Compare commits

..

26 Commits

Author SHA1 Message Date
xiaojunnuo cc5154e04e perf: 为DNS解析器添加超时配置,避免查询时间过长
在util.js中为dns.Resolver添加超时配置,确保DNS查询在合理时间内完成
2026-04-25 04:45:39 +08:00
xiaojunnuo 77db5ecd12 perf: 优化权威域名服务器查询超时时长 2026-04-25 04:30:48 +08:00
xiaojunnuo 7ac789c9c7 perf: 商业版支持配置证书申请插件参数 2026-04-25 04:12:26 +08:00
xiaojunnuo 24dff05f64 fix: 修复商业版设置了公共eab,创建流水线仍然会显示需要配置eab的bug 2026-04-25 03:32:45 +08:00
xiaojunnuo 64a350364d fix: 修复流水线未编辑模式下也提示未保存的bug 2026-04-25 02:29:25 +08:00
xiaojunnuo 11b7cfe5cb perf: 支持主动修改绑定url地址 2026-04-24 00:11:55 +08:00
xiaojunnuo 71cfcad2a1 fix: 修复列表页面底部滚动条与表格之间有空白间隙的bug 2026-04-24 00:04:42 +08:00
xiaojunnuo ab4373b26e chore: 商业版放开限制,可以切换为企业模式 2026-04-23 23:30:52 +08:00
xiaojunnuo d23ddc96ac chore: 优化安装脚本 2026-04-23 01:24:49 +08:00
xiaojunnuo 147708e779 chore: 1 2026-04-23 01:17:15 +08:00
xiaojunnuo dc969dd7ed perf: 支持一键安装脚本 2026-04-23 01:03:54 +08:00
xiaojunnuo ef7d1d9327 perf: 支持hipm dns mgr 2026-04-22 23:48:12 +08:00
xiaojunnuo 2e6e9ed925 perf: 支持部署到nginx-proxy-manager 2026-04-22 23:47:02 +08:00
HINS 296dcab4c7 perf: 添加HiPMDnsmgr DNS提供商的支持 @WUHINS
* feat: add HiPM DNSMgr DNS provider plugin

- Create plugin-hipmdnsmgr for HiPM DNSMgr integration
- Support API Token authentication (Bearer token)
- Implement createRecord and removeRecord for ACME DNS-01 challenge
- Add getDomainListPage for domain selection
- Register plugin in plugins/index.ts

Features:
- RESTful API integration with DNSMgr
- Automatic domain ID resolution
- Full TypeScript type support

* refactor: reorganize plugin-hipmdnsmgr directory structure

- Move access.ts to access/hipmdnsmgr-access.ts
- Move dns-provider.ts to dns-provider/hipmdnsmgr-dns-provider.ts
- Add index.ts files for proper module exports
- Align with plugin-huawei and plugin-tencent structure

Structure:
  plugin-hipmdnsmgr/
     access/
        hipmdnsmgr-access.ts
        index.ts
     dns-provider/
        hipmdnsmgr-dns-provider.ts
        index.ts
     index.ts
2026-04-22 00:10:13 +08:00
xiaojunnuo f9e1c46c45 chore: 1 2026-04-19 12:26:05 +08:00
xiaojunnuo 94fd5bd7ec chore: 1 2026-04-19 12:25:28 +08:00
xiaojunnuo eb6ca96e85 Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev 2026-04-19 12:24:06 +08:00
xiaojunnuo a2bbc7e272 fix: 修复站点监控某些情况下获取不到证书的bug 2026-04-19 12:23:41 +08:00
xiaojunnuo f075a991f0 chore: 1 2026-04-17 19:34:01 +08:00
xiaojunnuo edeb817c39 perf(technitium): 添加Technitium DNS Server插件支持
- 新增Technitium DNS Server插件,包含DNS提供商和授权配置
- 实现DNS记录创建、删除和域名列表获取功能
- 添加默认DNS传播等待时间配置
- 优化用户取消操作时的错误处理
- 为图标选择组件添加过滤功能
- 更新DNS提供商开发文档
2026-04-17 19:22:10 +08:00
xiaojunnuo 23b4658672 perf: apisix支持v2 2026-04-17 17:04:29 +08:00
ahe 5f95ee987f fix 站点IP监控提示权限不足 (#714) 2026-04-17 16:46:44 +08:00
xiaojunnuo cc73f156a7 chore: 1 2026-04-17 00:56:21 +08:00
xiaojunnuo ee72d10718 build: release 2026-04-12 00:29:18 +08:00
xiaojunnuo 831871d37f build: publish 2026-04-11 23:48:07 +08:00
xiaojunnuo 6072550ec1 build: trigger build image 2026-04-11 23:47:55 +08:00
79 changed files with 10451 additions and 178 deletions
+14
View File
@@ -145,6 +145,20 @@ async doRequest(req: { action: string, data?: any }) {
utils: typeof utils;
accessService: IAccessService;
}
// this.ctx.http 只有request方法
// 方法参数
export type HttpRequestConfig<D = any> = {
skipSslVerify?: boolean;
skipCheckRes?: boolean;
logParams?: boolean;
logRes?: boolean;
logData?: boolean;
httpProxy?: string;
returnOriginRes?: boolean;
} & AxiosRequestConfig<D>;
*/
const res = await this.ctx.http.request({
url: "https://api.demo.cn/api/",
+43 -4
View File
@@ -105,6 +105,28 @@ async removeRecord(options: RemoveRecordOptions<DemoRecord>): Promise<void> {
}
```
### 6. 实现 getDomainListPage 方法
```typescript
/**
* 实现获取域名列表
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
const pager = new Pager(req);
const res = await this.http.request({
// 请求接口获取域名列表
})
const list = res.Domains?.map(item => ({
id: item.Id,
domain: item.DomainName,
})) || []
return {
list,
total: res.Total,
}
}
```
### 6. 实例化插件
```typescript
@@ -204,11 +226,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
this.logger.info('删除域名解析成功:', fullRecord, value);
}
/**
* 实现获取域名列表
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
const pager = new Pager(req);
const res = await this.http.request({
// 请求接口获取域名列表
})
const list = res.Domains?.map(item => ({
id: item.Id,
domain: item.DomainName,
})) || []
return {
list,
total: res.Total,
}
}
}
// 实例化这个 provider,将其自动注册到系统中
if (isDev()) {
// 你的实现 要去掉这个 if,不然生产环境将不会显示
new DemoDnsProvider();
}
new DemoDnsProvider();
```
+9 -1
View File
@@ -95,7 +95,15 @@ https://certd.handfree.work/
3. 【推荐】[1Panel面板方式部署](https://certd.docmirror.cn/guide/install/1panel/)
4. 【推荐】[雨云一键部署](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2) : 首充翻倍,每月仅需2.2元
[<img src="https://rainyun-apps.cn-nb1.rains3.com/materials/deploy-on-rainyun-cn.svg">](https://app.rainyun.com/apps/rca/store/6646/?ref=NzExMDQ2)
5. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
5. 【推荐】[一键安装脚本](https://certd.docmirror.cn/guide/install/docker/)(自动安装 DockerCertd):
```bash
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
6. 【不推荐】[源码方式部署 ](https://certd.docmirror.cn/guide/install/source/)
#### Docker镜像说明:
* 国内镜像地址:
+340
View File
@@ -0,0 +1,340 @@
#!/bin/bash
set -e
CERTD_VERSION="${CERTD_VERSION:-latest}"
INSTALL_DIR="${INSTALL_DIR:-/opt/certd}"
COMPOSE_FILE_URL="https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
DOCKER_MIRROR="https://mirrors.aliyun.com"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
check_command() {
command -v "$1" >/dev/null 2>&1
}
get_local_ip() {
LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | grep -oP 'src \K[^ ]+' | head -1)
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
fi
if [ -z "$LOCAL_IP" ]; then
LOCAL_IP="127.0.0.1"
fi
echo "$LOCAL_IP"
}
get_public_ip() {
PUBLIC_IP=$(curl -s --max-time 5 https://api.ipify.org 2>/dev/null)
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=$(curl -s --max-time 5 https://checkip.amazonaws.com 2>/dev/null)
fi
if [ -z "$PUBLIC_IP" ]; then
PUBLIC_IP=""
fi
echo "$PUBLIC_IP"
}
show_access_urls() {
LOCAL_IP=$(get_local_ip)
PUBLIC_IP=$(get_public_ip)
echo ""
echo "=========================================="
log_info "安装完成!"
echo "=========================================="
echo ""
echo "访问地址:"
if [ -n "$PUBLIC_IP" ]; then
echo -e " ${GREEN}外网访问:${NC} http://$PUBLIC_IP:7001"
fi
echo -e " ${GREEN}局域网:${NC} http://$LOCAL_IP:7001"
echo ""
echo "配置文件: $COMPOSE_FILE"
echo ""
echo "常用命令:"
echo " cd $INSTALL_DIR"
echo " docker compose logs -f # 查看日志"
echo " docker compose restart # 重启服务"
echo " docker compose down # 停止服务"
echo ""
}
detect_os() {
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
VER=$VERSION_ID
elif [ -f /etc/centos-release ]; then
OS="centos"
elif [ -f /etc/redhat-release ]; then
OS="rhel"
else
OS="unknown"
fi
}
check_docker() {
if check_command docker; then
DOCKER_VERSION=$(docker --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker 已安装: $DOCKER_VERSION"
return 0
else
log_warn "Docker 未安装"
return 1
fi
}
check_docker_compose() {
if check_command docker-compose; then
COMPOSE_VERSION=$(docker-compose --version 2>/dev/null | awk '{print $3}' | tr -d ',')
log_info "Docker Compose 已安装: $COMPOSE_VERSION"
return 0
elif docker compose version >/dev/null 2>&1; then
log_info "Docker Compose (插件版) 已安装"
return 0
else
log_warn "Docker Compose 未安装"
return 1
fi
}
install_docker_ubuntu() {
log_info "正在安装 Docker (Ubuntu/Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/${OS}/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/${OS} $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_centos() {
log_info "正在安装 Docker (CentOS/RHEL)..."
yum install -y yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_dockerrocky() {
log_info "正在安装 Docker (Rocky Linux/AlmaLinux)..."
dnf install -y yum-utils
dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker_debian() {
log_info "正在安装 Docker (Debian)..."
apt-get update
apt-get install -y ca-certificates curl gnupg2
mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg 2>/dev/null || \
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --armor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
log_info "Docker 安装完成"
}
install_docker() {
detect_os
log_info "检测到操作系统: $OS"
case $OS in
ubuntu)
install_docker_ubuntu
;;
debian)
install_docker_debian
;;
centos)
install_docker_centos
;;
rhel|rocky|almalinux)
install_dockerrocky
;;
*)
log_error "不支持的操作系统: $OS"
log_info "请手动安装 Docker"
exit 1
;;
esac
}
install_docker_compose_standalone() {
log_info "正在安装 Docker Compose (独立版本)..."
