v1.27.0

# Conflicts:
#	README.md

.github/workflows/build-image-for-test.yml

@@ -0,0 +1,79 @@
+name: build-image-for-test
+on:
+  push:
+    branches: ['v2-dev']
+    paths:
+      - "build-dev.trigger"
+
+#  schedule:
+#    - # 国际时间 19:17 执行，北京时间3:17  ↙↙↙ 改成你想要每天自动执行的时间
+#    - cron: '17 19 * * *'
+permissions:
+  contents: read
+
+jobs:
+  build-certd-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: v2-dev
+
+      - name: get_certd_version
+        id: get_certd_version
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const pnpmWorkspace = "./pnpm-workspace.yaml";
+            fs.unlinkSync(pnpmWorkspace)
+            const jsonFilePath = "./packages/ui/certd-server/package.json";
+            const jsonContent = fs.readFileSync(jsonFilePath, 'utf-8');
+            const pkg = JSON.parse(jsonContent)
+            console.log("certd_version:",pkg.version);
+            return pkg.version
+#      - name: Use Node.js
+#        uses: actions/setup-node@v4
+#        with:
+#          node-version: 18
+#          cache: 'npm'
+#        working-directory: ./packages/ui/certd-client
+      - run: |
+          npm install -g pnpm@8.15.7
+          pnpm install
+          npm run build
+        working-directory: ./packages/ui/certd-client
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to aliyun container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-shenzhen.aliyuncs.com
+          username: ${{ secrets.aliyun_cs_username }}
+          password: ${{ secrets.aliyun_cs_password }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.dockerhub_username }}
+          password: ${{ secrets.dockerhub_password }}
+
+      - name: Build default platforms
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          context: ./packages/ui/
+          tags: |
+            registry.cn-shenzhen.aliyuncs.com/handsfree/certd-dev:latest
+            greper/certd-dev:latest
+

.github/workflows/build-image.yml

@@ -17,6 +17,8 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: get_certd_version
         id: get_certd_version

.github/workflows/deploy-demo.yml

@@ -2,8 +2,8 @@ name: deploy-demo
 on:
   push:
     branches: ['v2-dev']
-#    paths:
-#      - "deploy.trigger"
+    paths:
+      - "deploy.trigger"
   workflow_run:
     workflows: [ "build-image" ]
     types:
@@ -21,6 +21,9 @@ jobs:
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: v2-dev
       - name: get_certd_version
         id: get_certd_version
         uses: actions/github-script@v6
@@ -37,8 +40,7 @@ jobs:
       - uses: GuillaumeFalourd/wait-sleep-action@v1
         with:
           time: '10' # for 60 seconds
-      - name: Send HTTP request
-        id: request
+      - name: deploy-certd-demo
         uses: tyrrrz/action-http-request@master
         with:
           url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
@@ -52,4 +54,14 @@ jobs:
           retry-count: 3
           retry-delay: 5000
 
-
+      - name: deploy-certd-doc
+        uses: tyrrrz/action-http-request@master
+        with:
+          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
+          method: POST
+          body: |
+            {}
+          headers: |
+            Content-Type: application/json
+          retry-count: 3
+          retry-delay: 5000

.github/workflows/sync-to-gitee-dev.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email

.github/workflows/sync-to-gitee.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout work repo            # 1. 检出当前仓库(certd-sync-work)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set git user                  # 2. 给git命令设置用户名和邮箱,↙↙↙ 改成你的name和email

CHANGELOG.md

@@ -3,6 +3,72 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+### Bug Fixes
+
+* 修复历史记录不能按名称查询的bug ([6113c38](https://github.com/certd/certd/commit/6113c388b7fc58b11ca19ff05cc1286d096c8d28))
+* pfx兼容windows server 2016 ([e5e468a](https://github.com/certd/certd/commit/e5e468a463f66d02f235de54b7c1e09ace5f1cb1))
+
+### Features
+
+* 首页全新改版 ([63ec5b5](https://github.com/certd/certd/commit/63ec5b5519c760a3330569c0da6dac157302a330))
+
+### Performance Improvements
+
+* 管理控制台数据统计 ([babd589](https://github.com/certd/certd/commit/babd5897ae013ff7c04ebfcbfac8a00d84dd627c))
+* 增加向导 ([6d9ef26](https://github.com/certd/certd/commit/6d9ef26ecab71d752c2c55d75aed4fb5f6c05a39))
+* lego 升级到 4.19.2 ([129bf53](https://github.com/certd/certd/commit/129bf53edc9bbb001fe49fbd7e239bd1d09cc128))
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Bug Fixes
+
+* 修复lego No help topic for 错误 ([aaaf8d7](https://github.com/certd/certd/commit/aaaf8d7db34896cf8f2ff8f12eec1ab0cae58f0f))
+
+### Performance Improvements
+
+* 支持白山云cdn部署 ([b1b2cd0](https://github.com/certd/certd/commit/b1b2cd088b684eda764962abd61754c26a204d1c))
+* 支持华为云cdn ([81a3fdb](https://github.com/certd/certd/commit/81a3fdbc29b71f380762008cc151493ec97458f9))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Bug Fixes
+
+* 顶部菜单变...的bug ([6dabad7](https://github.com/certd/certd/commit/6dabad76baba96be0f8af36a3fbfb9f5182aecf1))
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+* 授权加密支持解密查看 ([5575c83](https://github.com/certd/certd/commit/5575c839705f6987ad2bdcd33256b0962c6a9c6a))
+* 重置管理员密码同时启用管理员账户，避免之前禁用了，重置密码还是登录不进去 ([f92d918](https://github.com/certd/certd/commit/f92d918a1e28e29b794ad4754661ea760c18af46))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复阿里云部署大杀器报插件_还未注册错误的bug ([abd2dcf](https://github.com/certd/certd/commit/abd2dcf2e85a545321bae6451406d081f773b132))
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/certd/certd/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+### Performance Improvements
+
+* 顶部菜单自定义 ([54d136c](https://github.com/certd/certd/commit/54d136cc6ae122f7c891b7a5c7232fe5de8e5cb5))
+* 禁用readonly用户 ([d10d42e](https://github.com/certd/certd/commit/d10d42e20619bb55a50d636b8867ff33db4e3b4b))
+* 限制其他用户流水线数量 ([315e437](https://github.com/certd/certd/commit/315e43746baf01682737f82e41579237a48409af))
+* 用户管理优化头像上传 ([661293c](https://github.com/certd/certd/commit/661293c189a3abf3cdc953b5225192372f57930d))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+### Bug Fixes
+
+* 修复对话框全屏按钮与关闭按钮重叠的bug ([95df56c](https://github.com/certd/certd/commit/95df56cc5ca5e3eb843cd17cb7078cde47729f1e))
+* deprecated的运行时不要报错，只报警告 ([bcbefaa](https://github.com/certd/certd/commit/bcbefaaa35cf6d0eec085b3a2c5bfc7c6a8de9e1))
+
+### Performance Improvements
+
+* 更新certd本身的证书文档说明 ([0c50ede](https://github.com/certd/certd/commit/0c50ede129337b82df54575cbd2f4c2a783a0732))
+* 支持同时监听https端口，7002 ([d5a17f9](https://github.com/certd/certd/commit/d5a17f9e6afd63fda2df0981118480f25a1fac2e))
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 ### Performance Improvements

README.md

@@ -13,10 +13,12 @@ Certd 是一个免费全自动申请和自动部署更新SSL证书的管理系
 * 全自动部署更新证书（目前支持部署到主机、部署到阿里云、腾讯云等，目前已支持30+部署插件）
 * 支持通配符域名/泛域名，支持多个域名打到一个证书上
 * 邮件通知
-* 私有化部署，保障数据安全
+* 私有化部署，数据保存本地，镜像由Github Actions构建，过程公开透明
 * 支持sqlite，postgresql数据库
 
 
+
+
 ## 二、在线体验
 
 官方Demo地址，自助注册后体验    
@@ -27,6 +29,10 @@ https://certd.handsfree.work/
 > 包含敏感信息，务必自己本地部署进行生产使用
 
 ## 三、使用教程
+
+更多教程请访问文档网站 [certd.docmirror.cn](https://certd.docmirror.cn/)
+
+
 本案例演示，如何配置自动申请证书，并部署到阿里云CDN，然后快要到期前自动更新证书并重新部署     
 
 ![演示](packages/ui/certd-client/public/static/doc/images/5-view.png)
@@ -40,64 +46,20 @@ https://certd.handsfree.work/
 ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑     
 
 当前支持的部署插件列表
-![演示](./doc/images/plugins.png)
+![演示](./docs/images/plugins/list.png)
 
 ## 四、私有化部署
 
-由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全
+由于证书、授权信息等属于高度敏感数据，请务必私有化部署，保障数据安全    
 
-### 4.1 宝塔面板一键部署
+您可以根据实际情况从如下方式中选择一种方式进行私有化部署：
 
-1. 安装宝塔面板，前往 [宝塔面板](https://www.bt.cn/u/CL3JHS) 官网，选择9.2.0以上正式版的脚本下载安装
+1. [宝塔面板方式部署](./install/baota/)
+2. [1Panel面板方式部署](./install/1panel/)
+2. [Docker方式部署](./install/docker/)
+3. [源码方式部署](./install/source/)
 
-2. 安装后登录宝塔面板，在菜单栏中点击 Docker，首次进入会提示安装Docker服务，点击立即安装，按提示完成安装
-
-3. 安装完成后在应用商店中找到`certd`（要先点右上角更新应用），点击安装，配置域名等基本信息即可完成安装
-
-### 4.2 宝塔面板容器编排部署
-
-[宝塔面板容器编排部署教程](./doc/deploy/baota/baota.md)
-
-### 4.3 Docker部署
-#### 1. 安装docker、docker-compose
-
-1.1 准备一台云服务器
-* 【阿里云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://www.aliyun.com/benefit?scm=20140722.M_10244282._.V_1&source=5176.11533457&userCode=qya11txb )】
-* 【腾讯云】云服务器2核2G，新老用户同享，99元/年，续费同价！【 [立即购买](https://cloud.tencent.com/act/cps/redirect?redirect=6094&cps_key=b3ef73330335d7a6efa4a4bbeeb6b2c9&from=console)】
-
-1.2 安装docker      
-
-https://docs.docker.com/engine/install/   
-选择对应的操作系统，按照官方文档执行命令即可   
-
-#### 2. 运行certd
-
-[docker-compose.yaml 下载](https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml)
-
-当前版本号： ![](https://img.shields.io/npm/v/%40certd%2Fpipeline)
-
-```bash
-# 随便创建一个目录
-mkdir certd
-# 进入目录
-cd certd
-# 下载docker-compose.yaml文件，或者手动下载放到certd目录下
-wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
-
-# 可以根据需要修改里面的配置
-# 1.修改镜像版本号【可选】
-# 2.配置数据保存路径【可选】
-# 3.修改端口号【可选】
-vi docker-compose.yaml # 【可选】
-
-# 启动certd
-docker compose up -d
-
-```
-> 如果提示 没有compose命令,请安装docker-compose   
-> https://docs.docker.com/compose/install/linux/
-
-#### 3. 镜像说明：
+#### Docker镜像说明：
 * 国内镜像地址:
   * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
   * `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`、`[version]-armv7`
@@ -109,25 +71,7 @@ docker compose up -d
 * 镜像构建通过`Actions`自动执行，过程公开透明，请放心使用
   * [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml) 
 
