* 新增支持自定义上传证书功能

* 新增支持申请和自动续期Let's Encrypt证书（暂只支持阿里云和腾讯云）功能 * 新增支持动态加载证书（更换证书不需重启）功能
2025-08-08 14:29:42 +08:00 · 2023-03-31 20:34:29 +08:00
parent df52087473
commit 9bac773961
9 changed files with 554 additions and 39 deletions
--- a/server/admin/server.go
+++ b/server/admin/server.go
@@ -46,6 +46,9 @@ func StartAdmin() {
 	r.HandleFunc("/set/audit/list", SetAuditList)
 	r.HandleFunc("/set/audit/export", SetAuditExport)
 	r.HandleFunc("/set/audit/act_log_list", UserActLogList)
+	r.HandleFunc("/set/other/createcert", CreatCert)
+	r.HandleFunc("/set/other/getcertset", GetCertSetting)
+	r.HandleFunc("/set/other/customcert", CustomCert)

 	r.HandleFunc("/user/list", UserList)
 	r.HandleFunc("/user/detail", UserDetail)
@@ -101,13 +104,20 @@ func StartAdmin() {
 		NextProtos:   []string{"http/1.1"},
 		MinVersion:   tls.VersionTLS12,
 		CipherSuites: selectedCipherSuites,
+		GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
+			cert, err := tls.LoadX509KeyPair(base.Cfg.CertFile, base.Cfg.CertKey)
+			if err != nil {
+				return nil, err
+			}
+			return &cert, nil
+		},
 	}
 	srv := &http.Server{
 		Addr:      base.Cfg.AdminAddr,
 		Handler:   r,
 		TLSConfig: tlsConfig,
 	}
-	err := srv.ListenAndServeTLS(base.Cfg.CertFile, base.Cfg.CertKey)
+	err := srv.ListenAndServeTLS("", "")
 	if err != nil {
 		base.Fatal(err)
 	}