mirror of
https://gitee.com/samwaf/SamWaf.git
synced 2025-12-06 14:59:18 +08:00
fix:ssl renew
This commit is contained in:
samwaf
1
main.go
1
main.go
@@ -484,6 +484,7 @@ func (m *wafSystenService) run() {
|
||||
break
|
||||
case enums.ChanTypeSSL:
|
||||
host := msg.Content.(model.Hosts)
|
||||
zlog.Info(fmt.Sprintf("服务端准备为 %s 主机刷新 SSL证书 ,证书信息:%v", host.Host, utils.PrintSSLCert(host.Certfile)))
|
||||
globalobj.GWAF_RUNTIME_OBJ_WAF_ENGINE.RemoveHost(host)
|
||||
globalobj.GWAF_RUNTIME_OBJ_WAF_ENGINE.LoadHost(host)
|
||||
globalobj.GWAF_RUNTIME_OBJ_WAF_ENGINE.StartAllProxyServer()
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/satori/go.uuid"
|
||||
"gorm.io/gorm"
|
||||
"path/filepath"
|
||||
@@ -87,7 +88,7 @@ func (receiver *WafSslConfigService) AddInner(config model.SslConfig) {
|
||||
//检测如果证书编号已经存在不需在进行添加了
|
||||
err := global.GWAF_LOCAL_DB.First(&model.SslConfig{}, "serial_no = ?", config.SerialNo).Error
|
||||
if err == nil && !errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
zlog.Info("证书已经存在不进行再次备份")
|
||||
zlog.Info(fmt.Sprintf("%s 证书已经存在不进行再次备份", config.Domains))
|
||||
return
|
||||
}
|
||||
config.Id = uuid.NewV4().String()
|
||||
@@ -98,6 +99,7 @@ func (receiver *WafSslConfigService) AddInner(config model.SslConfig) {
|
||||
config.KeyPath = filepath.Join(utils.GetCurrentDir(), "ssl", config.Id, "domain.key")
|
||||
}
|
||||
global.GWAF_LOCAL_DB.Create(config)
|
||||
zlog.Info(fmt.Sprintf("%s 原来证书已备份", config.Domains))
|
||||
}
|
||||
|
||||
func (receiver *WafSslConfigService) CheckIsExistApi(serialNo string) error {
|
||||
|
||||
@@ -49,6 +49,17 @@ func GetCurrentDir() string {
|
||||
exeDir := filepath.Dir(exePath)
|
||||
return exeDir
|
||||
}
|
||||
|
||||
// CheckDebugEnvInfo 检测是否打印debug信息
|
||||
func CheckDebugEnvInfo() bool {
|
||||
// 检测环境变量是否存在
|
||||
envVar := "SamWafIDEDebugLog"
|
||||
if _, exists := os.LookupEnv(envVar); exists {
|
||||
return true
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
func GetServerByHosts(hosts model.Hosts) string {
|
||||
if hosts.Ssl == 1 {
|
||||
return "https"
|
||||
|
||||
42
utils/sslutils.go
Normal file
42
utils/sslutils.go
Normal file
@@ -0,0 +1,42 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// PrintSSLCert 打印证书信息
|
||||
func PrintSSLCert(cert string) string {
|
||||
result := ""
|
||||
block, _ := pem.Decode([]byte(cert))
|
||||
if block != nil {
|
||||
cert, err := x509.ParseCertificate(block.Bytes)
|
||||
if err == nil {
|
||||
serialNo := cert.SerialNumber.String()
|
||||
subject := cert.Subject.String()
|
||||
issuer := cert.Issuer.String()
|
||||
validFrom := cert.NotBefore
|
||||
validTo := cert.NotAfter
|
||||
|
||||
domains := ""
|
||||
if len(cert.DNSNames) > 0 {
|
||||
for _, domain := range cert.DNSNames {
|
||||
if domains != "" {
|
||||
domains += ", "
|
||||
}
|
||||
domains += domain
|
||||
}
|
||||
} else {
|
||||
domains = "未指定域名"
|
||||
}
|
||||