-![](./doc/images/action-build.jpg)
-
-#### 4. 访问测试
-
-http://your_server_ip:7001    
-默认账号密码：admin/123456    
-记得修改密码   
-
-### 4.4 源码部署
-```shell
-# 克隆代码
-git clone https://github.com/certd/certd
-git checkout v1.26.7  # 这里换成最新版本号
-cd certd
-# 启动服务
-./start.sh  
-# 数据默认保存在 ./packages/ui/certd-server/data 目录下,注意数据备份
-```
-如果是windows，请先安装`git for windows` ，然后右键，选择`open git bash here`打开终端，再执行`./start.sh`命令
+![](./docs/images/action/action-build.jpg)
 
 
 ## 五、 升级
@@ -151,7 +95,7 @@ docker compose up -d
 
 
 ## 六、一些说明
-* 本项目ssl证书提供商为letencrypt
+* 本项目ssl证书提供商为letencrypt/Google/ZeroSSL
 * 申请过程遵循acme协议
 * 需要验证域名所有权，一般有两种方式（目前本项目仅支持dns-01）
   * http-01： 在网站根目录下放置一份txt文件
@@ -165,48 +109,26 @@ docker compose up -d
 
 ## 七、不同平台的设置说明
 
-* [Cloudflare](./docs/plugins/cf/cf.md)
-* [腾讯云](./docs/plugins/tencent/tencent.md)
-* [windows主机](./docs/plugins/host/host.md)
-* [google证书](./docs/plugins/google/google.md)
-* [群晖部署certd及证书更新教程](./docs/plugins/synology/index.md)
-
-* [CNAME证书校验方式说明](./docs/feature/cname/index.md)
+* 已迁移到新的文档网站，请到常见问题章节查看
+* [最新文档站链接 https://certd.docmirror.cn](https://certd.docmirror.cn/)
 
 ## 八、问题处理
 ### 7.1 忘记管理员密码   
-解决方法如下：
-1. 修改docker-compose.yaml文件，将环境变量`certd_system_resetAdminPasswd`改为`true`
-```yaml
-services:
-  certd:
-    environment: # 环境变量
-      - certd_system_resetAdminPasswd=false
-```
-2. 重启容器
-```shell
-docker compose up -d
-docker logs -f --tail 500 certd
-# 观察日志，当日志中输出“重置1号管理员用户的密码完成”，即可操作下一步
-```
-3. 修改docker-compose.yaml，将`certd_system_resetAdminPasswd`改回`false`
-4. 再次重启容器
-```shell
-docker compose up -d
-```
-5. 使用`admin/123456`登录系统，请及时修改管理员密码
+[重置管理员密码方法](https://certd.docmirror.cn/guide/use/forgotpasswd/)
 
 ## 九、联系作者
 如有疑问，欢迎加入群聊（请备注certd）
-* QQ群：141236433
-* 微信群：   
-  ![](https://ai.handsfree.work/images/exchange_wxqroup.png)
 
+| 加群 | 微信群 | QQ群 |
+|---------|-------|-------|
+| 二维码 | <img height="230" src="./docs/guide/contact/images/wx.png"> | <img height="230" src="./docs/guide/contact/images/qq.png"> |
+
+也可以加作者好友
+
+| 加作者好友 | 微信 QQ                                                       |
+|---------|-------------------------------------------------------------|
+| 二维码 | <img height="230" src="./docs/guide/contact/images/me.png"> |
 
-加作者好友
-<p align="center">
-<img height="230" src="./doc/images/me.png">
-</p>
 
 ## 十、捐赠
 ************************
@@ -222,18 +144,18 @@ https://afdian.com/a/greper
 
 专业版特权对比
 
-| 功能      | 免费版                    | 专业版                   |
-|---------|------------------------|-----------------------|
-| 免费证书申请  | 免费无限制                  | 免费无限制                 |
-| 自动部署插件  | 阿里云CDN、腾讯云、七牛CDN、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中 |
-| 发邮件功能   | 需要配置                   | 免配置                   |
-| 证书流水线条数 | 10条                    | 无限制                   |
+| 功能      | 免费版               | 专业版                   |
+|---------|-------------------|-----------------------|
+| 免费证书申请  | 免费无限制             | 免费无限制                 |
+| 自动部署插件  | 阿里云、腾讯云、七牛云、主机部署等 | 支持群晖、宝塔、1Panel等，持续开发中 |
+| 发邮件功能   | 需要配置              | 免配置                   |
+| 证书流水线条数 | 10条               | 无限制                   |
 
 ************************
 
 ## 十一、贡献代码
 
-1. 本地开发 [贡献插件教程](./doc/dev/development.md)
+1. 本地开发 [贡献插件教程](https://certd.docmirror.cn/guide/development/)
 2. 作为贡献者，代表您同意您贡献的代码如下许可：
    1. 可以调整开源协议以使其更严格或更宽松。
    2. 可以用于商业用途。
@@ -247,9 +169,12 @@ https://afdian.com/a/greper
 * 如需商业授权，请联系作者。
 
 ## 十三、我的其他项目（求Star）
-* [袖手GPT](https://ai.handsfree.work/) ChatGPT，国内可用，无需FQ，每日免费额度
-* [fast-crud](https://gitee.com/fast-crud/fast-crud/) 基于vue3的crud快速开发框架
-* [dev-sidecar](https://github.com/docmirror/dev-sidecar/) 直连访问github工具，无需FQ，解决github无法访问的问题
+
+| 项目名称                                                    | stars                                                                                                 | 项目描述                              | 
+|---------------------------------------------------------|-------------------------------------------------------------------------------------------------------|-----------------------------------|
+| [袖手AI](https://ai.handsfree.work/)                    |                                                                                                       | 袖手GPT，国内可用，无需FQ，每日免费额度            | 
+| [fast-crud](https://gitee.com/fast-crud/fast-crud/)     | <img alt="GitHub stars" src="https://img.shields.io/github/stars/fast-crud/fast-crud?logo=github"/>   | 基于vue3的crud快速开发框架                 |  
+| [dev-sidecar](https://github.com/docmirror/dev-sidecar/) | <img alt="GitHub stars" src="https://img.shields.io/github/stars/docmirror/dev-sidecar?logo=github"/> | 直连访问github工具，无需FQ，解决github无法访问的问题 |                       
 
 
 

build-dev.trigger

@@ -0,0 +1 @@
+21:59

build.trigger

@@ -1 +1 @@
-10:38
+11:14

doc/deploy/baota/baota.md

@@ -1,32 +0,0 @@
-# 宝塔部署教程
-
-## 编排模版部署
-
-### 创建docker模版
-打开docker-compose.yaml，
-https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
-
-整个内容复制下来
-
-然后到宝塔里面进到docker的编排模版，新建模版
-![](./images/1.png)
-
-### 启动应用
-
-![img.png](./images/2.png)
-
-等待启动完成
-
-### 打开应用
-
-http://ip:7001
-
-
-## 二、一键应用部署
-需要宝塔9.2.0版本
-
-### 应用商店
-进入应用商店，更新应用列表
-
-### 搜索certd
-点击安装

doc/dev/development.md

@@ -1,96 +0,0 @@
-# 本地开发
-欢迎贡献插件
-
-## 1.本地调试运行
-
-### 克隆代码
-```shell
-
-# 克隆代码
-git clone https://github.com/certd/certd
-
-#进入项目目录
-cd certd
-
-# 切换到最新版本代码
-git checkout v1.26.7  # 这里换成最新版本号
-
-```
-
-### 修改pnpm-workspace.yaml文件     
-重要：否则无法正确加载专业版的access和plugin
-```yaml
-# pnpm-workspace.yaml
-packages:
-   - 'packages/**'  # <--------------注释掉这一行，PR时不要提交此修改
-   - 'packages/ui/**'
-```
-
-### 安装依赖和初始化:
-```shell
-# 安装pnpm，如果提示npm命令不存在，就需要先安装nodejs
-npm install -g pnpm@8.15.7 --registry=https://registry.npmmirror.com
-
-# 使用国内镜像源，如果有代理，就不需要
-pnpm config set registry https://registry.npmmirror.com
-# 安装依赖
-pnpm install
-
-# 初始化构建
-npm run init
-```
-
-### 启动 server:    
-```shell
-cd packages/ui/certd-server
-npm run dev
-```
-
-### 启动 client:    
-```shell
-cd packages/ui/certd-client
-npm run dev
-
-# 会自动打开浏览器，确认正常运行
-
-```
-
-## 开发插件
-进入 `packages/ui/certd-server/src/plugins`
-
-### 1.复制`plugin-demo`目录作为你的插件目录
-比如你想做`cloudflare`的插件，那么你可以复制`plugin-demo`目录，将其命名成`plugin-cloudflare`。   
-以下均以`plugin-cloudflare`为例进行说明，你需要将其替换成你的插件名称
-
-### 2. access授权
-如果这是一个新的平台，它应该有授权方式，比如accessKey accessSecret之类的     
-参考`plugin-cloudflare/access.ts` 修改为你要做的平台的`access`
-这样用户就可以在`certd`后台中创建这种授权凭证了
-
-### 3. dns-provider
-如果域名是这个平台进行解析的，那么你需要实现dns-provider，（申请证书需要）    
-参考`plugin-cloudflare/dns-provider.ts` 修改为你要做的平台的`dns-provider`
-
-### 4. plugin-deploy
-如果这个平台有需要部署证书的地方     
-参考`plugin-cloudflare/plugins/plugin-deploy-to-xx.ts` 修改为你要做的平台的`plugin-deploy-to-xx`
-
-### 5. 增加导入
-在`plugin-cloudflare/index.ts`中增加你的插件的`import`
-```ts
-export * from './dns-provider'
-export * from './access'
-export * from './plugins/plugin-deploy-to-xx'
-````
-
-在`./src/plugins/index.ts`中增加`import`
-
-```ts
-export * from "./plugin-cloudflare.js"
-```
-
-## 重启服务进行调试
-刷新浏览器，检查你的插件是否工作正常， 确保能够正常进行证书申请和部署    
-
-## 提交PR
-我们将尽快审核PR

