v1.22.4

.github/workflows/build-image.yml

@@ -50,8 +50,9 @@ jobs:
       - name: Build and push
         uses: docker/build-push-action@v6.5.0
         with:
-#          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64,linux/arm64
           push: true
           context: ./packages/ui/
           tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
             registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}

CHANGELOG.md

@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/certd/certd/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+* 支持arm64 ([fa14f87](https://github.com/certd/certd/commit/fa14f87a8093ef3addc5e5f3315ce1bfc9982782))
+
 ## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
 
 ### Bug Fixes

README.md

@@ -8,17 +8,14 @@ CertD 是一个免费全自动申请和自动部署更新SSL证书的工具。
 ## 一、特性
 本项目不仅支持证书申请过程自动化，还可以自动化部署更新证书，让你的证书永不过期。     
 
-* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare注册的域名）
-* 全自动部署更新证书（目前支持服务器上传部署、部署到阿里云、腾讯云等）
-* 支持通配符域名
-* 支持多个域名打到一个证书上
+* 全自动申请证书（支持阿里云、腾讯云、华为云、Cloudflare等各种途径注册的域名）
+* 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等）
+* 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 证书自动更新
-* 私有化部署，安全
+* 私有化部署，保障安全
 * 免费、免费、免费（[阿里云单个通配符域名证书最便宜也要1800/年](https://yundun.console.aliyun.com/?p=cas#/certExtend/buy/cn-hangzhou)）
 
 
-
 ## 二、在线体验
 
 官方Demo地址，自助注册后体验    
@@ -41,7 +38,9 @@ https://certd.handsfree.work/
 -------> [点我查看详细使用步骤演示](./step.md)   <--------      
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
 
-## 四、本地docker部署
+## 四、私有化部署
+
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
 
 ### 1. 安装docker、docker-compose
 
@@ -50,14 +49,16 @@ https://certd.handsfree.work/
 * 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
   
 
-1.2 安装docker    
-https://docs.docker.com/engine/install/
-选择对应的操作系统，按照官方文档执行命令即可
+1.2 安装docker      
 
+https://docs.docker.com/engine/install/   
+选择对应的操作系统，按照官方文档执行命令即可   
 
 ### 2. 运行certd
 
-[docker-compose.yaml下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
+
+当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
 
 ```bash
 # 随便创建一个目录
@@ -77,10 +78,18 @@ vi docker-compose.yaml # 【可选】
 docker compose up -d
 
 ```
-当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
+> 如果提示 没有compose命令,请安装docker-compose   
+> https://docs.docker.com/compose/install/linux/
+
+#### 镜像说明：
+* certd镜像地址:
+  * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
+
+* 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
+  * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
+
+![](./doc/images/action-build.jpg)
 
-如果提示 没有compose命令,请安装docker-compose   
-https://docs.docker.com/compose/install/linux/
 
 ### 3. 访问
 
@@ -89,14 +98,22 @@ http://your_server_ip:7001
 记得修改密码   
 
 
-### 4. 升级
+## 五、 升级
+如果使用固定版本号
+1. 修改`docker-compose.yaml`中的镜像版本号
+2. 运行 `docker compose up -d` 即可
 
-* 修改`docker-compose.yaml`中的镜像版本号
-* 重新运行 `docker compose up -d` 即可
-* 数据存在`/data/certd`目录下，不用担心数据丢失
+如果使用`latest`版本
+1. 重新拉取镜像 `docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` 
+2. 重新启动容器 `docker compose restart`
+
+> 数据默认存在`/data/certd`目录下，不用担心数据丢失   
 
 
-## 五、一些说明
+更新日志： [CHANGELOG](./CHANGELOG.md)
+
+
+## 六、一些说明
 * 本项目ssl证书提供商为letencrypt
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
@@ -108,14 +125,15 @@ http://your_server_ip:7001
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署
 
-## 六、不同平台的设置说明
+
+## 七、不同平台的设置说明
 
 * [Cloudflare](./doc/cf/cf.md)
 * [腾讯云](./doc/tencent/tencent.md)
 * [windows主机](./doc/host/host.md)
 
