feat: 网站支持设置 HTTPS 端口 (#6056)

2024-11-10 09:02:42 +08:00 · 2024-08-08 10:14:28 +08:00 · 2024-08-08 10:14:28 +08:00 · 3d2d4318c7
commit 3d2d4318c7
parent 2f34e1727f
8 changed files with 57 additions and 29 deletions
--- a/agent/app/dto/request/website.go
+++ b/agent/app/dto/request/website.go
@ -145,6 +145,7 @@ type WebsiteHTTPSOp struct {
 	SSLProtocol     []string `json:"SSLProtocol"`
 	Algorithm       string   `json:"algorithm"`
 	Hsts            bool     `json:"hsts"`
+	HttpsPort       int      `json:"httpsPort"`
 }

 type WebsiteNginxUpdate struct {
--- a/agent/app/dto/response/website.go
+++ b/agent/app/dto/response/website.go
@ -59,6 +59,7 @@ type WebsiteHTTPS struct {
 	SSLProtocol []string         `json:"SSLProtocol"`
 	Algorithm   string           `json:"algorithm"`
 	Hsts        bool             `json:"hsts"`
+	HttpsPort   int              `json:"httpsPort"`
 }

 type WebsiteLog struct {
--- a/agent/app/model/website.go
+++ b/agent/app/model/website.go
@ -28,6 +28,8 @@ type Website struct {
 	AppInstallID   uint `gorm:"type:integer" json:"appInstallId"`
 	FtpID          uint `gorm:"type:integer" json:"ftpId"`

+	HttpsPort int `json:"httpsPort"`
+
 	User  string `gorm:"type:varchar;" json:"user"`
 	Group string `gorm:"type:varchar;" json:"group"`

--- a/agent/app/service/website.go
+++ b/agent/app/service/website.go
@ -225,6 +225,7 @@ func (w WebsiteService) CreateWebsite(create request.WebsiteCreate) (err error)
 		return err
 	}
 	defaultHttpPort := nginxInstall.HttpPort
+	defaultHttpsPort := nginxInstall.HttpsPort

 	var (
 		otherDomains []model.WebsiteDomain
@ -239,6 +240,9 @@ func (w WebsiteService) CreateWebsite(create request.WebsiteCreate) (err error)
 		return err
 	}
 	domains = append(domains, otherDomains...)
+	if len(domains) == 1 && domains[0].Port != defaultHttpPort {
+		defaultHttpsPort = domains[0].Port
+	}

 	defaultDate, _ := time.Parse(constant.DateLayout, constant.DefaultDate)
 	website := &model.Website{
@ -255,6 +259,7 @@ func (w WebsiteService) CreateWebsite(create request.WebsiteCreate) (err error)
 		AccessLog:      true,
 		ErrorLog:       true,
 		IPV6:           create.IPV6,
+		HttpsPort:      defaultHttpsPort,
 	}

 	var (
@ -459,8 +464,9 @@ func (w WebsiteService) CreateWebsite(create request.WebsiteCreate) (err error)
 				SSLProtocol:  []string{"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"},
 				Algorithm:    "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED",
 				Hsts:         true,
+				HttpsPort:    website.HttpsPort,
 			}
-			if err = applySSL(*website, *websiteModel, appSSLReq); err != nil {
+			if err = applySSL(website, *websiteModel, appSSLReq); err != nil {
 				return err
 			}
 			if err = websiteRepo.Save(context.Background(), website); err != nil {
@ -863,6 +869,7 @@ func (w WebsiteService) GetWebsiteHTTPS(websiteId uint) (response.WebsiteHTTPS,
 		return response.WebsiteHTTPS{}, err
 	}
 	var res response.WebsiteHTTPS
+	res.HttpsPort = website.HttpsPort
 	if website.WebsiteSSLID == 0 {
 		res.Enable = false
 		return res, nil
@ -918,9 +925,12 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
 	if !req.Enable {
 		website.Protocol = constant.ProtocolHTTP
 		website.WebsiteSSLID = 0
-		_, httpsPort, err := getAppInstallPort(constant.AppOpenresty)
-		if err != nil {
-			return nil, err
+		httpsPort := website.HttpsPort
+		if httpsPort == 0 {
+			_, httpsPort, err = getAppInstallPort(constant.AppOpenresty)
+			if err != nil {
+				return nil, err
+			}
 		}
 		httpsPortStr := strconv.Itoa(httpsPort)
 		if err := deleteListenAndServerName(website, []string{httpsPortStr, "[::]:" + httpsPortStr}, []string{}); err != nil {
@ -1025,7 +1035,7 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
 	}