docker/run/docker-compose.yaml

@@ -11,6 +11,8 @@ services:
     ports: # 端口映射
       #  ↓↓↓↓ ---------------------------------------------------------- 如果端口有冲突，可以修改第一个7001为其他不冲突的端口号
       - "7001:7001"
+      #  ↓↓↓↓ ---------------------------------------------------------- https端口，可以根据实际情况，是否暴露相关服务端口
+      - "7002:7002"
     dns:
       #  ↓↓↓↓ ---------------------------------------------------------- 如果出现getaddrinfo ENOTFOUND等错误，可以尝试修改或注释dns配置
       - 223.5.5.5
@@ -21,23 +23,13 @@ services:
 #    extra_hosts:
       #  ↓↓↓↓ ---------------------------------------------------------- 这里可以配置自定义hosts，外网域名可以指向本地局域网ip地址
 #      - "localdomain.comm:192.168.1.3"
-    environment: # 环境变量
+    environment:
       - TZ=Asia/Shanghai
       # 设置环境变量即可自定义certd配置
       # 配置项见： packages/ui/certd-server/src/config/config.default.ts
       # 配置规则： certd_ + 配置项, 点号用_代替
-
-                           #  ↓↓↓↓  ------------------------------------ 这里可以设置http代理
-      #- HTTPS_PROXY=http://xxxxxx:xx
-      #- HTTP_PROXY=http://xxxxxx:xx
       #                               ↓↓↓↓ ----------------------------- 如果忘记管理员密码，可以设置为true，重启之后，管理员密码将改成123456，然后请及时修改回false
       - certd_system_resetAdminPasswd=false
-      #                                  ↓↓↓↓ -------------------------- 如果设置为true，启动后所有配置了cron的流水线任务都将被立即触发一次
-      - certd_cron_immediateTriggerOnce=false
-      #                            ↓↓↓↓ -------------------------------- 配置证书和key，则表示https方式启动，使用https协议访问，https://your.domain:7001
-      #- certd_koa_key=./data/ssl/cert.key
-      #- certd_koa_cert=./data/ssl/cert.crt
-
       #                             ↓↓↓↓ ------------------------------- 使用postgresql数据库
 #      - certd_flyway_scriptDir=./db/migration-pg               # 升级脚本目录
 #      - certd_typeorm_dataSource_default_type=postgres         # 数据库类型

docs/.vitepress/config.ts

@@ -5,7 +5,7 @@ import lightbox from "vitepress-plugin-lightbox";
 // https://vitepress.dev/reference/site-config
 export default defineConfig({
   title: "Certd",
-  description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
+  description: "Certd帮助文档,Certd是一款开源免费的全自动SSL证书管理工具；证书自动化申请部署流水线；自动证书申请、更新、续期；通配符证书，泛域名证书申请；证书自动化部署到阿里云、腾讯云、主机、群晖、宝塔。",
   markdown: {
     config: (md) => {
       // Use lightbox plugin
@@ -23,12 +23,11 @@ export default defineConfig({
     // ],
     ["meta", {
       name: "keywords",
-      content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署"
-    }],
-    ["meta", {
-      name: "google-site-verification",
-      content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"
+      content: "证书自动申请、证书自动更新、证书自动续期、证书自动续签、证书管理工具、Certd、SSL证书自动部署、证书自动化，https证书，pfx证书，der证书，TLS证书，nginx证书自动续签自动部署,SSL平台，证书管理平台，证书流水线"
     }],
+    ["meta", { name: "google-site-verification",content: "V5XLTSnXoT15uQotwpxJoQolUo2d5UbSL-TacsyOsC0"}],
+      //<meta name="baidu-site-verification" content="codeva-MiWN8Y07Ua" />
+    ["meta", {name: "baidu-site-verification",content: "codeva-MiWN8Y07Ua"}],
     ["link", { rel: "icon", href: "/static/logo/logo.svg" }]
   ],
   themeConfig: {
@@ -95,8 +94,10 @@ export default defineConfig({
             { text: "腾讯云密钥获取", link: "/guide/use/tencent/" },
             { text: "连接windows主机", link: "/guide/use/host/windows.md" },
             { text: "Google EAB获取", link: "/guide/use/google/" },
+            { text: "阿里云相关", link: "/guide/use/aliyun/" },
             { text: "忘记密码", link: "/guide/use/forgotpasswd/" },
             { text: "数据备份", link: "/guide/use/backup/" },
+            { text: "Certd本身的证书更新", link: "/guide/use/https/index.md" },
             { text: "如何贡献代码", link: "/guide/development/index.md" },
           ]
         },

docs/guide/contact/index.md

@@ -2,19 +2,14 @@
 
 ## 1. 交流群
 如有疑问，欢迎加入群聊（请备注certd）
-###  QQ群：141236433    
-<p align="center">
-<img height="230" src="./images/qq.png">
-</p>
-
-
-### 微信群： 
-<p align="center">
-<img height="230" src="./images/wx.png">
-</p>
+如有疑问，欢迎加入群聊（请备注certd）
 
+| 加群 | 微信群 | QQ群 |
+|---------|-------|-------|
+| 二维码 | <img height="230" src="./images/wx.png"> | <img height="230" src="./images/qq.png"> |
 
 ## 2. 加作者好友
-<p align="center">
-<img height="230" src="./images/me.png">
-</p>
+
+| 加作者好友 | 微信 QQ                                                       |
+|---------|-------------------------------------------------------------|
+| 二维码 | <img height="230" src="./images/me.png"> |

docs/guide/index.md

@@ -28,3 +28,7 @@ Certd 是一款开源、免费、全自动申请和部署更新SSL证书的工
 * 免费证书过期时间90天，以后可能还会缩短，所以自动化部署必不可少
 * 设置每天自动运行，当证书过期前20天，会自动重新申请证书并部署
 
+## 三、证书颁发机构对比
+* Let's Encrypt：申请最简单。
+* Google: 大厂光环，兼容性好，需要翻墙获取EAB。
+* ZeroSSL： 有数量限制，获取EAB无需翻墙。

docs/guide/install/1panel/index.md

@@ -23,8 +23,11 @@ https://1panel.cn/docs/installation/online_installation/
 
 3. 访问测试
 
-http://ip:7001
-
+http://ip:7001   
+https://ip:7002   
+默认账号密码      
+admin/123456     
+登录后请及时修改密码  
 
 ## 三、升级
 
@@ -42,3 +45,7 @@ http://ip:7001
 
 > 默认数据保存在`/data/certd`目录下，可以手动备份    
 > 建议配置一条 [数据库备份流水线](../../use/backup/)，自动备份
+
+## 五、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/baota/index.md

@@ -31,19 +31,26 @@
 
 ## 二、访问应用
 
-http://ip:7001
-
+http://ip:7001    
+https://ip:7002     
+默认账号密码    
+admin/123456   
+登录后请及时修改密码
 
 ## 三、如何升级
 
-### 1. 通用方式
+### 1. 应用商店安装，直接更新镜像即可
 
-先主机上拉取最新镜像，然后面板上重启容器
+![img.png](./images/upgrade.png)
+
+
+### 2. latest更新方式
+在主机上拉取最新镜像，然后面板上重启容器
 ```shell
 docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 ```
 
-### 2. 固定版本号方式
+### 3. 固定版本号方式
 
 修改容器编排模版中的镜像版本号，然后面板上重启容器
 ```shell
@@ -71,3 +78,7 @@ services:
 ### 4.3 自动备份
 
 > 建议配置一条 [数据库备份流水线](../../use/backup/)，自动备份
+
+## 五、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/docker/index.md

@@ -45,9 +45,10 @@ docker compose up -d
 
 ### 3. 访问测试
 
-http://your_server_ip:7001    
-默认账号密码：admin/123456    
-记得修改密码
+http://your_server_ip:7001   
+https://your_server_ip:7002   
+默认账号密码：admin/123456     
+记得修改密码  
 
 
 ## 二、升级
@@ -64,6 +65,10 @@ docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
 docker compose down
 docker compose up -d
 ```
-
+## 三、数据备份
 > 数据默认存在`/data/certd`目录下，不用担心数据丢失   
 > 建议配置一条[数据库备份流水线](../../use/backup/) 自动备份
+
+## 四、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/install/source/index.md

@@ -17,7 +17,8 @@ cd certd
 
 ### 访问测试
 
-http://your_server_ip:7001    
+http://your_server_ip:7001  
+https://your_server_ip:7002   
 默认账号密码：admin/123456    
 记得修改密码
 
@@ -33,8 +34,12 @@ kill -9 $(lsof -t -i:7001)
 # 重新编译启动
 ./start.sh
 ```
+
+## 三、数据备份
 > 数据默认保存在 `./packages/ui/certd-server/data` 目录下    
 > 建议配置一条[数据库备份流水线](../../use/backup/)  自动备份
 
 
+## 四、备份恢复
 
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/start.md

@@ -25,7 +25,8 @@ https://certd.handsfree.work/
 
 ### 2. 访问测试
 
-http://your_server_ip:7001    
+http://your_server_ip:7001   
+https://your_server_ip:7002    
 默认账号密码：admin/123456    
 记得修改密码
 

docs/guide/use/backup/index.md

@@ -1,5 +1,17 @@
 # 数据库自动备份
 
+## 一、手动备份
+数据库文件根据不同的部署方式保存的位置不一样，您可以手动复制出来进行备份
+
+* docker： 默认保存在`/data/certd/db.sqlite`
+* 源码： 默认保存在 `./packages/ui/certd-server/data/db.sqlite`
+* 宝塔： [手动数据备份位置](https://certd.docmirror.cn/guide/install/baota/#%E5%9B%9B%E3%80%81%E6%95%B0%E6%8D%AE%E5%A4%87%E4%BB%BD) 
+* 1panel:  默认保存在`/data/certd/db.sqlite`
+
+
+## 二、自动备份
+通过配置数据库自动备份流水线实现数据备份
+
 ## 1. 创建自动备份流水线
 ![](./images/1.png)
 
@@ -7,7 +19,12 @@
 ![](./images/2.png)
 
 ## 3. 选择备份方法
-![img.png](./images/3.png)
+![](./images/3.png)
 
 ## 4. 配置定时和失败通知
-![img.png](./images/4.png)
+![](./images/4.png)
+
+
+## 三、备份恢复
+
+将备份的`db.sqlite`覆盖到原来的位置即可

docs/guide/use/host/windows.md

@@ -4,7 +4,10 @@
 
 ## windows开启OpenSSH Server
 ### 1. 安装OpenSSH Server    
-请前往Microsoft官方文档查看如何开启openSSH    
+
+* 下载安装包安装： https://github.com/PowerShell/Win32-OpenSSH/releases  OpenSSH-Win64-vxx.xx.x.msi
+
+* 前往Microsoft官方文档查看如何开启openSSH，以及其他设置    
 https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui#install-openssh-for-windows
 