COMPOSE_URLS=(
"https://get.daocloud.io/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://mirror.sjtu.edu.cn/github/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
"https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-$(uname -s)-$(uname -m)"
)
for url in "${COMPOSE_URLS[@]}"; do
log_info "尝试从: $url"
if curl -L "$url" -o /usr/local/bin/docker-compose 2>/dev/null; then
chmod +x /usr/local/bin/docker-compose
log_info "Docker Compose 安装完成"
return 0
fi
log_warn "下载失败,尝试下一个源..."
done
log_error "Docker Compose 安装失败"
return 1
}
install_docker_compose() {
if check_command docker && docker compose version >/dev/null 2>&1; then
log_info "Docker Compose 插件已可用"
return 0
fi
if check_command docker-compose; then
log_info "Docker Compose 独立版本已安装"
return 0
fi
install_docker_compose_standalone
}
download_compose_file() {
log_info "正在下载 docker-compose.yaml..."
mkdir -p "$INSTALL_DIR"
if curl -fsSL "$COMPOSE_FILE_URL" -o "$COMPOSE_FILE.tmp"; then
mv "$COMPOSE_FILE.tmp" "$COMPOSE_FILE"
log_info "docker-compose.yaml 已下载到 $COMPOSE_FILE"
if [ "$CERTD_VERSION" != "latest" ]; then
sed -i "s|certd:latest|certd:$CERTD_VERSION|g" "$COMPOSE_FILE"
log_info "已修改镜像版本为: $CERTD_VERSION"
fi
else
log_error "下载失败,请检查网络连接"
exit 1
fi
}
start_certd() {
log_info "正在启动 Certd 容器..."
cd "$INSTALL_DIR"
if docker compose -f "$COMPOSE_FILE" up -d 2>/dev/null; then
log_info "Certd 启动成功!"
elif docker-compose -f "$COMPOSE_FILE" up -d; then
log_info "Certd 启动成功!"
fi
sleep 2
docker ps --filter "name=certd" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
}
show_usage() {
echo "用法: $0 [选项]"
echo ""
echo "选项:"
echo " -v, --version VERSION 指定 Certd 版本 (默认: latest)"
echo " -p, --path PATH 指定安装路径 (默认: /opt/certd)"
echo " -h, --help 显示帮助信息"
echo ""
echo "示例:"
echo " $0 # 使用默认配置安装"
echo " $0 -v 1.29.0 # 安装指定版本"
echo " $0 -p /data/certd # 安装到指定目录"
}
main() {
echo "=========================================="
echo " Certd 一键安装脚本"
echo "=========================================="
echo ""
while [[ $# -gt 0 ]]; do
case $1 in
-v|--version)
CERTD_VERSION="$2"
shift 2
;;
-p|--path)
INSTALL_DIR="$2"
COMPOSE_FILE="$INSTALL_DIR/docker-compose.yaml"
shift 2
;;
-h|--help)
show_usage
exit 0
;;
*)
log_error "未知选项: $1"
show_usage
exit 1
;;
esac
done
log_info "Certd 版本: $CERTD_VERSION"
log_info "安装路径: $INSTALL_DIR"
echo ""
DOCKER_INSTALLED=true
COMPOSE_INSTALLED=true
if ! check_docker; then
echo ""
log_info "正在安装 Docker..."
install_docker
fi
if ! check_docker_compose; then
echo ""
log_info "正在安装 Docker Compose..."
install_docker_compose
fi
download_compose_file
start_certd
show_access_urls
}
main "$@"
+19
View File
@@ -3,6 +3,25 @@
All notable changes to this project will be documented in this file.
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## [1.39.10](https://github.com/certd/certd/compare/v1.39.9...v1.39.10) (2026-04-11)
### Bug Fixes
* 修复创建流水线无法选择通知的bug ([a88d0a6](https://github.com/certd/certd/commit/a88d0a6ae15cb6170d0b36e21daf89f0dbd5f681))
* 修复流水线任务编辑页面复制粘贴按钮在夜间模式显示问题 ([1e549df](https://github.com/certd/certd/commit/1e549dfd431ed74e2bcdfce63e5f640c51603af3))
* 修复用户管理添加用户无法上传头像的bug ([557e98c](https://github.com/certd/certd/commit/557e98c33f5462167d8f6289f70dad68bb114a97))
* 修复自定义插件删除后没有反注册的bug ([df98463](https://github.com/certd/certd/commit/df9846332596d2afaba53e66d2897aa1c598f9c4))
* 修复spaceship创建record报错的bug ([70b46d4](https://github.com/certd/certd/commit/70b46d4a8f89cf8eded21ebb237e8c8ce6c40d30))
### Performance Improvements
* 1panel支持先上传证书再选择证书 ([7a9eec8](https://github.com/certd/certd/commit/7a9eec88e8eddf40dba055c072b5b2b0f67c1407))
* 部署到1panel面板支持mux模式 ([d05129e](https://github.com/certd/certd/commit/d05129ec67893b0b639003a4bca6878d128f56ad))
* 流水线修改编辑之后,增加未保存提示 ([21620ac](https://github.com/certd/certd/commit/21620ac6bdeb57e43509156a77037fc07c44282a))
* 修复检查全部某些情况下无效的bug,优化公共触发站点证书检查定时逻辑 ([ee53589](https://github.com/certd/certd/commit/ee535895a3166c6f9046963e28fa8f22f018b574))
* 增加域名管理 子域名检查提醒 ([2bdf183](https://github.com/certd/certd/commit/2bdf1832da73a3728f3ac415837bc26e70531cd6))
* 站点监控域名气泡增加端口显示 ([6ee718a](https://github.com/certd/certd/commit/6ee718a25265a9db2115343af9a1a01958f34b81))
## [1.39.9](https://github.com/certd/certd/compare/v1.39.8...v1.39.9) (2026-04-05)
### Bug Fixes
+22 -5
View File
@@ -2,7 +2,23 @@
## 一、安装
### 1. 环境准备
### 一键脚本安装(推荐)
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
```bash
curl -fsSL https://gitee.com/certd/certd/raw/v2/docker/run/install.sh | bash
```
> 支持 Ubuntu、Debian、CentOS、Rocky Linux、AlmaLinux 等主流发行版。
> docker-compose文件目录:`/opt/certd` ,升级时需要先进入此目录
> 运行时数据默认保存路径:`/data/certd` ,可使用参数指定:`-p /data/certd`
### 手动安装
#### 1. 环境准备
1.1 准备一台云服务器
@@ -19,9 +35,9 @@ https://docs.docker.com/engine/install/
```bash
# 随便创建一个目录
mkdir certd
mkdir /opt/certd
# 进入目录
cd certd
cd /opt/certd
# 下载docker-compose.yaml文件,或者手动下载放到certd目录下
wget https://gitee.com/certd/certd/raw/v2/docker/run/docker-compose.yaml
@@ -54,12 +70,12 @@ https://your_server_ip:7002
记得修改密码
## 二、升级
## 二、升级Certd
::: warning
如果您是第一次升级certd版本,切记切记先备份一下数据
```
# docker-compose.yaml配置
# 查看/opt/certd/docker-compose.yaml配置
- /data/certd:/app/data # 请务必确保 /app/data 这个路径没有改动,固定写死
```
:::
@@ -71,6 +87,7 @@ https://your_server_ip:7002
### 如果使用`latest`版本
```shell
cd /opt/certd
#重新拉取镜像
docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
# 重新启动容器
+42 -39
View File
@@ -36,45 +36,48 @@
| 32.| **Gcore** | Gcore |
| 33.| **Github授权** | |
| 34.| **godaddy授权** | |
| 35.| **金山云授权** | |
| 36.| **FTP授权** | |
| 37.| **七牛OSS授权** | |
| 38.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 39.| **s3/minio授权** | S3/minio oss授权 |
| 40.| **namesilo授权** | |
| 41.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 42.| **1panel授权** | 账号和密码 |
| 43.| **支付宝** | |
| 44.| **白山云授权** | |
| 45.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 46.| **cdnfly授权** | |
| 47.| **k8s授权** | |
| 48.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 49.| **LeCDN授权** | |
| 50.| **lucky** | |
| 51.| **猫云授权** | |
| 52.| **plesk授权** | |
| 53.| **长亭雷池授权** | |
| 54.| **群晖登录授权** | |
| 55.| **uniCloud** | unicloud授权 |
| 56.| **微信支付** | |
| 57.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 58.| **易发云短信** | sms.yfyidc.cn/ |
| 59.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 60.| **易支付** | |
| 61.| **proxmox** | |
| 62.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 63.| **UCloud授权** | 优刻得授权 |
| 64.| **又拍云** | |
| 65.| **网宿授权** | |
| 66.| **西部数码授权** | |
| 67.| **我爱云授权** | 我爱云CDN |
| 68.| **新网授权(代理方式)** | |
| 69.| **新网授权** | |
| 70.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 71.| **Zenlayer授权** | Zenlayer授权 |
| 72.| **GoEdge授权** | |
| 73.| **雨云授权** | https://app.rainyun.com/ |
| 35.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
| 36.| **金山云授权** | |
| 37.| **FTP授权** | |
| 38.| **七牛OSS授权** | |
| 39.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
| 40.| **s3/minio授权** | S3/minio oss授权 |
| 41.| **namesilo授权** | |
| 42.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
| 43.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
| 44.| **1panel授权** | 账号和密码 |
| 45.| **支付宝** | |
| 46.| **白山云授权** | |
| 47.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
| 48.| **cdnfly授权** | |
| 49.| **k8s授权** | |
| 50.| **括彩云cdn授权** | 括彩云CDN,每月免费30G[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
| 51.| **LeCDN授权** | |
| 52.| **lucky** | |
| 53.| **猫云授权** | |
| 54.| **plesk授权** | |
| 55.| **长亭雷池授权** | |
| 56.| **群晖登录授权** | |
| 57.| **uniCloud** | unicloud授权 |
| 58.| **微信支付** | |
| 59.| **易盾rcdn授权** | 易盾CDN,每月免费30G[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
| 60.| **易发云短信** | sms.yfyidc.cn/ |
| 61.| **易盾DCDN授权** | https://user.yiduncdn.com |
| 62.| **易支付** | |
| 63.| **proxmox** | |
| 64.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
| 65.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
| 66.| **UCloud授权** | 优刻得授权 |
| 67.| **又拍云** | |
| 68.| **网宿授权** | |
| 69.| **西部数码授权** | |
| 70.| **我爱云授权** | 我爱云CDN |
| 71.| **新网授权(代理方式)** | |
| 72.| **新网授权** | |
| 73.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
| 74.| **Zenlayer授权** | Zenlayer授权 |
| 75.| **GoEdge授权** | |
| 76.| **雨云授权** | https://app.rainyun.com/ |
<style module>
table th:first-of-type {
+21 -20
View File
@@ -1,5 +1,5 @@
# 任务插件
`129` 款任务插件
`130` 款任务插件
## 1. 证书申请
| 序号 | 名称 | 说明 |
@@ -58,25 +58,26 @@
| 3.| **Dokploy-部署server证书** | 自动更新Dokploy server证书 |
| 4.| **飞牛NAS-部署证书** | |
| 5.| **NextTerminal-更新证书** | 更新 Next Terminal 证书 |
| 6.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 7.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 8.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 9.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 10.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 11.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 12.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 13.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 14.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 15.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 16.| **lucky-更新Lucky证书** | |
| 17.| **Plesk-部署Plesk网站证书** | |
| 18.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 19.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书 |
| 20.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 21.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 22.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 23.| **Proxmox-上传证书到Proxmox** | |
| 24.| **威联通-部署证书到威联通** | 部署证书到qnap |
| 6.| **Nginx Proxy Manager-部署到主机** | 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。 |
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
| 17.| **lucky-更新Lucky证书** | |
| 18.| **Plesk-部署Plesk网站证书** | |
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
| 24.| **Proxmox-上传证书到Proxmox** | |
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
## 5. 阿里云
| 序号 | 名称 | 说明 |
+13 -11
View File
@@ -13,17 +13,19 @@
| 9.| **cloudflare** | cloudflare dns provider |
| 10.| **dns.la** | dns.la |
| 11.| **godaddy** | GoDaddy |
| 12.| **华为云** | 华为云DNS解析提供商 |
| 13.| **namesilo** | namesilo dns provider |
| 14.| **雨云** | 雨云DNS解析提供商 |
| 15.| **腾讯** | 腾讯云域名DNS解析提供 |
| 16.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 17.| **西部数码** | west dns provider |
| 18.| **Dns提供商Demo** | dns provider示例 |
| 19.| **彩虹DNS** | 彩虹DNS管理系统 |
| 20.| **Spaceship** | Spaceship 域名解析 |
| 21.| **51dns** | 51DNS |
| 22.| **新网互联** | 新网互联 |
| 12.| **HiPM DNSMgr** | HiPM DNSMgr DNS 解析提供商 |
| 13.| **华为云** | 华为云DNS解析提供商 |
| 14.| **namesilo** | namesilo dns provider |
| 15.| **** | 雨云DNS解析提供 |
| 16.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器 |
| 17.| **腾讯云** | 腾讯云域名DNS解析提供者 |
| 18.| **腾讯云EO DNS** | 腾讯云EO DNS解析提供者 |
| 19.| **西部数码** | west dns provider |
| 20.| **Dns提供商Demo** | dns provider示例 |
| 21.| **彩虹DNS** | 彩虹DNS管理系统 |
| 22.| **Spaceship** | Spaceship 域名解析 |
| 23.| **51dns** | 51DNS |
