diff --git a/app/lib/DeployHelper.php b/app/lib/DeployHelper.php
index 3291fa3..6176ef4 100644
--- a/app/lib/DeployHelper.php
+++ b/app/lib/DeployHelper.php
@@ -928,6 +928,24 @@ class DeployHelper
'note' => '进入NLB实例详情->监听列表,复制监听ID(只支持TCPSSL监听协议)',
'required' => true,
],
+ 'deploy_type' => [
+ 'name' => '部署证书类型',
+ 'type' => 'select',
+ 'options' => [
+ ['value'=>'0', 'label'=>'默认证书'],
+ ['value'=>'1', 'label'=>'扩展证书'],
+ ],
+ 'value' => '0',
+ 'show' => 'product==\'clb\'||product==\'alb\'||product==\'nlb\'',
+ 'required' => true,
+ ],
+ 'clb_domain' => [
+ 'name' => '扩展域名',
+ 'type' => 'input',
+ 'placeholder' => '多个域名可使用,分隔',
+ 'show' => 'product==\'clb\'&&deploy_type==1',
+ 'required' => true,
+ ],
'domain' => [
'name' => '绑定的域名',
'type' => 'input',
diff --git a/app/lib/deploy/aliyun.php b/app/lib/deploy/aliyun.php
index 5ccf457..3bf768a 100644
--- a/app/lib/deploy/aliyun.php
+++ b/app/lib/deploy/aliyun.php
@@ -568,36 +568,65 @@ class aliyun implements DeployInterface
$this->log('找到已添加的服务器证书 ServerCertificateId=' . $ServerCertificateId);
}
- $param = [
- 'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute',
- 'RegionId' => $config['regionid'],
- 'LoadBalancerId' => $config['clb_id'],
- 'ListenerPort' => $config['clb_port'],
- ];
- try {
- $data = $client->request($param);
- } catch (Exception $e) {
- throw new Exception('HTTPS监听配置查询失败:' . $e->getMessage());
- }
+ $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
+ if ($deploy_type == 1) {
+ if (empty($config['clb_domain'])) throw new Exception('扩展域名不能为空');
+ $domains = explode(',', $config['clb_domain']);
+ $param = [
+ 'Action' => 'DescribeDomainExtensions',
+ 'RegionId' => $config['regionid'],
+ 'LoadBalancerId' => $config['clb_id'],
+ 'ListenerPort' => $config['clb_port'],
+ ];
+ try {
+ $data = $client->request($param);
+ } catch (Exception $e) {
+ throw new Exception('扩展域名列表查询失败:' . $e->getMessage());
+ }
+ foreach ($data['DomainExtensions']['DomainExtension'] as $item) {
+ if (in_array($item['Domain'], $domains)) {
+ if ($ServerCertificateId == $item['ServerCertificateId']) {
+ $this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书已配置');
+ } else {
+ $param = [
+ 'Action' => 'SetDomainExtensionAttribute',
+ 'RegionId' => $config['regionid'],
+ 'DomainExtensionId' => $item['DomainExtensionId'],
+ 'ServerCertificateId' => $ServerCertificateId,
+ ];
+ $client->request($param);
+ $this->log('负载均衡HTTPS扩展域名 ' . $item['Domain'] . ' 证书更新成功');
+ }
+ }
+ }
+ } else {
+ $param = [
+ 'Action' => 'DescribeLoadBalancerHTTPSListenerAttribute',
+ 'RegionId' => $config['regionid'],
+ 'LoadBalancerId' => $config['clb_id'],
+ 'ListenerPort' => $config['clb_port'],
+ ];
+ try {
+ $data = $client->request($param);
+ } catch (Exception $e) {
+ throw new Exception('HTTPS监听配置查询失败:' . $e->getMessage());
+ }
- if ($data['ServerCertificateId'] == $ServerCertificateId) {
- $this->log('负载均衡HTTPS监听已配置该证书,无需重复操作');
- return;
- }
+ if ($data['ServerCertificateId'] == $ServerCertificateId) {
+ $this->log('负载均衡HTTPS监听已配置该证书,无需重复操作');
