增加 esa saas 证书部署 (#404)

* 增加ESA SaaS配置 * 增加部署配置 * 合并 * 合并
2026-02-26 01:37:21 +08:00 · 2026-02-24 11:09:03 +08:00 · 2026-02-24 11:09:03 +08:00 · 3ea41c1c8b
commit 3ea41c1c8b
parent e25d5d76e9
2 changed files with 74 additions and 4 deletions
--- a/app/lib/DeployHelper.php
+++ b/app/lib/DeployHelper.php
@ -1152,6 +1152,7 @@ ctrl+x 保存退出<br/>',
                        ['value'=>'cdn', 'label'=>'内容分发CDN'],
                        ['value'=>'dcdn', 'label'=>'全站加速DCDN'],
                        ['value'=>'esa', 'label'=>'边缘安全加速ESA'],
+                        ['value'=>'esa_saas', 'label'=>'边缘安全加速ESA SaaS'],
                        ['value'=>'oss', 'label'=>'对象存储OSS'],
                        ['value'=>'waf', 'label'=>'Web应用防火墙3.0'],
                        ['value'=>'waf2', 'label'=>'Web应用防火墙2.0'],
@ -1174,7 +1175,14 @@ ctrl+x 保存退出<br/>',
                    'name' => 'ESA站点域名',
                    'type' => 'input',
                    'placeholder' => 'ESA添加的站点主域名',
-                    'show' => 'product==\'esa\'',
+                    'show' => 'product==\'esa\' || product == \'esa_saas\'',
+                    'required' => true,
+                ],
+                'esa_saas_sitename' => [
+                    'name' => 'ESA SAAS站点域名',
+                    'type' => 'input',
+                    'placeholder' => 'ESA SAAS站点域名',
+                    'show' => 'product == \'esa_saas\'',
                    'required' => true,
                ],
                'oss_endpoint' => [
@ -1199,7 +1207,7 @@ ctrl+x 保存退出<br/>',
                        ['value'=>'ap-southeast-1', 'label'=>'非中国内地'],
                    ],
                    'value' => 'cn-hangzhou',
-                    'show' => 'product==\'waf\'||product==\'waf2\'||product==\'ddoscoo\'||product==\'esa\'',
+                    'show' => 'product==\'waf\'||product==\'waf2\'||product==\'ddoscoo\'||product==\'esa\'||product==\'esa_saas\'',
                    'required' => true,
                ],
                'regionid' => [
@ -1292,7 +1300,7 @@ ctrl+x 保存退出<br/>',
                    'name' => '绑定的域名',
                    'type' => 'input',
                    'placeholder' => '',
-                    'show' => 'product!=\'esa\'&&product!=\'clb\'&&product!=\'alb\'&&product!=\'nlb\'&&product!=\'ga\'&&product!=\'upload\'',
+                    'show' => 'product!=\'esa\'&&product!=\'esa_saas\'&&product!=\'clb\'&&product!=\'alb\'&&product!=\'nlb\'&&product!=\'ga\'&&product!=\'upload\'',
                    'required' => true,
                ],
            ],
--- a/app/lib/deploy/aliyun.php
+++ b/app/lib/deploy/aliyun.php
@ -66,9 +66,11 @@ class aliyun implements DeployInterface
                $this->deploy_alb($cert_id, $config);
            } elseif ($config['product'] == 'nlb') {
                $this->deploy_nlb($cert_id, $config);
+            } elseif($config['product'] == 'esa_saas'){
+                $this->deploy_esa_saas($cert_id, $config);
            } elseif ($config['product'] == 'ga') {
                $this->deploy_ga($cert_id, $config);
-            } elseif ($config['product'] == 'upload') {
+            }elseif ($config['product'] == 'upload') {
            } else {
                throw new Exception('未知的产品类型');
            }
@ -166,6 +168,66 @@ class aliyun implements DeployInterface
        $this->log('DCDN域名 ' . $domain . ' 部署证书成功！');
    }

+    private function deploy_esa_saas($cas_id, $config)
+    {
+        $sitename = $config['esa_sitename'];
+        $saas_sitename = $config['esa_saas_sitename'];
+        if (empty($sitename)) throw new Exception('ESA站点名称不能为空');
+        if (empty($saas_sitename)) throw new Exception('ESA SAAS域名不能为空');
+
+        if ($config['region'] == 'ap-southeast-1') {
+            $endpoint = 'esa.ap-southeast-1.aliyuncs.com';
+        } else {
+            $endpoint = 'esa.cn-hangzhou.aliyuncs.com';
+        }
+
+        $client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2024-09-10');
+        $param = [
+            'Action' => 'ListSites',
+            'SiteName' => $sitename,
+            'SiteSearchType' => 'exact',
+        ];
+        try {
+            $data = $client->request($param, 'GET');
+        } catch (Exception $e) {
+            throw new Exception('查询ESA站点列表失败：' . $e->getMessage());
+        }
+        if ($data['TotalCount'] == 0) throw new Exception('ESA站点 ' . $sitename . ' 不存在');
+        $this->log('成功查询到' . $data['TotalCount'] . '个ESA站点');
+        $site_id = $data['Sites'][0]['SiteId'];
+        // 查询对应的saas域名
+        $param =[
+            'Action' => 'ListCustomHostnames',
+            'SiteName' => $saas_sitename,
+            'SiteId' => $site_id,
+            'SiteSearchType' => 'exact',
+        ];
+        try {
+            $saas_data = $client->request($param, 'GET');
+        } catch (Exception $e) {
+            throw new Exception('查询ESA saas域名失败：' . $e->getMessage());
+        }
+        if ($saas_data['TotalCount'] == 0) throw new Exception('ESA saas站点 ' . $saas_sitename . ' 不存在');
+        $saas_hostname_id = $saas_data['Hostnames'][0]['HostnameId'];
+
+        $param = [
+            'Action' => 'UpdateCustomHostname',
+            'HostnameId'=> $saas_hostname_id,
+            'SslFlag' => 'on',
+            'CertType' => 'cas',
+            'CasId' => $cas_id,
+            'CasRegion' => $config['region'],
+        ];
+        $this->log('ESA SAAS站点部署参数 ' . json_encode($param));
+        try{
+            $saas_deploy_result = $client->request($param);
+            $this->log('ESA SAAS站点部署结果 ' . json_encode($saas_deploy_result));
+        }catch(Exception $e){
+             throw new Exception('部署失败：' . $e->getMessage());
+        }
+        $this->log('ESA SAAS站点 ' . $saas_sitename . ' 证书添加成功！');
+    }
+
    private function deploy_esa($cas_id, $cert_name, $config)
    {
        $sitename = $config['esa_sitename'];