perf: 证书申请支持反向代理,letsencrypt无法访问时的备用方案

This commit is contained in:
xiaojunnuo
2024-07-25 10:38:45 +08:00
parent 4060f6ecbc
commit b7b5df0587
6 changed files with 55 additions and 11 deletions
@@ -6,7 +6,7 @@ import { Logger } from "log4js";
import { IContext } from "@certd/pipeline";
import { IDnsProvider } from "../../dns-provider/index.js";
import psl from "psl";
import { ClientExternalAccountBindingOptions } from "@certd/acme-client";
import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
export type CertInfo = {
crt: string;
@@ -14,19 +14,24 @@ export type CertInfo = {
csr: string;
};
export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
type AcmeServiceOptions = {
userContext: IContext;
logger: Logger;
sslProvider: SSLProvider;
eab?: ClientExternalAccountBindingOptions;
skipLocalVerify?: boolean;
useMappingProxy?: boolean;
};
export class AcmeService {
options: AcmeServiceOptions;
userContext: IContext;
logger: Logger;
sslProvider: SSLProvider;
skipLocalVerify = true;
eab?: ClientExternalAccountBindingOptions;
constructor(options: {
userContext: IContext;
logger: Logger;
sslProvider: SSLProvider;
eab?: ClientExternalAccountBindingOptions;
skipLocalVerify?: boolean;
}) {
constructor(options: AcmeServiceOptions) {
this.options = options;
this.userContext = options.userContext;
this.logger = options.logger;
this.sslProvider = options.sslProvider || "letsencrypt";
@@ -61,6 +66,13 @@ export class AcmeService {
} else {
directoryUrl = acme.directory[this.sslProvider].production;
}
const urlMapping: UrlMapping = { enabled: false, mappings: {} };
if (this.options.useMappingProxy) {
urlMapping.enabled = true;
urlMapping.mappings = {
"acme-v02.api.letsencrypt.org": "letsencrypt-proxy.handsfree.work",
};
}
const client = new acme.Client({
directoryUrl: directoryUrl,
accountKey: conf.key,
@@ -69,6 +81,7 @@ export class AcmeService {
backoffAttempts: 30,
backoffMin: 5000,
backoffMax: 10000,
urlMapping,
});
if (conf.accountUrl == null) {
@@ -80,6 +80,17 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
})
dnsProviderAccess!: string;
@TaskInput({
title: "使用代理",
default: false,
component: {
name: "a-switch",
vModel: "checked",
},
helper: "如果acme-v02.api.letsencrypt.org被墙无法连接访问,请尝试开启此选项",
})
useProxy = false;
@TaskInput({
title: "跳过本地校验DNS",
default: false,
@@ -104,6 +115,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
sslProvider: this.sslProvider,
eab,
skipLocalVerify: this.skipLocalVerify,
useMappingProxy: this.useProxy,
});
}