From 8aa7f80042331c897b9309aafc05deec6190c663 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Fri, 25 Jul 2025 10:45:36 +0800 Subject: [PATCH 1/5] fix: error occurred tring to get ssl certificates with a low version suite in monitoring --- .../workflow/node-processor/monitor_node.go | 8 ++--- pkg/core/notifier/providers/email/email.go | 20 ++--------- pkg/utils/tls/config.go | 34 +++++++++++++++++++ 3 files changed, 39 insertions(+), 23 deletions(-) create mode 100644 pkg/utils/tls/config.go diff --git a/internal/workflow/node-processor/monitor_node.go b/internal/workflow/node-processor/monitor_node.go index e9f046f2..10021eab 100644 --- a/internal/workflow/node-processor/monitor_node.go +++ b/internal/workflow/node-processor/monitor_node.go @@ -2,7 +2,6 @@ package nodeprocessor import ( "context" - "crypto/tls" "crypto/x509" "fmt" "log/slog" @@ -15,6 +14,7 @@ import ( "github.com/certimate-go/certimate/internal/domain" xhttp "github.com/certimate-go/certimate/pkg/utils/http" + xtls "github.com/certimate-go/certimate/pkg/utils/tls" ) type monitorNode struct { @@ -117,10 +117,7 @@ func (n *monitorNode) Process(ctx context.Context) error { func (n *monitorNode) tryRetrievePeerCertificates(ctx context.Context, addr, domain, requestPath string) ([]*x509.Certificate, error) { transport := xhttp.NewDefaultTransport() - if transport.TLSClientConfig == nil { - transport.TLSClientConfig = &tls.Config{} - } - transport.TLSClientConfig.InsecureSkipVerify = true + transport.TLSClientConfig = xtls.NewInsecureConfig() client := &http.Client{ CheckRedirect: func(req *http.Request, via []*http.Request) error { @@ -138,6 +135,7 @@ func (n *monitorNode) tryRetrievePeerCertificates(ctx context.Context, addr, dom return nil, err } + req.Header.Set("Host", domain) req.Header.Set("User-Agent", "certimate") resp, err := client.Do(req) if err != nil { diff --git a/pkg/core/notifier/providers/email/email.go b/pkg/core/notifier/providers/email/email.go index 631e8995..6b88d385 100644 --- a/pkg/core/notifier/providers/email/email.go +++ b/pkg/core/notifier/providers/email/email.go @@ -2,7 +2,6 @@ package email import ( "context" - "crypto/tls" "errors" "log/slog" "net" @@ -12,6 +11,7 @@ import ( "github.com/domodwyer/mailyak/v3" "github.com/certimate-go/certimate/pkg/core" + xtls "github.com/certimate-go/certimate/pkg/utils/tls" ) type NotifierProviderConfig struct { @@ -79,7 +79,7 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s var yak *mailyak.MailYak if n.config.SmtpTls { - yakWithTls, err := mailyak.NewWithTLS(smtpAddr, smtpAuth, newTlsConfig()) + yakWithTls, err := mailyak.NewWithTLS(smtpAddr, smtpAuth, xtls.NewCompatibleConfig()) if err != nil { return nil, err } @@ -100,19 +100,3 @@ func (n *NotifierProvider) Notify(ctx context.Context, subject string, message s return &core.NotifyResult{}, nil } - -func newTlsConfig() *tls.Config { - var suiteIds []uint16 - for _, suite := range tls.CipherSuites() { - suiteIds = append(suiteIds, suite.ID) - } - for _, suite := range tls.InsecureCipherSuites() { - suiteIds = append(suiteIds, suite.ID) - } - - // 为兼容国内部分低版本 TLS 的 SMTP 服务商 - return &tls.Config{ - MinVersion: tls.VersionTLS10, - CipherSuites: suiteIds, - } -} diff --git a/pkg/utils/tls/config.go b/pkg/utils/tls/config.go new file mode 100644 index 00000000..d3f25383 --- /dev/null +++ b/pkg/utils/tls/config.go @@ -0,0 +1,34 @@ +package tls + +import ( + "crypto/tls" +) + +// 创建并返回一个兼容低版的 [tls.Config] 对象。 +// +// 出参: +// - config: [tls.Config] 对象。 +func NewCompatibleConfig() *tls.Config { + var suiteIds []uint16 + for _, suite := range tls.CipherSuites() { + suiteIds = append(suiteIds, suite.ID) + } + for _, suite := range tls.InsecureCipherSuites() { + suiteIds = append(suiteIds, suite.ID) + } + + return &tls.Config{ + MinVersion: tls.VersionTLS10, + CipherSuites: suiteIds, + } +} + +// 创建并返回一个不安全的 [tls.Config] 对象。 +// +// 出参: +// - config: [tls.Config] 对象。 +func NewInsecureConfig() *tls.Config { + config := NewCompatibleConfig() + config.InsecureSkipVerify = true + return config +} From 94281c0a2c0b8dd1c1a082e741e192b0db924f89 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Mon, 28 Jul 2025 13:28:45 +0800 Subject: [PATCH 2/5] feat: support configuring node name on deployment to 1panel site --- internal/deployer/providers.go | 1 + .../providers/1panel-site/1panel_site.go | 23 +++++++++++++++---- pkg/sdk3rd/1panel/v2/client.go | 14 +++++++++++ .../DeployNodeConfigForm1PanelSiteConfig.tsx | 11 +++++++++ .../i18n/locales/en/nls.workflow.nodes.json | 5 +++- .../i18n/locales/zh/nls.workflow.nodes.json | 3 +++ 6 files changed, 51 insertions(+), 6 deletions(-) diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go index 61ae8785..88a36ca2 100644 --- a/internal/deployer/providers.go +++ b/internal/deployer/providers.go @@ -146,6 +146,7 @@ func createSSLDeployerProvider(options *deployerProviderOptions) (core.SSLDeploy ApiVersion: access.ApiVersion, ApiKey: access.ApiKey, AllowInsecureConnections: access.AllowInsecureConnections, + NodeName: xmaps.GetString(options.ProviderServiceConfig, "nodeName"), ResourceType: p1PanelSite.ResourceType(xmaps.GetOrDefaultString(options.ProviderServiceConfig, "resourceType", string(p1PanelSite.RESOURCE_TYPE_WEBSITE))), WebsiteId: xmaps.GetInt64(options.ProviderServiceConfig, "websiteId"), CertificateId: xmaps.GetInt64(options.ProviderServiceConfig, "certificateId"), diff --git a/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go b/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go index 985809d7..ffce4d26 100644 --- a/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go +++ b/pkg/core/ssl-deployer/providers/1panel-site/1panel_site.go @@ -24,6 +24,9 @@ type SSLDeployerProviderConfig struct { ApiKey string `json:"apiKey"` // 是否允许不安全的连接。 AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"` + // 子节点名称。 + // 选填。 + NodeName string `json:"nodeName,omitempty"` // 部署资源类型。 ResourceType ResourceType `json:"resourceType"` // 网站 ID。 @@ -48,7 +51,7 @@ func NewSSLDeployerProvider(config *SSLDeployerProviderConfig) (*SSLDeployerProv return nil, errors.New("the configuration of the ssl deployer provider is nil") } - client, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections) + client, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections, config.NodeName) if err != nil { return nil, fmt.Errorf("could not create sdk client: %w", err) } @@ -244,7 +247,7 @@ const ( sdkVersionV2 = "v2" ) -func createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (any, error) { +func createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool, nodeName string) (any, error) { if apiVersion == sdkVersionV1 { client, err := onepanelsdk.NewClient(serverUrl, apiKey) if err != nil { @@ -257,9 +260,19 @@ func createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) ( return client, nil } else if apiVersion == sdkVersionV2 { - client, err := onepanelsdkv2.NewClient(serverUrl, apiKey) - if err != nil { - return nil, err + var client *onepanelsdkv2.Client + if nodeName == "" { + temp, err := onepanelsdkv2.NewClient(serverUrl, apiKey) + if err != nil { + return nil, err + } + client = temp + } else { + temp, err := onepanelsdkv2.NewClientWithNode(serverUrl, apiKey, nodeName) + if err != nil { + return nil, err + } + client = temp } if skipTlsVerify { diff --git a/pkg/sdk3rd/1panel/v2/client.go b/pkg/sdk3rd/1panel/v2/client.go index 3a74c5bf..64b604bf 100644 --- a/pkg/sdk3rd/1panel/v2/client.go +++ b/pkg/sdk3rd/1panel/v2/client.go @@ -47,6 +47,20 @@ func NewClient(serverUrl, apiKey string) (*Client, error) { return &Client{client}, nil } +func NewClientWithNode(serverUrl, apiKey, node string) (*Client, error) { + client, err := NewClient(serverUrl, apiKey) + if err != nil { + return nil, err + } + + if node == "" { + node = "local" + } + client.client.SetHeader("CurrentNode", node) + + return client, nil +} + func (c *Client) SetTimeout(timeout time.Duration) *Client { c.client.SetTimeout(timeout) return c diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx index e0e7e037..cd672dcd 100644 --- a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx +++ b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx @@ -6,6 +6,7 @@ import { z } from "zod/v4"; import Show from "@/components/Show"; type DeployNodeConfigForm1PanelSiteConfigFieldValues = Nullish<{ + nodeName?: string; resourceType: string; websiteId?: string | number; certificateId?: string | number; @@ -38,6 +39,7 @@ const DeployNodeConfigForm1PanelSiteConfig = ({ const { t } = useTranslation(); const formSchema = z.object({ + nodeName: z.string().nullish(), resourceType: z.literal([RESOURCE_TYPE_WEBSITE, RESOURCE_TYPE_CERTIFICATE], t("workflow_node.deploy.form.1panel_site_resource_type.placeholder")), websiteId: z .union([z.string(), z.number().int()]) @@ -71,6 +73,15 @@ const DeployNodeConfigForm1PanelSiteConfig = ({ name={formName} onValuesChange={handleFormChange} > + } + > + + +