 ### 2. 启动OpenSSH Server服务

docs/guide/use/https/index.md

@@ -0,0 +1,38 @@
+# Certd本身的https证书配置
+
+## 一、启用https
+
+`Certd`默认启用https，监听7002端口    
+如果你想关闭https，或者修改端口，可以在环境变量中配置
+```shell
+CERTD_HTTPS_ENABLE=true
+CERTD_HTTPS_port=7002
+
+```
+
+## 二、自动更新Certd的https证书
+
+### 1、创建证书流水线
+
+参考Certd顶部的创建证书流水线教程
+
+### 2、配置复制到本机任务
+将证书复制到certd的证书安装位置
+
+![](./images/1.png)
+![](./images/2.png)
+
+### 3、配置重启Certd任务
+重启certd的https server，让证书生效
+![img.png](./images/3.png)
+
+
+
+### 4、配置定时任务
+每天定时执行，最终效果如下
+
+![](./images/ok.png)
+
+:::warning   
+建议将本流水线的触发时间与其他流水线时间错开，避免重启时影响其他流水线的执行   
+:::

docs/guide/use/tencent/index.md

@@ -6,3 +6,16 @@
 打开 https://console.cloud.tencent.com/cam/capi   
 然后按如下方式获取腾讯云的API密钥    
 ![](./tencent-access.png)
+
+
+## 如何避免收到腾讯云证书过期邮件
+
+腾讯云在证书有效期还剩28天时会发送过期通知邮件    
+您可以通过配置“腾讯云过期证书删除”任务来避免收到此类邮件。
+
+![](./images/delete.png)
+
+注意点：
+> 1. 选择腾讯云授权，需授权`服务角色SSL_QCSLinkedRoleInReplaceLoadCertificate`权限
+> 2. `1.26.14`版本之前Certd创建的证书流水线默认是到期前20天才更新证书，需要将之前创建的证书申请任务的更新天数修改为35天，保证删除之前就已经替换掉即将过期证书
+![](./images/delete2.png)

docs/index.md

@@ -28,7 +28,7 @@ features:
   - title: 多域名、泛域名打到一个证书上
     details: 支持通配符域名/泛域名，支持多个域名打到一个证书上
   - title: 多证书格式支持
-    details: 支持pem、pfx、der等多种证书格式，支持Google、Letsencrypt、ZeroSSL证书颁发机构
+    details: 支持pem、pfx、der、jks等多种证书格式，支持Google、Letsencrypt、ZeroSSL证书颁发机构
   - title: 支持私有化部署
     details: 保障数据安全
   - title: 多数据库支持

docs/public/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Allow: /

lerna.json

@@ -9,5 +9,5 @@
     }
   },
   "npmClient": "pnpm",
-  "version": "1.26.12"
+  "version": "1.27.0"
 }

packages/core/acme-client/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/publishlab/node-acme-client/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.16](https://github.com/publishlab/node-acme-client/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.15](https://github.com/publishlab/node-acme-client/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/acme-client
+
+## [1.26.14](https://github.com/publishlab/node-acme-client/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/publishlab/node-acme-client/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+## [1.26.13](https://github.com/publishlab/node-acme-client/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.26.12](https://github.com/publishlab/node-acme-client/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/acme-client

packages/core/acme-client/package.json

@@ -3,7 +3,7 @@
     "description": "Simple and unopinionated ACME client",
     "private": false,
     "author": "nmorsman",
-    "version": "1.26.12",
+    "version": "1.27.0",
     "main": "src/index.js",
     "types": "types/index.d.ts",
     "license": "MIT",
@@ -60,5 +60,5 @@
     "bugs": {
         "url": "https://github.com/publishlab/node-acme-client/issues"
     },
-    "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+    "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/core/acme-client/src/agents.js

@@ -8,7 +8,7 @@ function createAgent(opts = {}) {
     let httpAgent;
     let
         httpsAgent;
-    const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+    const httpProxy = opts.httpProxy || process.env.HTTP_PROXY || process.env.http_proxy;
     if (httpProxy) {
         log(`acme use httpProxy:${httpProxy}`);
         httpAgent = new HttpProxyAgent(httpProxy, opts);
@@ -16,7 +16,7 @@ function createAgent(opts = {}) {
     else {
         httpAgent = new nodeHttp.Agent(opts);
     }
-    const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
+    const httpsProxy = opts.httpsProxy || process.env.HTTPS_PROXY || process.env.https_proxy;
     if (httpsProxy) {
         log(`acme use httpsProxy:${httpsProxy}`);
         httpsAgent = new HttpsProxyAgent(httpsProxy, opts);
@@ -38,30 +38,24 @@ function getGlobalAgents() {
 
 function setGlobalProxy(opts) {
     log('acme setGlobalProxy:', opts);
-    if (opts.httpProxy) {
-        process.env.HTTP_PROXY = opts.httpProxy;
-    }
-    if (opts.httpsProxy) {
-        process.env.HTTPS_PROXY = opts.httpsProxy;
-    }
-
-    defaultAgents = createAgent();
+    defaultAgents = createAgent(opts);
 }
 
 class HttpError extends Error {
+    // eslint-disable-next-line constructor-super
     constructor(error) {
-        super(error || error.message);
         if (!error) {
             return;
         }
+        super(error.message);
 
-        if (error.message.indexOf('ssl3_get_record:wrong version number') >= 0) {
+        this.message = error.message;
+        if (this.message && this.message.indexOf('ssl3_get_record:wrong version number') >= 0) {
             this.message = 'http协议错误，服务端要求http协议，请检查是否使用了https请求';
         }
 
         this.name = error.name;
         this.code = error.code;
-        this.cause = error.cause;
 
         if (error.response) {
             this.status = error.response.status;
@@ -69,6 +63,9 @@ class HttpError extends Error {
             this.response = {
                 data: error.response.data,
             };
+            if (!this.message) {
+                this.message = this.statusText;
+            }
         }
 
         let url = '';
@@ -80,12 +77,18 @@ class HttpError extends Error {
                 params: error.config.params,
                 data: error.config.data,
             };
-            url = error.config.baseURL + error.config.url;
+            url = (error.config.baseURL || '') + error.config.url;
         }
         if (url) {
             this.message = `${this.message}:${url}`;
         }
-
+        // const { stack, cause } = error;
+        delete this.cause;
+        delete this.stack;
+        // this.cause = cause;
+        // this.stack = stack;
+        delete error.stack;
+        delete error.cause;
         delete error.response;
         delete error.config;
         delete error.request;

packages/core/acme-client/src/auto.js

@@ -5,6 +5,7 @@
 const { readCsrDomains } = require('./crypto');
 const { log } = require('./logger');
 const { wait } = require('./wait');
+const { CancelError } = require('./error');
 
 const defaultOpts = {
     csr: null,
@@ -250,7 +251,7 @@ module.exports = async (client, userOpts) => {
             i += 1;
             log(`开始第${i}组`);
             if (opts.signal && opts.signal.aborted) {
-                throw new Error('用户取消');
+                throw new CancelError('用户取消');
             }
 
             try {

packages/core/acme-client/src/axios.js

@@ -114,17 +114,19 @@ instance.interceptors.response.use(null, async (error) => {
             const code = response ? `HTTP ${response.status}` : error.code;
             log(`Caught ${code}, retry attempt ${config.retryAttempt}/${retryMaxAttempts} to URL ${config.url}`);
 
+            const retryAfter = (retryDefaultDelay * config.retryAttempt);
             /* Attempt to parse Retry-After header, fallback to default delay */
-            let retryAfter = response ? parseRetryAfterHeader(response.headers['retry-after']) : 0;
+            const headerRetryAfter = response ? parseRetryAfterHeader(response.headers['retry-after']) : 0;
 
-            if (retryAfter > 0) {
-                log(`Found retry-after response header with value: ${response.headers['retry-after']}, waiting ${retryAfter} seconds`);
-            }
-            else {
-                retryAfter = (retryDefaultDelay * config.retryAttempt);
-                log(`Unable to locate or parse retry-after response header, waiting ${retryAfter} seconds`);
+            if (headerRetryAfter > 0) {
+                const waitMinutes = (headerRetryAfter / 60).toFixed(1);
+                log(`Found retry-after response header with value: ${response.headers['retry-after']}, waiting ${waitMinutes} minutes`);
+                log(JSON.stringify(response.data));
+                return Promise.reject(new Agents.HttpError(error));
             }
 
+            log(`waiting ${retryAfter} seconds`);
+
             /* Wait and retry the request */
             await new Promise((resolve) => { setTimeout(resolve, (retryAfter * 1000)); });
             return instance(config);

packages/core/acme-client/src/client.js

@@ -12,6 +12,7 @@ const AcmeApi = require('./api');
 const verify = require('./verify');
 const util = require('./util');
 const auto = require('./auto');
+const { CancelError } = require('./error');
 
 /**
  * ACME states
@@ -490,9 +491,10 @@ class AcmeClient {
 
         const keyAuthorization = await this.getChallengeKeyAuthorization(challenge);
 
-        const verifyFn = async () => {
+        const verifyFn = async (abort) => {
             if (this.opts.signal && this.opts.signal.aborted) {
-                throw new Error('用户取消');
+                abort();
+                throw new CancelError('用户取消');
             }
             await verify[challenge.type](authz, challenge, keyAuthorization);
         };
@@ -518,7 +520,7 @@ class AcmeClient {
 
     async completeChallenge(challenge) {
         if (this.opts.signal && this.opts.signal.aborted) {
-            throw new Error('用户取消');
+            throw new CancelError('用户取消');
         }
         const resp = await this.api.completeChallenge(challenge.url, {});
         return resp.data;
@@ -559,7 +561,7 @@ class AcmeClient {
         const verifyFn = async (abort) => {
             if (this.opts.signal && this.opts.signal.aborted) {
                 abort();
-                throw new Error('用户取消');
+                throw new CancelError('用户取消');
             }
 
             const resp = await this.api.apiRequest(item.url, null, [200]);

packages/core/acme-client/src/error.js

@@ -0,0 +1,10 @@
+class CancelError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'CancelError';
+    }
+}
+
+module.exports = {
+    CancelError,
+};

packages/core/acme-client/src/index.js

@@ -48,3 +48,4 @@ exports.agents = require('./agents');
 exports.setLogger = require('./logger').setLogger;
 
 exports.walkTxtRecord = require('./verify').walkTxtRecord;
+exports.CancelError = require('./error').CancelError;

packages/core/acme-client/src/wait.js

@@ -5,5 +5,5 @@ async function wait(ms) {
 }
 
 module.exports = {
-    wait
+    wait,
 };

packages/core/acme-client/types/index.d.ts

@@ -198,6 +198,8 @@ export const agents: any;
  * Logger
  */
 
-export function setLogger(fn: (msg: string) => void): void;
+export function setLogger(fn: (message: any, ...args: any[]) => void): void;
 
 export function walkTxtRecord(record: any): Promise<string[]>;
+
+export const CancelError: Error;

packages/core/basic/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Performance Improvements
+
+* 支持华为云cdn ([81a3fdb](https://github.com/certd/certd/commit/81a3fdbc29b71f380762008cc151493ec97458f9))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/basic
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/certd/certd/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 ### Performance Improvements

packages/core/basic/build.md

@@ -1 +1 @@
-23:57
+02:21

packages/core/basic/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/basic",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -64,5 +64,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/core/basic/src/utils/index.ts

@@ -1,4 +1,5 @@
 export * from './util.request.js';
+export * from './util.env.js';
 export * from './util.log.js';
 export * from './util.file.js';
 export * from './util.sp.js';

packages/core/basic/src/utils/util.env.ts

@@ -0,0 +1,3 @@
+export function isDev() {
+  return process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'local';
+}

packages/core/basic/src/utils/util.hash.ts

@@ -1,7 +1,7 @@
-import crypto from "crypto";
+import crypto from 'crypto';
 
 function md5(data: string) {
-  return crypto.createHash("md5").update(data).digest("hex");
+  return crypto.createHash('md5').update(data).digest('hex');
 }
 
 export const hashUtils = {

packages/core/basic/src/utils/util.log.ts

@@ -1,4 +1,4 @@
-import log4js, { LoggingEvent, Logger } from "log4js";
+import log4js, { LoggingEvent, Logger } from 'log4js';
 
 const OutputAppender = {
   configure: (config: any, layouts: any, findAppender: any, levels: any) => {
@@ -18,18 +18,22 @@ const OutputAppender = {
   },
 };
 
