From 16ec5fb9971c82f5d5a4e594c0966250be87f38b Mon Sep 17 00:00:00 2001
From: ChengPlay <31820853+zhengkunwang223@users.noreply.github.com>
Date: Tue, 6 May 2025 18:05:29 +0800
Subject: [PATCH] feat: Fix issue where added certificate domains become
ineffective. (#8549)
---
agent/app/service/website.go | 11 ++++---
agent/app/service/website_utils.go | 20 ++++++++++--
agent/i18n/lang/en.yaml | 2 ++
agent/i18n/lang/ja.yaml | 2 ++
agent/i18n/lang/ko.yaml | 2 ++
agent/i18n/lang/ms.yaml | 2 ++
agent/i18n/lang/pt-BR.yaml | 2 ++
agent/i18n/lang/ru.yaml | 2 ++
agent/i18n/lang/zh-Hant.yaml | 2 ++
agent/i18n/lang/zh.yaml | 1 +
.../src/views/website/runtime/php/index.vue | 2 +-
.../website/config/basic/https/index.vue | 32 ++++++++++++-------
12 files changed, 60 insertions(+), 20 deletions(-)
diff --git a/agent/app/service/website.go b/agent/app/service/website.go
index 1304d9a52..63cb10098 100644
--- a/agent/app/service/website.go
+++ b/agent/app/service/website.go
@@ -680,10 +680,6 @@ func (w WebsiteService) CreateWebsiteDomain(create request.WebsiteDomainCreate)
_ = OperateFirewallPort(nil, addPorts)
}()
- if err = addListenAndServerName(website, domainModels); err != nil {
- return nil, err
- }
-
nginxInstall, err := getAppInstallByKey(constant.AppOpenresty)
if err != nil {
return nil, err
@@ -729,6 +725,10 @@ func (w WebsiteService) CreateWebsiteDomain(create request.WebsiteDomainCreate)
}
}
+ if err = addListenAndServerName(website, domainModels); err != nil {
+ return nil, err
+ }
+
return domainModels, websiteDomainRepo.BatchCreate(context.TODO(), domainModels)
}
@@ -1037,6 +1037,9 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
if err != nil {
return nil, err
}
+ if websiteModel.Pem == "" {
+ return nil, buserr.New("ErrSSLValid")
+ }
website.WebsiteSSLID = websiteModel.ID
res.SSL = *websiteModel
websiteSSL = *websiteModel
diff --git a/agent/app/service/website_utils.go b/agent/app/service/website_utils.go
index b0cf039e8..d619b53cc 100644
--- a/agent/app/service/website_utils.go
+++ b/agent/app/service/website_utils.go
@@ -531,10 +531,17 @@ func addListenAndServerName(website model.Website, domains []model.WebsiteDomain
server := config.FindServers()[0]
http3 := isHttp3(server)
+ var allDomains []string
+ existDomains, _ := websiteDomainRepo.GetBy(websiteDomainRepo.WithWebsiteId(website.ID))
+ for _, domain := range existDomains {
+ allDomains = append(allDomains, domain.Domain)
+ }
+
for _, domain := range domains {
setListen(server, strconv.Itoa(domain.Port), website.IPV6, http3, website.DefaultServer, website.Protocol == constant.ProtocolHTTPS && domain.SSL)
- server.UpdateServerName([]string{domain.Domain})
+ allDomains = append(allDomains, domain.Domain)
}
+ server.UpdateServerName(allDomains)
if err = nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
return err
@@ -665,10 +672,14 @@ func applySSL(website *model.Website, websiteSSL model.WebsiteSSL, req request.W
return nil
}
noDefaultPort := true
+ httpPorts := make(map[int]struct{})
for _, domain := range domains {
if domain.Port == 80 {
noDefaultPort = false
}
+ if domain.Port != 80 && !domain.SSL {
+ httpPorts[domain.Port] = struct{}{}
+ }
}
config := nginxFull.SiteConfig.Config
server := config.FindServers()[0]
@@ -681,6 +692,9 @@ func applySSL(website *model.Website, websiteSSL model.WebsiteSSL, req request.W
httpPortIPV6 := "[::]:" + httpPort
for _, port := range httpsPort {
+ if _, ok := httpPorts[port]; !ok {
+ server.DeleteListen(strconv.Itoa(port))
+ }
setListen(server, strconv.Itoa(port), website.IPV6, req.Http3, website.DefaultServer, true)
}
@@ -714,10 +728,10 @@ func applySSL(website *model.Website, websiteSSL model.WebsiteSSL, req request.W
}
if !req.Http3 {
for _, port := range httpsPort {
- server.RemoveListen(strconv.Itoa(port), "quic", "reuseport")
+ server.RemoveListen(strconv.Itoa(port), "quic")
if website.IPV6 {
httpsPortIPV6 := "[::]:" + strconv.Itoa(port)
- server.RemoveListen(httpsPortIPV6, "quic", "reuseport")
+ server.RemoveListen(httpsPortIPV6, "quic")
}
}
server.RemoveDirective("add_header", []string{"Alt-Svc"})
diff --git a/agent/i18n/lang/en.yaml b/agent/i18n/lang/en.yaml
index ef22b7328..e1a8aafec 100644
--- a/agent/i18n/lang/en.yaml
+++ b/agent/i18n/lang/en.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'default is a reserved code, please use another code'
ErrParentWebsite: 'You need to delete the subsite {{ .name }} first'
ErrBuildDirNotFound: 'The build directory does not exist'
ErrImageNotExist: 'The operating environment {{ .name }} image does not exist, please re-edit the operating environment'
+ErrProxyIsUsed: "Load balancing has been used by reverse proxy, cannot be deleted"
+ErrSSLValid: 'Certificate file is abnormal, please check the certificate status!'
