliyunAccess,
AliyunClient,
AliyunClientV2,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { CertApplyPluginNames} from '@certd/plugin-cert';
import { AliyunAccess, AliyunClientV2 } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToNLB',
title: '阿里云-部署至NLB(网络负载均衡)',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-oss/index.ts
+2 -2
View File
@@ -1,7 +1,5 @@
import {AbstractTaskPlugin, IsTaskPlugin, Pager, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
import {
AliyunAccess,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from '@certd/plugin-lib';
@@ -9,6 +7,8 @@ import {CertInfo, CertReader} from '@certd/plugin-cert';
import { CertApplyPluginNames} from '@certd/plugin-cert';
import {optionsUtils} from "@certd/basic";
import {isArray} from "lodash-es";
import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
@IsTaskPlugin({
name: 'DeployCertToAliyunOSS',
title: '阿里云-部署证书至OSS',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-slb/index.ts
+2 -4
View File
@@ -1,14 +1,12 @@
import {AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
import {CertInfo} from '@certd/plugin-cert';
import {
AliyunAccess,
AliyunClient,
AliyunSslClient,
CasCertInfo,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from '@certd/plugin-lib';
import {CertApplyPluginNames} from '@certd/plugin-cert';
import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
import { AliyunClient, AliyunSslClient, CasCertInfo } from '../../../plugin-lib/aliyun/lib/index.js';
@IsTaskPlugin({
name: 'AliyunDeployCertToSLB',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-vod/index.ts
+2 -1
View File
@@ -1,6 +1,7 @@
import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
import { AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
@IsTaskPlugin({
name: "AliyunDeployCertToVod",
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts
+2 -3
View File
@@ -1,12 +1,11 @@
import { AbstractTaskPlugin, IsTaskPlugin, Pager,PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
import {
AliyunAccess,
AliyunClient,
AliyunSslClient,
createCertDomainGetterInputDefine,
createRemoteSelectInputDefine
} from "@certd/plugin-lib";
import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
name: 'AliyunDeployCertToWaf',
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/index.ts
+1
View File
@@ -11,3 +11,4 @@ export * from './deploy-to-esa/index.js';
export * from './deploy-to-vod/index.js';
export * from './deploy-to-apigateway/index.js';
export * from './deploy-to-apig/index.js';
export * from './deploy-to-ack/index.js';
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts
+2 -2
View File
@@ -1,7 +1,7 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
import { AliyunAccess } from '@certd/plugin-lib';
import { AliyunSslClient } from '@certd/plugin-lib';
import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
/**
* 华东1(杭州) cn-hangzhou cas.aliyuncs.com cas-vpc.cn-hangzhou.aliyuncs.com
* 马来西亚(吉隆坡) ap-southeast-3 cas.ap-southeast-3.aliyuncs.com cas-vpc.ap-southeast-3.aliyuncs.com

Some files were not shown because too many files have changed in this diff Show More