Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
@midoks
midoks committed Dec 21, 2024
1 parent 737450b commit 36898e3
Show file tree
Hide file tree
Showing 2 changed files with 188 additions and 13 deletions.
109 changes: 99 additions & 10 deletions web/static/app/site.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,13 +471,13 @@ function setSitePath(id){
function webBakEdit(id){
$.post("/data?action=getKey','table=sites&key=ps&id="+id,function(rdata){
var webBakHtml = "<div class='webEdit-box padding-10'>\
<div class='line'>\
<label><span>"+lan.site.note_ph+"</span></label>\
<div class='info-r'>\
<textarea name='beizhu' id='webbeizhu' col='5' style='width:96%'>"+rdata+"</textarea>\
<br><br><button class='btn btn-success btn-sm' onclick='SetSitePs("+id+")'>保存</button>\
</div>\
</div>";
<div class='line'>\
<label><span>"+lan.site.note_ph+"</span></label>\
<div class='info-r'>\
<textarea name='beizhu' id='webbeizhu' col='5' style='width:96%'>"+rdata+"</textarea>\
<br><br><button class='btn btn-success btn-sm' onclick='SetSitePs("+id+")'>保存</button>\
</div>\
</div>";
$("#webedit-con").html(webBakHtml);
});
}
Expand Down Expand Up @@ -2649,6 +2649,91 @@ function newSSL(siteName, id, domains){
});
}

// 手动申请dns提示
function newAcmeHandApplyNotice(siteName, id, domains, data){
// console.log(siteName, id, domains, data);
layer.open({
type: 1,
area: '700px',
title: '手动解析TXT记录',
closeBtn: 1,
shift: 5,
shadeClose: true,
btn:["验证", "取消"],
content:'<div class="bt-form" style="padding: 10px 20px;">\
<div class="line"><span>请按以下列表做TXT解析: </span></div>\
<div id="acme_hand_ssl_notice" class="divtable mtb10">\
<div class="tablescroll">\
<table class="table table-hover" width="100%" cellspacing="0" cellpadding="0" border="0" style="border: 0 none;">\
<thead><tr><th>解析域名</th><th>记录值</th><th>类型</th><th>必需</th></tr></thead>\
<tbody></tbody>\
</table>\
</div>\
</div>\
<ul id="acme_hand_ssl_notice_help" class="help-info-text c6">\
<li>解析域名需要一定时间来生效,完成所以上所有解析操作后,请等待1分钟后再点击【验证】按钮</li>\
<li>可通过CMD命令来手动验证域名解析是否生效: nslookup -q=txt _acme-challenge.xx.cn</li>\
<li>若您使用的是阿里云DNS,DnsPod作为DNS,可使用DNS接口自动解析</li>\
</ul>\
</div>',
success:function(){

var list = '';
for (var i = 0; i < data.length; i++) {
list += '<tr>';
list += '<td>'+data[i]['domain']+'</td>';
list += '<td>'+data[i]['val']+'</td>';
list += '<td>'+data[i]['type']+'</td>';

if (data[i]['must']){
list += '<td>必需</td>';
} else{
list += '<td>可选</td>';
}
list += '</tr>';
}
$('#acme_hand_ssl_notice tbody').html(list);

if (data.length>0){
var help_txt = "可通过CMD命令来手动验证域名解析是否生效: nslookup -q=txt "+data[0]['domain'];
$('#acme_hand_ssl_notice_help li:eq(1)').text(help_txt);
}
},
yes:function(layero,index){
layer.close(index);
showSpeedWindow('正在由ACME申请手动SSL...', 'site.get_acme_logs', function(layers,index){
var pdata = {};
pdata['siteName'] = siteName;
pdata['domains'] = domains;
pdata['email'] = $("input[name='admin_email']").val();

if($("#checkDomain").prop("checked")){
pdata['force'] = 'true';
}

if($("#wildcard_domain").prop("checked")){
pdata['wildcard_domain'] = 'true';
}

var apply_type = $('input[name="apply_type"]:checked').val();
pdata['apply_type'] = apply_type;
if (apply_type == 'dns'){
pdata['dnspai'] = $('#dnsapi_option option:selected').val();
}
pdata['renew'] = 'true';
$.post('/site/create_acme',pdata,function(rdata){
showMsg(rdata.msg, function(){
if (rdata.status){
layer.close(index);
$(".tab-nav span:first-child").click();
}
},{icon:rdata.status?1:2}, 3000);
},'json');
});
}
});
}

function newAcmeSSL(siteName, id, domains){
showSpeedWindow('正在由ACME申请...', 'site.get_acme_logs', function(layers,index){
var pdata = {};
Expand All @@ -2672,9 +2757,13 @@ function newAcmeSSL(siteName, id, domains){