| 24.| **新网互联** | 新网互联 |
<style module>
table th:first-of-type {
+1 -1
View File
@@ -70,5 +70,5 @@
"bugs": {
"url": "https://github.com/publishlab/node-acme-client/issues"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+2 -1
View File
@@ -21,7 +21,8 @@ const defaultOpts = {
},
challengeRemoveFn: async () => {
throw new Error("Missing challengeRemoveFn()");
}
},
waitDnsDiffuseTime: 30,
};
/**
+1 -1
View File
@@ -577,7 +577,7 @@ class AcmeClient {
const verifyFn = async (abort) => {
if (this.opts.signal && this.opts.signal.aborted) {
abort();
abort(true);
throw new CancelError('用户取消');
}
+6 -3
View File
@@ -50,15 +50,18 @@ class Backoff {
async function retryPromise(fn, attempts, backoff, logger = log) {
let aborted = false;
let abortedFromUser = false;
try {
const setAbort = () => { aborted = true; }
const setAbort = (fromUser = false) => { aborted = true; abortedFromUser = fromUser; }
const data = await fn(setAbort);
return data;
}
catch (e) {
if (aborted){
logger(`用户取消重试`);
if (abortedFromUser){
logger(`用户取消重试`);
}
throw e;
}
if ( ((backoff.attempts + 1) >= attempts)) {
@@ -249,7 +252,7 @@ async function resolveDomainBySoaRecord(recordName, logger = log) {
async function getAuthoritativeDnsResolver(recordName, logger = log) {
logger(`获取域名${recordName}的权威NS服务器: `);
const resolver = new dns.Resolver();
const resolver = new dns.Resolver({ timeout: 10000,maxTimeout: 60000 });
try {
/* Resolve root domain by SOA */
-1
View File
@@ -92,7 +92,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns,deep = 0) {
try {
log(`检查域名 ${recordName} 的TXT记录`);
const txtRecords = await resolver.resolveTxt(recordName);
if (txtRecords && txtRecords.length) {
log(`找到 ${txtRecords.length} 条 TXT记录( ${recordName}`);
log(`TXT records: ${JSON.stringify(txtRecords)}`);
+1
View File
@@ -68,6 +68,7 @@ export interface ClientAutoOptions {
preferredChain?: string;
signal?: AbortSignal;
profile?:string;
waitDnsDiffuseTime?: number;
}
export class Client {
+1 -1
View File
@@ -47,5 +47,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -45,5 +45,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+4
View File
@@ -65,4 +65,8 @@ export abstract class BaseAccess implements IAccess {
}
throw new Error(`action ${req.action} not found`);
}
normalizeEndpoint(endpoint: string) {
return endpoint.replace(/\/$/, "");
}
}
+1 -1
View File
@@ -24,5 +24,5 @@
"prettier": "^2.8.8",
"tslib": "^2.8.1"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -31,5 +31,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -56,5 +56,5 @@
"fetch"
]
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -33,5 +33,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -64,5 +64,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
@@ -6,10 +6,10 @@ import { BaseSettings, SysInstallInfo, SysPrivateSettings, SysPublicSettings, Sy
import { getAllSslProviderDomains, setSslProviderReverseProxies } from '@certd/acme-client';
import { cache, logger, mergeUtils, setGlobalProxy } from '@certd/basic';
import { isPlus } from '@certd/plus-core';
import * as dns from 'node:dns';
import { BaseService, setAdminMode } from '../../../basic/index.js';
import { executorQueue } from '../../basic/service/executor-queue.js';
import { isComm, isPlus } from '@certd/plus-core';
const { merge } = mergeUtils;
let lastSaveEnvVars = {};
@@ -119,11 +119,11 @@ export class SysSettingsService extends BaseService<SysSettingsEntity> {
}
async savePublicSettings(bean: SysPublicSettings) {
if (isComm()) {
if (bean.adminMode === 'enterprise') {
throw new Error("商业版不支持使用企业管理模式")
}
}
// if (isComm()) {
// if (bean.adminMode === 'enterprise') {
// throw new Error("商业版不支持使用企业管理模式")
// }
// }
await this.saveSetting(bean);
//让设置生效
+1 -1
View File
@@ -46,5 +46,5 @@
"typeorm": "^0.3.11",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -38,5 +38,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
+1 -1
View File
@@ -57,5 +57,5 @@
"tslib": "^2.8.1",
"typescript": "^5.4.2"
},
"gitHead": "1c634a702af9298d25542acc270d68f71d9b1049"
"gitHead": "112a565bf74c50e16c27a2c0a716588f84f39789"
}
@@ -135,7 +135,12 @@ export class CertReader {
}
static readCertDetail(crt: string) {
const detail = crypto.readCertificateInfo(crt.toString());
let detail: CertificateInfo;
try {
detail = crypto.readCertificateInfo(crt.toString());
} catch (e) {
throw new Error("证书解析失败:" + e.message + "(请确定证书格式,是否与私钥搞反?)");
}
const effective = detail.notBefore;
const expires = detail.notAfter;
const fingerprints = CertReader.getFingerprintX509(crt);
@@ -1,5 +1,5 @@
<template>
<a-select :value="value" @update:value="onChange">
<a-select :value="value" :filter-option="true" @update:value="onChange">
<a-select-option v-for="item of options" :key="item.value" :value="item.value" :label="item.label">
<span class="flex-o">
<fs-icon :icon="item.icon" class="fs-16 color-blue mr-5" />
@@ -1,5 +1,5 @@
<template>
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" @update:value="atChange"> </icon-select>
<icon-select class="dns-provider-selector" :value="modelValue" :options="options" :filter-option="true" @update:value="atChange"> </icon-select>
</template>
<script lang="ts">
@@ -289,7 +289,7 @@ export const useSettingStore = defineStore({
}
},
openBindUrlModal() {
openBindUrlModal(opts: { closable?: boolean } = { closable: false }) {
const event: any = { ModalRef: null };
mitter.emit("getModal", event);
const Modal = event.ModalRef;
@@ -302,10 +302,12 @@ export const useSettingStore = defineStore({
modalRef.destroy();
}
};
const { closable = false } = opts;
const modalRef: any = Modal.warning({
title: "URL地址未绑定,是否绑定此地址?",
width: 500,
keyboard: false,
closable,
content: () => {
return (
<div class="p-4">
@@ -338,10 +340,10 @@ export const useSettingStore = defineStore({
danger: true,
},
okText: "不,回到原来的地址",
cancelText: "不,回到原来的地址",
onCancel: () => {
window.location.href = bindUrl;
},
// cancelText: "不,回到原来的地址",
// onOk: () => {
// window.location.href = bindUrl;
// },
});
},
async loadProductInfo() {
@@ -73,13 +73,11 @@
margin: 20px;
}
.fs-crud-table {
.ant-table-body {
height: 60vh;
table {
}
}
}
// .fs-crud-table {
// .ant-table-body {
// height:60vh;
// }
// }
body a {
color: #1890ff;
@@ -142,4 +140,5 @@ button.ant-btn.ant-btn-default.isPlus{
color: rgba(233, 233, 233, 0.25);
}
}
}
}
@@ -8,7 +8,6 @@
import { onActivated, onMounted, ref, Ref } from "vue";
import { useFs } from "@fast-crud/fast-crud";
import createCrudOptions from "./crud";
import { siteIpApi } from "./api";
defineOptions({
name: "SiteIpCertMonitor",
@@ -23,11 +22,6 @@ const { crudBinding, crudRef, crudExpose } = useFs({
},
});
const siteInfoRef: Ref<any> = ref({});
onMounted(async () => {
siteInfoRef.value = await siteIpApi.GetObj(props.siteId);
});
//
onMounted(() => {
crudExpose.doRefresh();
@@ -85,7 +85,7 @@ export function useCertPipelineCreator() {
const settingStore = useSettingStore();
const router = useRouter();
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string }): CreateCrudOptionsRet {
function createCrudOptions(req: { certPlugin: any; doSubmit: any; title?: string; initialForm?: any }): CreateCrudOptionsRet {
const inputs: any = {};
const moreParams = [];
const doSubmit = req.doSubmit;
@@ -124,9 +124,11 @@ export function useCertPipelineCreator() {
},
},
});
return {
crudOptions: {
form: {
initialForm: req.initialForm || {},
doSubmit,
wrapper: {
wrapClassName: "cert_pipeline_create_form",
@@ -326,6 +328,15 @@ export function useCertPipelineCreator() {
//检查是否流水线数量超出限制
await checkPipelineLimit();
//设置系统初始值
const initialForm: any = {};
const pluginSysConfig = await pluginStore.getPluginConfig({ name: req.pluginName, type: "builtIn" });
if (pluginSysConfig.sysSetting?.input) {
for (const key in pluginSysConfig.sysSetting?.input) {
initialForm[key] = pluginSysConfig.sysSetting?.input[key];
}
}
async function doSubmit({ form }: any) {
// const certDetail = readCertDetail(form.cert.crt);
// 添加certd pipeline
@@ -399,6 +410,7 @@ export function useCertPipelineCreator() {
certPlugin,
doSubmit,
title: req.title,
initialForm,
});
//@ts-ignore
crudOptions.columns.groupId.form.value = req.defaultGroupId || undefined;
@@ -374,7 +374,7 @@ export default defineComponent({
setup(props, ctx) {
onBeforeRouteLeave((to, from) => {
const newPipelineStr = JSON.stringify(pipeline.value || {});
if (pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
if (props.editMode && pipelineOriginStr.value && pipelineOriginStr.value !== newPipelineStr) {
const answer = window.confirm("流水线还未保存,确定要离开吗?");
if (!answer) {
return false; // false
@@ -182,6 +182,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
},
showSelect: false,
createCrudOptions: createCrudOptionsPipeline,
height: "60vh",
crudOptionsOverride: {
actionbar: {
show: false,
@@ -1,4 +1,4 @@
import { dict, useFormWrapper } from "@fast-crud/fast-crud";
import { compute, dict, useFormWrapper } from "@fast-crud/fast-crud";
import { checkPipelineLimit, eachSteps } from "/@/views/certd/pipeline/utils";
import { templateApi } from "/@/views/certd/pipeline/template/api";
import TemplateForm from "./form.vue";
@@ -7,6 +7,7 @@ import GroupSelector from "/@/views/certd/pipeline/group/group-selector.vue";
import { ref } from "vue";
import { fillPipelineByDefaultForm } from "/@/views/certd/pipeline/certd-form/use";
import { cloneDeep } from "lodash-es";
import { $t } from "/@/locales";
export function createExtraColumns() {
const groupDictRef = dict({
@@ -14,24 +15,82 @@ export function createExtraColumns() {
value: "id",
label: "name",
});
const t = $t;
const randomHour = Math.floor(Math.random() * 6);
const randomMin = Math.floor(Math.random() * 60);
return {
triggerCron: {
title: "定时触发",
type: "text",
// triggerCron: {
// title: "定时触发",
// type: "text",
// form: {
// value: `0 ${randomMin} ${randomHour} * * *`,
// component: {
// name: "cron-editor",
// vModel: "modelValue",
// placeholder: "0 0 4 * * *",
// },
// col: {
// span: 24,
// },
// helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
// order: 100,
// },
// },
random: {
title: "定时类型",
form: {
value: true,
helper: "是否给流水线随机设置一个时间",
show: compute(({ form }) => {
return form.clear !== true;
}),
component: {
name: "fs-dict-switch",
vModel: "checked",
dict: dict({
data: [
{
label: "随机时间",
value: true,
},
{
label: "固定时间",
value: false,
},
],
}),
},
},
},
randomRange: {
title: "随机时间范围",
form: {
value: ["00:00:00", "08:00:00"],
helper: "随机时间范围,单位秒",
component: {
// <a-time-range-picker :bordered="false" />
name: "a-time-range-picker",
vModel: "value",
valueFormat: "HH:mm:ss",
},
show: compute(({ form }) => {
return form.clear !== true && form.random === true;
}),
rules: [{ required: true, message: "请选择随机时间范围" }],
},
},
triggerCron: {
title: t("certd.schedule"),
form: {
value: `0 ${randomMin} ${randomHour} * * *`,
component: {
name: "cron-editor",
vModel: "modelValue",