 
-## 七、问题处理
+## 八、问题处理
 ### 7.1 忘记管理员密码   
 解决方法如下：
 1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPassword`改为`true`
@@ -138,7 +156,7 @@ docker compose up -d
 ```
 5. 使用`admin/123456`登录系统，请及时修改管理员密码
 
-## 八、联系作者
+## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
 * QQ群：141236433
 * 微信群：   
@@ -150,7 +168,7 @@ docker compose up -d
 <img height="230" src="./doc/images/me.png">
 </p>
 
-## 九、捐赠
+## 十、捐赠
 媳妇儿说：“一天到晚搞开源，也不管管老婆孩子！😡😡😡”        
 拜托各位捐赠支持一下，让媳妇儿开心开心，我也能有更多时间进行开源项目，感谢🙏🙏🙏
 <p align="center">
@@ -158,16 +176,20 @@ docker compose up -d
 </p>
 
 
-## 十、贡献代码
+## 十一、贡献代码
 
 [贡献插件教程](./plugin.md)
 
 
-## 十一、我的其他项目（求Star）
+## 十二、我的其他项目（求Star）
 * [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
 * [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
 * [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
 
 
-## 十二、版本更新日志
-https://github.com/certd/certd/blob/v2/CHANGELOG.md
+
+## 十三、更新日志
+
+更新日志：[CHANGELOG](./CHANGELOG.md)
+
+

build.trigger

@@ -1 +1 @@
-4
+7

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.22.3"
+  "version": "1.22.4"
 }

package.json

@@ -12,7 +12,7 @@
   "scripts": {
     "start": "lerna bootstrap --hoist",
     "i-all": "lerna link && lerna exec npm install  ",
-    "publish": "npm run prepublishOnly1  && lerna publish --conventional-commits --create-release github && npm run afterpublishOnly && npm run deploy1",
+    "publish": "npm run prepublishOnly1  && lerna publish --conventional-commits --create-release github && npm run afterpublishOnly",
     "afterpublishOnly": "",
     "prepublishOnly1": "npm run check && npm run before-build && lerna run build ",
     "before-build": "cd ./packages/core/acme-client && time /t >build.md && git add ./build.md && git commit -m \"build: prepare to build\"",

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.4](https://github.com/publishlab/node-acme-client/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/publishlab/node-acme-client/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+
 ## [1.22.3](https://github.com/publishlab/node-acme-client/compare/v1.22.2...v1.22.3) (2024-07-25)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/build.md

@@ -1 +1 @@
-22:32
+20:55

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.22.3",
+    "version": "1.22.4",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",

packages/core/acme-client/src/client.js

@@ -100,7 +100,7 @@ class AcmeClient {
             max: this.opts.backoffMax,
         };
 
-        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding);
+        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding, this.opts.urlMapping);
         this.api = new AcmeApi(this.http, this.opts.accountUrl);
     }
 

packages/core/acme-client/src/http.js

@@ -12,10 +12,11 @@ const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
 let httpsAgent = null;
 if (httpsProxy) {
     httpsAgent = new HttpsProxyAgent(httpsProxy);
+    log(`use https_proxy:${httpsProxy}`);
 }
 const axios = axios1.create({
     proxy: false,
-    httpsAgent
+    httpsAgent,
 });
 
 /**
@@ -30,7 +31,7 @@ const axios = axios1.create({
  */
 
 class HttpClient {
-    constructor(directoryUrl, accountKey, externalAccountBinding = {}) {
+    constructor(directoryUrl, accountKey, externalAccountBinding = {}, urlMapping = {}) {
         this.directoryUrl = directoryUrl;
         this.accountKey = accountKey;
         this.externalAccountBinding = externalAccountBinding;
@@ -41,6 +42,7 @@ class HttpClient {
         this.directoryCache = null;
         this.directoryMaxAge = 86400;
         this.directoryTimestamp = 0;
+        this.urlMapping = urlMapping;
     }
 
     /**
@@ -53,6 +55,16 @@ class HttpClient {
      */
 
     async request(url, method, opts = {}) {
+        if (this.urlMapping && this.urlMapping.enabled === true && this.urlMapping.mappings) {
+            // eslint-disable-next-line no-restricted-syntax
+            for (const key in this.urlMapping.mappings) {
+                if (url.includes(key)) {
+                    const newUrl = url.replace(key, this.urlMapping.mappings[key]);
+                    log(`use reverse proxy: ${newUrl}`);
+                    url = newUrl;
+                }
+            }
+        }
         opts.url = url;
         opts.method = method;
         opts.validateStatus = null;

packages/core/acme-client/tsconfig.json

@@ -1,4 +1,5 @@
 {
+    "compileOnSave": false,
     "compilerOptions": {
         "module": "commonjs",
         "lib": ["es6"],

packages/core/acme-client/types/index.d.ts

@@ -27,6 +27,11 @@ export interface Authorization extends rfc8555.Authorization {
     url: string;
 }
 
+export type UrlMapping={
+    enabled: boolean
+    mappings: Record<string, string>
+}
+
 /**
  * Client
  */
@@ -39,6 +44,7 @@ export interface ClientOptions {
     backoffAttempts?: number;
     backoffMin?: number;
     backoffMax?: number;
+    urlMapping?: UrlMapping;