$.post('/site/create_acme',pdata,function(rdata){
showMsg(rdata.msg, function(){
layer.close(index);
if(rdata.status){
$(".tab-nav span:first-child").click();
if (rdata.status){
layer.close(index);
if (rdata.msg == '手动解析'){
newAcmeHandApplyNotice(siteName, id, domains, rdata.data);
} else{
$(".tab-nav span:first-child").click();
}
}
},{icon:rdata.status?1:2}, 3000);
},'json');
Expand Down
92 changes: 89 additions & 3 deletions web/utils/site.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2262,8 +2262,95 @@ def getDomainRootName(self, domain):
top_domain = s[last_index-1]+'.'+s[last_index]
return top_domain

# 查找手动验证,需要改动域名dns的配置
# nslookup -q=txt _acme-challenge.xx.com
def findAcmeHandDnsNotice(self, top_domain):
log_file = self.acmeLogFile()
info = mw.readFile(log_file)
txt_rep = r"TXT value: \'(.*)\'"
txt_value = re.finditer(txt_rep, info)

rdata = []
for text in txt_value:
t = {}
t['domain'] = '_acme-challenge.'+top_domain
t['val'] = text.groups()[0]
t['type'] = 'TXT'
t['must'] = True
rdata.append(t)
return rdata

# acme手动申请方式
# https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode
def createAcmeDnsTypeNone(self, site_name, domains, email, dnspai, wildcard_domain, force, renew):
# print(site_name, domains, email, dnspai, wildcard_domain, force, renew)
acme_dir = mw.getAcmeDir()
log_file = self.acmeLogFile()

for d in domains:
top_domain = self.getDomainRootName(d)
cmd = '''
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin:/opt/homebrew/bin:%s
export PATH
''' % (acme_dir,)
cmd += "acme.sh --register-account -m " + email + " \n"
if wildcard_domain == 'true':
cmd += 'acme.sh --issue -d '+top_domain+' -d "*.'+top_domain+'"'
d = top_domain
else:
cmd += "acme.sh --issue -d " + d + " "
cmd += " --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please"

if renew == 'true':
cmd += " --renew"
cmd += ' > ' + log_file
print(cmd)
result = mw.execShell(cmd)
# print(result)

# acme源的ssl证书
src_path = mw.getAcmeDomainDir(d)
src_cert = src_path + '/fullchain.cer'
src_key = src_path + '/' + d + '.key'

if not os.path.exists(src_cert):
info = self.findAcmeHandDnsNotice(top_domain)
if len(info) != 0:
return mw.returnData(True, '手动解析', info)

# acme源建立软链接(目标)
dst_path = self.sslDir + '/' + site_name
dst_cert = dst_path + "/fullchain.pem" # 生成证书路径
dst_key = dst_path + "/privkey.pem" # 密钥文件路径

if not os.path.exists(dst_path):
mw.execShell("mkdir -p " + dst_path)

mw.buildSoftLink(src_cert, dst_cert, True)
mw.buildSoftLink(src_key, dst_key, True)
mw.execShell('echo "acme" > "' + dst_path + '/README"')

# 写入配置文件
result = self.setSslConf(site_name)
if not result['status']:
return result
result['csr'] = mw.readFile(src_cert)
result['key'] = mw.readFile(src_key)

mw.restartWeb()
return mw.returnData(True, '证书已更新!', result)

def createAcmeDns(self, site_name, domains, email, dnspai, wildcard_domain, force, renew):
dnsapi_option = thisdb.getOptionByJson('dnsapi', default={})
log_file = self.acmeLogFile()
cmd = 'echo "..." > '+ log_file
mw.execShell(cmd)

# 手动方式申请
if dnspai == 'none':
return self.createAcmeDnsTypeNone(site_name, domains, email, dnspai, wildcard_domain, force, renew)

if not dnspai in dnsapi_option:
return mw.returnData(False, '['+dnspai+']未设置!')

Expand All @@ -2273,6 +2360,7 @@ def createAcmeDns(self, site_name, domains, email, dnspai, wildcard_domain, forc
return mw.returnData(False, k+'为空!')

acme_dir = mw.getAcmeDir()

for d in domains:
cmd = '''
#!/bin/bash
Expand All @@ -2287,9 +2375,7 @@ def createAcmeDns(self, site_name, domains, email, dnspai, wildcard_domain, forc
d = top_domain
else:
cmd += 'acme.sh --issue --dns '+str(dnspai)+' -d '+d

log_file = self.acmeLogFile()
cmd += ' >> ' + log_file
cmd += ' > ' + log_file
# print(cmd)
result = mw.execShell(cmd)
# print(result)
Expand Down

0 comments on commit 36898e3

Please sign in to comment.