placeholder: "0 0 4 * * *",
},
col: {
span: 24,
},
helper: "点击上面的按钮,选择每天几点定时执行。\n建议设置为每天触发一次,证书未到期之前任务会跳过,不会重复执行",
order: 100,
show: compute(({ form }) => {
return form.clear !== true && form?.random !== true;
}),
rules: [{ required: true, message: t("certd.selectCron") }],
},
},
notification: {
@@ -135,3 +135,11 @@ export async function DoTest(req: { id: number; input: any }): Promise<void> {
data: req,
});
}
export async function GetPluginByName(name: string): Promise<PluginConfigBean> {
return await request({
url: apiPrefix + "/getPluginByName",
method: "post",
data: { name },
});
}
@@ -36,6 +36,13 @@
</div>
</a-form-item>
<a-form-item label="其他配置">
<a-button type="primary" @click="doPluginConfig">证书申请插件默认值设置</a-button>
<div class="helper">
<div>自定义证书申请插件参数</div>
</div>
</a-form-item>
<a-form-item :wrapper-col="{ offset: 8, span: 16 }">
<a-button :loading="saveLoading" type="primary" html-type="submit">保存</a-button>
</a-form-item>
@@ -47,10 +54,10 @@
<script lang="ts" setup>
import AccessSelector from "/@/views/certd/access/access-selector/index.vue";
import { reactive, ref } from "vue";
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs } from "/@/views/sys/plugin/api";
import { CommPluginConfig, GetCommPluginConfigs, SaveCommPluginConfigs, GetPluginByName } from "/@/views/sys/plugin/api";
import { merge } from "lodash-es";
import { notification } from "ant-design-vue";
import { usePluginConfig } from "./use-config";
defineOptions({
name: "SysPluginConfig",
});
@@ -87,5 +94,12 @@ const onFinish = async (form: any) => {
const onFinishFailed = (errorInfo: any) => {
console.log("Failed:", errorInfo);
};
const { openConfigDialog } = usePluginConfig();
async function doPluginConfig() {
const certApplyInfo = await GetPluginByName("CertApply");
await openConfigDialog({ row: certApplyInfo, crudExpose: null });
}
</script>
<style lang="less"></style>
@@ -43,13 +43,12 @@
</template>
<script setup lang="tsx">
import { computed, nextTick, onMounted, reactive, ref, Ref, unref } from "vue";
import { useRoute, useRouter } from "vue-router";
import * as api from "./api";
import { usePluginStore } from "/@/store/plugin";
import { cloneDeep, get, merge, set, unset } from "lodash-es";
import Rollbackable from "./rollbackable.vue";
import { FsRender } from "@fast-crud/fast-crud";
import { cloneDeep, merge, unset } from "lodash-es";
import { computed, onMounted, reactive, ref } from "vue";
import { useRoute, useRouter } from "vue-router";
import Rollbackable from "./rollbackable.vue";
import { usePluginStore } from "/@/store/plugin";
const route = useRoute();
const router = useRouter();
const pluginStore = usePluginStore();
@@ -178,6 +178,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
type: "dict-select",
search: {
show: true,
component: {
disabled: false,
},
},
form: {
order: 0,
@@ -35,7 +35,9 @@ export function usePluginConfig() {
},
afterSubmit() {
notification.success({ message: t("certd.operationSuccess") });
crudExpose.doRefresh();
if (crudExpose) {
crudExpose.doRefresh();
}
},
async doSubmit({}: any) {
const form = configEditorRef.value.getForm();
@@ -25,6 +25,10 @@
<div class="helper" v-html="t('certd.sys.setting.noticeHelper')"></div>
</a-form-item>
<a-form-item :label="t('certd.sys.setting.bindUrl')">
<a-button class="ml-2" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
</a-form-item>
<a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
<a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
</a-form-item>
@@ -8,7 +8,7 @@
</div>
<pre class="helper pre">{{ t("certd.sys.setting.passkeyEnabledHelper", [bindDomain]) }}</pre>
<div v-if="!bindDomainIsSame" class="text-red-500 text-sm mt-2">
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal()">{{ t("certd.sys.setting.bindUrl") }}</a-button>
{{ t("certd.sys.setting.passkeyHostnameNotSame") }} <a-button class="ml-2" size="small" type="primary" @click="settingsStore.openBindUrlModal({ closable: true })">{{ t("certd.sys.setting.bindUrl") }}</a-button>
</div>
</a-form-item>
<a-form-item :label="t('certd.sys.setting.enableOauth')" :name="['public', 'oauthEnabled']">
@@ -17,6 +17,18 @@ input:
apiKey
required: true
encrypt: true
version:
title: 版本
component:
name: a-select
options:
- label: v3.x
value: '3'
- label: v2.x
value: '2'
helper: apisix系统的版本
value: '3'
required: true
testRequest:
title: 测试
component:
@@ -0,0 +1,27 @@
name: hipmdnsmgr
title: HiPM DNSMgr
icon: svg:icon-dns
desc: HiPM DNSMgr API Token 授权
input:
endpoint:
title: 服务器地址
component:
name: a-input
allowClear: true
placeholder: http://localhost:3001
required: true
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001'
apiToken:
title: API Token
required: true
encrypt: true
helper: 在 DNSMgr 设置 > API Token 中创建的令牌
testRequest:
title: 测试连接
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/access/hipmdnsmgr-access.js
@@ -0,0 +1,53 @@
name: nginxProxyManager
title: Nginx Proxy Manager 授权
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
icon: logos:nginx
input:
endpoint:
title: NPM 地址
component:
name: a-input
allowClear: true
placeholder: https://npm.example.com
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
required: true
email:
title: 邮箱
component:
name: a-input
allowClear: true
placeholder: admin@example.com
required: true
password:
title: 密码
component:
name: a-input-password
allowClear: true
placeholder: 请输入密码
required: true
encrypt: true
totpSecret:
title: TOTP 密钥
component:
name: a-input-password
allowClear: true
placeholder: Optional base32 TOTP secret
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
required: false
encrypt: true
ignoreTls:
title: 忽略无效 TLS
component:
name: a-switch
vModel: checked
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
required: false
testRequest:
title: 测试
component:
name: api-test
action: onTestRequest
helper: 测试登录并拉取代理主机列表。
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/access.js
@@ -62,8 +62,8 @@ input:
pty:
title: 伪终端
helper: >-
如果登录报错:all authentication methods
failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录
如果登录报错:all authentication methods failed / unable to
exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录
开启后对日志输出有一定的影响
component:
@@ -0,0 +1,38 @@
name: technitium
title: Technitium DNS Server
icon: clarity:server-line
desc: Technitium DNS Server 自建DNS服务器授权
input:
apiUrl:
title: API地址
value: http://localhost:5380
component:
name: a-input
allowClear: true
placeholder: http://localhost:5380
required: true
username:
title: 用户名
component:
name: a-input
allowClear: true
placeholder: admin
required: false
password:
title: 密码
component:
name: a-input
type: password
allowClear: true
placeholder: 密码
required: false
encrypt: true
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 点击测试接口是否正常
pluginType: access
type: builtIn
scriptFilePath: /plugins/plugin-technitium/access.js
@@ -0,0 +1,71 @@
showRunStrategy: false
default:
strategy:
runStrategy: 1
name: NginxProxyManagerDeploy
title: Nginx Proxy Manager-部署到主机
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
icon: logos:nginx
group: panel
input:
cert:
title: 域名证书
helper: 请选择前置任务产出的证书。
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 证书域名
component:
name: cert-domains-getter
required: false
order: 0
accessId:
title: NPM授权
component:
name: access-selector
type: nginxProxyManager
helper: 选择用于部署的 Nginx Proxy Manager 授权。
required: true
order: 0
proxyHostIds:
title: 代理主机
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetProxyHostOptions
search: true
pager: false
multi: true
watches:
- certDomains
- accessId
helper: 选择要绑定此证书的一个或多个代理主机。
required: true
order: 0
certificateLabel:
title: 证书标识
component:
name: a-input
allowClear: true
placeholder: certd_npm_example_com
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>。
required: false
order: 0
cleanupMatchingCertificates:
title: 自动清理未使用证书
component:
name: a-switch
vModel: checked
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
required: false
order: 0
output: {}
pluginType: deploy
type: builtIn
scriptFilePath: /plugins/plugin-nginx-proxy-manager/plugins/plugin-deploy-to-proxy-hosts.js
@@ -0,0 +1,8 @@
name: hipmdnsmgr
title: HiPM DNSMgr
desc: HiPM DNSMgr DNS 解析提供商
accessType: hipmdnsmgr
icon: svg:icon-dns
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-hipmdnsmgr/dns-provider/hipmdnsmgr-dns-provider.js
@@ -0,0 +1,9 @@
name: technitium
title: Technitium DNS Server
desc: Technitium DNS Server 自建DNS服务器
icon: clarity:server-line
accessType: technitium
order: 10
pluginType: dnsProvider
type: builtIn
scriptFilePath: /plugins/plugin-technitium/dns-provider.js
@@ -84,6 +84,15 @@ export class PluginController extends CrudController<PluginService> {
const res = await this.pluginConfigService.saveCommPluginConfig(body);
return this.ok(res);
}
@Post('/getPluginByName', { description: 'sys:settings:view' })
async getPluginByName(@Body('name') name: string) {
const res = await this.pluginConfigService.getPluginConfig({
name: name,
type: 'builtIn'
});
return this.ok(res);
}
@Post('/saveSetting', { description: 'sys:settings:edit' })
async saveSetting(@Body(ALL) body: PluginConfig) {
const res = await this.pluginConfigService.savePluginConfig(body);
@@ -89,24 +89,30 @@ export class SiteTester {
// 创建 HTTPS 请求
const requestPromise = safePromise((resolve, reject) => {
const req = https.request(options, res => {
// 获取证书
// @ts-ignore
const certificate = res.socket.getPeerCertificate();
// logger.info('证书信息', certificate);
if (certificate.subject == null) {
logger.warn("证书信息为空");
resolve({
certificate: null
});
}
resolve({
certificate
});
res.socket.end();
// 关闭响应
res.destroy();
});
// ✅ 关键:在 'socket' 事件中获取证书(握手完成后立即执行)
req.on('socket', (socket:any) => {
socket.on('secureConnect', () => {
// TLS握手完成,证书已经可用
const certificate = socket.getPeerCertificate();
if (certificate.subject) {
logger.info('证书获取成功', certificate.subject);
resolve({
certificate
});
}else{
logger.warn("证书信息为空");
resolve({
certificate: null
});
}
});
});
req.on("error", e => {
reject(e);
});
@@ -45,4 +45,6 @@
// export * from './plugin-plus/index.js'
// export * from './plugin-cert/index.js'
// export * from './plugin-zenlayer/index.js'
export * from './plugin-dnsmgr/index.js'
// export * from './plugin-dnsmgr/index.js'
// export * from './plugin-nginx-proxy-manager/index.js'
// export * from './plugin-hipmdnsmgr/index.js'
@@ -32,6 +32,27 @@ export class ApisixAccess extends BaseAccess {
})
apiKey = '';
@AccessInput({
title: '版本',
component: {
name:"a-select",
options: [
{
label: "v3.x",
value: "3",
},
{
label: "v2.x",
value: "2",
},
]
},
helper: "apisix系统的版本",
value:"3",
required: true,
})
version = '3';
@AccessInput({
title: "测试",
@@ -49,17 +70,24 @@ export class ApisixAccess extends BaseAccess {
}
async getCertList(){
const sslPath = this.getSslPath();
const req = {
url :"/apisix/admin/ssls",
url :`/apisix/admin/${sslPath}`,