-// @ts-ignore
-log4js.configure({
-  appenders: { std: { type: "stdout" }, output: { type: OutputAppender } },
-  categories: { default: { appenders: ["std"], level: "info" }, pipeline: { appenders: ["std", "output"], level: "info" } },
-});
-export const logger = log4js.getLogger("default");
+export function resetLogConfigure() {
+  // @ts-ignore
+  log4js.configure({
+    appenders: { std: { type: 'stdout' }, output: { type: OutputAppender } },
+    categories: { default: { appenders: ['std'], level: 'info' }, pipeline: { appenders: ['std', 'output'], level: 'info' } },
+  });
+}
+resetLogConfigure();
+export const logger = log4js.getLogger('default');
 
 export function buildLogger(write: (text: string) => void) {
-  const logger = log4js.getLogger("pipeline");
-  logger.addContext("outputHandler", {
+  const logger = log4js.getLogger('pipeline');
+  logger.addContext('outputHandler', {
     write,
   });
   return logger;
 }
+
 export type ILogger = Logger;

packages/core/basic/src/utils/util.request.ts

@@ -17,15 +17,14 @@ export class HttpError extends Error {
     if (!error) {
       return;
     }
-    super(error.message);
+    super(error.message || error.response?.statusText);
 
-    if (error?.message?.indexOf('ssl3_get_record:wrong version number') >= 0) {
+    if (error?.message?.indexOf && error?.message?.indexOf('ssl3_get_record:wrong version number') >= 0) {
       this.message = 'http协议错误，服务端要求http协议，请检查是否使用了https请求';
     }
 
     this.name = error.name;
     this.code = error.code;
-    this.cause = error.cause;
 
     this.status = error.response?.status;
     this.statusText = error.response?.statusText;
@@ -38,7 +37,7 @@ export class HttpError extends Error {
     };
     let url = error.config?.url;
     if (error.config?.baseURL) {
-      url = error.config?.baseURL + url;
+      url = (error.config?.baseURL || '') + url;
     }
     if (url) {
       this.message = `${this.message}  : url=${url}`;
@@ -48,6 +47,9 @@ export class HttpError extends Error {
       data: error.response?.data,
     };
 
+    // const { stack, cause } = error;
+    // this.cause = cause;
+    // this.stack = stack;
     delete error.response;
     delete error.config;
     delete error.request;
@@ -61,14 +63,7 @@ let defaultAgents = createAgent();
 
 export function setGlobalProxy(opts: { httpProxy?: string; httpsProxy?: string }) {
   logger.info('setGlobalProxy:', opts);
-  if (opts.httpProxy) {
-    process.env.HTTP_PROXY = opts.httpProxy;
-  }
-  if (opts.httpsProxy) {
-    process.env.HTTPS_PROXY = opts.httpsProxy;
-  }
-
-  defaultAgents = createAgent();
+  defaultAgents = createAgent(opts);
 }
 
 export function getGlobalAgents() {
@@ -86,7 +81,7 @@ export function createAxiosService({ logger }: { logger: Logger }) {
   service.interceptors.request.use(
     (config: any) => {
       logger.info(`http request:${config.url}，method:${config.method}`);
-      if (config.logParams !== false) {
+      if (config.logParams !== false && config.params) {
         logger.info(`params:${JSON.stringify(config.params)}`);
       }
       if (config.timeout == null) {
@@ -182,7 +177,7 @@ export function createAxiosService({ logger }: { logger: Logger }) {
 
 export const http = createAxiosService({ logger }) as HttpClient;
 export type HttpClientResponse<R> = any;
-export type HttpRequestConfig<D=any> = {
+export type HttpRequestConfig<D = any> = {
   skipSslVerify?: boolean;
   skipCheckRes?: boolean;
   logParams?: boolean;
@@ -192,9 +187,13 @@ export type HttpClient = {
   request<D = any, R = any>(config: HttpRequestConfig<D>): Promise<HttpClientResponse<R>>;
 };
 
-export function createAgent(opts: nodeHttp.AgentOptions = {}) {
+export type CreateAgentOptions = {
+  httpProxy?: string;
+  httpsProxy?: string;
+} & nodeHttp.AgentOptions;
+export function createAgent(opts: CreateAgentOptions = {}) {
   let httpAgent, httpsAgent;
-  const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;
+  const httpProxy = opts.httpProxy || process.env.HTTP_PROXY || process.env.http_proxy;
   if (httpProxy) {
     logger.info('use httpProxy:', httpProxy);
     httpAgent = new HttpProxyAgent(httpProxy, opts as any);
@@ -202,7 +201,7 @@ export function createAgent(opts: nodeHttp.AgentOptions = {}) {
   } else {
     httpAgent = new nodeHttp.Agent(opts);
   }
-  const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy;
+  const httpsProxy = opts.httpsProxy || process.env.HTTPS_PROXY || process.env.https_proxy;
   if (httpsProxy) {
     logger.info('use httpsProxy:', httpsProxy);
     httpsAgent = new HttpsProxyAgent(httpsProxy, opts as any);

packages/core/basic/src/utils/util.sp.ts

@@ -1,8 +1,8 @@
 //转换为import
-import childProcess from "child_process";
-import { safePromise } from "./util.promise.js";
-import { ILogger, logger } from "./util.log.js";
-
+import childProcess from 'child_process';
+import { safePromise } from './util.promise.js';
+import { ILogger, logger } from './util.log.js';
+import iconv from 'iconv-lite';
 export type ExecOption = {
   cmd: string | string[];
   env: any;
@@ -11,12 +11,12 @@ export type ExecOption = {
 };
 
 async function exec(opts: ExecOption): Promise<string> {
-  let cmd = "";
+  let cmd = '';
   const log = opts.logger || logger;
   if (opts.cmd instanceof Array) {
     for (const item of opts.cmd) {
       if (cmd) {
-        cmd += " && " + item;
+        cmd += ' && ' + item;
       } else {
         cmd = item;
       }
@@ -38,7 +38,7 @@ async function exec(opts: ExecOption): Promise<string> {
           log.error(`exec error: ${error}`);
           reject(error);
         } else {
-          const res = stdout.toString("utf-8");
+          const res = stdout.toString('utf-8');
           log.info(`stdout: ${res}`);
           resolve(res);
         }
@@ -55,13 +55,31 @@ export type SpawnOption = {
   logger?: ILogger;
   options?: any;
 };
+
+function isWindows() {
+  return process.platform === 'win32';
+}
+function convert(buffer: any) {
+  if (isWindows()) {
+    const decoded = iconv.decode(buffer, 'GBK');
+    // 检查是否有有效字符
+    return decoded && decoded.trim().length > 0 ? decoded : buffer.toString();
+  } else {
+    return buffer;
+  }
+}
+
+// function convert(buffer: any) {
+//   return buffer;
+// }
+
 async function spawn(opts: SpawnOption): Promise<string> {
-  let cmd = "";
+  let cmd = '';
   const log = opts.logger || logger;
   if (opts.cmd instanceof Array) {
     for (const item of opts.cmd) {
       if (cmd) {
-        cmd += " && " + item;
+        cmd += ' && ' + item;
       } else {
         cmd = item;
       }
@@ -70,8 +88,8 @@ async function spawn(opts: SpawnOption): Promise<string> {
     cmd = opts.cmd;
   }
   log.info(`执行命令: ${cmd}`);
-  let stdout = "";
-  let stderr = "";
+  let stdout = '';
+  let stderr = '';
   return safePromise((resolve, reject) => {
     const ls = childProcess.spawn(cmd, {
       shell: true,
@@ -81,21 +99,23 @@ async function spawn(opts: SpawnOption): Promise<string> {
       },
       ...opts.options,
     });
-    ls.stdout.on("data", (data) => {
+    ls.stdout.on('data', data => {
+      data = convert(data);
       log.info(`stdout: ${data}`);
       stdout += data;
     });
 
-    ls.stderr.on("data", (data) => {
-      log.error(`stderr: ${data}`);
+    ls.stderr.on('data', data => {
+      data = convert(data);
+      log.warn(`stderr: ${data}`);
       stderr += data;
     });
-    ls.on("error", (error) => {
+    ls.on('error', error => {
       log.error(`child process error: ${error}`);
       reject(error);
     });
 
-    ls.on("close", (code: number) => {
+    ls.on('close', (code: number) => {
       if (code !== 0) {
         log.error(`child process exited with code ${code}`);
         reject(new Error(stderr));

packages/core/pipeline/CHANGELOG.md

@@ -3,6 +3,30 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Performance Improvements
+
+* 支持白山云cdn部署 ([b1b2cd0](https://github.com/certd/certd/commit/b1b2cd088b684eda764962abd61754c26a204d1c))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/pipeline

packages/core/pipeline/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/pipeline",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -15,8 +15,8 @@
     "test": "mocha   --loader=ts-node/esm"
   },
   "dependencies": {
-    "@certd/basic": "^1.26.12",
-    "@certd/plus-core": "^1.26.12",
+    "@certd/basic": "^1.27.0",
+    "@certd/plus-core": "^1.27.0",
     "axios": "^1.7.2",
     "dayjs": "^1.11.7",
     "fix-path": "^4.0.0",
@@ -66,5 +66,5 @@
     "vite": "^4.3.8",
     "vue-tsc": "^1.6.5"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/core/pipeline/src/core/exceptions.ts

