mirror of
https://gitee.com/dromara/Jpom.git
synced 2024-12-02 03:48:05 +08:00
nginx修改
This commit is contained in:
parent
47a52efe1d
commit
d1457db0d5
@ -1,6 +1,7 @@
|
||||
package cn.keepbx.jpom.controller.system;
|
||||
|
||||
import cn.hutool.core.io.FileUtil;
|
||||
import cn.hutool.core.text.StrSpliter;
|
||||
import cn.hutool.core.util.CharsetUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.jiangzeyin.common.DefaultSystemLog;
|
||||
@ -14,10 +15,7 @@ import cn.keepbx.jpom.service.system.NginxService;
|
||||
import cn.keepbx.jpom.service.system.WhitelistDirectoryService;
|
||||
import com.alibaba.fastjson.JSONArray;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.github.odiszapc.nginxparser.NgxBlock;
|
||||
import com.github.odiszapc.nginxparser.NgxConfig;
|
||||
import com.github.odiszapc.nginxparser.NgxDumper;
|
||||
import com.github.odiszapc.nginxparser.NgxParam;
|
||||
import com.github.odiszapc.nginxparser.*;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -26,6 +24,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@ -46,6 +46,9 @@ public class NginxController extends BaseController {
|
||||
@Resource
|
||||
private NginxService nginxService;
|
||||
|
||||
/**
|
||||
* nginx管理
|
||||
*/
|
||||
@RequestMapping(value = "nginx", method = RequestMethod.GET, produces = MediaType.TEXT_HTML_VALUE)
|
||||
public String ngx() {
|
||||
JSONArray ngxDirectory = whitelistDirectoryService.getNgxDirectory();
|
||||
@ -55,6 +58,9 @@ public class NginxController extends BaseController {
|
||||
return "system/nginx";
|
||||
}
|
||||
|
||||
/**
|
||||
* nginx配置
|
||||
*/
|
||||
@RequestMapping(value = "nginx_setting", method = RequestMethod.GET, produces = MediaType.TEXT_HTML_VALUE)
|
||||
public String setting(String path, String name, String type) {
|
||||
JSONArray ngxDirectory = whitelistDirectoryService.getNgxDirectory();
|
||||
@ -68,7 +74,6 @@ public class NginxController extends BaseController {
|
||||
JSONObject jsonObject = nginxService.getItem(file.getPath());
|
||||
String string = FileUtil.readUtf8String(file);
|
||||
jsonObject.put("context", string);
|
||||
// String name = file.getName();
|
||||
jsonObject.put("name", nginxService.paresName(path, file.getAbsolutePath()));
|
||||
jsonObject.put("whitePath", path);
|
||||
setAttribute("data", jsonObject);
|
||||
@ -107,7 +112,14 @@ public class NginxController extends BaseController {
|
||||
if (!whitelistDirectoryService.checkNgxDirectory(whitePath)) {
|
||||
return JsonMessage.getString(400, "请选择正确的白名单");
|
||||
}
|
||||
boolean add = "add".equals(genre);
|
||||
boolean add = false;
|
||||
String msg = "修改";
|
||||
if ("add".equals(genre)) {
|
||||
msg = "新增";
|
||||
add = true;
|
||||
}
|
||||
//nginx文件
|
||||
File file = FileUtil.file(whitePath, name);
|
||||
if ("quick".equals(type)) {
|
||||
String port = getParameter("port");
|
||||
if (StrUtil.isEmpty(port)) {
|
||||
@ -117,19 +129,20 @@ public class NginxController extends BaseController {
|
||||
if (StrUtil.isEmpty(domain)) {
|
||||
return JsonMessage.getString(400, "请填写域名");
|
||||
}
|
||||
if (!whitePath.endsWith("/")) {
|
||||
whitePath += "/";
|
||||
}
|
||||
String cachePath = whitePath + name.substring(0, name.indexOf(".")) + "/";
|
||||
//添加配置信息
|
||||
context = getQuickNgx(cachePath, port, domain);
|
||||
} else {
|
||||
if (StrUtil.isEmpty(context)) {
|
||||
return JsonMessage.getString(400, "请填写配置信息");
|
||||
String location = getParameter("location");
|
||||
if (StrUtil.isEmpty(location)) {
|
||||
return JsonMessage.getString(400, "请填写代理地址");
|
||||
}
|
||||
String convert = getParameter("convert");
|
||||
String cert = getParameter("cert");
|
||||
String key = getParameter("key");
|
||||
boolean autoHttps = "true".equalsIgnoreCase(convert);
|
||||
context = updateNgxServer(file.getAbsolutePath(), domain, cert, key, autoHttps, location);
