lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-23 11:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

perf: 支持一键安装脚本

Browse Source
This commit is contained in:
xiaojunnuo
2026-04-23 01:03:54 +08:00
parent ef7d1d9327
commit dc969dd7ed
19 changed files with 709 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -1
View File
@@ -95,7 +95,15 @@ https://certd.handfree.work/
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 DockerCertd):
```bash
curl -fsSL https://raw.atomgit.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
#### Docker镜像说明:
* 国内镜像地址:
docker/run/install.sh
+354
View File
@@ -0,0 +1,354 @@
#!/bin/bash
set -e
CERTD_VERSION="${CERTD_VERSION:-latest}"
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
COMPOSE_FILE_URL="https://raw.atomgit.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
DOCKER_MIRROR="https://mirrors.aliyun.com"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
check_command() {
command -v "$1" >/dev/null 2>&1
}
get_local_ip() {
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
fi
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP="127.0.0.1"
fi
echo "$LOCAL_IP"
}
get_public_ip() {
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
fi
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=""
fi
echo "$PUBLIC_IP"
}
show_access_urls() {
LOCAL_IP=$(get_local_ip)
PUBLIC_IP=$(get_public_ip)
echo ""
echo "=========================================="
log_info "安装完成!"
echo "=========================================="
echo ""
echo "访问地址:"
if [ -n "$PUBLIC_IP" ]; then
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
fi
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
echo ""
echo "配置文件: $COMPOSE_FILE"
echo ""
echo "常用命令:"
echo " cd $INSTALL_DIR"
echo " docker compose logs -f # 查看日志"
echo " docker compose restart # 重启服务"
echo " docker compose down # 停止服务"
echo ""
}
detect_os() {
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
VER=$VERSION_ID
elif [ -f /etc/centos-release ]; then
OS="centos"
elif [ -f /etc/redhat-release ]; then
OS="rhel"
else
OS="unknown"
fi
}
check_docker() {
if check_command docker; then
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker 已安装: $DOCKER_VERSION"
return 0
else
log_warn "Docker 未安装"
return 1
fi
}
check_docker_compose() {
if check_command docker-compose; then
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
return 0
elif docker compose version >/dev/null 2>&1; then
log_info "Docker Compose (插件版) 已安装"
return 0
else
log_warn "Docker Compose 未安装"
return 1
fi
}
install_docker_ubuntu() {
log_info "正在安装 Docker (Ubuntu/Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_centos() {
log_info "正在安装 Docker (CentOS/RHEL)..."
yum install -y yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_dockerrocky() {
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
dnf install -y yum-utils
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_debian() {
log_info "正在安装 Docker (Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg2
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker() {
detect_os
log_info "检测到操作系统: $OS"
case $OS in
ubuntu)
install_docker_ubuntu
;;
debian)
install_docker_debian
;;
centos)
install_docker_centos
;;
rhel|rocky|almalinux)
install_dockerrocky
;;
*)
log_error "不支持的操作系统: $OS"
log_info "请手动安装 Docker"
exit 1
;;
esac
}
install_docker_compose_standalone() {
log_info "正在安装 Docker Compose (独立版本)..."
COMPOSE_URLS=(
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
)
for url in "${COMPOSE_URLS[@]}"; do
log_info "尝试从: $url"
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
chmod +x /usr/local/bin/docker-compose
log_info "Docker Compose 安装完成"
return 0
fi
log_warn "下载失败,尝试下一个源..."
done
log_error "Docker Compose 安装失败"
return 1
}
install_docker_compose() {
if check_command docker && docker compose version >/dev/null 2>&1; then
log_info "Docker Compose 插件已可用"
return 0
fi
if check_command docker-compose; then
log_info "Docker Compose 独立版本已安装"
return 0
fi
install_docker_compose_standalone
}
download_compose_file() {
log_info "正在下载 docker-compose.yaml..."