@@ -0,0 +1,5 @@
+export class CancelError extends Error {
+  constructor(message: string) {
+    super(message);
+  }
+}

packages/core/pipeline/src/core/executor.ts

@@ -135,7 +135,12 @@ export class Executor {
       this.runtime.success(runnable);
       return ResultType.success;
     } catch (e: any) {
-      this.runtime.error(runnable, e);
+      if (e.name === "CancelError" || this.abort.signal.aborted) {
+        this.runtime.cancel(runnable);
+        return ResultType.canceled;
+      } else {
+        this.runtime.error(runnable, e);
+      }
       throw e;
     } finally {
       this.runtime.finally(runnable);

packages/core/pipeline/src/core/index.ts

@@ -5,3 +5,4 @@ export * from "./storage.js";
 export * from "./file-store.js";
 export * from "./license.js";
 export * from "./handler.js";
+export * from "./exceptions.js";

packages/core/pipeline/src/core/run-history.ts

@@ -117,7 +117,8 @@ export class RunHistory {
   }
 
   logError(runnable: Runnable, e: Error) {
-    // @ts-ignore
+    delete e.stack;
+    delete e.cause;
     const errorInfo = runnable.runnableType === "step" ? e : e.message;
     this._loggers[runnable.id].error(`[${runnable.runnableType}] [${runnable.title}]<id:${runnable.id}> ：`, errorInfo);
   }

packages/core/pipeline/src/d.ts/fast-crud.ts

@@ -1,115 +0,0 @@
-/**
- * [x]-col的配置
- */
-export type ColProps = {
-  span?: number;
-  [props: string]: any;
-};
-
-export type FormItemProps = {
-  /**
-   * 字段label
-   */
-  title?: string;
-  /**
-   * 表单字段组件配置
-   */
-  component?: ComponentProps;
-  /**
-   * 表单字段 [a|el|n]-col的配置
-   * 一般用来配置跨列：{span:24} 占满一行
-   */
-  col?: ColProps;
-  /**
-   * 默认值
-   */
-  value?: any;
-  /**
-   * 帮助提示配置
-   */
-  helper?: string | FormItemHelperProps;
-  /**
-   * 排序号
-   */
-  order?: number;
-  /**
-   * 是否显示此字段
-   */
-  show?: boolean;
-  /**
-   * 是否是空白占位栏
-   */
-  blank?: boolean;
-
-  [key: string]: any;
-};
-
-/**
- * 表单字段帮助说明配置
- */
-export type FormItemHelperProps = {
-  /**
-   * 自定义渲染帮助说明
-   * @param scope
-   */
-  render?: (scope: any) => any;
-  /**
-   * 帮助文本
-   */
-  text?: string;
-  /**
-   * 帮助说明所在的位置，[ undefined | label]
-   */
-  position?: string;
-  /**
-   * [a|el|n]-tooltip配置
-   */
-  tooltip?: object;
-
-  [key: string]: any;
-};
-
-/**
- * 组件配置
- */
-export type ComponentProps = {
-  /**
-   * 组件的名称
-   */
-  name?: string | object;
-  /**
-   * vmodel绑定的目标属性名
-   */
-  vModel?: string;
-
-  /**
-   * 当原始组件名的参数被以上属性名占用时，可以配置在这里
-   * 例如:原始组件有一个叫name的属性，你想要配置它，则可以按如下配置
-   * ```
-   * component:{
-   *   name:"组件的名称"
-   *   props:{
-   *     name:"组件的name属性"  <-----------
-   *   }
-   * }
-   * ```
-   */
-  props?: {
-    [key: string]: any;
-  };
-
-  /**
-   * 组件事件监听
-   */
-  on?: {
-    [key: string]: (context?: any) => void;
-  };
-
-  /**
-   * 组件其他参数
-   * 事件：onXxx:(event)=>void 组件原始事件监听
-   *      on.onXxx:(context)=>void 组件事件监听(对原始事件包装)
-   * 样式：style、class等
-   */
-  [key: string]: any;
-};

packages/core/pipeline/src/d.ts/index.ts

@@ -1,2 +0,0 @@
-export * from "./pipeline";
-export * from "./fast-crud";

packages/core/pipeline/src/d.ts/pipeline.ts

@@ -1,140 +0,0 @@
-export enum RunStrategy {
-  AlwaysRun,
-  SkipWhenSucceed,
-}
-
-export enum ConcurrencyStrategy {
-  Serial,
-  Parallel,
-}
-
-export enum NextStrategy {
-  AllSuccess,
-  OneSuccess,
-}
-
-export enum HandlerType {
-  //清空后续任务的状态
-  ClearFollowStatus,
-  SendEmail,
-}
-
-export type EventHandler = {
-  type: HandlerType;
-  params: {
-    [key: string]: any;
-  };
-};
-
-export type RunnableStrategy = {
-  runStrategy?: RunStrategy;
-  onSuccess?: EventHandler[];
-  onError?: EventHandler[];
-};
-
-export type Step = Runnable & {
-  type: string; //插件类型
-  input: {
-    [key: string]: any;
-  };
-};
-export type Task = Runnable & {
-  steps: Step[];
-};
-
-export type Stage = Runnable & {
-  tasks: Task[];
-  concurrency: ConcurrencyStrategy;
-  next: NextStrategy;
-};
-
-export type Trigger = {
-  id: string;
-  title: string;
-  cron: string;
-  type: string;
-};
-
-export type FileItem = {
-  id: string;
-  filename: string;
-  path: string;
-};
-export type Runnable = {
-  id: string;
-  title: string;
-  strategy?: RunnableStrategy;
-  runnableType?: string; // pipeline, stage, task , step
-  status?: HistoryResult;
-  timeout?: number;
-  default?: {
-    [key: string]: any;
-  };
-  context?: Context;
-};
-
-export type EmailOptions = {
-  receivers: string[];
-};
-export type NotificationWhen = "error" | "success" | "turnToSuccess" | "start";
-export type NotificationType = "email" | "url";
-export type Notification = {
-  type: NotificationType;
-  when: NotificationWhen[];
-  options: EmailOptions;
-};
-
-export type Pipeline = Runnable & {
-  version?: number;
-  userId: any;
-  stages: Stage[];
-  triggers: Trigger[];
-  notifications?: Notification[];
-};
-
-export type Context = {
-  [key: string]: any;
-};
-
-export type Log = {
-  title: string;
-  time: number;
-  level: string;
-  text: string;
-};
-
-export enum ResultType {
-  start = "start",
-  success = "success",
-  error = "error",
-  canceled = "canceled",
-  skip = "skip",
-  none = "none",
-}
-
-export type HistoryResultGroup = {
-  [key: string]: {
-    runnable: Runnable;
-    res: HistoryResult;
-  };
-};
-export type HistoryResult = {
-  input: any;
-  output: any;
-  files?: FileItem[];
-  /**
-   * 任务状态
-   */
-  status: ResultType;
-  startTime: number;
-  endTime?: number;
-  /**
-   * 处理结果
-   */
-  result?: ResultType; //success, error,skip
-  message?: string;
-};
-
-export type RunnableMap = {
-  [id: string]: Runnable;
-};

packages/core/pipeline/src/plugin/api.ts

@@ -4,7 +4,7 @@ import { FileStore } from "../core/file-store.js";
 import { Logger } from "log4js";
 import { IAccessService } from "../access/index.js";
 import { ICnameProxyService, IEmailService } from "../service/index.js";
-import { IContext, PluginRequestHandleReq, RunnableCollection } from "../core/index.js";
+import { CancelError, IContext, PluginRequestHandleReq, RunnableCollection } from "../core/index.js";
 import { ILogger, logger, utils } from "../utils/index.js";
 import { HttpClient } from "../utils/index.js";
 import dayjs from "dayjs";
@@ -111,13 +111,19 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     return this._result.files;
   }
 
+  checkSignal() {
+    if (this.ctx.signal && this.ctx.signal.aborted) {
+      throw new CancelError("用户取消");
+    }
+  }
+
   setCtx(ctx: TaskInstanceContext) {
     this.ctx = ctx;
     this.logger = ctx.logger;
     this.accessService = ctx.accessService;
   }
 
-  async getAccess(accessId: string) {
+  async getAccess<T = any>(accessId: string) {
     if (accessId == null) {
       throw new Error("您还没有配置授权");
     }
@@ -125,7 +131,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
     if (res == null) {
       throw new Error("授权不存在，可能已被删除，请前往任务配置里面重新选择授权");
     }
-    return res;
+    return res as T;
   }
 
   randomFileId() {

packages/core/pipeline/src/registry/registry.ts

@@ -1,4 +1,4 @@
-import { logger } from "../utils/index.js";
+import { isDev, logger } from "../utils/index.js";
 
 export type Registrable = {
   name: string;
@@ -71,6 +71,9 @@ export class Registry<T> {
         if (define?.deprecated) {
           continue;
         }
+        if (!isDev() && define.name.startsWith("demo")) {
+          continue;
+        }
         list.push({ ...define, key });
       }
     }

packages/libs/lib-huawei/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/lib-huawei

packages/libs/lib-huawei/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-huawei",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "main": "./dist/bundle.js",
   "module": "./dist/bundle.js",
   "types": "./dist/d/index.d.ts",
@@ -17,5 +17,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/libs/lib-iframe/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/lib-iframe

packages/libs/lib-iframe/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-iframe",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -39,5 +39,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/libs/lib-jdcloud/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-jdcloud
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/lib-jdcloud

packages/libs/lib-jdcloud/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-jdcloud",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "main": "./dist/bundle.mjs",
   "module": "./dist/bundle.mjs",
   "types": "./dist/d/index.d.ts",
@@ -27,5 +27,5 @@
     "rimraf": "^5.0.5",
     "rollup": "^3.7.4"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/libs/lib-k8s/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/lib-k8s

packages/libs/lib-k8s/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/lib-k8s",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -18,7 +18,7 @@
     "@kubernetes/client-node": "0.21.0"
   },
   "devDependencies": {
-    "@certd/pipeline": "^1.26.12",
+    "@certd/pipeline": "^1.27.0",
     "@rollup/plugin-commonjs": "^23.0.4",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-node-resolve": "^15.0.1",
@@ -40,5 +40,5 @@
     "tslib": "^2.5.2",
     "typescript": "^5.4.2"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/libs/lib-server/CHANGELOG.md

@@ -3,6 +3,29 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/lib-server
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Performance Improvements
+
+* 限制其他用户流水线数量 ([315e437](https://github.com/certd/certd/commit/315e43746baf01682737f82e41579237a48409af))
+* 用户管理优化头像上传 ([661293c](https://github.com/certd/certd/commit/661293c189a3abf3cdc953b5225192372f57930d))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/lib-server

packages/libs/lib-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/lib-server",
-  "version": "1.26.12",
+  "version": "1.27.0",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -26,9 +26,9 @@
   ],
   "license": "AGPL",
   "dependencies": {
-    "@certd/acme-client": "^1.26.12",
-    "@certd/basic": "^1.26.12",
-    "@certd/pipeline": "^1.26.12",
+    "@certd/acme-client": "^1.27.0",
+    "@certd/basic": "^1.27.0",
+    "@certd/pipeline": "^1.27.0",
     "@midwayjs/cache": "~3.14.0",
     "@midwayjs/core": "~3.17.1",
     "@midwayjs/i18n": "~3.17.3",
@@ -69,5 +69,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/libs/lib-server/src/system/basic/service/file-service.ts