#ssl
ErrSSLCannotDelete: 'The {{ .name }} certificate is being used by a website and cannot be deleted'
diff --git a/agent/i18n/lang/ja.yaml b/agent/i18n/lang/ja.yaml
index 253adaaef..4148654f4 100644
--- a/agent/i18n/lang/ja.yaml
+++ b/agent/i18n/lang/ja.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'デフォルトは予約済みのコードです。別のコ
ErrParentWebsite: 'まずサブサイト {{ .name }} を削除する必要があります'
ErrBuildDirNotFound: 'ビルド ディレクトリが存在しません'
ErrImageNotExist: 'オペレーティング環境 {{ .name }} イメージが存在しません。オペレーティング環境を再編集してください'
+ErrProxyIsUsed: "ロードバランシングはリバースプロキシによって使用されているため、削除できません"
+ErrSSLValid: '証明書ファイルが異常です、証明書の状態を確認してください!'
#ssl
ErrSSLCannotDelete: '{{ .name }} 証明書は Web サイトで使用されているため、削除できません'
diff --git a/agent/i18n/lang/ko.yaml b/agent/i18n/lang/ko.yaml
index 14ec137e6..d7d13ea87 100644
--- a/agent/i18n/lang/ko.yaml
+++ b/agent/i18n/lang/ko.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: '기본값은 예약된 코드입니다. 다른 코드를 사
ErrParentWebsite: '먼저 하위 사이트 {{ .name }}을 삭제해야 합니다.'
ErrBuildDirNotFound: '빌드 디렉토리가 존재하지 않습니다'
ErrImageNotExist: '운영 환경 {{ .name }} 이미지가 존재하지 않습니다. 운영 환경을 다시 편집하세요.'
+ErrProxyIsUsed: "로드 밸런싱이 역방향 프록시에 의해 사용되었으므로 삭제할 수 없습니다"
+ErrSSLValid: '인증서 파일에 문제가 있습니다. 인증서 상태를 확인하세요!'
#SSL인증
ErrSSLCannotDelete: '{{ .name }} 인증서는 웹사이트에서 사용 중이므로 삭제할 수 없습니다.'
diff --git a/agent/i18n/lang/ms.yaml b/agent/i18n/lang/ms.yaml
index fda8f0777..53450d93c 100644
--- a/agent/i18n/lang/ms.yaml
+++ b/agent/i18n/lang/ms.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'lalai ialah kod simpanan, sila gunakan kod lain'
ErrParentWebsite: 'Anda perlu memadamkan subtapak {{ .name }} dahulu'
ErrBuildDirNotFound: 'Direktori binaan tidak wujud'
ErrImageNotExist: 'Imej persekitaran operasi {{ .name }} tidak wujud, sila edit semula persekitaran pengendalian'
+ErrProxyIsUsed: "Pengimbang beban telah digunakan oleh pengganti terbalik, tidak boleh dipadamkan"
+ErrSSLValid: 'Fail sijil bermasalah, sila periksa status sijil!'
#ssl
ErrSSLCannotDelete: 'Sijil {{ .name }} sedang digunakan oleh tapak web dan tidak boleh dipadamkan'
diff --git a/agent/i18n/lang/pt-BR.yaml b/agent/i18n/lang/pt-BR.yaml
index 6ccf39038..26d898f37 100644
--- a/agent/i18n/lang/pt-BR.yaml
+++ b/agent/i18n/lang/pt-BR.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'padrão é um código reservado, use outro código'
ErrParentWebsite: 'Você precisa excluir o subsite {{ .name }} primeiro'
ErrBuildDirNotFound: 'O diretório de compilação não existe'
ErrImageNotExist: 'A imagem do ambiente operacional {{ .name }} não existe, edite novamente o ambiente operacional'
+ErrProxyIsUsed: "Balanceamento de carga foi usado por proxy reverso, não pode ser excluído"
+ErrSSLValid: 'O arquivo do certificado está anormal, verifique o status do certificado!'