mkdir -p "$INSTALL_DIR"
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
if [ "$CERTD_VERSION" != "latest" ]; then
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
log_info "已修改镜像版本为: $CERTD_VERSION"
fi
else
log_error "下载失败,请检查网络连接"
exit 1
fi
}
start_certd() {
log_info "正在启动 Certd 容器..."
cd "$INSTALL_DIR"
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
log_info "Certd 启动成功!"
elif docker-compose -f "$COMPOSE_FILE" up -d; then
log_info "Certd 启动成功!"
fi
sleep 2
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
}
show_usage() {
echo "用法: $0 [选项]"
echo ""
echo "选项:"
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
echo " -h, --help 显示帮助信息"
echo ""
echo "示例:"
echo " $0 # 使用默认配置安装"
echo " $0 -v 1.29.0 # 安装指定版本"
echo " $0 -p /data/certd # 安装到指定目录"
}
main() {
echo "=========================================="
echo " Certd 一键安装脚本"
echo "=========================================="
echo ""
while [[ $# -gt 0 ]]; do
case $1 in
-v|--version)
CERTD_VERSION="$2"
shift 2
;;
-p|--path)
INSTALL_DIR="$2"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
shift 2
;;
-h|--help)
show_usage
exit 0
;;
*)
log_error "未知选项: $1"
show_usage
exit 1
;;
esac
done
log_info "Certd 版本: $CERTD_VERSION"
log_info "安装路径: $INSTALL_DIR"
echo ""
DOCKER_INSTALLED=true
COMPOSE_INSTALLED=true
if ! check_docker; then
DOCKER_INSTALLED=false
echo ""
read -p "是否安装 Docker? (y/n): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
install_docker
else
log_error "Docker 是必需组件,脚本退出"
exit 1
fi
fi
if ! check_docker_compose; then
COMPOSE_INSTALLED=false
echo ""
read -p "是否安装 Docker Compose? (y/n): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
install_docker_compose
else
log_error "Docker Compose 是必需组件,脚本退出"
exit 1
fi
fi
download_compose_file
start_certd
show_access_urls
}
main "$@"
docs/guide/install/docker/index.md
+14 -1
View File
@@ -1,6 +1,19 @@
# Docker方式部署
## 一、安装
## 一、 一键脚本安装(推荐)
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
```bash
curl -fsSL https://raw.atomgit.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
> 如需指定版本,可使用参数:`-v 1.29.0`
> 如需指定数据保存路径,可使用参数:`-p /data/certd`
## 二、手动安装
### 1. 环境准备
docs/guide/plugins/access.md
+42 -39
View File
@@ -36,45 +36,48 @@
| 32.| **Gcore** | Gcore |
| 33.| **Github授权** | |
| 34.| **godaddy授权** | |
| 35.| **金山云授权** | |
| 36.| **FTP授权** | |
| 37.| **七牛OSS授权** | |
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 39.| **s3/minio授权** | S3/minio oss授权 |
| 40.| **namesilo授权** | |
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 42.| **1panel授权** | 账号和密码 |
| 43.| **支付宝** | |
| 44.| **白山云授权** | |
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 46.| **cdnfly授权** | |
| 47.| **k8s授权** | |
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 49.| **LeCDN授权** | |
| 50.| **lucky** | |
| 51.| **猫云授权** | |
| 52.| **plesk授权** | |
| 53.| **长亭雷池授权** | |
| 54.| **群晖登录授权** | |
| 55.| **uniCloud** | unicloud授权 |
| 56.| **微信支付** | |
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 58.| **易发云短信** | sms.yfyidc.cn/ |
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 60.| **易支付** | |
| 61.| **proxmox** | |
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 63.| **UCloud授权** | 优刻得授权 |
| 64.| **又拍云** | |
| 65.| **网宿授权** | |
| 66.| **西部数码授权** | |
| 67.| **我爱云授权** | 我爱云CDN |
| 68.| **新网授权(代理方式)** | |
| 69.| **新网授权** | |
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 71.| **Zenlayer授权** | Zenlayer授权 |
| 72.| **GoEdge授权** | |
| 73.| **雨云授权** | https://app.rainyun.com/ |
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
| 36.| **金山云授权** | |
| 37.| **FTP授权** | |
| 38.| **七牛OSS授权** | |
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 40.| **s3/minio授权** | S3/minio oss授权 |
| 41.| **namesilo授权** | |
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