+ return;
+ }
- $param = [
- 'Action' => 'SetLoadBalancerHTTPSListenerAttribute',
- 'RegionId' => $config['regionid'],
- 'LoadBalancerId' => $config['clb_id'],
- 'ListenerPort' => $config['clb_port'],
- ];
- $keys = ['Bandwidth', 'XForwardedFor', 'Scheduler', 'StickySession', 'StickySessionType', 'CookieTimeout', 'Cookie', 'HealthCheck', 'HealthCheckMethod', 'HealthCheckDomain', 'HealthCheckURI', 'HealthyThreshold', 'UnhealthyThreshold', 'HealthCheckTimeout', 'HealthCheckInterval', 'HealthCheckConnectPort', 'HealthCheckHttpCode', 'ServerCertificateId', 'CACertificateId', 'VServerGroup', 'VServerGroupId', 'XForwardedFor_SLBIP', 'XForwardedFor_SLBID', 'XForwardedFor_proto', 'Gzip', 'AclId', 'AclType', 'AclStatus', 'IdleTimeout', 'RequestTimeout', 'EnableHttp2', 'TLSCipherPolicy', 'Description', 'XForwardedFor_SLBPORT', 'XForwardedFor_ClientSrcPort'];
- foreach ($keys as $key) {
- if (isset($data[$key])) $param[$key] = $data[$key];
+ $param = [
+ 'Action' => 'SetLoadBalancerHTTPSListenerAttribute',
+ 'RegionId' => $config['regionid'],
+ 'LoadBalancerId' => $config['clb_id'],
+ 'ListenerPort' => $config['clb_port'],
+ 'ServerCertificateId' => $ServerCertificateId,
+ ];
+ $client->request($param);
+ $this->log('负载均衡HTTPS监听证书配置成功!');
}
- $param['ServerCertificateId'] = $ServerCertificateId;
- $client->request($param);
- $this->log('负载均衡HTTPS监听证书配置成功!');
}
private function deploy_alb($cert_id, $config)
@@ -606,33 +635,44 @@ class aliyun implements DeployInterface
$endpoint = 'alb.' . $config['regionid'] . '.aliyuncs.com';
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2020-06-16', $this->proxy);
+ $cert_id = $cert_id . '-cn-hangzhou';
+ $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
- $param = [
- 'Action' => 'ListListenerCertificates',
- 'MaxResults' => 100,
- 'ListenerId' => $config['alb_listener_id'],
- 'CertificateType' => 'Server',
- ];
- try {
- $data = $client->request($param);
- } catch (Exception $e) {
- throw new Exception('获取监听证书列表失败:' . $e->getMessage());
- }
- foreach ($data['Certificates'] as $cert) {
- if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-'));
- if ($cert['CertificateId'] == $cert_id) {
- $this->log('负载均衡监听证书已添加,无需重复操作');
- return;
+ if ($deploy_type == 1) {
+ $param = [
+ 'Action' => 'ListListenerCertificates',
+ 'MaxResults' => 100,
+ 'ListenerId' => $config['alb_listener_id'],
+ 'CertificateType' => 'Server',
+ ];
+ try {
+ $data = $client->request($param);
+ } catch (Exception $e) {
+ throw new Exception('获取监听证书列表失败:' . $e->getMessage());
+ }
+ foreach ($data['Certificates'] as $cert) {
+ if ($cert['CertificateId'] == $cert_id) {
+ $this->log('负载均衡监听扩展证书已添加,无需重复操作');
+ return;
+ }
}
- }
- $param = [
- 'Action' => 'AssociateAdditionalCertificatesWithListener',
- 'ListenerId' => $config['alb_listener_id'],
- 'Certificates.1.CertificateId' => $cert_id . '-cn-hangzhou',
- ];
- $client->request($param);
- $this->log('应用型负载均衡监听证书添加成功!');
+ $param = [
+ 'Action' => 'AssociateAdditionalCertificatesWithListener',