result = fmt.Sprintf("serialNo=%s subject=%s issuer=%s validFrom=%v validTo=%v domains=%s", serialNo, subject, issuer, validFrom, validTo, domains)
|
||||
|
||||
} else {
|
||||
result = "格式错误2"
|
||||
}
|
||||
} else {
|
||||
result = "格式错误"
|
||||
}
|
||||
return result
|
||||
}
|
||||
11
utils/sslutils_test.go
Normal file
11
utils/sslutils_test.go
Normal file
@@ -0,0 +1,11 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestPrintSSLCert(t *testing.T) {
|
||||
cert := "-----BEGIN CERTIFICATE-----\nMIIE7DCCA9SgAwIBAgISA4N0c7wi2clJsotoWX50YwvyMA0GCSqGSIb3DQEBCwUA\nMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD\nEwNSMTAwHhcNMjQxMjMxMDIxOTQzWhcNMjUwMzMxMDIxOTQyWjAZMRcwFQYDVQQD\nEw5zc2wuc2Ftd2FmLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAKgblS3UpKtmdMD3TFl/PKQ1vdUAZdiU/VUSve/WplEbW0pvcy4ZH5vtqsDiBdBp\nqWkRjela1n2harAZZ+puAhva0qmJekdYgzA4cfpy75Q41IDK/vqoE8ektGTtM1OH\nEFcXnN++isKhhUhnVH+5yxiIw+1UhrCgxY6qcVDR7BxJXOB5Z26P7c5noX+vorM6\n1YpNnJhnEYUpfWwvqSxL3etkzYebB3yyZt5odL/Wl5cPneRn5cpNOisAvZhJMp2x\n8aSz4KGfDZc3Zc/f/qFYB9UZb+MNrrSQjoYa1/IBaxkMc3lt/qx6u+pKoXueqlpT\nOwugpT8mbZcT8xsPdQzGixsCAwEAAaOCAhIwggIOMA4GA1UdDwEB/wQEAwIFoDAd\nBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV\nHQ4EFgQUZnvUGTGjwqXuHP/EbWNj3tRlopAwHwYDVR0jBBgwFoAUu7zDR6XkvKnG\nw6RyDBCNojXhyOgwVwYIKwYBBQUHAQEESzBJMCIGCCsGAQUFBzABhhZodHRwOi8v\ncjEwLm8ubGVuY3Iub3JnMCMGCCsGAQUFBzAChhdodHRwOi8vcjEwLmkubGVuY3Iu\nb3JnLzAZBgNVHREEEjAQgg5zc2wuc2Ftd2FmLmNvbTATBgNVHSAEDDAKMAgGBmeB\nDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AH1ZHhLheCp7HGFnfF79+NCH\nXBSgTpWeuQMv2Q6MLnm4AAABlBq4mgkAAAQDAEgwRgIhAJzjQegFGOnX/AOkhcb8\n++IGsujC+ijKJLoN12Ts2iKpAiEA9saQ16ZkqYtvS4V7sHnBA0MJnNgktc8V9+No\nh6aATysAdQBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAZQauJoJ\nAAAEAwBGMEQCIDP9QTliNArtRgS1yeAqvRUiuDejd4hWNKsmCJAv3jwZAiARzjoW\nzBB2Y9iZpGkj0Yfn7pxZhVspXttxutiofGiVczANBgkqhkiG9w0BAQsFAAOCAQEA\nGy1fQ31ff4VhOZeftnrc7deLLXd2/CnTX/pdPCM72kAYIPo1/nT+uhP5fiRUxfxa\nnj+yCbCL7uhXj0sUg7ONmHK6bhy2sGFuNleNX8qebfDwXvcbiFyZat6CPuZypoqw\nyeWeYBqyx+rJNiIGRz7YEK5X0XmFGXcfG51AjFMZMZQU1x9WeYzx5/JT0k/2eaaP\nenpdMqagu83swgPVlRb6JxWyS2ASMCpp7h2o/cWsRs2z5l79BcHgY9GFZmCqwUHA\nDwffpAjpUnDhuIY539cyO3J8X6qWwwkHcaoEK7+ju4fwrH8rVkVZNSmn7cKPh7Ah\nlUoy5I4C1bjOQjmzjBPyXw==\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nMIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP\nMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy\nY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa\nFw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF\nbmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL\nYlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a\n/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4\nFpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR\nmudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3\nDZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG\nMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