@@ -1,4 +1,4 @@
-import { Provide } from '@midwayjs/core';
+import { Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import dayjs from 'dayjs';
 import path from 'path';
 import fs from 'fs';
@@ -14,6 +14,7 @@ export const uploadTmpFileCacheKey = 'tmpfile_key_';
 /**
  */
 @Provide()
+@Scope(ScopeEnum.Singleton)
 export class FileService {
   async saveFile(userId: number, tmpCacheKey: any, permission: 'public' | 'private') {
     if (tmpCacheKey.startsWith(`/${permission}`)) {

packages/libs/lib-server/src/system/settings/service/models.ts

@@ -15,6 +15,7 @@ export class SysPublicSettings extends BaseSettings {
   static __title__ = '系统公共设置';
   static __access__ = 'public';
   registerEnabled = false;
+  limitUserPipelineCount = 0;
   managerOtherUserPipeline = false;
   icpNo?: string;
   // triggerOnStartup = false;

packages/libs/lib-server/src/system/settings/service/sys-settings-service.ts

@@ -127,14 +127,12 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
 
   async reloadPrivateSettings() {
     const bean = await this.getPrivateSettings();
-    if (bean.httpProxy || bean.httpsProxy) {
-      const opts = {
-        httpProxy: bean.httpProxy,
-        httpsProxy: bean.httpsProxy,
-      };
-      setGlobalProxy(opts);
-      agents.setGlobalProxy(opts);
-    }
+    const opts = {
+      httpProxy: bean.httpProxy,
+      httpsProxy: bean.httpsProxy,
+    };
+    setGlobalProxy(opts);
+    agents.setGlobalProxy(opts);
   }
 
   async updateByKey(key: string, setting: any) {

packages/libs/midway-flyway-js/CHANGELOG.md

@@ -3,6 +3,26 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 **Note:** Version bump only for package @certd/midway-flyway-js

packages/libs/midway-flyway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/midway-flyway-js",
-  "version": "1.26.12",
+  "version": "1.27.0",
   "description": "midway with flyway, sql upgrade way ",
   "private": false,
   "type": "module",
@@ -56,5 +56,5 @@
     "typeorm": "^0.3.11",
     "typescript": "^5.4.2"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/plugins/plugin-cert/CHANGELOG.md

@@ -3,6 +3,42 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+### Bug Fixes
+
+* pfx兼容windows server 2016 ([e5e468a](https://github.com/certd/certd/commit/e5e468a463f66d02f235de54b7c1e09ace5f1cb1))
+
+### Features
+
+* 首页全新改版 ([63ec5b5](https://github.com/certd/certd/commit/63ec5b5519c760a3330569c0da6dac157302a330))
+
+### Performance Improvements
+
+* lego 升级到 4.19.2 ([129bf53](https://github.com/certd/certd/commit/129bf53edc9bbb001fe49fbd7e239bd1d09cc128))
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+### Bug Fixes
+
+* 修复lego No help topic for 错误 ([aaaf8d7](https://github.com/certd/certd/commit/aaaf8d7db34896cf8f2ff8f12eec1ab0cae58f0f))
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+### Bug Fixes
+
+* deprecated的运行时不要报错，只报警告 ([bcbefaa](https://github.com/certd/certd/commit/bcbefaaa35cf6d0eec085b3a2c5bfc7c6a8de9e1))
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 ### Performance Improvements

packages/plugins/plugin-cert/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@certd/plugin-cert",
   "private": false,
-  "version": "1.26.12",
+  "version": "1.27.0",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -15,9 +15,9 @@
     "preview": "vite preview"
   },
   "dependencies": {
-    "@certd/acme-client": "^1.26.12",
-    "@certd/basic": "^1.26.12",
-    "@certd/pipeline": "^1.26.12",
+    "@certd/acme-client": "^1.27.0",
+    "@certd/basic": "^1.27.0",
+    "@certd/pipeline": "^1.27.0",
     "@google-cloud/publicca": "^1.3.0",
     "dayjs": "^1.11.7",
     "jszip": "^3.10.1",
@@ -57,5 +57,5 @@
     "vite": "^3.1.0",
     "vue-tsc": "^0.38.9"
   },
-  "gitHead": "3a78cb9929fd63bb72f0e00f4389e775c926c789"
+  "gitHead": "844fd4358c84251c72c5854ea633f238014244ad"
 }

packages/plugins/plugin-cert/src/dns-provider/base.ts

@@ -31,7 +31,7 @@ export async function createDnsProvider(opts: { dnsProviderType: string; context
   const DnsProviderClass = dnsProviderPlugin.target;
   const dnsProviderDefine = dnsProviderPlugin.define as DnsProviderDefine;
   if (dnsProviderDefine.deprecated) {
-    throw new Error(dnsProviderDefine.deprecated);
+    context.logger.warn(dnsProviderDefine.deprecated);
   }
   // @ts-ignore
   const dnsProvider: IDnsProvider = new DnsProviderClass();

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -30,6 +30,7 @@ export type CertInfo = {
   ic?: string;
   pfx?: string;
   der?: string;
+  jks?: string;
 };
 export type SSLProvider = "letsencrypt" | "google" | "zerossl";
 export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
@@ -59,8 +60,8 @@ export class AcmeService {
     this.sslProvider = options.sslProvider || "letsencrypt";
     this.eab = options.eab;
     this.skipLocalVerify = options.skipLocalVerify ?? false;
-    acme.setLogger((text: string) => {
-      this.logger.info(text);
+    acme.setLogger((message: any, ...args: any[]) => {
+      this.logger.info(message, ...args);
     });
   }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -55,13 +55,14 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     },
     required: false,
     order: 100,
-    helper: "PFX格式证书是否需要加密",
+    // helper: "PFX、jks格式证书是否加密；jks必须设置密码，不传则默认123456",
+    helper: "PFX证书是否加密",
   })
   pfxPassword!: string;
 
   @TaskInput({
     title: "更新天数",
-    value: 20,
+    value: 35,
     component: {
       name: "a-input-number",
       vModel: "value",
@@ -157,14 +158,28 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
           cert,
           pfxPassword: this.pfxPassword,
         });
-        const pfxBuffer = fs.readFileSync(res.pfxPath);
-        cert.pfx = pfxBuffer.toString("base64");
+        if (res.pfxPath) {
+          const pfxBuffer = fs.readFileSync(res.pfxPath);
+          cert.pfx = pfxBuffer.toString("base64");
+          fs.unlinkSync(res.pfxPath);
+          isNew = true;
+        }
 
-        const derBuffer = fs.readFileSync(res.derPath);
-        cert.der = derBuffer.toString("base64");
+        if (res.derPath) {
+          const derBuffer = fs.readFileSync(res.derPath);
+          cert.der = derBuffer.toString("base64");
+          fs.unlinkSync(res.derPath);
+          isNew = true;
+        }
+
+        if (res.jksPath) {
+          const jksBuffer = fs.readFileSync(res.jksPath);
+          cert.jks = jksBuffer.toString("base64");
+          fs.unlinkSync(res.jksPath);
+          isNew = true;
+        }
 
         this.logger.info("转换证书格式成功");
-        isNew = true;
       } catch (e) {
         this.logger.error("转换证书格式失败", e);
       }
@@ -186,12 +201,16 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     zip.file("cert.crt", cert.crt);
     zip.file("cert.key", cert.key);
     zip.file("intermediate.crt", cert.ic);
+
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
     if (cert.der) {
       zip.file("cert.der", Buffer.from(cert.der, "base64"));
     }
+    if (cert.jks) {
+      zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
+    }
     const content = await zip.generateAsync({ type: "nodebuffer" });
     this.saveFile(filename, content);
     this.logger.info(`已保存文件:${filename}`);
@@ -212,7 +231,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
       this.logger.info("input hash 有变更，检查是否需要重新申请证书");
       //判断域名有没有变更
       /**
-       *                      "renewDays": 20,
+       *                      "renewDays": 35,
        *                     "certApplyPlugin": "CertApply",
        *                     "sslProvider": "letsencrypt",
        *                     "privateKeyType": "rsa_2048_pkcs1",

packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts

@@ -13,6 +13,7 @@ export type CertReaderHandleContext = {
   tmpPfxPath?: string;
   tmpDerPath?: string;
   tmpIcPath?: string;
+  tmpJksPath?: string;
 };
 export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
 export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
@@ -72,14 +73,14 @@ export class CertReader {
     return domains;
   }
 
-  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic", filepath?: string) {
+  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic" | "jks", filepath?: string) {
     if (!this.cert[type]) {
       return;
     }
 
     if (filepath == null) {
       //写入临时目录
-      filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`);
+      filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.${type}`);
     }
 
     const dir = path.dirname(filepath);
@@ -103,6 +104,7 @@ export class CertReader {
     const tmpIcPath = this.saveToFile("ic");
     logger.info("本地文件写入成功");
     const tmpDerPath = this.saveToFile("der");
+    const tmpJksPath = this.saveToFile("jks");
     try {
       return await opts.handle({
         reader: this,
@@ -111,6 +113,7 @@ export class CertReader {
         tmpPfxPath: tmpPfxPath,
         tmpDerPath: tmpDerPath,
         tmpIcPath: tmpIcPath,
+        tmpJksPath: tmpJksPath,
       });
     } catch (err) {
       throw err;
@@ -127,6 +130,7 @@ export class CertReader {
       removeFile(tmpPfxPath);
       removeFile(tmpDerPath);
       removeFile(tmpIcPath);
+      removeFile(tmpJksPath);
     }
   }
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts

@@ -17,16 +17,20 @@ export class CertConverter {
   async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
     pfxPath: string;
     derPath: string;
+    jksPath: string;
   }> {
     const certReader = new CertReader(opts.cert);
     let pfxPath: string;
     let derPath: string;
+    let jksPath: string;
     const handle = async (ctx: CertReaderHandleContext) => {
       // 调用openssl 转pfx
       pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
 
       // 转der
       derPath = await this.convertDer(ctx);
+
+      //jksPath = await this.convertJks(ctx,  opts.pfxPassword);
     };
 
     await certReader.readCertFile({ logger: this.logger, handle });
@@ -34,10 +38,12 @@ export class CertConverter {
     return {
       pfxPath,
       derPath,
+      jksPath,
     };
   }
 
   async exec(cmd: string) {
+    process.env.LANG = "zh_CN.GBK";
     await sp.spawn({
       cmd: cmd,
       logger: this.logger,
@@ -47,7 +53,7 @@ export class CertConverter {
   private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string) {
     const { tmpCrtPath, tmpKeyPath } = opts;
 
-    const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
+    const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
 
     const dir = path.dirname(pfxPath);
     if (!fs.existsSync(dir)) {
@@ -58,7 +64,10 @@ export class CertConverter {
     if (pfxPassword) {
       passwordArg = `-password pass:${pfxPassword}`;
     }
-    await this.exec(`openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`);
+    // 兼容server 2016，旧版本不能用sha256
+    const oldPfxCmd = `openssl pkcs12 -macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
+    // const newPfx = `openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
+    await this.exec(oldPfxCmd);
     return pfxPath;
     // const fileBuffer = fs.readFileSync(pfxPath);
     // this.pfxCert = fileBuffer.toString("base64");
@@ -70,7 +79,7 @@ export class CertConverter {
 
   private async convertDer(opts: CertReaderHandleContext) {
     const { tmpCrtPath } = opts;
-    const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
+    const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.der`);
 
     const dir = path.dirname(derPath);
     if (!fs.existsSync(dir)) {
@@ -88,4 +97,33 @@ export class CertConverter {
     // const filename = reader.buildCertFileName("der", applyTime);
     // this.saveFile(filename, fileBuffer);
   }
+
+  async convertJks(opts: CertReaderHandleContext, pfxPassword = "") {
+    const jksPassword = pfxPassword || "123456";
+    try {
+      const randomStr = Math.floor(Math.random() * 1000000) + "";
+
+      const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
+      const { tmpCrtPath, tmpKeyPath } = opts;
+      let passwordArg = "-passout pass:";
+      if (pfxPassword) {
+        passwordArg = `-password pass:${pfxPassword}`;
+      }
+      await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
+
+      const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
+      const dir = path.dirname(jksPath);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+      }
+      await this.exec(
+        `keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${pfxPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `
+      );
+      fs.unlinkSync(p12Path);
+      return jksPath;
+    } catch (e) {
+      this.logger.error("转换jks失败", e);
+      return;
+    }
+  }
 }

