Compare commits
No commits in common. "cac12f50bd104c49da2698118915ebb20f5712c3" and "3a37cc6e14c2e4449d43b5a550ac82523edf4729" have entirely different histories.
cac12f50bd
...
3a37cc6e14
BIN
ssl_manager/__pycache__/ssl_manager.cpython-313.pyc
Normal file
BIN
ssl_manager/__pycache__/ssl_manager.cpython-313.pyc
Normal file
Binary file not shown.
@ -39,7 +39,11 @@ class RouteWatcher:
|
|||||||
self.apisix_admin_url = os.getenv('APISIX_ADMIN_URL', 'http://localhost:9180')
|
self.apisix_admin_url = os.getenv('APISIX_ADMIN_URL', 'http://localhost:9180')
|
||||||
self.apisix_admin_key = os.getenv('APISIX_ADMIN_KEY', '8206e6e42b6b53243c52a767cc633137')
|
self.apisix_admin_key = os.getenv('APISIX_ADMIN_KEY', '8206e6e42b6b53243c52a767cc633137')
|
||||||
|
|
||||||
# 不再使用已处理列表,直接检查实际 SSL 配置
|
# 已处理的域名集合
|
||||||
|
self.processed_domains: Set[str] = set()
|
||||||
|
|
||||||
|
# 加载已处理的域名
|
||||||
|
self._load_processed_domains()
|
||||||
|
|
||||||
def _get_apisix_headers(self):
|
def _get_apisix_headers(self):
|
||||||
"""获取 APISIX Admin API 请求头"""
|
"""获取 APISIX Admin API 请求头"""
|
||||||
@ -48,6 +52,27 @@ class RouteWatcher:
|
|||||||
'Content-Type': 'application/json'
|
'Content-Type': 'application/json'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def _load_processed_domains(self):
|
||||||
|
"""加载已处理的域名列表"""
|
||||||
|
state_file = '/var/lib/apisix-ssl-manager/processed_domains.json'
|
||||||
|
if os.path.exists(state_file):
|
||||||
|
try:
|
||||||
|
with open(state_file, 'r') as f:
|
||||||
|
self.processed_domains = set(json.load(f))
|
||||||
|
logger.info(f"加载已处理域名: {len(self.processed_domains)} 个")
|
||||||
|
except Exception as e:
|
||||||
|
logger.warning(f"加载已处理域名失败: {e}")
|
||||||
|
|
||||||
|
def _save_processed_domains(self):
|
||||||
|
"""保存已处理的域名列表"""
|
||||||
|
state_file = '/var/lib/apisix-ssl-manager/processed_domains.json'
|
||||||
|
os.makedirs(os.path.dirname(state_file), exist_ok=True)
|
||||||
|
try:
|
||||||
|
with open(state_file, 'w') as f:
|
||||||
|
json.dump(list(self.processed_domains), f)
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f"保存已处理域名失败: {e}")
|
||||||
|
|
||||||
def get_all_routes(self) -> list:
|
def get_all_routes(self) -> list:
|
||||||
"""获取所有路由"""
|
"""获取所有路由"""
|
||||||
try:
|
try:
|
||||||
@ -133,6 +158,10 @@ class RouteWatcher:
|
|||||||
|
|
||||||
def should_request_cert(self, domain: str) -> bool:
|
def should_request_cert(self, domain: str) -> bool:
|
||||||
"""判断是否需要申请证书"""
|
"""判断是否需要申请证书"""
|
||||||
|
# 跳过已处理的域名
|
||||||
|
if domain in self.processed_domains:
|
||||||
|
return False
|
||||||
|
|
||||||
# 跳过本地域名
|
# 跳过本地域名
|
||||||
if domain in ['localhost', '127.0.0.1', '0.0.0.0']:
|
if domain in ['localhost', '127.0.0.1', '0.0.0.0']:
|
||||||
return False
|
return False
|
||||||
@ -141,12 +170,13 @@ class RouteWatcher:
|
|||||||
if domain.replace('.', '').isdigit():
|
if domain.replace('.', '').isdigit():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# 检查是否已有 SSL 配置(直接检查实际配置,最准确)
|
# 检查是否已有 SSL 配置
|
||||||
ssls = self.get_all_ssls()
|
ssls = self.get_all_ssls()
|
||||||
for ssl in ssls:
|
for ssl in ssls:
|
||||||
ssl_domains = self.extract_domains_from_ssl(ssl)
|
ssl_domains = self.extract_domains_from_ssl(ssl)
|
||||||
if domain in ssl_domains:
|
if domain in ssl_domains:
|
||||||
logger.info(f"域名已有 SSL 配置: {domain}")
|
logger.info(f"域名已有 SSL 配置: {domain}")
|
||||||
|
self.processed_domains.add(domain)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
@ -172,6 +202,8 @@ class RouteWatcher:
|
|||||||
try:
|
try:
|
||||||
if self.ssl_manager.request_certificate(domain):
|
if self.ssl_manager.request_certificate(domain):
|
||||||
logger.info(f"证书申请成功: {domain}")
|
logger.info(f"证书申请成功: {domain}")
|
||||||
|
self.processed_domains.add(domain)
|
||||||
|
self._save_processed_domains()
|
||||||
else:
|
else:
|
||||||
logger.error(f"证书申请失败: {domain}")
|
logger.error(f"证书申请失败: {domain}")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user