/\nAgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5\ntFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG\nFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD\nVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B\nAQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo\nzwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd\nu6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9\n1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0\nGaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh\n1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ\nQjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N\n4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz\nrsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei\nRmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx\nKPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=\n-----END CERTIFICATE-----\n"
|
||||
fmt.Println(PrintSSLCert(cert))
|
||||
}
|
||||
@@ -85,7 +85,7 @@ func InitCoreDb(currentDir string) {
|
||||
// 启用 WAL 模式
|
||||
_ = db.Exec("PRAGMA journal_mode=WAL;")
|
||||
|
||||
if global.GWAF_RELEASE == "false" {
|
||||
if global.GWAF_RELEASE == "false" && utils.CheckDebugEnvInfo() {
|
||||
// 启用调试模式
|
||||
db = db.Session(&gorm.Session{
|
||||
Logger: logger.Default.LogMode(logger.Info), // 设置为Info表示启用调试模式
|
||||
@@ -181,7 +181,7 @@ func InitLogDb(currentDir string) {
|
||||
}
|
||||
// 启用 WAL 模式
|
||||
_ = db.Exec("PRAGMA journal_mode=WAL;")
|
||||
if global.GWAF_RELEASE == "false" {
|
||||
if global.GWAF_RELEASE == "false" && utils.CheckDebugEnvInfo() {
|
||||
// 启用调试模式
|
||||
db = db.Session(&gorm.Session{
|
||||
Logger: logger.Default.LogMode(logger.Info), // 设置为Info表示启用调试模式
|
||||
@@ -282,7 +282,7 @@ func InitStatsDb(currentDir string) {
|
||||
}
|
||||
// 启用 WAL 模式
|
||||
_ = db.Exec("PRAGMA journal_mode=WAL;")
|
||||
if global.GWAF_RELEASE == "false" {
|
||||
if global.GWAF_RELEASE == "false" && utils.CheckDebugEnvInfo() {
|
||||
// 启用调试模式
|
||||
db = db.Session(&gorm.Session{
|
||||
Logger: logger.Default.LogMode(logger.Info), // 设置为Info表示启用调试模式
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"SamWaf/utils"
|
||||
"SamWaf/utils/ssl"
|
||||
"errors"
|
||||
"fmt"
|
||||
uuid "github.com/satori/go.uuid"
|
||||
"time"
|
||||
)
|
||||
@@ -26,6 +27,7 @@ var (
|
||||
func (waf *WafEngine) ApplySSLOrder(chanType int, bean model.SslOrder) {
|
||||
if chanType == enums.ChanSslOrderSubmitted {
|
||||
//发起申请
|
||||
zlog.Info(fmt.Sprintf("%s 正在进行首次证书申请", bean.ApplyDomain))
|
||||
filePath := utils.GetCurrentDir() + "/data/vhost/" + bean.HostCode
|
||||
filePathErr := utils.CheckPathAndCreate(filePath)
|
||||
if filePathErr != nil {
|
||||
@@ -33,31 +35,33 @@ func (waf *WafEngine) ApplySSLOrder(chanType int, bean model.SslOrder) {
|
||||
}
|
||||
updateSSLOrder, err := ssl.RegistrationSSL(bean, filePath)
|
||||
if err == nil {
|
||||
zlog.Error("证书首次申请处理", err)
|
||||