| 44.| **1panel授权** | 账号和密码 |
| 45.| **支付宝** | |
| 46.| **白山云授权** | |
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 48.| **cdnfly授权** | |
| 49.| **k8s授权** | |
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 51.| **LeCDN授权** | |
| 52.| **lucky** | |
| 53.| **猫云授权** | |
| 54.| **plesk授权** | |
| 55.| **长亭雷池授权** | |
| 56.| **群晖登录授权** | |
| 57.| **uniCloud** | unicloud授权 |
| 58.| **微信支付** | |
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 60.| **易发云短信** | sms.yfyidc.cn/ |
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 62.| **易支付** | |
| 63.| **proxmox** | |
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
| 66.| **UCloud授权** | 优刻得授权 |
| 67.| **又拍云** | |
| 68.| **网宿授权** | |
| 69.| **西部数码授权** | |
| 70.| **我爱云授权** | 我爱云CDN |
| 71.| **新网授权(代理方式)** | |
| 72.| **新网授权** | |
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 74.| **Zenlayer授权** | Zenlayer授权 |
| 75.| **GoEdge授权** | |
| 76.| **雨云授权** | https://app.rainyun.com/ |
<style module>
table th:first-of-type {
docs/guide/plugins/deploy.md
+21 -20
View File
@@ -1,5 +1,5 @@
# 任务插件
`129` 款任务插件
`130` 款任务插件
## 1. 证书申请
| 序号 | 名称 | 说明 |
@@ -58,25 +58,26 @@
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
| 4.| **飞牛NAS-部署证书** | |
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 16.| **lucky-更新Lucky证书** | |
| 17.| **Plesk-部署Plesk网站证书** | |
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书 |
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 23.| **Proxmox-上传证书到Proxmox** | |
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 17.| **lucky-更新Lucky证书** | |
| 18.| **Plesk-部署Plesk网站证书** | |
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 24.| **Proxmox-上传证书到Proxmox** | |
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
## 5. 阿里云
| 序号 | 名称 | 说明 |
docs/guide/plugins/dns-provider.md
+13 -11
View File
@@ -13,17 +13,19 @@
| 9.| **cloudflare** | cloudflare dns provider |
| 10.| **dns.la** | dns.la |
| 11.| **godaddy** | GoDaddy |
| 12.| **华为云** | 华为云DNS解析提供商 |
| 13.| **namesilo** | namesilo dns provider |
| 14.| **雨云** | 雨云DNS解析提供商 |
| 15.| **腾讯** | 腾讯云域名DNS解析提供 |
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 17.| **西部数码** | west dns provider |
| 18.| **Dns提供商Demo** | dns provider示例 |
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
| 20.| **Spaceship** | Spaceship 域名解析 |
| 21.| **51dns** | 51DNS |
| 22.| **新网互联** | 新网互联 |
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
| 13.| **华为云** | 华为云DNS解析提供商 |
| 14.| **namesilo** | namesilo dns provider |
| 15.| **** | 雨云DNS解析提供 |
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 19.| **西部数码** | west dns provider |
| 20.| **Dns提供商Demo** | dns provider示例 |
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
| 22.| **Spaceship** | Spaceship 域名解析 |
| 23.| **51dns** | 51DNS |
| 24.| **新网互联** | 新网互联 |
<style module>
table th:first-of-type {
packages/core/pipeline/src/access/api.ts
+4
View File
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
}
throw new Error(`action ${req.action} not found`);
}
normalizeEndpoint(endpoint: string) {
return endpoint.replace(/\/$/, "");
}
}
packages/ui/certd-server/metadata/access_apisix.yaml
+12
View File
@@ -17,6 +17,18 @@ input:
apiKey
required: true
encrypt: true
version:
title: 版本
component:
name: a-select
options:
- label: v3.x
value: '3'
- label: v2.x
value: '2'
helper: apisix系统的版本
value: '3'
required: true
testRequest:
title: 测试
component:
packages/ui/certd-server/metadata/access_hipmdnsmgr.yaml
+27
View File
@@ -0,0 +1,27 @@
name: hipmdnsmgr
title: HiPM DNSMgr
icon: svg:icon-dns
desc: HiPM DNSMgr API Token 授权
input:
endpoint:
title: 服务器地址
component:
name: a-input
allowClear: true
placeholder: http://localhost:3001
required: true
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