|
||||
}
|
||||
if (StrUtil.isEmpty(context)) {
|
||||
return JsonMessage.getString(400, "请填写配置信息");
|
||||
}
|
||||
try {
|
||||
File file = FileUtil.file(whitePath, name);
|
||||
if (add) {
|
||||
if (file.exists()) {
|
||||
return JsonMessage.getString(400, "该文件已存在");
|
||||
@ -145,70 +158,264 @@ public class NginxController extends BaseController {
|
||||
FileUtil.writeString(context, file, CharsetUtil.UTF_8);
|
||||
} catch (Exception e) {
|
||||
DefaultSystemLog.ERROR().error(e.getMessage(), e);
|
||||
if (!add) {
|
||||
return JsonMessage.getString(400, "修改失败");
|
||||
return JsonMessage.getString(400, msg + "失败");
|
||||
}
|
||||
return JsonMessage.getString(200, msg + "成功");
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改nginx
|
||||
*
|
||||
* @param path nginx路径
|
||||
* @param domain 域名
|
||||
* @param cert 证书地址
|
||||
* @param key 私钥地址
|
||||
* @param autoHttps 开启http自动跳转到https
|
||||
* @param location 代理地址
|
||||
*/
|
||||
private String updateNgxServer(String path, String domain, String cert, String key, boolean autoHttps, String location) {
|
||||
//是否增加https证书配置
|
||||
boolean addCert = StrUtil.isNotEmpty(cert) || autoHttps;
|
||||
try {
|
||||
NgxConfig conf = NgxConfig.read(path);
|
||||
Collection<NgxEntry> entries = conf.getEntries();
|
||||
boolean hasCert = false;
|
||||
//将证书指定域名和server监听域名一致的取出来
|
||||
List<NgxBlock> ngxEntries = new ArrayList<>();
|
||||
NgxConfig config = new NgxConfig();
|
||||
for (NgxEntry entry : entries) {
|
||||
if (entry instanceof NgxBlock) {
|
||||
NgxBlock block = (NgxBlock) entry;
|
||||
NgxParam serverName = block.findParam("server_name");
|
||||
String values = serverName.getValue();
|
||||
//判断域名是否相等
|
||||
if (checkDomain(values, domain)) {
|
||||
//将域名相同的server取出来
|
||||
ngxEntries.add(block);
|
||||
NgxParam sslCertificate = block.findParam("ssl_certificate");
|
||||
if (null != sslCertificate) {
|
||||
hasCert = true;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
}
|
||||
config.addEntry(entry);
|
||||
}
|
||||
//添加证书
|
||||
if (addCert) {
|
||||
updateNgxCert(config, ngxEntries, hasCert, domain, cert, key, autoHttps, location);
|
||||
} else {
|
||||
return JsonMessage.getString(400, "新增失败");
|
||||
NgxBlock block;
|
||||
if (ngxEntries.size() <= 0) {
|
||||
block = new NgxBlock();
|
||||
block.addValue("server");
|
||||
} else {
|
||||
block = ngxEntries.get(0);
|
||||
}
|
||||
config.addEntry(block);
|
||||
updateNgxServer(block, domain, location);
|
||||
}
|
||||
return new NgxDumper(config).dump();
|
||||
} catch (Exception e) {
|
||||
DefaultSystemLog.ERROR().error(e.getMessage(), e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* 判断域名是否相等
|
||||
*
|
||||
* @param serverName 配置中的域名
|
||||
* @param domain 域名
|
||||
*/
|
||||
private boolean checkDomain(String serverName, String domain) {
|
||||
boolean pass = serverName.equalsIgnoreCase(domain);
|
||||
if (!pass) {
|
||||
List<String> list = StrSpliter.splitTrim(serverName, " ", true);
|
||||
List<String> domainList = StrSpliter.splitTrim(domain, " ", true);
|
||||
for (String str : domainList) {
|
||||
if (list.contains(str)) {
|
||||
pass = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (add) {
|
||||
return JsonMessage.getString(200, "新增成功");
|
||||
return pass;
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改nginx
|
||||
*
|
||||
* @param conf 配置信息
|
||||
* @param list 监听该域名的server集合
|
||||
* @param hasCert server集合中是否有证书配置
|
||||
* @param domain 域名
|
||||
* @param cert 证书位置
|
||||
* @param key 私钥路径
|
||||
* @param autoHttps 开启http自动跳转到https
|
||||
* @param location 代理地址
|
||||
*/
|
||||
private void updateNgxCert(NgxConfig conf, List<NgxBlock> list, boolean hasCert, String domain, String
|
||||
cert, String key, boolean autoHttps, String location) {
|
||||
int size = list.size();
|