zlog.Info(fmt.Sprintf("%s 首次证书申请成功", bean.ApplyDomain))
|
||||
|
||||
err := waf.processSSL(updateSSLOrder, bean)
|
||||
if err != nil {
|
||||
zlog.Error(fmt.Sprintf("%s 证书首次申请后续 失败 %v", bean.ApplyDomain, err.Error()))
|
||||
updateSSLOrder.ApplyStatus = "fail"
|
||||
updateSSLOrder.ResultCertificate = nil
|
||||
updateSSLOrder.ResultError = err.Error()
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
} else {
|
||||
zlog.Info(fmt.Sprintf("%s 证书首次申请后续 成功", bean.ApplyDomain))
|
||||
updateSSLOrder.ApplyStatus = "success"
|
||||
updateSSLOrder.ResultError = ""
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
}
|
||||
} else {
|
||||
//设置数据
|
||||
zlog.Error(fmt.Sprintf("%s 首次证书申请 失败 %v", bean.ApplyDomain, err.Error()))
|
||||
updateSSLOrder.ApplyStatus = "fail"
|
||||
updateSSLOrder.ResultCertificate = nil
|
||||
updateSSLOrder.ResultError = err.Error()
|
||||
err := wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
if err != nil {
|
||||
zlog.Error("保存结果", err.Error())
|
||||
}
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
}
|
||||
|
||||
} else if chanType == enums.ChanSslOrderrenew {
|
||||
//发起申请
|
||||
zlog.Info(fmt.Sprintf("%s 正在证书续期申请处理", bean.ApplyDomain))
|
||||
filePath := utils.GetCurrentDir() + "/data/vhost/" + bean.HostCode
|
||||
filePathErr := utils.CheckPathAndCreate(filePath)
|
||||
if filePathErr != nil {
|
||||
@@ -65,34 +69,31 @@ func (waf *WafEngine) ApplySSLOrder(chanType int, bean model.SslOrder) {
|
||||
}
|
||||
updateSSLOrder, err := ssl.ReNewSSL(bean, filePath)
|
||||
if err == nil {
|
||||
zlog.Error("证书续期申请处理", err)
|
||||
zlog.Info(fmt.Sprintf("%s 证书续期申请成功", bean.ApplyDomain))
|
||||
|
||||
err := waf.processSSL(updateSSLOrder, bean)
|
||||
if err != nil {
|
||||
zlog.Error(fmt.Sprintf("%s 证书续期申请处理后续 失败 %v", bean.ApplyDomain, err.Error()))
|
||||
updateSSLOrder.ApplyStatus = "fail"
|
||||
updateSSLOrder.ResultError = err.Error()
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
} else {
|
||||
zlog.Info(fmt.Sprintf("%s 证书续期处理后续 成功", bean.ApplyDomain))
|
||||
updateSSLOrder.ApplyStatus = "success"
|
||||
updateSSLOrder.ResultError = ""
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
}
|
||||
} else {
|
||||
//设置数据
|
||||
zlog.Error(fmt.Sprintf("%s 续期证书申请 失败 %v", bean.ApplyDomain, err.Error()))
|
||||
updateSSLOrder.ApplyStatus = "fail"
|
||||
updateSSLOrder.ResultError = err.Error()
|
||||
err := wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
if err != nil {
|
||||
zlog.Error("续期保存结果", err.Error())
|
||||
}
|
||||
wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (waf *WafEngine) processSSL(updateSSLOrder model.SslOrder, bean model.SslOrder) error {
|
||||
err := wafSslOrderService.ModifyById(updateSSLOrder)
|
||||
if err != nil {
|
||||
return errors.New("更新SslOrder是失败")
|
||||
}
|
||||
newSslConfig := model.SslConfig{
|
||||
BaseOrm: baseorm.BaseOrm{
|
||||
Id: uuid.NewV4().String(),
|
||||