apiToken:
title: API Token
required: true
encrypt: true
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
testRequest:
title: 测试连接
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
packages/ui/certd-server/metadata/access_nginxProxyManager.yaml
+53
View File
@@ -0,0 +1,53 @@
name: nginxProxyManager
title: Nginx Proxy Manager 授权
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
icon: logos:nginx
input:
endpoint:
title: NPM 地址
component:
name: a-input
allowClear: true
placeholder: https://npm.example.com
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
required: true
email:
title: 邮箱
component:
name: a-input
allowClear: true
placeholder: admin@example.com
required: true
password:
title: 密码
component:
name: a-input-password
allowClear: true
placeholder: 请输入密码
required: true
encrypt: true
totpSecret:
title: TOTP 密钥
component:
name: a-input-password
allowClear: true
placeholder: Optional base32 TOTP secret
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
required: false
encrypt: true
ignoreTls:
title: 忽略无效 TLS
component:
name: a-switch
vModel: checked
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
required: false
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 测试登录并拉取代理主机列表。
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
packages/ui/certd-server/metadata/access_ssh.yaml
+2 -2
View File
@@ -62,8 +62,8 @@ input:
pty:
title: 伪终端
helper: >-
如果登录报错:all authentication methods
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
如果登录报错:all authentication methods failed / unable to
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
开启后对日志输出有一定的影响
component:
packages/ui/certd-server/metadata/access_technitium.yaml
+38
View File
@@ -0,0 +1,38 @@
name: technitium
title: Technitium DNS Server
icon: clarity:server-line
desc: Technitium DNS Server 自建DNS服务器授权
input:
apiUrl:
title: API地址
value: http://localhost:5380
component:
name: a-input
allowClear: true
placeholder: http://localhost:5380
required: true
username:
title: 用户名
component:
name: a-input
allowClear: true
placeholder: admin
required: false
password:
title: 密码
component:
name: a-input
type: password
allowClear: true
placeholder: 密码
required: false
encrypt: true
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-technitium/access.js
packages/ui/certd-server/metadata/deploy_NginxProxyManagerDeploy.yaml
+71
View File
@@ -0,0 +1,71 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: NginxProxyManagerDeploy
title: Nginx Proxy Manager-部署到主机
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
icon: logos:nginx
group: panel
input:
cert:
title: 域名证书
helper: 请选择前置任务产出的证书。
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 证书域名
component:
name: cert-domains-getter
required: false
order: 0
accessId:
title: NPM授权
component:
name: access-selector
type: nginxProxyManager
helper: 选择用于部署的 Nginx Proxy Manager 授权。
required: true
order: 0
proxyHostIds:
title: 代理主机
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetProxyHostOptions
search: true
pager: false
multi: true
watches:
- certDomains
- accessId
helper: 选择要绑定此证书的一个或多个代理主机。
required: true
order: 0
certificateLabel:
title: 证书标识
component:
name: a-input
allowClear: true
placeholder: certd_npm_example_com
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
required: false
order: 0
cleanupMatchingCertificates:
title: 自动清理未使用证书
component:
name: a-switch
vModel: checked
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
required: false
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
packages/ui/certd-server/metadata/dnsProvider_hipmdnsmgr.yaml
+8
View File
@@ -0,0 +1,8 @@
name: hipmdnsmgr
title: HiPM DNSMgr
desc: HiPM DNSMgr DNS 解析提供商
accessType: hipmdnsmgr
icon: svg:icon-dns
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