||||
if (size <= 0) {
|
||||
NgxBlock block = new NgxBlock();
|
||||
block.addValue("server");
|
||||
//修改nginx证书配置
|
||||
updateNgxSSlServer(block, domain, cert, key, location);
|
||||
conf.addEntry(block);
|
||||
if (autoHttps) {
|
||||
NgxBlock block1 = addAutoHttps(domain);
|
||||
conf.addEntry(block1);
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (size < 2 || !hasCert) {
|
||||
NgxBlock block = list.get(0);
|
||||
updateNgxSSlServer(block, domain, cert, key, location);
|
||||
conf.addEntry(block);
|
||||
} else {
|
||||
return JsonMessage.getString(200, "修改成功");
|
||||
for (NgxBlock block : list) {
|
||||
NgxParam sslCertificate = block.findParam("ssl_certificate");
|
||||
if (null != sslCertificate) {
|
||||
updateNgxSSlServer(block, domain, cert, key, location);
|
||||
conf.addEntry(block);
|
||||
continue;
|
||||
}
|
||||
if (!autoHttps) {
|
||||
conf.addEntry(block);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (autoHttps) {
|
||||
NgxBlock block1 = addAutoHttps(domain);
|
||||
conf.addEntry(block1);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加配置信息
|
||||
* 修改nginx证书配置
|
||||
*
|
||||
* @param cachePath 缓存地址
|
||||
* @param port 端口
|
||||
* @param domain 监听地址
|
||||
* @param block block
|
||||
* @param domain 域名
|
||||
* @param cert 证书地址
|
||||
* @param key 私钥地址
|
||||
* @param proxy 代理地址
|
||||
*/
|
||||
private String getQuickNgx(String cachePath, String port, String domain) {
|
||||
String location = getParameter("location");
|
||||
String convert = getParameter("convert");
|
||||
String cert = getParameter("cert");
|
||||
String key = getParameter("key");
|
||||
String cacheStatus = getParameter("cacheStatus");
|
||||
NgxConfig config = new NgxConfig();
|
||||
if ("true".equals(cacheStatus)) {
|
||||
int cacheSize = getParameterInt("cacheSize", 1024);
|
||||
int inactive = getParameterInt("inactive", 30);
|
||||
String value = " proxy_cache_path " + cachePath + " levels=1:2 keys_zone=mycache:10m max_size=" + cacheSize +
|
||||
"m inactive=" + inactive + "m use_temp_path=off";
|
||||
addNgxParam(config, value);
|
||||
private void updateNgxSSlServer(NgxBlock block, String domain, String cert, String key, String proxy) {
|
||||
updateNgxBlockParam(block, "443 ssl", "listen");
|
||||
updateNgxBlockParam(block, domain, "server_name");
|
||||
updateNgxBlockParam(block, "on", "ssl");
|
||||
updateNgxBlockParam(block, cert, "ssl_certificate");
|
||||
updateNgxBlockParam(block, key, "ssl_certificate_key");
|
||||
updateNgxBlockParam(block, "shared:SSL:1m", "ssl_session_cache");
|
||||
updateNgxBlockParam(block, "5m", "ssl_session_timeout");
|
||||
updateNgxBlockParam(block, "HIGH:!aNULL:!MD5", "ssl_ciphers");
|
||||
updateNgxBlockParam(block, "on", "ssl_prefer_server_ciphers");
|
||||
NgxBlock location = block.findBlock("location");
|
||||
if (location == null) {
|
||||
location = new NgxBlock();
|
||||
block.addEntry(location);
|
||||
location.addValue("location /");
|
||||
}
|
||||
NgxBlock sever = new NgxBlock();
|
||||
sever.addValue("server");
|
||||
addNgxParam(sever, "listen " + port);
|
||||
addNgxParam(sever, "server_name " + domain);
|
||||
if (StrUtil.isNotEmpty(cert)) {
|
||||
addNgxParam(sever, "ssl on");
|
||||
addNgxParam(sever, "ssl_certificate " + cert);
|
||||
addNgxParam(sever, "ssl_certificate_key " + key);
|
||||
addNgxParam(sever, "ssl_prefer_server_ciphers on");
|
||||
addNgxParam(sever, "ssl_session_cache shared:SSL:1m");
|
||||
addNgxParam(sever, "ssl_session_timeout 5m");
|
||||
addNgxParam(sever, "ssl_ciphers HIGH:!aNULL:!MD5");
|
||||
if ("true".equals(convert)) {
|
||||
NgxBlock httpSever = new NgxBlock();
|
||||
httpSever.addValue("server");
|
||||
addNgxParam(httpSever, "listen 80");
|
||||
addNgxParam(httpSever, "server_name " + domain);
|
||||
addNgxParam(httpSever, "rewrite ^(.*)$ https://$host$1 permanent");