+ 'ListenerId' => $config['alb_listener_id'],
+ 'Certificates.1.CertificateId' => $cert_id,
+ ];
+ $client->request($param);
+ $this->log('应用型负载均衡监听扩展证书添加成功!');
+ } else {
+ $param = [
+ 'Action' => 'UpdateListenerAttribute',
+ 'ListenerId' => $config['alb_listener_id'],
+ 'Certificates.1.CertificateId' => $cert_id,
+ ];
+ $client->request($param);
+ $this->log('应用型负载均衡监听默认证书更新成功!');
+ }
}
private function deploy_nlb($cert_id, $config)
@@ -641,33 +681,44 @@ class aliyun implements DeployInterface
$endpoint = 'nlb.' . $config['regionid'] . '.aliyuncs.com';
$client = new AliyunClient($this->AccessKeyId, $this->AccessKeySecret, $endpoint, '2022-04-30', $this->proxy);
+ $cert_id = $cert_id . '-cn-hangzhou';
+ $deploy_type = isset($config['deploy_type']) ? intval($config['deploy_type']) : 0;
- $param = [
- 'Action' => 'ListListenerCertificates',
- 'MaxResults' => 50,
- 'ListenerId' => $config['nlb_listener_id'],
- 'CertificateType' => 'Server',
- ];
- try {
- $data = $client->request($param);
- } catch (Exception $e) {
- throw new Exception('获取监听证书列表失败:' . $e->getMessage());
- }
- foreach ($data['Certificates'] as $cert) {
- if (strpos($cert['CertificateId'], '-')) $cert['CertificateId'] = substr($cert['CertificateId'], 0, strpos($cert['CertificateId'], '-'));
- if ($cert['CertificateId'] == $cert_id) {
- $this->log('负载均衡监听证书已添加,无需重复操作');
- return;
+ if ($deploy_type == 1) {
+ $param = [
+ 'Action' => 'ListListenerCertificates',
+ 'MaxResults' => 50,
+ 'ListenerId' => $config['nlb_listener_id'],
+ 'CertificateType' => 'Server',
+ ];
+ try {
+ $data = $client->request($param);
+ } catch (Exception $e) {
+ throw new Exception('获取监听证书列表失败:' . $e->getMessage());
+ }
+ foreach ($data['Certificates'] as $cert) {
+ if ($cert['CertificateId'] == $cert_id) {
+ $this->log('负载均衡监听扩展证书已添加,无需重复操作');
+ return;
+ }
}
- }
- $param = [
- 'Action' => 'AssociateAdditionalCertificatesWithListener',
- 'ListenerId' => $config['nlb_listener_id'],
- 'AdditionalCertificateIds.1' => $cert_id . '-cn-hangzhou',
- ];
- $client->request($param);
- $this->log('网络型负载均衡监听证书添加成功!');
+ $param = [
+ 'Action' => 'AssociateAdditionalCertificatesWithListener',
+ 'ListenerId' => $config['nlb_listener_id'],
+ 'AdditionalCertificateIds.1' => $cert_id,
+ ];
+ $client->request($param);
+ $this->log('网络型负载均衡监听扩展证书添加成功!');
+ } else {
+ $param = [
+ 'Action' => 'UpdateListenerAttribute',
+ 'ListenerId' => $config['nlb_listener_id'],
+ 'CertificateIds.1' => $cert_id,
+ ];
+ $client->request($param);
+ $this->log('网络型负载均衡监听默认证书更新成功!');
+ }
}
public function setLogger($func)
diff --git a/app/view/cert/account_form.html b/app/view/cert/account_form.html
index 1f8a06c..441bea7 100644
--- a/app/view/cert/account_form.html
+++ b/app/view/cert/account_form.html
@@ -182,7 +182,7 @@
{/block}
{block name="script"}
-
+
+
diff --git a/app/view/cert/order_form.html b/app/view/cert/order_form.html
index d03c1ee..442eaaa 100644
--- a/app/view/cert/order_form.html
+++ b/app/view/cert/order_form.html
@@ -77,7 +77,7 @@
{/block}
{block name="script"}
-
+
+
+
+
+
+
+