method: "get",
}
return await this.doRequest(req);
}
getSslPath(){
const sslPath = this.version === '3' ? 'ssls' : 'ssl';
return sslPath;
}
async createCert(opts:{cert:CertInfo}){
const certReader = new CertReader(opts.cert)
const sslPath = this.getSslPath();
const req = {
url :"/apisix/admin/ssls",
url :`/apisix/admin/${sslPath}`,
method: "post",
data:{
cert: opts.cert.crt,
@@ -72,8 +100,9 @@ export class ApisixAccess extends BaseAccess {
async updateCert (opts:{cert:CertInfo,id:string}){
const certReader = new CertReader(opts.cert)
const sslPath = this.getSslPath();
const req = {
url :`/apisix/admin/ssls/${opts.id}`,
url :`/apisix/admin/${sslPath}/${opts.id}`,
method: "put",
data:{
cert: opts.cert.crt,
@@ -423,6 +423,7 @@ export class AcmeService {
signal: this.options.signal,
profile,
preferredChain,
waitDnsDiffuseTime: this.options.waitDnsDiffuseTime,
});
const crtString = crt.toString();
@@ -275,6 +275,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
mergeScript: `
return {
show: ctx.compute(({form})=>{
console.log("show",form)
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
@@ -1,7 +1,8 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { AbstractDnsProvider, CreateRecordOptions, DomainRecord, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { DemoAccess } from './access.js';
import { PageRes, PageSearch } from '@certd/pipeline';
import { isDev } from '../../utils/env.js';
import { DemoAccess } from './access.js';
type DemoRecord = {
// 这里定义Record记录的数据结构,跟对应云平台接口返回值一样即可,一般是拿到id就行,用于删除txt解析记录,清理申请痕迹
@@ -16,7 +17,7 @@ type DemoRecord = {
icon: 'clarity:plugin-line',
// 这里是对应的云平台的access类型名称
accessType: 'demo',
order:99,
order: 99,
})
export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
access!: DemoAccess;
@@ -74,6 +75,28 @@ export class DemoDnsProvider extends AbstractDnsProvider<DemoRecord> {
this.logger.info('删除域名解析成功:', fullRecord, value);
}
/**
*
* @param req
* @returns
*/
async getDomainListPage(req: PageSearch): Promise<PageRes<DomainRecord>> {
const res = await this.http.request({
// 请求接口获取域名列表
})
const list = []
// const list = res.Domains?.map(item => ({
// id: item.Id,
// domain: item.DomainName,
// })) || []
return {
list,
total: res.Total,
}
}
}
//TODO 实例化这个provider,将其自动注册到系统中
@@ -0,0 +1,172 @@
import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';
/**
* HiPM DNSMgr Access
* 使 API Token Bearer Token
*/
@IsAccess({
name: 'hipmdnsmgr',
title: 'HiPM DNSMgr',
icon: 'svg:icon-dns',
desc: 'HiPM DNSMgr API Token 授权',
})
export class HipmDnsmgrAccess extends BaseAccess {
@AccessInput({
title: '服务器地址',
component: {
name: 'a-input',
allowClear: true,
placeholder: 'http://localhost:3001',
},
required: true,
helper: 'HiPM DNSMgr 服务器地址,例如: http://localhost:3001',
})
endpoint = '';
@AccessInput({
title: 'API Token',
required: true,
encrypt: true,
helper: '在 DNSMgr 设置 > API Token 中创建的令牌',
})
apiToken = '';
@AccessInput({
title: '测试连接',
component: {
name: 'api-test',
action: 'TestRequest',
},
helper: '点击测试接口是否正常',
})
testRequest = true;
async onTestRequest() {
await this.getDomainList();
return '连接成功';
}
/**
*
*/
async getDomainList() {
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名列表`);
const resp = await this.doRequest({
method: 'GET',
path: '/domains',
params: {
page: 1,
pageSize: 100,
},
});
// DNSMgr 返回数组格式
return resp?.map((item: any) => ({
id: String(item.id),
domain: item.name,
...item,
})) || [];
}
/**
*
*/
async getDomainRecords(domainId: string, params?: { type?: string; subdomain?: string; value?: string }) {
this.ctx.logger.info(`[HiPM DNSMgr] 获取域名记录列表:domainId=${domainId}`);
let path = `/domains/${domainId}/records?page=1&pageSize=100`;
if (params?.type) path += `&type=${encodeURIComponent(params.type)}`;
if (params?.subdomain) path += `&subdomain=${encodeURIComponent(params.subdomain)}`;
if (params?.value) path += `&value=${encodeURIComponent(params.value)}`;
const resp = await this.doRequest({
method: 'GET',
path,
});
return resp;
}
/**
* DNS
*/
async createDnsRecord(domainId: string, name: string, value: string, type: string) {
this.ctx.logger.info(`[HiPM DNSMgr] 创建DNS记录:${name} ${type} ${value}`);
const resp = await this.doRequest({
method: 'POST',
path: `/domains/${domainId}/records`,
data: {
name,
type,
value,
ttl: 600,
line: '0',
},
});
return resp;
}
/**
* DNS
*/
async deleteDnsRecord(domainId: string, recordId: string) {
this.ctx.logger.info(`[HiPM DNSMgr] 删除DNS记录:domainId=${domainId}, recordId=${recordId}`);
const resp = await this.doRequest({
method: 'DELETE',
path: `/domains/${domainId}/records/${recordId}`,
});
return resp;
}
/**
* HTTP
*/
async doRequest(req: { method: string; path: string; data?: any; params?: any }) {
// 处理 URL
let baseUrl = this.endpoint.trim();
baseUrl = baseUrl.replace(/\/$/, '');
baseUrl = baseUrl.replace(/\/api$/, '');
let url = `${baseUrl}/api${req.path}`;
// 添加查询参数
if (req.params) {
const searchParams = new URLSearchParams();
for (const [key, value] of Object.entries(req.params)) {
if (value !== undefined && value !== null && value !== '') {
searchParams.append(key, String(value));
}
}
const queryString = searchParams.toString();
if (queryString) {
url += `?${queryString}`;
}
}
this.ctx.logger.debug(`[HiPM DNSMgr] 请求: ${req.method} ${url}`);
const res = await this.ctx.http.request({
url,
method: req.method,
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${this.apiToken}`,
},
data: req.data,
});
this.ctx.logger.debug(`[HiPM DNSMgr] 响应:`, res);
// DNSMgr API 返回格式: { code: 0, data: ..., msg: ... }
if (res.code !== undefined && res.code !== 0) {
throw new Error(res.msg || '请求失败');
}
return res.data;
}
}
@@ -0,0 +1 @@
export * from './hipmdnsmgr-access.js';
@@ -0,0 +1,77 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { HipmDnsmgrAccess } from '../access/hipmdnsmgr-access.js';
/**
* HiPM DNSMgr DNS Provider
* ACME DNS-01
*/
@IsDnsProvider({
name: 'hipmdnsmgr',
title: 'HiPM DNSMgr',
desc: 'HiPM DNSMgr DNS 解析提供商',
accessType: 'hipmdnsmgr',
icon: 'svg:icon-dns',
})
export class HipmDnsmgrDnsProvider extends AbstractDnsProvider<{ domainId: string; recordId: string; name: string; value: string }> {
access!: HipmDnsmgrAccess;
async onInstance() {
this.access = this.ctx.access as HipmDnsmgrAccess;
this.logger.debug('[HiPM DNSMgr] 初始化完成');
}
/**
* DNS ACME DNS-01
*/
async createRecord(options: CreateRecordOptions): Promise<any> {
const { fullRecord, hostRecord, value, type, domain } = options;
this.logger.info('[HiPM DNSMgr] 添加域名解析:', fullRecord, value, type, domain);
// 1. 获取域名列表,找到对应的域名 ID
const domainList = await this.access.getDomainList();
const domainInfo = domainList.find((item: any) => item.domain === domain);
if (!domainInfo) {
throw new Error(`[HiPM DNSMgr] 未找到域名:${domain}`);
}
const domainId = String(domainInfo.id);
this.logger.debug('[HiPM DNSMgr] 找到域名:', domain, 'ID:', domainId);
// 2. 创建 DNS 记录
const name = hostRecord; // 使用子域名,如 _acme-challenge
const res = await this.access.createDnsRecord(domainId, name, value, type);
this.logger.info('[HiPM DNSMgr] 添加域名解析成功:', JSON.stringify(options), res?.id);
// 返回记录信息,用于后续删除
return {
domainId,
recordId: res?.id,
name,
value,
};
}
/**
* DNS ACME
*/
async removeRecord(options: RemoveRecordOptions<{ domainId: string; recordId: string; name: string; value: string }>): Promise<void> {
const { fullRecord, value } = options.recordReq;
const record = options.recordRes;
this.logger.info('[HiPM DNSMgr] 删除域名解析:', fullRecord, value, record);
if (record && record.domainId && record.recordId) {
try {
await this.access.deleteDnsRecord(record.domainId, record.recordId);
this.logger.info('[HiPM DNSMgr] 删除域名解析成功:', fullRecord, value);
} catch (e: any) {
// 记录可能已经被删除,忽略错误
this.logger.warn('[HiPM DNSMgr] 删除域名解析失败(可能已不存在):', e.message);
}
} else {
this.logger.warn('[HiPM DNSMgr] 无法删除记录,缺少 domainId 或 recordId');
}
}
}
@@ -0,0 +1 @@
export * from './hipmdnsmgr-dns-provider.js';
@@ -0,0 +1,2 @@
export * from './access/index.js';
export * from './dns-provider/index.js';
@@ -82,7 +82,7 @@ export class SshAccess extends BaseAccess {
@AccessInput({
title: "伪终端",
helper: "如果登录报错:all authentication methods failed,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
helper: "如果登录报错:all authentication methods failed / unable to exec,可以尝试开启伪终端模式进行keyboard-interactive方式登录\n开启后对日志输出有一定的影响",
component: {
name: "a-switch",
vModel: "checked",
@@ -208,7 +208,7 @@ export class AsyncSsh2Client {
let hasErrorLog = false;
stream
.on("close", (code: any, signal: any) => {
this.logger.info(`[${this.connConf.host}][close]:code:${code}`);
this.logger.info(`[${this.connConf.host}][close]:code=${code}`);
/**
* ]pipeline :[10.123.0.2][exec]:cd /d D:\nginx-1.27.5 && D:\nginx-1.27.5\nginx.exe -t && D:\nginx-1.27.5\nginx.exe -s reload
* [2025-07-09T10:24:11.219] [ERROR]pipeline - [10. 123.0. 2][error]: nginx: the configuration file D: \nginx-1.27. 5/conf/nginx. conf syntax is ok
@@ -279,7 +279,7 @@ export class AsyncSsh2Client {
}
stream
.on("close", (code: any) => {
this.logger.info("Stream :: close,code: " + code);
this.logger.info("Stream :: close,code = " + code);
resolve(output);
})
.on("data", (ret: Buffer) => {
@@ -126,12 +126,12 @@ export class NextTerminalAccess extends BaseAccess {
'Content-Type': 'application/json',
};
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${this.baseUrl}${req.url}`);
const baseUrl = this.normalizeEndpoint(this.baseUrl);
this.ctx.logger.debug(`Next Terminal API 请求: ${req.method} ${baseUrl}${req.url}`);
const resp = await this.ctx.http.request({
url: req.url,
baseURL: this.baseUrl,
baseURL: baseUrl,
method: req.method,
headers,
params: req.params,
@@ -0,0 +1,348 @@
name: NginxProxyManagerDeploy
icon: logos:nginx
title: Nginx Proxy Manager-部署到主机
group: panel
desc: 上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。
setting: null
sysSetting: null
type: custom
disabled: false
version: 1.0.0
pluginType: deploy
author: samler
input:
cert:
title: 域名证书
helper: 请选择前置任务产出的证书。
component:
name: output-selector
from:
- ':cert:'
required: true
order: 0
certDomains:
title: 证书域名
component:
name: cert-domains-getter
mergeScript: |
return {
component: {
inputKey: ctx.compute(({ form }) => {
return form.cert;
}),
},
}
required: false
order: 0
accessId:
title: NPM授权
component:
name: access-selector
type: samler/nginxProxyManager
helper: 选择用于部署的 Nginx Proxy Manager 授权。
required: true
order: 0
proxyHostIds:
title: 代理主机
component:
name: remote-select
vModel: value
mode: tags
type: plugin
action: onGetProxyHostOptions
search: true
pager: false
multi: true
watches:
- certDomains
- accessId
required: true
helper: 选择要绑定此证书的一个或多个代理主机。
mergeScript: |
return {
component: {
form: ctx.compute(({ form }) => {
return form;
}),
},
}
order: 0
certificateLabel:
title: 证书标识
component:
name: a-input
allowClear: true
placeholder: certd_npm_example_com
helper: 可选。留空时默认使用 certd_npm_<主域名规范化>.