@@ -102,7 +103,7 @@ func (waf *WafEngine) processSSL(updateSSLOrder model.SslOrder, bean model.SslOr
|
||||
UPDATE_TIME: customtype.JsonTime(time.Now()),
|
||||
},
|
||||
}
|
||||
err = newSslConfig.FillByCertAndKey(string(updateSSLOrder.ResultCertificate), string(updateSSLOrder.ResultPrivateKey))
|
||||
err := newSslConfig.FillByCertAndKey(string(updateSSLOrder.ResultCertificate), string(updateSSLOrder.ResultPrivateKey))
|
||||
if err != nil {
|
||||
return errors.New("填充证书夹失败")
|
||||
}
|
||||
@@ -110,6 +111,7 @@ func (waf *WafEngine) processSSL(updateSSLOrder model.SslOrder, bean model.SslOr
|
||||
//1. 查找关联主机是否绑定了证书信息, 如有有则生成新证书夹信息,否则 新增
|
||||
hostBean := wafHostService.GetDetailByCodeApi(bean.HostCode)
|
||||
if hostBean.BindSslId == "" {
|
||||
zlog.Info(fmt.Sprintf("%s 当前主机未配置证书新增一个证书文件夹", bean.ApplyDomain))
|
||||
//添加到证书夹内
|
||||
wafSslConfigService.AddInner(newSslConfig)
|
||||
//1.更新主机信息 2.发送主机通知
|
||||
@@ -126,18 +128,19 @@ func (waf *WafEngine) processSSL(updateSSLOrder model.SslOrder, bean model.SslOr
|
||||
global.GWAF_CHAN_MSG <- chanInfo
|
||||
}
|
||||
} else {
|
||||
zlog.Info(fmt.Sprintf("%s 当前主机已配置证书文件夹绑定关系", bean.ApplyDomain))
|
||||
oldSslConfig := wafSslConfigService.GetDetailInner(hostBean.BindSslId)
|
||||
|
||||
if newSslConfig.CompareSSLNeedUpdate(newSslConfig, oldSslConfig) {
|
||||
//将原来的证书备份,新证书更新到现有证书里面
|
||||
zlog.Info(fmt.Sprintf("%s 当前主机已绑定的证书和新证书相比后允许更新", bean.ApplyDomain))
|
||||
wafSslConfigService.AddInner(oldSslConfig)
|
||||
newSslConfig.Id = oldSslConfig.Id
|
||||
wafSslConfigService.ModifyInner(newSslConfig)
|
||||
//1.更新主机信息 2.发送主机通知
|
||||
err = wafHostService.UpdateSSLInfo(string(updateSSLOrder.ResultCertificate), string(updateSSLOrder.ResultPrivateKey), bean.HostCode)
|
||||
if err == nil {
|
||||
hostBean.Keyfile = string(bean.ResultPrivateKey)
|
||||
hostBean.Certfile = string(bean.ResultCertificate)
|
||||
hostBean.Keyfile = string(updateSSLOrder.ResultPrivateKey)
|
||||
hostBean.Certfile = string(updateSSLOrder.ResultCertificate)
|
||||
var chanInfo = spec.ChanCommonHost{
|
||||
HostCode: bean.HostCode,
|
||||
Type: enums.ChanTypeSSL,
|
||||
@@ -146,6 +149,8 @@ func (waf *WafEngine) processSSL(updateSSLOrder model.SslOrder, bean model.SslOr
|
||||
}
|
||||
global.GWAF_CHAN_MSG <- chanInfo
|
||||
}
|
||||
} else {
|
||||
zlog.Info(fmt.Sprintf("%s 当前主机已绑定的证书和新证书相比后不允许更新", bean.ApplyDomain))
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -36,31 +36,7 @@ func (waf *WafEngine) LoadHost(inHost model.Hosts) []innerbean.ServerRunTime {
|
||||
|
||||
//检测https
|
||||
if inHost.Ssl == 1 {
|
||||
/*dirPath := filepath.Join(utils.GetCurrentDir(), "ssl", "host", inHost.Id)
|
||||
// 检查目录是否存在
|
||||
if _, err := os.Stat(dirPath); os.IsNotExist(err) {
|
||||
// 创建目录
|
||||
err := os.MkdirAll(dirPath, os.ModePerm)
|
||||
if err != nil {
|
||||
zlog.Error("failed to create directory:", err.Error())
|
||||
}
|
||||
}
|
||||
