优化ssl自动化功能
This commit is contained in:
parent
7d885471c0
commit
88f5127d9b
@ -116,14 +116,23 @@ class RouteWatcher:
|
|||||||
def extract_domains_from_route(self, route: dict) -> Set[str]:
|
def extract_domains_from_route(self, route: dict) -> Set[str]:
|
||||||
"""从路由中提取域名"""
|
"""从路由中提取域名"""
|
||||||
domains = set()
|
domains = set()
|
||||||
|
route_value = route.get('value', {})
|
||||||
|
|
||||||
# 从 hosts 字段提取
|
# 从 host 字段提取(单个域名,Dashboard 常用)
|
||||||
hosts = route.get('value', {}).get('hosts', [])
|
host = route_value.get('host')
|
||||||
|
if host and isinstance(host, str):
|
||||||
|
domains.add(host)
|
||||||
|
|
||||||
|
# 从 hosts 字段提取(域名数组)
|
||||||
|
hosts = route_value.get('hosts', [])
|
||||||
if hosts:
|
if hosts:
|
||||||
domains.update(hosts)
|
if isinstance(hosts, list):
|
||||||
|
domains.update(hosts)
|
||||||
|
elif isinstance(hosts, str):
|
||||||
|
domains.add(hosts)
|
||||||
|
|
||||||
# 从 uri 字段提取(如果包含域名)
|
# 从 uri 字段提取(如果包含域名)
|
||||||
uri = route.get('value', {}).get('uri', '')
|
uri = route_value.get('uri', '')
|
||||||
if uri and '.' in uri and not uri.startswith('/'):
|
if uri and '.' in uri and not uri.startswith('/'):
|
||||||
# 可能是域名格式
|
# 可能是域名格式
|
||||||
parts = uri.split('/')
|
parts = uri.split('/')
|
||||||
@ -131,7 +140,7 @@ class RouteWatcher:
|
|||||||
domains.add(parts[0])
|
domains.add(parts[0])
|
||||||
|
|
||||||
# 从 match 字段提取
|
# 从 match 字段提取
|
||||||
match = route.get('value', {}).get('match', {})
|
match = route_value.get('match', {})
|
||||||
if isinstance(match, dict):
|
if isinstance(match, dict):
|
||||||
for key, value in match.items():
|
for key, value in match.items():
|
||||||
if 'host' in key.lower() and isinstance(value, str):
|
if 'host' in key.lower() and isinstance(value, str):
|
||||||
|
|||||||
@ -176,11 +176,11 @@ class SSLTestRunner:
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
def check_webroot_route(self, domain: str) -> bool:
|
def check_webroot_route(self, domain: str) -> bool:
|
||||||
"""检查 webroot 验证路由"""
|
"""检查 webroot 验证路由(通用路由,适用于所有域名)"""
|
||||||
print_info(f"检查 webroot 验证路由: {domain}...")
|
print_info(f"检查 webroot 验证路由(适用于所有域名)...")
|
||||||
|
|
||||||
# 为每个域名创建独立的 webroot 路由
|
# 使用通用的 webroot 路由,不指定 host
|
||||||
route_id = f"certbot-webroot-{domain}"
|
route_id = "certbot-webroot"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
response = requests.get(
|
response = requests.get(
|
||||||
@ -205,16 +205,16 @@ class SSLTestRunner:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
def create_webroot_route(self, domain: str) -> bool:
|
def create_webroot_route(self, domain: str) -> bool:
|
||||||
"""创建 webroot 验证路由(为每个域名创建独立路由)"""
|
"""创建 webroot 验证路由(通用路由,适用于所有域名)"""
|
||||||
print_info(f"创建 webroot 路由: {domain}")
|
print_info(f"创建 webroot 路由(适用于所有域名)")
|
||||||
|
|
||||||
# 为每个域名创建独立的 webroot 路由,确保 host 匹配
|
# 使用通用的 webroot 路由,不指定 host,适用于所有域名
|
||||||
route_id = f"certbot-webroot-{domain}"
|
route_id = "certbot-webroot"
|
||||||
route_config = {
|
route_config = {
|
||||||
"uri": "/.well-known/acme-challenge/*",
|
"uri": "/.well-known/acme-challenge/*",
|
||||||
"name": route_id,
|
"name": route_id,
|
||||||
"host": domain, # 设置 host,确保正确匹配
|
# 不设置 host,匹配所有域名
|
||||||
"priority": 10000, # 高优先级,在域名路由之前匹配
|
"priority": 99999, # 最高优先级,确保在所有路由之前匹配
|
||||||
"plugins": {
|
"plugins": {
|
||||||
"serverless-pre-function": {
|
"serverless-pre-function": {
|
||||||
"phase": "rewrite",
|
"phase": "rewrite",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user