feat: 支持使用自定义证书

src/bootstrap.ts

@@ -45,9 +45,15 @@ export async function bootstrap(version: string): Promise<void> {
   cluster.connect()
   const proto = config.byoc ? 'http' : 'https'
   if (proto === 'https') {
-    logger.info('请求证书')
-    await cluster.requestCert()
+    if (config.sslCert && config.sslKey) {
+      logger.debug('使用自定义证书')
+      await cluster.useSelfCert()
+    } else {
+      logger.info('请求证书')
+      await cluster.requestCert()
+    }
   }
+
   if (config.enableNginx) {
     if (typeof cluster.port === 'number') {
       await cluster.setupNginx(join(__dirname, '..'), cluster.port, proto)

src/cluster.ts

@@ -518,6 +518,26 @@ export class Cluster {
     await fse.outputFile(join(this.tmpDir, 'key.pem'), cert.key)
   }
 
+  public async useSelfCert(): Promise<void> {
+    if (!config.sslCert) {
+      throw new Error('缺少ssl证书')
+    }
+    if (!config.sslKey) {
+      throw new Error('缺少ssl私钥')
+    }
+
+    if (await fse.pathExists(config.sslCert)) {
+      await fse.copyFile(config.sslCert, join(this.tmpDir, 'cert.pem'))
+    } else {
+      await fse.outputFile(join(this.tmpDir, 'cert.pem'), config.sslCert)
+    }
+    if (await fse.pathExists(config.sslKey)) {
+      await fse.copyFile(config.sslKey, join(this.tmpDir, 'key.pem'))
+    } else {
+      await fse.outputFile(join(this.tmpDir, 'key.pem'), config.sslKey)
+    }
+  }
+
   public exit(code: number = 0): void {
     if (this.nginxProcess) {
       this.nginxProcess.kill()

src/config.ts

@@ -22,6 +22,10 @@ export class Config {
   public readonly enableUpnp = env.get('ENABLE_UPNP').asBool()
   public readonly storage = env.get('CLUSTER_STORAGE').default('file').asString()
   public readonly storageOpts = env.get('CLUSTER_STORAGE_OPTIONS').asJsonObject()
+
+  public readonly sslKey = env.get('SSL_KEY').asString()
+  public readonly sslCert = env.get('SSL_CERT').asString()
+
   public readonly flavor: IConfigFlavor
 
   private constructor() {