 	website.Protocol = constant.ProtocolHTTPS
-	if err := applySSL(website, websiteSSL, req); err != nil {
+	if err := applySSL(&website, websiteSSL, req); err != nil {
 		return nil, err
 	}
 	website.HttpConfig = req.HttpConfig
--- a/agent/app/service/website_utils.go
+++ b/agent/app/service/website_utils.go
@ -568,8 +568,8 @@ func createPemFile(website model.Website, websiteSSL model.WebsiteSSL) error {
 	return nil
 }

-func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.WebsiteHTTPSOp) error {
-	nginxFull, err := getNginxFull(&website)
+func applySSL(website *model.Website, websiteSSL model.WebsiteSSL, req request.WebsiteHTTPSOp) error {
+	nginxFull, err := getNginxFull(website)
 	if err != nil {
 		return nil
 	}
@ -587,11 +587,15 @@ func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.We
 	server := config.FindServers()[0]

 	httpPort := strconv.Itoa(nginxFull.Install.HttpPort)
-	httpsPort := strconv.Itoa(nginxFull.Install.HttpsPort)
+	httpsPort := nginxFull.Install.HttpsPort
+	if req.HttpsPort > 0 {
+		httpsPort = req.HttpsPort
+	}
+	website.HttpsPort = httpsPort
 	httpPortIPV6 := "[::]:" + httpPort
-	httpsPortIPV6 := "[::]:" + httpsPort
+	httpsPortIPV6 := "[::]:" + strconv.Itoa(httpsPort)

-	server.UpdateListen(httpsPort, website.DefaultServer, "ssl", "http2")
+	server.UpdateListen(strconv.Itoa(httpsPort), website.DefaultServer, "ssl", "http2")
 	if website.IPV6 {
 		server.UpdateListen(httpsPortIPV6, website.DefaultServer, "ssl", "http2")
 	}
@ -626,7 +630,7 @@ func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.We
 	if err := nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
 		return err
 	}
-	if err := createPemFile(website, websiteSSL); err != nil {
+	if err := createPemFile(*website, websiteSSL); err != nil {
 		return err
 	}
 	nginxParams := getNginxParamsFromStaticFile(dto.SSL, []dto.NginxParam{})
@ -651,7 +655,7 @@ func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.We
 		})
 	}

-	if err := updateNginxConfig(constant.NginxScopeServer, nginxParams, &website); err != nil {
+	if err := updateNginxConfig(constant.NginxScopeServer, nginxParams, website); err != nil {
 		return err
 	}
 	return nil
--- a/agent/init/migration/migrations/init.go
+++ b/agent/init/migration/migrations/init.go
@ -297,7 +297,7 @@ var AddTask = &gormigrate.Migration{
 }

 var UpdateWebsite = &gormigrate.Migration{
-	ID: "20240803-update-website",
+	ID: "20240807-update-website",
 	Migrate: func(tx *gorm.DB) error {
 		return tx.AutoMigrate(
 			&model.Website{})
--- a/frontend/src/api/interface/website.ts
+++ b/frontend/src/api/interface/website.ts
@ -288,6 +288,7 @@ export namespace Website {
        SSLProtocol: string[];
        algorithm: string;
        hsts: boolean;
+        httpsPort: number;
    }