|
||||
config.addEntry(httpSever);
|
||||
//修改location
|
||||
updateLocation(location, proxy);
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加http自动跳转到https
|
||||
*
|
||||
* @param domain 域名
|
||||
* @return block
|
||||
*/
|
||||
private NgxBlock addAutoHttps(String domain) {
|
||||
NgxBlock block = new NgxBlock();
|
||||
block.addValue("server");
|
||||
addNgxParam(block, "server_name " + domain);
|
||||
addNgxParam(block, "listen 80");
|
||||
addNgxParam(block, "rewrite ^(.*)$ https://$host$1 permanent");
|
||||
return block;
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改 server
|
||||
*
|
||||
* @param block block
|
||||
* @param domain 域名
|
||||
* @param proxy 代理地址
|
||||
*/
|
||||
private void updateNgxServer(NgxBlock block, String domain, String proxy) {
|
||||
updateNgxBlockParam(block, "80", "listen");
|
||||
updateNgxBlockParam(block, domain, "server_name");
|
||||
NgxBlock location = block.findBlock("location");
|
||||
if (location == null) {
|
||||
location = new NgxBlock();
|
||||
location.addValue("location /");
|
||||
block.addEntry(location);
|
||||
}
|
||||
//修改location
|
||||
updateLocation(location, proxy);
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改location
|
||||
*
|
||||
* @param block block
|
||||
* @param proxy 代理地址
|
||||
*/
|
||||
private void updateLocation(NgxBlock block, String proxy) {
|
||||
updateNgxBlockParam(block, proxy, "proxy_pass");
|
||||
updateNgxBlockParam(block, "$http_host", "proxy_set_header", "Host");
|
||||
updateNgxBlockParam(block, "$remote_addr", "proxy_set_header", "X-Real-IP");
|
||||
updateNgxBlockParam(block, "$proxy_add_x_forwarded_for", "proxy_set_header", "X-Forwarded-For");
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改参数
|
||||
*
|
||||
* @param block block
|
||||
* @param name 参数名称
|
||||
* @param value 参数值
|
||||
*/
|
||||
private void updateNgxBlockParam(NgxBlock block, String value, String... name) {
|
||||
NgxParam param = null;
|
||||
if (1 == name.length) {
|
||||
param = block.findParam(name);
|
||||
} else {
|
||||
List<NgxEntry> list = block.findAll(NgxParam.class, name);
|
||||
for (NgxEntry entry : list) {
|
||||
NgxParam ngxParam = (NgxParam) entry;
|
||||
List<NgxToken> tokens = (List<NgxToken>) ngxParam.getTokens();
|
||||
boolean pass = false;
|
||||
for (int i = 0; i < name.length; i++) {
|
||||
String tokenName = name[i].trim();
|
||||
try {
|
||||
String token = tokens.get(i).getToken();
|
||||
if (!tokenName.equals(token)) {
|
||||
pass = false;
|
||||
break;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
pass = false;
|
||||
break;
|
||||
}
|
||||
pass = true;
|
||||
}
|
||||
if (pass) {
|
||||
param = ngxParam;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
NgxBlock locationBlock = new NgxBlock();
|
||||
locationBlock.addValue("location /");
|
||||
addNgxParam(locationBlock, "proxy_pass " + location);
|
||||
addNgxParam(locationBlock, "proxy_set_header Host $http_host");
|
||||
addNgxParam(locationBlock, "proxy_set_header X-Real-IP $remote_addr");
|
||||
addNgxParam(locationBlock, "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for");
|
||||
sever.addEntry(locationBlock);
|
||||
config.addEntry(sever);
|
||||
return new NgxDumper(config).dump();
|
||||
String join = StrUtil.join(" ", name);
|
||||
if (param == null) {
|
||||
param = new NgxParam();
|
||||
param.addValue(join + " " + value);
|
||||
block.addEntry(param);
|
||||
} else {
|
||||
param = new NgxParam();
|
||||
param.addValue(join + " " + value);
|
||||
}
|
||||
}
|
||||
|
||||
private void addNgxParam(NgxBlock block, String value) {
|
||||
|
@ -9,6 +9,10 @@
|
||||
padding: 10px;
|
||||
}
|
||||
|
||||
.div_hidden {
|
||||
display: none !important;
|
||||
}
|
||||
|
||||
.context {
|
||||
height: 65vh;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user