required: false
order: 0
cleanupMatchingCertificates:
title: 自动清理未使用证书
component:
name: a-switch
vModel: checked
helper: 部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。
required: false
order: 0
output: {}
default:
strategy:
runStrategy: 1
showRunStrategy: false
content: |
const { AbstractTaskPlugin } = await import("@certd/pipeline");
const { CertReader } = await import("@certd/plugin-cert");
function normalizeDomain(domain) {
return String(domain ?? "").trim().toLowerCase();
}
function wildcardMatches(pattern, candidate) {
if (!pattern.startsWith("*.")) {
return false;
}
const suffix = pattern.slice(1).toLowerCase();
return candidate.endsWith(suffix);
}
function isDomainMatch(left, right) {
const normalizedLeft = normalizeDomain(left);
const normalizedRight = normalizeDomain(right);
return (
normalizedLeft === normalizedRight ||
wildcardMatches(normalizedLeft, normalizedRight) ||
wildcardMatches(normalizedRight, normalizedLeft)
);
}
function normalizeDomainIdentity(domain) {
return normalizeDomain(domain).replace(/^\*\./, "");
}
function certificateHasBindings(certificate) {
return (
(certificate.proxy_hosts?.length ?? 0) > 0 ||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
(certificate.dead_hosts?.length ?? 0) > 0 ||
(certificate.streams?.length ?? 0) > 0
);
}
function sanitizeDomainSegment(value) {
const sanitized = String(value ?? "")
.trim()
.toLowerCase()
.replace(/[^a-z0-9]+/g, "_")
.replace(/^_+|_+$/g, "")
.replace(/_+/g, "_");
return sanitized || "unknown";
}
function buildDefaultCertificateLabel(cert) {
const mainDomain = CertReader.getMainDomain(cert.crt);
return `certd_npm_${sanitizeDomainSegment(mainDomain)}`;
}
function normalizeStringList(input) {
if (Array.isArray(input)) {
return input;
}
if (input == null || input === "") {
return [];
}
return [input];
}
function resolveCertificateDomains(cert, configuredDomains) {
const configured = normalizeStringList(configuredDomains)
.map((value) => String(value).trim())
.filter(Boolean);
if (configured.length > 0) {
return Array.from(new Set(configured));
}
return new CertReader(cert).getAllDomains();
}
function buildProxyHostLabel(host) {
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
return `${domains} <#${host.id}>`;
}
function hasAnyCertDomainMatch(host, certDomains) {
if (!certDomains.length) {
return false;
}
const hostDomains = host.domain_names ?? [];
return hostDomains.some((hostDomain) => certDomains.some((certDomain) => isDomainMatch(hostDomain, certDomain)));
}
function buildProxyHostOptions(hosts, certDomains) {
const sortedHosts = [...hosts].sort((left, right) => {
return buildProxyHostLabel(left).localeCompare(buildProxyHostLabel(right));
});
const matched = [];
const unmatched = [];
for (const host of sortedHosts) {
const option = {
label: buildProxyHostLabel(host),
value: String(host.id),
domain: host.domain_names?.[0] ?? "",
};
if (hasAnyCertDomainMatch(host, certDomains)) {
matched.push(option);
} else {
unmatched.push(option);
}
}
if (matched.length && unmatched.length) {
return [
{
label: "匹配证书域名的主机",
options: matched,
},
{
label: "其他代理主机",
options: unmatched,
},
];
}
return matched.length ? matched : unmatched;
}
function normalizeProxyHostIds(proxyHostIds) {
return Array.from(
new Set(
normalizeStringList(proxyHostIds)
.map((value) => Number.parseInt(String(value), 10))
.filter((value) => Number.isInteger(value) && value > 0),
),
);
}
return class NpmDeployToProxyHosts extends AbstractTaskPlugin {
cert;
certDomains;
accessId;
proxyHostIds;
certificateLabel;
cleanupMatchingCertificates = false;
async execute() {
const access = await this.getAccess(this.accessId);
const client = access.createClient();
const proxyHostIds = normalizeProxyHostIds(this.proxyHostIds);
if (proxyHostIds.length === 0) {
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
}
const certificateLabel = this.certificateLabel?.trim() || buildDefaultCertificateLabel(this.cert);
const certificateDomains = resolveCertificateDomains(this.cert, this.certDomains);
let certificate = await client.findCustomCertificateByNiceName(certificateLabel);
if (!certificate) {
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
certificate = await client.createCustomCertificate(certificateLabel, certificateDomains);
} else {
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
}
await client.uploadCertificate(certificate.id, {
certificate: this.cert.crt,
certificateKey: this.cert.key,
intermediateCertificate: this.cert.ic,
});
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
for (const proxyHostId of proxyHostIds) {
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
try {
await client.assignCertificateToProxyHost(proxyHostId, certificate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
}
}
if (this.cleanupMatchingCertificates === true) {
await this.cleanupOldCertificates(client, certificate.id);
}
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
}
async onGetProxyHostOptions(req = {}) {
if (!this.accessId) {
throw new Error("请先选择 Nginx Proxy Manager 授权");
}
const access = await this.getAccess(this.accessId);
const proxyHosts = await access.getProxyHostList(req);
return buildProxyHostOptions(proxyHosts, normalizeStringList(this.certDomains));
}
async cleanupOldCertificates(client, currentCertificateId) {
const certificates = await client.getCertificatesWithExpand(undefined, [
"proxy_hosts",
"redirection_hosts",
"dead_hosts",
"streams",
]);
const candidates = certificates.filter((certificate) => {
return certificate.id !== currentCertificateId;
});
if (candidates.length === 0) {
this.logger.info("未发现可自动清理的旧证书");
return;
}
const deletedIds = [];
const skippedInUse = [];
const failedDeletes = [];
for (const candidate of candidates) {
if (certificateHasBindings(candidate)) {
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
continue;
}
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
try {
await client.deleteCertificate(candidate.id);
deletedIds.push(candidate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
}
}
if (deletedIds.length > 0) {
this.logger.info(`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds.map((id) => `#${id}`).join(", ")}`);
} else {
this.logger.info("未删除任何旧证书");
}
if (skippedInUse.length > 0) {
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
}
if (failedDeletes.length > 0) {
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
}
}
};
@@ -0,0 +1,366 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
import FormData from "form-data";
import { authenticator } from "otplib";
export interface ProxyHost {
id: number;
domain_names?: string[];
certificate_id?: number;
proxy_hosts?: unknown[];
redirection_hosts?: unknown[];
dead_hosts?: unknown[];
streams?: unknown[];
}
export interface Certificate {
id: number;
nice_name: string;
provider: string;
domain_names?: string[];
proxy_hosts?: unknown[];
redirection_hosts?: unknown[];
dead_hosts?: unknown[];
streams?: unknown[];
}
interface TokenResponse {
token?: string;
requires_2fa?: boolean;
challenge_token?: string;
}
@IsAccess({
name: "nginxProxyManager",
title: "Nginx Proxy Manager 授权",
desc: "用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。",
icon: "logos:nginx",
})
export class NginxProxyManagerAccess extends BaseAccess {
@AccessInput({
title: "NPM 地址",
component: {
name: "a-input",
allowClear: true,
placeholder: "https://npm.example.com",
},
helper: "请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。",
required: true,
})
endpoint = "";
@AccessInput({
title: "邮箱",
component: {
name: "a-input",
allowClear: true,
placeholder: "admin@example.com",
},
required: true,
})
email = "";
@AccessInput({
title: "密码",
component: {
name: "a-input-password",
allowClear: true,
placeholder: "请输入密码",
},
required: true,
encrypt: true,
})
password = "";
@AccessInput({
title: "TOTP 密钥",
component: {
name: "a-input-password",
allowClear: true,
placeholder: "Optional base32 TOTP secret",
},
helper: "当 Nginx Proxy Manager 账号开启 2FA 时必填。",
required: false,
encrypt: true,
})
totpSecret = "";
@AccessInput({
title: "忽略无效 TLS",
component: {
name: "a-switch",
vModel: "checked",
},
helper: "仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。",
required: false,
})
ignoreTls = false;
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "onTestRequest",
},
helper: "测试登录并拉取代理主机列表。",
})
testRequest = true;
private token: string | undefined;
private tokenPromise: Promise<string> | undefined;
normalizeEndpoint(endpoint: string): string {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
private describeError(error: unknown, action: string): Error {
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
private get apiBaseUrl(): string {
const endpoint = this.normalizeEndpoint(this.endpoint);
return `${endpoint}/api`;
}
async verifyAccess(): Promise<{ proxyHostCount: number }> {
const proxyHosts = await this.getProxyHosts();
return {
proxyHostCount: proxyHosts.length,
};
}
async getProxyHosts(searchQuery?: string): Promise<ProxyHost[]> {
return await this.requestWithAuth<ProxyHost[]>({
method: "GET",
url: "/nginx/proxy-hosts",
params: {
expand: "certificate",
...(searchQuery ? { query: searchQuery } : {}),
},
});
}
async getCertificates(searchQuery?: string): Promise<Certificate[]> {
return await this.requestWithAuth<Certificate[]>({
method: "GET",
url: "/nginx/certificates",
params: searchQuery ? { query: searchQuery } : undefined,
});
}
async getCertificatesWithExpand(
searchQuery?: string,
expand: string[] = []
): Promise<Certificate[]> {
return await this.requestWithAuth<Certificate[]>({
method: "GET",
url: "/nginx/certificates",
params: {
...(searchQuery ? { query: searchQuery } : {}),
...(expand.length > 0 ? { expand: expand.join(", ") } : {}),
},
});
}
async findCustomCertificateByNiceName(niceName: string): Promise<Certificate | undefined> {
const certificates = await this.getCertificates(niceName);
return certificates.find((certificate) => {
return certificate.provider === "other" && certificate.nice_name === niceName;
});
}
async createCustomCertificate(
niceName: string,
domainNames: string[] = []
): Promise<Certificate> {
return await this.requestWithAuth<Certificate>({
method: "POST",
url: "/nginx/certificates",
data: {
provider: "other",
nice_name: niceName,
domain_names: domainNames,
},
});
}
async deleteCertificate(certificateId: number): Promise<void> {
await this.requestWithAuth<void>({
method: "DELETE",
url: `/nginx/certificates/${certificateId}`,
});
}
async uploadCertificate(
certificateId: number,
payload: {
certificate: string;
certificateKey: string;
intermediateCertificate?: string;
}
): Promise<void> {
const form = new FormData();
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
filename: "fullchain.pem",
contentType: "application/x-pem-file",
});
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
filename: "privkey.pem",
contentType: "application/x-pem-file",
});
if (payload.intermediateCertificate) {
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
filename: "chain.pem",
contentType: "application/x-pem-file",
});
}
await this.requestWithAuth<void>({
method: "POST",
url: `/nginx/certificates/${certificateId}/upload`,
data: form,
headers: form.getHeaders(),
});
}
async assignCertificateToProxyHost(hostId: number, certificateId: number): Promise<void> {
await this.requestWithAuth<void>({
method: "PUT",
url: `/nginx/proxy-hosts/${hostId}`,
data: {
certificate_id: certificateId,
},
});
}
private async login(): Promise<string> {
if (this.token) {
return this.token;
}
if (!this.tokenPromise) {
this.tokenPromise = this.performLogin().finally(() => {
this.tokenPromise = undefined;
});
}
this.token = await this.tokenPromise;
return this.token;
}
private async performLogin(): Promise<string> {
const initialLogin = await this.request<TokenResponse>({
method: "POST",
url: "/tokens",
data: {
identity: this.email,
secret: this.password,
},
});
if (initialLogin.token) {