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -7,6 +7,7 @@ import { CertReader } from "./cert-reader.js";
 import { CertApplyBasePlugin } from "./base.js";
 import { GoogleClient } from "../../libs/google.js";
 import { EabAccess } from "../../access";
+import { CancelError } from "@certd/pipeline";
 
 export type { CertInfo };
 export * from "./cert-reader.js";
@@ -33,7 +34,7 @@ export type DomainsVerifyPlanInput = {
   desc: "免费通配符域名证书申请，支持多个域名打到同一个证书上",
   default: {
     input: {
-      renewDays: 20,
+      renewDays: 35,
       forceUpdate: false,
     },
     strategy: {
@@ -55,12 +56,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     },
     required: true,
     helper:
-      "DNS直接验证：适合域名是在阿里云、腾讯云、华为云、Cloudflare、西数注册的，需要提供Access授权信息。\nCNAME代理验证：支持任何注册商注册的域名，并且不需要提供Access授权信息，但第一次需要手动添加CNAME记录",
+      "DNS直接验证：域名是在阿里云、腾讯云、华为云、Cloudflare、西数注册的，选它。\nCNAME代理验证：支持任何注册商注册的域名，但第一次需要手动添加CNAME记录",
   })
   challengeType!: string;
 
   @TaskInput({
-    title: "DNS提供商",
+    title: "DNS解析服务商",
     component: {
       name: "dns-provider-selector",
     },
@@ -72,7 +73,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
     }
     `,
     required: true,
-    helper: "请选择dns解析提供商，您的域名是在哪里注册的，或者域名的dns解析服务器属于哪个平台\n如果这里没有您需要的dns解析提供商，请选择CNAME代理验证校验方式",
+    helper: "您的域名注册商，或者域名的dns服务器属于哪个平台\n如果这里没有，请选择CNAME代理验证校验方式",
   })
   dnsProviderType!: string;
 
@@ -82,7 +83,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       name: "access-selector",
     },
     required: true,
-    helper: "请选择dns解析提供商授权",
+    helper: "请选择dns解析服务商授权",
     mergeScript: `return {
       component:{
         type: ctx.compute(({form})=>{
@@ -134,7 +135,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "zerossl", label: "ZeroSSL" },
       ],
     },
-    helper: "Let's Encrypt最简单，如果使用ZeroSSL、Google证书，需要提供EAB授权",
+    helper: "Let's Encrypt：申请最简单\nGoogle：大厂光环，兼容性好，需要翻墙获取EAB授权\nZeroSSL：有数量限制，获取EAB授权无需翻墙",
     required: true,
   })
   sslProvider!: SSLProvider;
@@ -293,6 +294,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
       useMappingProxy: this.useProxy,
       reverseProxy: this.reverseProxy,
       privateKeyType: this.privateKeyType,
+      signal: this.ctx.signal,
       // cnameProxyService: this.ctx.cnameProxyService,
       // dnsProviderCreator: this.createDnsProvider.bind(this),
     });
@@ -347,6 +349,9 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         this.logger.error(e);
         throw new Error(`通配符域名已经包含了普通域名，请删除其中一个（${message}）`);
       }
+      if (e.name === "CancelError") {
+        throw new CancelError(e.message);
+      }
       throw e;
     }
   }

packages/plugins/plugin-cert/src/plugin/cert-plugin/lego/index.ts

@@ -5,6 +5,8 @@ import { CertApplyBasePlugin } from "../base.js";
 import fs from "fs";
 import { EabAccess } from "../../../access/index.js";
 import path from "path";
+import { utils } from "@certd/basic";
+import JSZip from "jszip";
 
 export { CertReader };
 export type { CertInfo };
@@ -17,7 +19,7 @@ export type { CertInfo };
   desc: "支持海量DNS解析提供商，推荐使用，一样的免费通配符域名证书申请，支持多个域名打到同一个证书上",
   default: {
     input: {
-      renewDays: 20,
+      renewDays: 35,
       forceUpdate: false,
     },
     strategy: {
@@ -118,7 +120,7 @@ export class CertApplyLegoPlugin extends CertApplyBasePlugin {
     this.logger.info(`环境变量:${JSON.stringify(env)}`);
     let eabArgs = "";
     if (this.eab) {
-      eabArgs = ` --eab "${this.eab.kid}" --kid "${this.eab.kid}" --hmac "${this.eab.hmacKey}"`;
+      eabArgs = ` --eab --kid "${this.eab.kid}" --hmac "${this.eab.hmacKey}"`;
     }
     const keyType = "-k rsa2048";
 
@@ -126,6 +128,25 @@ export class CertApplyLegoPlugin extends CertApplyBasePlugin {
     const savePathArgs = `--path "${saveDir}"`;
     const os_type = process.platform === "win32" ? "windows" : "linux";
     const legoPath = path.resolve("./tools", os_type, "lego");
+    if (!fs.existsSync(legoPath)) {
+      //解压缩
+      if (os_type === "linux") {
+        await utils.sp.spawn({
+          cmd: "tar -zxvf ./tools/linux/lego_*.tar.gz -C ./tools/linux/",
+        });
+        this.logger.info("解压lego成功");
+      } else {
+        const zip = new JSZip();
+        const data = fs.readFileSync("./tools/windows/lego_windows_amd64.zip");
+        const zipData = await zip.loadAsync(data);
+        const files = Object.keys(zipData.files);
+        for (const file of files) {
+          const content = await zipData.files[file].async("nodebuffer");
+          fs.writeFileSync(`./tools/windows/${file}`, content);
+        }
+        this.logger.info("解压lego成功");
+      }
+    }
     let serverArgs = "";
     if (this.acmeServer) {
       serverArgs = ` --server ${this.acmeServer}`;

packages/ui/Dockerfile

@@ -13,9 +13,12 @@ RUN cd /workspace/certd-server && pnpm install && npm run build-on-docker
 
 FROM node:18-alpine
 RUN apk add --no-cache openssl
+# RUN apk add --no-cache openjdk11-jdk
 WORKDIR /app/
 COPY --from=builder /workspace/certd-server/ /app/
+RUN cd /app/tools/linux/ && tar -zxvf *.tar.gz -C .
 RUN chmod +x /app/tools/linux/*
+
 ENV TZ=Asia/Shanghai
 ENV NODE_ENV=production
 ENV MIDWAY_SERVER_ENV=production

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,60 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [1.27.0](https://github.com/certd/certd/compare/v1.26.16...v1.27.0) (2024-10-31)
+
+### Bug Fixes
+
+* 修复历史记录不能按名称查询的bug ([6113c38](https://github.com/certd/certd/commit/6113c388b7fc58b11ca19ff05cc1286d096c8d28))
+
+### Features
+
+* 首页全新改版 ([63ec5b5](https://github.com/certd/certd/commit/63ec5b5519c760a3330569c0da6dac157302a330))
+
+### Performance Improvements
+
+* 管理控制台数据统计 ([babd589](https://github.com/certd/certd/commit/babd5897ae013ff7c04ebfcbfac8a00d84dd627c))
+* 增加向导 ([6d9ef26](https://github.com/certd/certd/commit/6d9ef26ecab71d752c2c55d75aed4fb5f6c05a39))
+
+## [1.26.16](https://github.com/certd/certd/compare/v1.26.15...v1.26.16) (2024-10-30)
+
+**Note:** Version bump only for package @certd/ui-client
+
+## [1.26.15](https://github.com/certd/certd/compare/v1.26.14...v1.26.15) (2024-10-28)
+
+### Bug Fixes
+
+* 顶部菜单变...的bug ([6dabad7](https://github.com/certd/certd/commit/6dabad76baba96be0f8af36a3fbfb9f5182aecf1))
+
+### Performance Improvements
+
+* 默认证书更新时间设置为35天，增加腾讯云删除过期证书插件，可以避免腾讯云过期证书邮件 ([51b6fed](https://github.com/certd/certd/commit/51b6fed468eaa6f28ce4497ce303ace1a52abb96))
+* 授权加密支持解密查看 ([5575c83](https://github.com/certd/certd/commit/5575c839705f6987ad2bdcd33256b0962c6a9c6a))
+* 重置管理员密码同时启用管理员账户，避免之前禁用了，重置密码还是登录不进去 ([f92d918](https://github.com/certd/certd/commit/f92d918a1e28e29b794ad4754661ea760c18af46))
+
+## [1.26.14](https://github.com/certd/certd/compare/v1.26.13...v1.26.14) (2024-10-26)
+
+### Bug Fixes
+
+* 修复启动时自签证书无法保存的bug ([526c484](https://github.com/certd/certd/commit/526c48450bcd37b3ccded9b448f17de8140bdc6e))
+
+### Performance Improvements
+
+* 顶部菜单自定义 ([54d136c](https://github.com/certd/certd/commit/54d136cc6ae122f7c891b7a5c7232fe5de8e5cb5))
+* 禁用readonly用户 ([d10d42e](https://github.com/certd/certd/commit/d10d42e20619bb55a50d636b8867ff33db4e3b4b))
+* 限制其他用户流水线数量 ([315e437](https://github.com/certd/certd/commit/315e43746baf01682737f82e41579237a48409af))
+* 用户管理优化头像上传 ([661293c](https://github.com/certd/certd/commit/661293c189a3abf3cdc953b5225192372f57930d))
+
+## [1.26.13](https://github.com/certd/certd/compare/v1.26.12...v1.26.13) (2024-10-26)
+
+### Bug Fixes
+
+* 修复对话框全屏按钮与关闭按钮重叠的bug ([95df56c](https://github.com/certd/certd/commit/95df56cc5ca5e3eb843cd17cb7078cde47729f1e))
+
+### Performance Improvements
+
+* 支持同时监听https端口，7002 ([d5a17f9](https://github.com/certd/certd/commit/d5a17f9e6afd63fda2df0981118480f25a1fac2e))
+
 ## [1.26.12](https://github.com/certd/certd/compare/v1.26.11...v1.26.12) (2024-10-25)
 
 ### Performance Improvements

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.26.12",
+  "version": "1.27.0",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -45,6 +45,7 @@
     "cron-parser": "^4.9.0",
     "cropperjs": "^1.6.1",
     "dayjs": "^1.11.10",
+    "echarts": "^5.5.1",
     "highlight.js": "^11.9.0",
     "humanize-duration": "^3.27.3",
     "lodash-es": "^4.17.21",
@@ -58,13 +59,14 @@
     "sortablejs": "^1.15.2",
     "vue": "^3.4.21",
     "vue-cropperjs": "^5.0.0",
+    "vue-echarts": "^7.0.3",
     "vue-i18n": "^9.10.2",
     "vue-router": "^4.3.0",
     "vuedraggable": "^4.1.0"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.26.12",
-    "@certd/pipeline": "^1.26.12",
+    "@certd/lib-iframe": "^1.27.0",
+    "@certd/pipeline": "^1.27.0",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",