    export interface CheckReq {
--- a/frontend/src/views/website/website/config/basic/https/index.vue
+++ b/frontend/src/views/website/website/config/basic/https/index.vue
@ -13,10 +13,13 @@
                    <el-switch v-model="form.enable" @change="changeEnable"></el-switch>
                </el-form-item>
                <div v-if="form.enable">
+                    <el-form-item :label="'HTTPS ' + $t('commons.table.port')" prop="httpsPort">
+                        <el-input v-model.number="form.httpsPort" />
+                    </el-form-item>
                    <el-text type="warning" class="!ml-2">{{ $t('website.ipWebsiteWarn') }}</el-text>
                    <el-divider content-position="left">{{ $t('website.SSLConfig') }}</el-divider>
                    <el-form-item :label="$t('website.HTTPConfig')" prop="httpConfig">
-                        <el-select v-model="form.httpConfig" class="p-w-200">
+                        <el-select v-model="form.httpConfig" class="p-w-400">
                            <el-option :label="$t('website.HTTPToHTTPS')" :value="'HTTPToHTTPS'"></el-option>
                            <el-option :label="$t('website.HTTPAlso')" :value="'HTTPAlso'"></el-option>
                            <el-option :label="$t('website.HTTPSOnly')" :value="'HTTPSOnly'"></el-option>
@ -101,7 +104,7 @@
                        </div>
                    </div>
                    <el-form-item :label="' '" v-if="websiteSSL && websiteSSL.id > 0">
-                        <el-descriptions :column="6" border direction="vertical">
+                        <el-descriptions :column="7" border direction="vertical">
                            <el-descriptions-item :label="$t('website.primaryDomain')">
                                {{ websiteSSL.primaryDomain }}
                            </el-descriptions-item>
@ -170,7 +173,7 @@ import { GetHTTPSConfig, ListSSL, SearchAcmeAccount, UpdateHTTPSConfig } from '@
 import { ElMessageBox, FormInstance } from 'element-plus';
 import { computed, onMounted, reactive, ref } from 'vue';
 import i18n from '@/lang';
-import { Rules } from '@/global/form-rules';
+import { Rules, checkNumberRange } from '@/global/form-rules';
 import { dateFormatSimple, getProvider, getAccountName } from '@/utils/util';
 import { MsgSuccess } from '@/utils/message';
 import FileList from '@/components/file-list/index.vue';
@ -201,6 +204,7 @@ const form = reactive({
    algorithm:
        'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED',
    SSLProtocol: ['TLSv1.3', 'TLSv1.2', 'TLSv1.1', 'TLSv1'],
+    httpsPort: 443,
 });
 const loading = ref(false);
 const ssls = ref();
@ -218,6 +222,7 @@ const rules = ref({
    SSLProtocol: [Rules.requiredSelect],
    algorithm: [Rules.requiredInput],
    acmeAccountID: [Rules.requiredInput],
+    httpsPort: [Rules.requiredInput, checkNumberRange(1, 65535)],
 });
 const resData = ref();
 const sslReq = reactive({
@ -278,23 +283,27 @@ const get = () => {
    GetHTTPSConfig(id.value).then((res) => {
        if (res.data) {
            form.type = 'existed';
-            resData.value = res.data;
-            form.enable = res.data.enable;
-            if (res.data.httpConfig != '') {
-                form.httpConfig = res.data.httpConfig;
+            const data = res.data;
+            resData.value = data;
+            form.enable = data.enable;
+            if (data.httpConfig != '') {
+                form.httpConfig = data.httpConfig;
            }
-            if (res.data.SSLProtocol && res.data.SSLProtocol.length > 0) {
-                form.SSLProtocol = res.data.SSLProtocol;
+            if (data.SSLProtocol && data.SSLProtocol.length > 0) {
+                form.SSLProtocol = data.SSLProtocol;
            }
-            if (res.data.algorithm != '') {
-                form.algorithm = res.data.algorithm;
+            if (data.algorithm != '') {
+                form.algorithm = data.algorithm;
            }
-            if (res.data.SSL && res.data.SSL.id > 0) {
-                form.websiteSSLId = res.data.SSL.id;
-                websiteSSL.value = res.data.SSL;
-                form.acmeAccountID = res.data.SSL.acmeAccountId;
+            if (data.SSL && data.SSL.id > 0) {
+                form.websiteSSLId = data.SSL.id;
+                websiteSSL.value = data.SSL;
+                form.acmeAccountID = data.SSL.acmeAccountId;
+            }
+            form.hsts = data.hsts;
+            if (data.httpsPort > 0) {
+                form.httpsPort = data.httpsPort;
            }
-            form.hsts = res.data.hsts;
        }
        listSSL();
        listAcmeAccount();