 }
 
 export interface ClientExternalAccountBindingOptions {

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+### Performance Improvements
+
+* 证书申请支持反向代理，letsencrypt无法访问时的备用方案 ([b7b5df0](https://github.com/certd/certd/commit/b7b5df0587e0f7ea288c1b2af6f87211f207395f))
+
 ## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
 
 **Note:** Version bump only for package @certd/plugin-cert

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.22.3",
+  "version": "1.22.4",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -13,7 +13,7 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.22.3",
+    "@certd/acme-client": "^1.22.4",
     "@certd/pipeline": "^1.22.3",
     "jszip": "^3.10.1",
     "node-forge": "^0.10.0",

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -6,7 +6,7 @@ import { Logger } from "log4js";
 import { IContext } from "@certd/pipeline";
 import { IDnsProvider } from "../../dns-provider/index.js";
 import psl from "psl";
-import { ClientExternalAccountBindingOptions } from "@certd/acme-client";
+import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
 
 export type CertInfo = {
   crt: string;
@@ -14,19 +14,24 @@ export type CertInfo = {
   csr: string;
 };
 export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
+type AcmeServiceOptions = {
+  userContext: IContext;
+  logger: Logger;
+  sslProvider: SSLProvider;
+  eab?: ClientExternalAccountBindingOptions;
+  skipLocalVerify?: boolean;
+  useMappingProxy?: boolean;
+};
+
 export class AcmeService {
+  options: AcmeServiceOptions;
   userContext: IContext;
   logger: Logger;
   sslProvider: SSLProvider;
   skipLocalVerify = true;
   eab?: ClientExternalAccountBindingOptions;
-  constructor(options: {
-    userContext: IContext;
-    logger: Logger;
-    sslProvider: SSLProvider;
-    eab?: ClientExternalAccountBindingOptions;
-    skipLocalVerify?: boolean;
-  }) {
+  constructor(options: AcmeServiceOptions) {
+    this.options = options;
     this.userContext = options.userContext;
     this.logger = options.logger;
     this.sslProvider = options.sslProvider || "letsencrypt";
@@ -61,6 +66,13 @@ export class AcmeService {
     } else {
       directoryUrl = acme.directory[this.sslProvider].production;
     }
+    const urlMapping: UrlMapping = { enabled: false, mappings: {} };
+    if (this.options.useMappingProxy) {
+      urlMapping.enabled = true;
+      urlMapping.mappings = {
+        "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
+      };
+    }
     const client = new acme.Client({
       directoryUrl: directoryUrl,
       accountKey: conf.key,
@@ -69,6 +81,7 @@ export class AcmeService {
       backoffAttempts: 30,
       backoffMin: 5000,
       backoffMax: 10000,
+      urlMapping,
     });
 
     if (conf.accountUrl == null) {

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -80,6 +80,17 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
   })
   dnsProviderAccess!: string;
 
+  @TaskInput({
+    title: "使用代理",
+    default: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    helper: "如果acme-v02.api.letsencrypt.org被墙无法连接访问，请尝试开启此选项",
+  })
+  useProxy = false;
+
   @TaskInput({
     title: "跳过本地校验DNS",
     default: false,
@@ -104,6 +115,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       sslProvider: this.sslProvider,
       eab,
       skipLocalVerify: this.skipLocalVerify,
+      useMappingProxy: this.useProxy,
     });
   }
 

packages/ui/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18-alpine as builder
+FROM node:18-alpine AS builder
 EXPOSE 7001
 WORKDIR /workspace/
 COPY . /workspace/
@@ -12,7 +12,7 @@ RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf
 FROM node:18-alpine
 WORKDIR /app/
 COPY --from=builder /workspace/certd-server/ /app/
-RUN chmod +x /workspace/certd-server/tools/linux/*
+RUN chmod +x /app/tools/linux/*
 ENV TZ=Asia/Shanghai
 ENV NODE_ENV=production
 ENV MIDWAY_SERVER_ENV=production

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.22.4](https://github.com/certd/certd/compare/v1.22.3...v1.22.4) (2024-07-26)
+
+**Note:** Version bump only for package @certd/ui-server
+
 ## [1.22.3](https://github.com/certd/certd/compare/v1.22.2...v1.22.3) (2024-07-25)
 
 **Note:** Version bump only for package @certd/ui-server

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.22.3",
+  "version": "1.22.4",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -21,12 +21,12 @@
     "@alicloud/cs20151215": "^3.0.3",
     "@alicloud/openapi-client": "^0.4.0",
     "@alicloud/pop-core": "^1.7.10",
-    "@certd/acme-client": "^1.22.3",
+    "@certd/acme-client": "^1.22.4",
     "@certd/lib-huawei": "^1.22.1",
     "@certd/lib-k8s": "^1.22.3",
     "@certd/midway-flyway-js": "^1.22.3",
     "@certd/pipeline": "^1.22.3",
-    "@certd/plugin-cert": "^1.22.3",
+    "@certd/plugin-cert": "^1.22.4",
     "@koa/cors": "^3.4.3",
     "@midwayjs/bootstrap": "^3.16.2",
     "@midwayjs/cache": "^3.14.0",