perf: 支持同时监听https端口，7002

2026-04-19 17:30:52 +08:00 · 2024-10-26 16:36:57 +08:00
parent 4b09a0a27f
commit d5a17f9e6a
7 changed files with 132 additions and 3 deletions
--- a/packages/ui/certd-server/src/modules/auto/https/self-certificate.ts
+++ b/packages/ui/certd-server/src/modules/auto/https/self-certificate.ts
@@ -0,0 +1,44 @@
+import { logger } from '@certd/pipeline';
+import fs from 'fs';
+// @ts-ignore
+import forge from 'node-forge';
+
+export function createSelfCertificate(opts: { crtPath: string; keyPath: string }) {
+  // 生成密钥对
+  const keypair = forge.pki.rsa.generateKeyPair(2048);
+
+  // 创建自签名证书
+  const cert = forge.pki.createCertificate();
+  cert.publicKey = keypair.publicKey;
+  cert.serialNumber = '01';
+  cert.validFrom = new Date(Date.now() - 1000 * 60 * 60 * 24).toISOString(); // 1天前
+  cert.validTo = new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10).toISOString(); // 10年后
+  // 创建主题
+  const attrs = [
+    {
+      name: 'commonName',
+      value: 'self-certificate.certd', // 或者你的域名
+    },
+  ];
+  cert.setSubject(attrs);
+  cert.setIssuer(attrs);
+  cert.sign(keypair.privateKey, forge.md.sha256.create());
+
+  // 导出证书和私钥
+  const pemCert = forge.pki.certificateToPem(cert);
+  const pemKey = forge.pki.privateKeyToPem(keypair.privateKey);
+
+  // 写入文件
+  logger.info('生成自签名证书成功');
+  logger.info(`自签证书保存路径: ${opts.crtPath}`);
+  logger.info(`自签私钥保存路径: ${opts.keyPath}`);
+  fs.writeFileSync(opts.crtPath, pemCert);
+  fs.writeFileSync(opts.keyPath, pemKey);
+
+  return {
+    crtPath: opts.crtPath,
+    keyPath: opts.keyPath,
+    crt: pemCert,
+    key: pemKey,
+  };
+}
--- a/packages/ui/certd-server/src/modules/auto/https/server.ts
+++ b/packages/ui/certd-server/src/modules/auto/https/server.ts
@@ -0,0 +1,52 @@
+import https from 'node:https';
+import fs from 'fs';
+import { Application } from '@midwayjs/koa';
+import { createSelfCertificate } from './self-certificate.js';
+import { logger } from '@certd/pipeline';
+
+export type HttpsServerOptions = {
+  enabled: boolean;
+  app?: Application;
+  port: number;
+  key: string;
+  cert: string;
+};
+
+export async function startHttpsServer(opts: HttpsServerOptions) {
+  // const httpsServer = https.createServer({
+  //   key: fs.readFileSync(path.join(__dirname, '../ssl/2_certd.cn.key')),
+  //   cert
+
+  if (!opts.key || !opts.cert) {
+    logger.error('证书路径未配置，无法启动https服务，请先配置：koa.https.key和koa.https.cert');
+    return;
+  }
+
+  if (!fs.existsSync(opts.key) || !fs.existsSync(opts.cert)) {
+    logger.info('证书文件不存在,将生成自签名证书');
+    createSelfCertificate({
+      crtPath: opts.cert,
+      keyPath: opts.key,
+    });
+  }
+  logger.info('准备启动https服务');
+  const httpServer = https.createServer(
+    {
+      cert: fs.readFileSync(opts.cert),
+      key: fs.readFileSync(opts.key),
+    },
+    opts.app.callback()
+  );
+  const hostname = '0.0.0.0';
+  // A function that runs in the context of the http server
+  // and reports what type of server listens on which port
+  function listeningReporter() {
+    // `this` refers to the http server here
+    logger.info(`Https server is listening on https://${hostname}:${opts.port}`);
+  }
+  try {
+    httpServer.listen(opts.port, hostname, listeningReporter);
+  } catch (e) {
+    logger.error('启动https服务失败', e);
+  }
+}