keyFilePath := filepath.Join(dirPath, "domain.key")
|
||||
certFilePath := filepath.Join(dirPath, "domain.crt")
|
||||
|
||||
// 检查 key 文件
|
||||
if err := utils.UpdateFileIsHasNewInfo(keyFilePath, inHost.Keyfile); err != nil {
|
||||
zlog.Error("failed to write key file: ", err.Error())
|
||||
}
|
||||
|
||||
// 检查 cert 文件
|
||||
if err := utils.UpdateFileIsHasNewInfo(certFilePath, inHost.Certfile); err != nil {
|
||||
zlog.Error("failed to write key file: ", err.Error())
|
||||
}
|
||||
//waf.AllCertificate.LoadSSLByFilePath(inHost.Host, certFilePath, keyFilePath)
|
||||
*/
|
||||
waf.AllCertificate.LoadSSL(inHost.Host, inHost.Certfile, inHost.Keyfile)
|
||||
|
||||
}
|
||||
if inHost.GLOBAL_HOST == 1 {
|
||||
global.GWAF_GLOBAL_HOST_CODE = inHost.Code
|
||||
|
||||
@@ -2,6 +2,7 @@ package waftask
|
||||
|
||||
import (
|
||||
"SamWaf/common/zlog"
|
||||
"SamWaf/utils"
|
||||
"fmt"
|
||||
"runtime/debug"
|
||||
"sync"
|
||||
@@ -40,7 +41,9 @@ func (tr *TaskRegistry) ExecuteTask(taskName string) {
|
||||
if taskFunc, exists := tr.Tasks[taskName]; exists {
|
||||
|
||||
go func() {
|
||||
zlog.Debug("正在执行任务", taskName)
|
||||
if utils.CheckDebugEnvInfo() {
|
||||
zlog.Debug("正在执行任务", taskName)
|
||||
}
|
||||
// 获取当前任务的锁
|
||||
taskMutex, exists := tr.mutexes[taskName]
|
||||
if !exists {
|
||||
|
||||
@@ -3,6 +3,7 @@ package waftask
|
||||
import (
|
||||
"SamWaf/common/zlog"
|
||||
"SamWaf/global"
|
||||
"SamWaf/utils"
|
||||
"SamWaf/wafenginecore"
|
||||
"sync/atomic"
|
||||
)
|
||||
@@ -10,7 +11,10 @@ import (
|
||||
// TaskLogQpsClean 清空LOG QPS
|
||||
func TaskLogQpsClean() {
|
||||
innerLogName := "TaskLogQpsClean"
|
||||
zlog.Debug(innerLogName, "准备进行TaskLogQpsClean")
|
||||
if utils.CheckDebugEnvInfo() {
|
||||
zlog.Debug(innerLogName, "准备进行TaskLogQpsClean")
|
||||
}
|
||||
|
||||
// 清零计数器
|
||||
atomic.StoreUint64(&global.GWAF_RUNTIME_QPS, 0)
|
||||
atomic.StoreUint64(&global.GWAF_RUNTIME_LOG_PROCESS, 0)
|
||||
@@ -19,6 +23,8 @@ func TaskLogQpsClean() {
|
||||
// TaskHostQpsClean 清空主机 QPS
|
||||
func TaskHostQpsClean() {
|
||||
innerLogName := "TaskHostQpsClean"
|
||||
zlog.Debug(innerLogName, "准备进行TaskHostQpsClean")
|
||||
if utils.CheckDebugEnvInfo() {
|
||||
zlog.Debug(innerLogName, "准备进行TaskHostQpsClean")
|
||||
}
|
||||
wafenginecore.ResetQPS()
|
||||
}
|
||||
|
||||
@@ -98,7 +98,8 @@ func SSLOrderReload() {
|
||||
if err != nil {
|
||||
zlog.Error(innerLogName, "ssl order get lasted info:", err.Error())
|
||||
} else {
|
||||
zlog.Info(innerLogName, "ssl order expire:", isExpire, availDay, msg)
|
||||
zlog.Info(fmt.Sprintf("%s 域名%s 是否过期 %v 天数:%v 信息 %v ,系统检测超期天数 %v 天",
|
||||
innerLogName, hostBean.Host, isExpire, availDay, msg, global.GCONFIG_RECORD_SSLOrder_EXPIRE_DAY))
|
||||
if isExpire == false && availDay <= int(global.GCONFIG_RECORD_SSLOrder_EXPIRE_DAY) {
|
||||
//没过期 且是知单天数 就才处理
|
||||
var chanInfo = spec.ChanSslOrder{
|
||||
|
||||
Reference in New Issue
Block a user