return initialLogin.token;
}
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
}
if (!this.totpSecret) {
throw new Error(
"登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret"
);
}
let code: string;
try {
code = authenticator.generate(this.totpSecret);
} catch (error) {
throw this.describeError(error, "Generating TOTP code");
}
const completedLogin = await this.request<TokenResponse>({
method: "POST",
url: "/tokens/2fa",
data: {
challenge_token: initialLogin.challenge_token,
code,
},
});
if (!completedLogin.token) {
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
}
return completedLogin.token;
}
private async requestWithAuth<T>(config: {
method: string;
url: string;
params?: Record<string, unknown>;
data?: unknown;
headers?: Record<string, string>;
}): Promise<T> {
const token = await this.login();
const headers = {
...(config.headers ?? {}),
Authorization: `Bearer ${token}`,
};
return await this.request<T>({
...config,
headers,
});
}
private async request<T>(config: {
method: string;
url: string;
params?: Record<string, unknown>;
data?: unknown;
headers?: Record<string, string>;
}): Promise<T> {
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
try {
const response = await this.ctx.http.request({
url: `${this.apiBaseUrl}${config.url}`,
method: config.method,
params: config.params,
data: config.data,
headers: config.headers,
timeout: 30000,
httpsAgent: this.ignoreTls ? {
rejectUnauthorized: false
} : undefined,
});
return response;
} catch (error) {
throw this.describeError(error, action);
}
}
async onTestRequest(): Promise<string> {
const result = await this.verifyAccess();
this.ctx.logger.info(
`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`
);
return `成功(${result.proxyHostCount} 个代理主机)`;
}
async getProxyHostList(req: { searchKey?: string } = {}): Promise<ProxyHost[]> {
return await this.getProxyHosts(req.searchKey);
}
}
new NginxProxyManagerAccess();
@@ -0,0 +1,2 @@
export * from "./plugins/index.js";
export * from "./access.js";
@@ -0,0 +1,344 @@
name: nginxProxyManager
icon: logos:nginx
title: Nginx Proxy Manager 授权
group: null
desc: 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。
setting: null
sysSetting: null
type: custom
disabled: false
version: 1.0.0
pluginType: access
author: samler
input:
endpoint:
title: NPM 地址
component:
name: a-input
allowClear: true
placeholder: https://npm.example.com
helper: 请输入 Nginx Proxy Manager 根地址,不要带 /api 后缀。
required: true
email:
title: 邮箱
component:
name: a-input
allowClear: true
placeholder: admin@example.com
required: true
password:
title: 密码
component:
name: a-input-password
allowClear: true
placeholder: 请输入密码
required: true
encrypt: true
totpSecret:
title: TOTP 密钥
component:
name: a-input-password
allowClear: true
placeholder: Optional base32 TOTP secret
helper: 当 Nginx Proxy Manager 账号开启 2FA 时必填。
required: false
encrypt: true
ignoreTls:
title: 忽略无效 TLS
component:
name: a-switch
vModel: checked
helper: 仅在 Nginx Proxy Manager 使用自签 HTTPS 证书时开启。
required: false
testRequest:
title: 测试
component:
name: api-test
action: TestRequest
helper: 测试登录并拉取代理主机列表。
content: |
const { BaseAccess } = await import("@certd/pipeline");
const httpsModule = await import("node:https");
const { URL } = await import("node:url");
const axiosModule = await import("axios");
const formDataModule = await import("form-data");
const { authenticator } = await import("otplib");
const https = httpsModule.default ?? httpsModule;
const axios = axiosModule.default ?? axiosModule;
const FormData = formDataModule.default ?? formDataModule;
function normalizeEndpoint(endpoint) {
const trimmed = String(endpoint ?? "").trim();
if (!trimmed) {
throw new Error("Nginx Proxy Manager 地址不能为空");
}
const withoutTrailingSlash = trimmed.replace(/\/+$/, "");
return withoutTrailingSlash.endsWith("/api")
? withoutTrailingSlash.slice(0, -4)
: withoutTrailingSlash;
}
function buildHttpsAgent(endpoint, ignoreTls) {
const url = new URL(endpoint);
if (url.protocol !== "https:") {
return undefined;
}
return new https.Agent({
rejectUnauthorized: !ignoreTls,
});
}
function describeError(error, action) {
if (axios.isAxiosError(error)) {
const status = error.response?.status;
const data = error.response?.data;
const message =
data?.error?.message ||
data?.error ||
data?.message ||
(typeof data === "string" ? data : null) ||
error.message;
return new Error(`${action} failed${status ? ` (${status})` : ""}: ${message}`);
}
if (error instanceof Error) {
return new Error(`${action} failed: ${error.message}`);
}
return new Error(`${action} failed`);
}
class NginxProxyManagerClient {
constructor(options) {
this.options = options;
this.endpoint = normalizeEndpoint(options.endpoint);
this.apiBaseUrl = `${this.endpoint}/api`;
this.token = undefined;
this.tokenPromise = undefined;
this.httpClient = axios.create({
baseURL: this.apiBaseUrl,
timeout: 30000,
maxBodyLength: Infinity,
maxContentLength: Infinity,
httpsAgent: buildHttpsAgent(this.endpoint, options.ignoreTls === true),
headers: {
Accept: "application/json",
},
});
}
async verifyAccess() {
const proxyHosts = await this.getProxyHosts();
return {
proxyHostCount: proxyHosts.length,
};
}
async getProxyHosts(searchQuery) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/proxy-hosts",
params: {
expand: "certificate",
...(searchQuery ? { query: searchQuery } : {}),
},
});
}
async getCertificates(searchQuery) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/certificates",
params: searchQuery ? { query: searchQuery } : undefined,
});
}
async getCertificatesWithExpand(searchQuery, expand = []) {
return await this.requestWithAuth({
method: "GET",
url: "/nginx/certificates",
params: {
...(searchQuery ? { query: searchQuery } : {}),
...(expand.length > 0 ? { expand: expand.join(",") } : {}),
},
});
}
async findCustomCertificateByNiceName(niceName) {
const certificates = await this.getCertificates(niceName);
return certificates.find((certificate) => {
return certificate.provider === "other" && certificate.nice_name === niceName;
});
}
async createCustomCertificate(niceName, domainNames = []) {
return await this.requestWithAuth({
method: "POST",
url: "/nginx/certificates",
data: {
provider: "other",
nice_name: niceName,
domain_names: domainNames,
},
});
}
async deleteCertificate(certificateId) {
await this.requestWithAuth({
method: "DELETE",
url: `/nginx/certificates/${certificateId}`,
});
}
async uploadCertificate(certificateId, payload) {
const form = new FormData();
form.append("certificate", Buffer.from(payload.certificate, "utf8"), {
filename: "fullchain.pem",
contentType: "application/x-pem-file",
});
form.append("certificate_key", Buffer.from(payload.certificateKey, "utf8"), {
filename: "privkey.pem",
contentType: "application/x-pem-file",
});
if (payload.intermediateCertificate) {
form.append("intermediate_certificate", Buffer.from(payload.intermediateCertificate, "utf8"), {
filename: "chain.pem",
contentType: "application/x-pem-file",
});
}
await this.requestWithAuth({
method: "POST",
url: `/nginx/certificates/${certificateId}/upload`,
data: form,
headers: form.getHeaders(),
});
}
async assignCertificateToProxyHost(hostId, certificateId) {
await this.requestWithAuth({
method: "PUT",
url: `/nginx/proxy-hosts/${hostId}`,
data: {
certificate_id: certificateId,
},
});
}
async login() {
if (this.token) {
return this.token;
}
if (!this.tokenPromise) {
this.tokenPromise = this.performLogin().finally(() => {
this.tokenPromise = undefined;
});
}
this.token = await this.tokenPromise;
return this.token;
}
async performLogin() {
const initialLogin = await this.request({
method: "POST",
url: "/tokens",
data: {
identity: this.options.email,
secret: this.options.password,
},
});
if (initialLogin.token) {
return initialLogin.token;
}
if (!initialLogin.requires_2fa || !initialLogin.challenge_token) {
throw new Error("登录失败:Nginx Proxy Manager 未返回访问令牌");
}
if (!this.options.totpSecret) {
throw new Error("登录失败:该 Nginx Proxy Manager 账号启用了 2FA,但未配置 totpSecret");
}
let code;
try {
code = authenticator.generate(this.options.totpSecret);
} catch (error) {
throw describeError(error, "Generating TOTP code");
}
const completedLogin = await this.request({
method: "POST",
url: "/tokens/2fa",
data: {
challenge_token: initialLogin.challenge_token,
code,
},
});
if (!completedLogin.token) {
throw new Error("2FA 登录失败:Nginx Proxy Manager 未返回访问令牌");
}
return completedLogin.token;
}
async requestWithAuth(config) {
const token = await this.login();
const headers = {
...(config.headers ?? {}),
Authorization: `Bearer ${token}`,
};
return await this.request({
...config,
headers,
});
}
async request(config) {
const action = `${config.method ?? "GET"} ${config.url ?? "/"}`;
try {
const response = await this.httpClient.request(config);
return response.data;
} catch (error) {
throw describeError(error, action);
}
}
}
return class NginxProxyManagerAccess extends BaseAccess {
endpoint = "";
email = "";
password = "";
totpSecret = "";
ignoreTls = false;
testRequest = true;
createClient() {
return new NginxProxyManagerClient({
endpoint: this.endpoint,
email: this.email,
password: this.password,
totpSecret: this.totpSecret || undefined,
ignoreTls: this.ignoreTls === true,
});
}
async onTestRequest() {
const client = this.createClient();
const result = await client.verifyAccess();
this.ctx.logger.info(`Nginx Proxy Manager 授权验证成功,找到 ${result.proxyHostCount} 个代理主机`);
return `成功(${result.proxyHostCount} 个代理主机)`;
}
async getProxyHostList(req = {}) {
const client = this.createClient();
return await client.getProxyHosts(req.searchKey);
}
};
@@ -0,0 +1 @@
export * from "./plugin-deploy-to-proxy-hosts.js";
@@ -0,0 +1,343 @@
import {
AbstractTaskPlugin,
IsTaskPlugin,
pluginGroups,
RunStrategy,
TaskInput,
} from "@certd/pipeline";
import { CertInfo, CertReader, createCertDomainGetterInputDefine } from "@certd/plugin-cert";
import { NginxProxyManagerAccess, ProxyHost } from "../access.js";
interface ProxyHostOption {
label: string;
value: string;
domain: string;
}
@IsTaskPlugin({
name: "NginxProxyManagerDeploy",
title: "Nginx Proxy Manager-部署到主机",
desc: "上传自定义证书到 Nginx Proxy Manager,并绑定到所选主机。",
icon: "logos:nginx",
group: pluginGroups.panel.key,
default: {
strategy: {
runStrategy: RunStrategy.SkipWhenSucceed,
},
},
})
export class NginxProxyManagerDeploy extends AbstractTaskPlugin {
@TaskInput({
title: "域名证书",
helper: "请选择前置任务产出的证书。",
component: {
name: "output-selector",
from: [":cert:"],
},
required: true,
})
cert!: CertInfo;
@TaskInput(createCertDomainGetterInputDefine())
certDomains!: string[];
@TaskInput({
title: "NPM授权",
component: {
name: "access-selector",
type: "nginxProxyManager",
},
helper: "选择用于部署的 Nginx Proxy Manager 授权。",
required: true,
})
accessId!: string;
@TaskInput({
title: "代理主机",
component: {
name: "remote-select",
vModel: "value",
mode: "tags",
type: "plugin",
action: "onGetProxyHostOptions",
search: true,
pager: false,
multi: true,
watches: ["certDomains", "accessId"],
},
helper: "选择要绑定此证书的一个或多个代理主机。",
required: true,
})
proxyHostIds!: string | string[];
@TaskInput({
title: "证书标识",
component: {
name: "a-input",
allowClear: true,
placeholder: "certd_npm_example_com",
},
helper: "可选。留空时默认使用 certd_npm_<主域名规范化>。",
required: false,
})
certificateLabel?: string;
@TaskInput({
title: "自动清理未使用证书",
component: {
name: "a-switch",
vModel: "checked",
},
helper: "部署成功后,自动删除除当前证书外所有未被任何主机引用的证书。",
required: false,
})
cleanupMatchingCertificates = false;
private normalizeDomain(domain: string): string {
return String(domain ?? "").trim().toLowerCase();
}
private wildcardMatches(pattern: string, candidate: string): boolean {
if (!pattern.startsWith("*.")) {
return false;
}
const suffix = pattern.slice(1).toLowerCase();
return candidate.endsWith(suffix);
}
private isDomainMatch(left: string, right: string): boolean {
const normalizedLeft = this.normalizeDomain(left);
const normalizedRight = this.normalizeDomain(right);