packages/ui/certd-server/metadata/dnsProvider_technitium.yaml
+9
View File
@@ -0,0 +1,9 @@
name: technitium
title: Technitium DNS Server
desc: Technitium DNS Server 自建DNS服务器
icon: clarity:server-line
accessType: technitium
order: 10
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
packages/ui/certd-server/src/plugins/plugin-next-terminal/access.ts
+3 -3
View File
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
'Content-Type': 'application/json',
};
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
const baseUrl = this.normalizeEndpoint(this.baseUrl);
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
const resp = await this.ctx.http.request({
url: req.url,
baseURL: this.baseUrl,
baseURL: baseUrl,
method: req.method,
headers,
params: req.params,
packages/ui/certd-server/src/plugins/plugin-nginx-proxy-manager/access.ts
+24 -24
View File
@@ -29,25 +29,6 @@ interface TokenResponse {
challenge_token?: string;
}
function normalizeEndpoint(endpoint: string): string {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
function describeError(error: unknown, action: string): Error {
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
@IsAccess({
name: "nginxProxyManager",
title: "Nginx Proxy Manager 授权",
@@ -127,8 +108,27 @@ export class NginxProxyManagerAccess extends BaseAccess {
private token: string | undefined;
private tokenPromise: Promise<string> | undefined;
normalizeEndpoint(endpoint: string): string {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
private describeError(error: unknown, action: string): Error {
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
private get apiBaseUrl(): string {
const endpoint = normalizeEndpoint(this.endpoint);
const endpoint = this.normalizeEndpoint(this.endpoint);
return `${endpoint}/api`;
}
@@ -167,7 +167,7 @@ export class NginxProxyManagerAccess extends BaseAccess {
url: "/nginx/certificates",
params: {
...(searchQuery ? { query: searchQuery } : {}),
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
},
});
}
@@ -286,7 +286,7 @@ export class NginxProxyManagerAccess extends BaseAccess {
try {
code = authenticator.generate(this.totpSecret);
} catch (error) {
throw describeError(error, "Generating TOTP code");
throw this.describeError(error, "Generating TOTP code");
}
const completedLogin = await this.request<TokenResponse>({
@@ -344,9 +344,9 @@ export class NginxProxyManagerAccess extends BaseAccess {
rejectUnauthorized: false
} : undefined,
});
return response.data;
return response;
} catch (error) {
throw describeError(error, action);
throw this.describeError(error, action);
}
}
packages/ui/certd-server/src/plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.ts
+2 -9
View File
@@ -5,7 +5,7 @@ import {
RunStrategy,
TaskInput,
} from "@certd/pipeline";
import { CertInfo, CertReader } from "@certd/plugin-cert";
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
interface ProxyHostOption {
@@ -38,13 +38,7 @@ export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
})
cert!: CertInfo;
@TaskInput({
title: "证书域名",
component: {
name: "cert-domains-getter",
},
required: false,
})
@TaskInput(createCertDomainGetterInputDefine())
certDomains!: string[];
@TaskInput({
@@ -297,7 +291,6 @@ export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
"dead_hosts",
"streams",
]);
const candidates = certificates.filter((certificate) => {
return certificate.id !== currentCertificateId;
});
packages/ui/certd-server/src/plugins/plugin-technitium/access.ts
+3
View File
@@ -124,6 +124,9 @@ export class TechnitiumAccess extends BaseAccess {
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
const pager = new Pager(req);
// 规范API地址
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
// 构建API URL
const apiUrl = `${this.apiUrl}/api/zones/list`;