#ssl
ErrSSLCannotDelete: 'O certificado {{ .name }} está sendo usado por um site e não pode ser excluído'
diff --git a/agent/i18n/lang/ru.yaml b/agent/i18n/lang/ru.yaml
index 2375eb818..2187fb749 100644
--- a/agent/i18n/lang/ru.yaml
+++ b/agent/i18n/lang/ru.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'по умолчанию зарезервирован код,
ErrParentWebsite: 'Сначала вам необходимо удалить дочерний сайт {{ .name }}'
ErrBuildDirNotFound: 'Каталог сборки не существует'
ErrImageNotExist: 'Образ операционной среды {{ .name }} не существует, пожалуйста, отредактируйте операционную среду заново'
+ErrProxyIsUsed: "Балансировка нагрузки используется обратным прокси, невозможно удалить"
+ErrSSLValid: 'Файл сертификата аномален, проверьте статус сертификата!'
#ssl
ErrSSLCannotDelete: 'Сертификат {{ .name }} используется веб-сайтом и не может быть удален'
diff --git a/agent/i18n/lang/zh-Hant.yaml b/agent/i18n/lang/zh-Hant.yaml
index 36783d4f2..cc6877c41 100644
--- a/agent/i18n/lang/zh-Hant.yaml
+++ b/agent/i18n/lang/zh-Hant.yaml
@@ -118,6 +118,8 @@ ErrDefaultAlias: 'default 為保留代號,請使用其他代號'
ErrParentWebsite: '需要先移除子網站{{ .name }}'
ErrBuildDirNotFound: '建置目錄不存在'
ErrImageNotExist: '執行環境{{ .name }} 映像不存在,請重新編輯執行環境'
+ErrProxyIsUsed: "負載均衡已被反向代理使用,無法刪除"
+ErrSSLValid: '證書文件異常,請檢查證書狀態!'
#ssl
ErrSSLCannotDelete: '{{ .name }} 憑證正在被網站使用,無法刪除'
diff --git a/agent/i18n/lang/zh.yaml b/agent/i18n/lang/zh.yaml
index b8a22a5d0..91620f879 100644
--- a/agent/i18n/lang/zh.yaml
+++ b/agent/i18n/lang/zh.yaml
@@ -118,6 +118,7 @@ ErrParentWebsite: "需要先删除子网站 {{ .name }}"
ErrBuildDirNotFound: "构建目录不存在"
ErrImageNotExist: "运行环境 {{ .name }} 镜像不存在,请重新编辑运行环境"
ErrProxyIsUsed: "负载均衡已被反向代理使用,无法删除"
+ErrSSLValid: '证书文件异常,请检查证书状态!'
#ssl
ErrSSLCannotDelete: "{{ .name }} 证书正在被网站使用,无法删除"
diff --git a/frontend/src/views/website/runtime/php/index.vue b/frontend/src/views/website/runtime/php/index.vue
index 3379c37b3..5cb513053 100644
--- a/frontend/src/views/website/runtime/php/index.vue
+++ b/frontend/src/views/website/runtime/php/index.vue
@@ -100,7 +100,7 @@
-
+
diff --git a/frontend/src/views/website/website/config/basic/https/index.vue b/frontend/src/views/website/website/config/basic/https/index.vue
index 0baa0581a..91eff780b 100644
--- a/frontend/src/views/website/website/config/basic/https/index.vue
+++ b/frontend/src/views/website/website/config/basic/https/index.vue
@@ -73,6 +73,7 @@
:key="index"
:label="ssl.primaryDomain"
:value="ssl.id"
+ :disabled="ssl.pem === ''"
>
@@ -140,16 +141,13 @@
{{ $t('website.SSLProConfig') }}
- {{ 'TLS 1.3' }}
- {{ 'TLS 1.2' }}
- {{ 'TLS 1.1' }}
- {{ 'TLS 1.0' }}
-
-
- {{ 'SSL V3' + $t('website.notSecurity') }}
+ {{ 'TLS 1.3' }}
+ {{ 'TLS 1.2' }}
+
+ {{ 'TLS 1.0' + $t('website.notSecurity') }}
-
- {{ 'SSL V2' + $t('website.notSecurity') }}
+
+ {{ 'TLS 1.1' + $t('website.notSecurity') }}
@@ -209,7 +207,7 @@ const form = reactive({
hsts: true,
algorithm:
'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED',
- SSLProtocol: ['TLSv1.3', 'TLSv1.2', 'TLSv1.1', 'TLSv1'],
+ SSLProtocol: ['TLSv1.3', 'TLSv1.2'],
httpsPort: '443',
http3: false,
});
@@ -255,7 +253,12 @@ const listSSLs = () => {
}
}
if (!exist) {
- form.websiteSSLId = ssls.value[0].id;
+ for (const ssl of ssls.value) {
+ if (ssl.pem != '') {
+ form.websiteSSLId = ssl.id;
+ break;
+ }
+ }
}
changeSSl(form.websiteSSLId);
} else {
@@ -275,7 +278,12 @@ const changeSSl = (sslid: number) => {
const res = ssls.value.filter((element: Website.SSL) => {
return element.id == sslid;
});
- websiteSSL.value = res[0];
+ for (const r of res) {
+ if (r.pem != '') {
+ websiteSSL.value = r;
+ break;
+ }
+ }
};
const changeType = (type: string) => {