From 7cb745acdfbe298788d6c12556673ee20707d07b Mon Sep 17 00:00:00 2001 From: net909 Date: Tue, 26 Aug 2025 22:32:30 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=83=A8=E7=BD=B2=E9=98=BF?= =?UTF-8?q?=E9=87=8C=E4=BA=91SLB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/lib/DeployHelper.php | 18 +++ app/lib/deploy/aliyun.php | 201 +++++++++++++++++++----------- app/view/cert/account_form.html | 2 +- app/view/cert/deploy_form.html | 2 +- app/view/cert/order_form.html | 2 +- app/view/dmonitor/taskform.html | 2 +- app/view/domain/batchadd2.html | 2 +- app/view/domain/batchedit.html | 2 +- app/view/domain/domain_add.html | 2 +- app/view/optimizeip/opipform.html | 2 +- app/view/schedule/staskform.html | 2 +- think | 4 + 12 files changed, 157 insertions(+), 84 deletions(-) diff --git a/app/lib/DeployHelper.php b/app/lib/DeployHelper.php index 3291fa3..6176ef4 100644 --- a/app/lib/DeployHelper.php +++ b/app/lib/DeployHelper.php @@ -928,6 +928,24 @@ class DeployHelper 'note' => '进入NLB实例详情->监听列表,复制监听ID(只支持TCPSSL监听协议)', 'required' => true, ], + 'deploy_type' => [ + 'name' => '部署证书类型', + 'type' => 'select', + 'options' => [ + ['value'=>'0', 'label'=>'默认证书'], + ['value'=>'1', 'label'=>'扩展证书'], + ], + 'value' => '0', + 'show' => 'product==\'clb\'||product==\'alb\'||product==\'nlb\'', + 'required' => true, + ], + 'clb_domain' => [ + 'name' => '扩展域名', + 'type' => 'input', + 'placeholder' => '多个域名可使用,分隔', + 'show' => 'product==\'clb\'&&deploy_type==1', + 'required' => true, + ], 'domain' => [ 'name' => '绑定的域名', 'type' => 'input', diff --git a/app/lib/deploy/aliyun.php b/app/lib/deploy/aliyun.php index 5ccf457..3bf768a 100644 --- a/app/lib/deploy/aliyun.php +++ b/app/lib/deploy/aliyun.php @@ -568,36 +568,65 @@ class aliyun implements DeployInterface $this->log('找到已添加的服务器证书 ServerCertificateId=' . $ServerCertificateId); } - $param = [ - 'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute', - 'RegionId' => $config['regionid'], - 'LoadBalancerId' => $config['clb_id'], - 'ListenerPort' => $config['clb_port'], - ]; - try { - $data = $client->request($param); - } catch (Exception $e) { - throw new Exception('HTTPS监听配置查询失败:' . $e->getMessage()); - } + $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0; + if ($deploy_type == 1) { + if (empty($config['clb_domain'])) throw new Exception('扩展域名不能为空'); + $domains = explode(',', $config['clb_domain']); + $param = [ + 'Action' => 'DescribeDomainExtensions', + 'RegionId' => $config['regionid'], + 'LoadBalancerId' => $config['clb_id'], + 'ListenerPort' => $config['clb_port'], + ]; + try { + $data = $client->request($param); + } catch (Exception $e) { + throw new Exception('扩展域名列表查询失败:' . $e->getMessage()); + } + foreach ($data['DomainExtensions']['DomainExtension'] as $item) { + if (in_array($item['Domain'], $domains)) { + if ($ServerCertificateId == $item['ServerCertificateId']) { + $this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书已配置'); + } else { + $param = [ + 'Action' => 'SetDomainExtensionAttribute', + 'RegionId' => $config['regionid'], + 'DomainExtensionId' => $item['DomainExtensionId'], + 'ServerCertificateId' => $ServerCertificateId, + ]; + $client->request($param); + $this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书更新成功'); + } + } + } + } else { + $param = [ + 'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute', + 'RegionId' => $config['regionid'], + 'LoadBalancerId' => $config['clb_id'], + 'ListenerPort' => $config['clb_port'], + ]; + try { + $data = $client->request($param); + } catch (Exception $e) { + throw new Exception('HTTPS监听配置查询失败:' . $e->getMessage()); + } - if ($data['ServerCertificateId'] == $ServerCertificateId) { - $this->log('负载均衡HTTPS监听已配置该证书,无需重复操作'); - return; - } + if ($data['ServerCertificateId'] == $ServerCertificateId) { + $this->log('负载均衡HTTPS监听已配置该证书,无需重复操作'); + return; + } - $param = [ - 'Action' => 'SetLoadBalancerHTTPSListenerAttribute', - 'RegionId' => $config['regionid'], - 'LoadBalancerId' => $config['clb_id'], - 'ListenerPort' => $config['clb_port'], - ]; - $keys = ['Bandwidth', 'XForwardedFor', 'Scheduler', 'StickySession', 'StickySessionType', 'CookieTimeout', 'Cookie', 'HealthCheck', 'HealthCheckMethod', 'HealthCheckDomain', 'HealthCheckURI', 'HealthyThreshold', 'UnhealthyThreshold', 'HealthCheckTimeout', 'HealthCheckInterval', 'HealthCheckConnectPort', 'HealthCheckHttpCode', 'ServerCertificateId', 'CACertificateId', 'VServerGroup', 'VServerGroupId', 'XForwardedFor_SLBIP', 'XForwardedFor_SLBID', 'XForwardedFor_proto', 'Gzip', 'AclId', 'AclType', 'AclStatus', 'IdleTimeout', 'RequestTimeout', 'EnableHttp2', 'TLSCipherPolicy', 'Description', 'XForwardedFor_SLBPORT', 'XForwardedFor_ClientSrcPort']; - foreach ($keys as $key) { - if (isset($data[$key])) $param[$key] = $data[$key]; + $param = [ + 'Action' => 'SetLoadBalancerHTTPSListenerAttribute', + 'RegionId' => $config['regionid'], + 'LoadBalancerId' => $config['clb_id'], + 'ListenerPort' => $config['clb_port'], + 'ServerCertificateId' => $ServerCertificateId, + ]; + $client->request($param); + $this->log('负载均衡HTTPS监听证书配置成功!'); } - $param['ServerCertificateId'] = $ServerCertificateId; - $client->request($param); - $this->log('负载均衡HTTPS监听证书配置成功!'); } private function deploy_alb($cert_id, $config) @@ -606,33 +635,44 @@ class aliyun implements DeployInterface $endpoint = 'alb.' . $config['regionid'] . '.aliyuncs.com'; $client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2020-06-16', $this->proxy); + $cert_id = $cert_id . '-cn-hangzhou'; + $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0; - $param = [ - 'Action' => 'ListListenerCertificates', - 'MaxResults' => 100, - 'ListenerId' => $config['alb_listener_id'], - 'CertificateType' => 'Server', - ]; - try { - $data = $client->request($param); - } catch (Exception $e) { - throw new Exception('获取监听证书列表失败:' . $e->getMessage()); - } - foreach ($data['Certificates'] as $cert) { - if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-')); - if ($cert['CertificateId'] == $cert_id) { - $this->log('负载均衡监听证书已添加,无需重复操作'); - return; + if ($deploy_type == 1) { + $param = [ + 'Action' => 'ListListenerCertificates', + 'MaxResults' => 100, + 'ListenerId' => $config['alb_listener_id'], + 'CertificateType' => 'Server', + ]; + try { + $data = $client->request($param); + } catch (Exception $e) { + throw new Exception('获取监听证书列表失败:' . $e->getMessage()); + } + foreach ($data['Certificates'] as $cert) { + if ($cert['CertificateId'] == $cert_id) { + $this->log('负载均衡监听扩展证书已添加,无需重复操作'); + return; + } } - } - $param = [ - 'Action' => 'AssociateAdditionalCertificatesWithListener', - 'ListenerId' => $config['alb_listener_id'], - 'Certificates.1.CertificateId' => $cert_id . '-cn-hangzhou', - ]; - $client->request($param); - $this->log('应用型负载均衡监听证书添加成功!'); + $param = [ + 'Action' => 'AssociateAdditionalCertificatesWithListener', + 'ListenerId' => $config['alb_listener_id'], + 'Certificates.1.CertificateId' => $cert_id, + ]; + $client->request($param); + $this->log('应用型负载均衡监听扩展证书添加成功!'); + } else { + $param = [ + 'Action' => 'UpdateListenerAttribute', + 'ListenerId' => $config['alb_listener_id'], + 'Certificates.1.CertificateId' => $cert_id, + ]; + $client->request($param); + $this->log('应用型负载均衡监听默认证书更新成功!'); + } } private function deploy_nlb($cert_id, $config) @@ -641,33 +681,44 @@ class aliyun implements DeployInterface $endpoint = 'nlb.' . $config['regionid'] . '.aliyuncs.com'; $client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2022-04-30', $this->proxy); + $cert_id = $cert_id . '-cn-hangzhou'; + $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0; - $param = [ - 'Action' => 'ListListenerCertificates', - 'MaxResults' => 50, - 'ListenerId' => $config['nlb_listener_id'], - 'CertificateType' => 'Server', - ]; - try { - $data = $client->request($param); - } catch (Exception $e) { - throw new Exception('获取监听证书列表失败:' . $e->getMessage()); - } - foreach ($data['Certificates'] as $cert) { - if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-')); - if ($cert['CertificateId'] == $cert_id) { - $this->log('负载均衡监听证书已添加,无需重复操作'); - return; + if ($deploy_type == 1) { + $param = [ + 'Action' => 'ListListenerCertificates', + 'MaxResults' => 50, + 'ListenerId' => $config['nlb_listener_id'], + 'CertificateType' => 'Server', + ]; + try { + $data = $client->request($param); + } catch (Exception $e) { + throw new Exception('获取监听证书列表失败:' . $e->getMessage()); + } + foreach ($data['Certificates'] as $cert) { + if ($cert['CertificateId'] == $cert_id) { + $this->log('负载均衡监听扩展证书已添加,无需重复操作'); + return; + } } - } - $param = [ - 'Action' => 'AssociateAdditionalCertificatesWithListener', - 'ListenerId' => $config['nlb_listener_id'], - 'AdditionalCertificateIds.1' => $cert_id . '-cn-hangzhou', - ]; - $client->request($param); - $this->log('网络型负载均衡监听证书添加成功!'); + $param = [ + 'Action' => 'AssociateAdditionalCertificatesWithListener', + 'ListenerId' => $config['nlb_listener_id'], + 'AdditionalCertificateIds.1' => $cert_id, + ]; + $client->request($param); + $this->log('网络型负载均衡监听扩展证书添加成功!'); + } else { + $param = [ + 'Action' => 'UpdateListenerAttribute', + 'ListenerId' => $config['nlb_listener_id'], + 'CertificateIds.1' => $cert_id, + ]; + $client->request($param); + $this->log('网络型负载均衡监听默认证书更新成功!'); + } } public function setLogger($func) diff --git a/app/view/cert/account_form.html b/app/view/cert/account_form.html index 1f8a06c..441bea7 100644 --- a/app/view/cert/account_form.html +++ b/app/view/cert/account_form.html @@ -182,7 +182,7 @@ {/block} {block name="script"} - + + diff --git a/app/view/cert/order_form.html b/app/view/cert/order_form.html index d03c1ee..442eaaa 100644 --- a/app/view/cert/order_form.html +++ b/app/view/cert/order_form.html @@ -77,7 +77,7 @@ {/block} {block name="script"} - + + + + + + +