return (
normalizedLeft === normalizedRight ||
this.wildcardMatches(normalizedLeft, normalizedRight) ||
this.wildcardMatches(normalizedRight, normalizedLeft)
);
}
private sanitizeDomainSegment(value: string): string {
const sanitized = String(value ?? "")
.trim()
.toLowerCase()
.replace(/[^a-z0-9]+/g, "_")
.replace(/^_+|_+$/g, "")
.replace(/_+/g, "_");
return sanitized || "unknown";
}
private buildDefaultCertificateLabel(cert: CertInfo): string {
const mainDomain = CertReader.getMainDomain(cert.crt);
return `certd_npm_${this.sanitizeDomainSegment(mainDomain)}`;
}
private normalizeStringList(input: string | string[] | null | undefined): string[] {
if (Array.isArray(input)) {
return input;
}
if (input == null || input === "") {
return [];
}
return [input];
}
private resolveCertificateDomains(cert: CertInfo, configuredDomains: string | string[] | null | undefined): string[] {
const configured = this.normalizeStringList(configuredDomains)
.map((value) => String(value).trim())
.filter(Boolean);
if (configured.length > 0) {
return Array.from(new Set(configured));
}
return new CertReader(cert).getAllDomains();
}
private buildProxyHostLabel(host: ProxyHost): string {
const domains = host.domain_names?.length ? host.domain_names.join(", ") : "(no domains)";
return `${domains} <#${host.id}>`;
}
private hasAnyCertDomainMatch(host: ProxyHost, certDomains: string[]): boolean {
if (!certDomains.length) {
return false;
}
const hostDomains = host.domain_names ?? [];
return hostDomains.some((hostDomain) =>
certDomains.some((certDomain) => this.isDomainMatch(hostDomain, certDomain))
);
}
private buildProxyHostOptions(hosts: ProxyHost[], certDomains: string[]) {
const sortedHosts = [...hosts].sort((left, right) => {
return this.buildProxyHostLabel(left).localeCompare(this.buildProxyHostLabel(right));
});
const matched: { label: string; value: string; domain: string }[] = [];
const unmatched: { label: string; value: string; domain: string }[] = [];
for (const host of sortedHosts) {
const option = {
label: this.buildProxyHostLabel(host),
value: String(host.id),
domain: host.domain_names?.[0] ?? "",
};
if (this.hasAnyCertDomainMatch(host, certDomains)) {
matched.push(option);
} else {
unmatched.push(option);
}
}
if (matched.length && unmatched.length) {
return [
{
label: "匹配证书域名的主机",
options: matched,
},
{
label: "其他代理主机",
options: unmatched,
},
];
}
return matched.length ? matched : unmatched;
}
private normalizeProxyHostIds(proxyHostIds: string | string[] | number | null | undefined): number[] {
return Array.from(
new Set(
this.normalizeStringList(proxyHostIds as string | string[] | null | undefined)
.map((value) => Number.parseInt(String(value), 10))
.filter((value) => Number.isInteger(value) && value > 0)
)
);
}
private certificateHasBindings(certificate: { proxy_hosts?: unknown[]; redirection_hosts?: unknown[]; dead_hosts?: unknown[]; streams?: unknown[] }): boolean {
return (
(certificate.proxy_hosts?.length ?? 0) > 0 ||
(certificate.redirection_hosts?.length ?? 0) > 0 ||
(certificate.dead_hosts?.length ?? 0) > 0 ||
(certificate.streams?.length ?? 0) > 0
);
}
async execute(): Promise<void> {
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
const proxyHostIds = this.normalizeProxyHostIds(this.proxyHostIds);
if (proxyHostIds.length === 0) {
throw new Error("请至少选择一个 Nginx Proxy Manager 代理主机");
}
const certificateLabel =
this.certificateLabel?.trim() || this.buildDefaultCertificateLabel(this.cert);
const certificateDomains = this.resolveCertificateDomains(this.cert, this.certDomains);
let certificate = await access.findCustomCertificateByNiceName(certificateLabel);
if (!certificate) {
this.logger.info(`在 Nginx Proxy Manager 中创建自定义证书 "${certificateLabel}"`);
certificate = await access.createCustomCertificate(certificateLabel, certificateDomains);
} else {
this.logger.info(`复用已有自定义证书 "${certificateLabel}" (#${certificate.id})`);
}
await access.uploadCertificate(certificate.id, {
certificate: this.cert.crt,
certificateKey: this.cert.key,
intermediateCertificate: this.cert.ic,
});
this.logger.info(`证书内容已上传到 Nginx Proxy Manager 证书 #${certificate.id}`);
for (const proxyHostId of proxyHostIds) {
this.logger.info(`将证书 #${certificate.id} 绑定到代理主机 #${proxyHostId}`);
try {
await access.assignCertificateToProxyHost(proxyHostId, certificate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
throw new Error(`为代理主机 #${proxyHostId} 绑定证书失败:${message}`);
}
}
if (this.cleanupMatchingCertificates === true) {
await this.cleanupOldCertificates(access, certificate.id);
}
this.logger.info(`部署完成,共更新 ${proxyHostIds.length} 个代理主机`);
}
async onGetProxyHostOptions(req: { searchKey?: string } = {}): Promise<ProxyHostOption[] | { label: string; options: ProxyHostOption[] }[]> {
if (!this.accessId) {
throw new Error("请先选择 Nginx Proxy Manager 授权");
}
const access = await this.getAccess<NginxProxyManagerAccess>(this.accessId);
const proxyHosts = await access.getProxyHostList(req);
return this.buildProxyHostOptions(proxyHosts, this.normalizeStringList(this.certDomains));
}
private async cleanupOldCertificates(access: NginxProxyManagerAccess, currentCertificateId: number): Promise<void> {
const certificates = await access.getCertificatesWithExpand(undefined, [
"proxy_hosts",
"redirection_hosts",
"dead_hosts",
"streams",
]);
const candidates = certificates.filter((certificate) => {
return certificate.id !== currentCertificateId;
});
if (candidates.length === 0) {
this.logger.info("未发现可自动清理的旧证书");
return;
}
const deletedIds: number[] = [];
const skippedInUse: string[] = [];
const failedDeletes: string[] = [];
for (const candidate of candidates) {
if (this.certificateHasBindings(candidate)) {
skippedInUse.push(`#${candidate.id} ${candidate.nice_name}`);
continue;
}
this.logger.info(`自动清理旧证书 #${candidate.id} ${candidate.nice_name}`);
try {
await access.deleteCertificate(candidate.id);
deletedIds.push(candidate.id);
} catch (error) {
const message = error instanceof Error ? error.message : String(error);
failedDeletes.push(`#${candidate.id} ${candidate.nice_name}: ${message}`);
}
}
if (deletedIds.length > 0) {
this.logger.info(
`自动清理完成,共删除 ${deletedIds.length} 张旧证书:${deletedIds
.map((id) => `#${id}`)
.join(", ")}`
);
} else {
this.logger.info("未删除任何旧证书");
}
if (skippedInUse.length > 0) {
this.logger.info(`以下旧证书仍被其他资源引用,已跳过清理:${skippedInUse.join(", ")}`);
}
if (failedDeletes.length > 0) {
this.logger.warn(`以下旧证书清理失败,已跳过:${failedDeletes.join(", ")}`);
}
}
}
new NginxProxyManagerDeploy();
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,182 @@
import { AccessInput, BaseAccess, IsAccess, Pager, PageRes, PageSearch } from '@certd/pipeline';
import { DomainRecord } from '@certd/plugin-lib';
/**
* Technitium DNS Server
*/
@IsAccess({
name: 'technitium',
title: 'Technitium DNS Server',
icon: 'clarity:server-line',
desc: 'Technitium DNS Server 自建DNS服务器授权',
})
export class TechnitiumAccess extends BaseAccess {
/**
* API地址
*/
@AccessInput({
title: 'API地址',
value: 'http://localhost:5380',
component: {
name: "a-input",
allowClear: true,
placeholder: 'http://localhost:5380',
},
required: true,
})
apiUrl = 'http://localhost:5380';
/**
*
*/
@AccessInput({
title: '用户名',
component: {
name: "a-input",
allowClear: true,
placeholder: 'admin',
},
required: false,
})
username = 'admin';
/**
*
*/
@AccessInput({
title: '密码',
component: {
name: "a-input",
type: "password",
allowClear: true,
placeholder: '密码',
},
required: false,
encrypt: true,
})
password = '';
/**
*
*/
@AccessInput({
title: "测试",
component: {
name: "api-test",
action: "TestRequest"
},
helper: "点击测试接口是否正常"
})
testRequest = true;
token = '';
/**
* API调用方法
*/
async doRequest(options: { url: string; method: 'get' | 'post'; params?: URLSearchParams }) {
// 每次请求前都获取最新的token
if (!options.url.includes('/api/user/login')) {
await this.getToken();
}
// 复制参数并添加token
const params = new URLSearchParams(options.params || '');
if (this.token && !options.url.includes('/api/user/login')) {
params.append('token', this.token);
}
let fullUrl = options.url;
if (params.toString()) {
fullUrl = `${options.url}?${params.toString()}`;
}
const response = await this.ctx.http.request({
url: fullUrl,
method: options.method,
});
if (response.status !== 'ok') {
throw new Error(`${response.errorMessage || 'API调用失败'}`);
}
return response;
}
/**
* API连接
*/
async onTestRequest() {
// 测试获取区域列表
await this.GetDomainList({});
return "连接成功";
}
/**
*
*/
async GetDomainList(req: PageSearch): Promise<PageRes<DomainRecord>> {
this.ctx.logger.info(`获取域名列表,req:${JSON.stringify(req)}`);
const pager = new Pager(req);
// 规范API地址
this.apiUrl = this.normalizeEndpoint(this.apiUrl);
// 构建API URL
const apiUrl = `${this.apiUrl}/api/zones/list`;
// 构建查询参数
const params = new URLSearchParams();
// 调用API获取区域列表
const response = await this.doRequest({ url: apiUrl, method: 'get', params: params });
const zones = response.response.zones || [];
const total = zones.length;
// 转换为DomainRecord格式
let list = zones.map((zone: any) => ({
id: zone.name,
domain: zone.name,
}));
// 应用分页
list = list.slice(pager.getOffset(), pager.getOffset() + pager.pageSize);
return {
total,
list
};
}
/**
* API Token
*/
async getToken() {
const apiUrl = `${this.apiUrl}/api/user/login`;
const params = new URLSearchParams({
user: this.username,
pass: this.password,
});
// 直接使用ctx.http.request,避免递归调用doRequest
const response = await this.ctx.http.request({
url: `${apiUrl}?${params.toString()}`,
method: 'post',
});
if (response.status !== 'ok') {
throw new Error(`登录失败: ${response.errorMessage || '未知错误'}`);
}
this.token = response.token;
return this.token;
}
}
@@ -0,0 +1,97 @@
import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from '@certd/plugin-cert';
import { TechnitiumAccess } from "./access.js"
type TechnitiumRecord = {
// 记录创建时返回的数据结构
zone: {
name: string;
type: string;
internal: boolean;
dnssecStatus: string;
disabled: boolean;
};
addedRecord: {
disabled: boolean;
name: string;
type: string;
ttl: number;
rData: {
text: string;
};
dnssecStatus: string;
lastUsedOn: string;
};
};
// 注册Technitium DNS Server的DNS提供商
@IsDnsProvider({
name: 'technitium',
title: 'Technitium DNS Server',
desc: 'Technitium DNS Server 自建DNS服务器',
icon: 'clarity:server-line',
accessType: 'technitium',
order: 10,
})
export class TechnitiumDnsProvider extends AbstractDnsProvider<TechnitiumRecord> {
access!: TechnitiumAccess;
async onInstance() {
this.access = this.ctx.access as TechnitiumAccess;
this.logger.debug('access', this.access);
}
/**
* DNS解析记录
*/
async createRecord(options: CreateRecordOptions): Promise<TechnitiumRecord> {
const { fullRecord, value, type, domain } = options;
this.logger.info('添加域名解析:', fullRecord, value, type, domain);
// 构建API URL
const apiUrl = `${this.access.apiUrl}/api/zones/records/add`;
// 构建查询参数
const params = new URLSearchParams({
zone: domain,
domain: fullRecord,
type: type,
text: value,
ttl: "60",
});
// 调用Technitium API创建TXT记录
const response = await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
this.logger.info('创建域名解析成功:', fullRecord, value);
return response as TechnitiumRecord;
}
/**
* DNS解析记录,
*/
async removeRecord(options: RemoveRecordOptions<TechnitiumRecord>): Promise<void> {
const { fullRecord, value, domain } = options.recordReq;
const record = options.recordRes;
this.logger.info('删除域名解析:', domain, fullRecord, value, record);
// 构建API URL
const apiUrl = `${this.access.apiUrl}/api/zones/records/delete`;
// 构建查询参数
const params = new URLSearchParams({
zone: domain,
domain: fullRecord,
type: 'TXT',
text: value,
});
// 调用Technitium API删除TXT记录
await this.access.doRequest({ url: apiUrl, method: 'post', params: params });
this.logger.info('删除域名解析成功:', fullRecord, value);
}
}
// 实例化这个provider,将其自动注册到系统中
new TechnitiumDnsProvider();
@@ -0,0 +1,2 @@
export * from './dns-provider.js';
export * from './access.js';
+1 -1
View File
@@ -1 +1 @@
01:26
23:47
+1 -1
View File
@@ -1 +1 @@
01:53
00:29