test/Jpom
1
0
Fork 0
mirror of https://gitee.com/dromara/Jpom.git synced 2024-11-30 02:48:17 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

nginx修改

Browse Source
This commit is contained in:
Arno 2019-04-12 17:51:19 +08:00
parent 47a52efe1d
commit d1457db0d5
2 changed files with 278 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
src/main/java/cn/keepbx/jpom/controller/system/NginxController.java
View File

@ -1,6 +1,7 @@
package cn.keepbx.jpom.controller.system;
import cn.hutool.core.io.FileUtil;
import cn.hutool.core.text.StrSpliter;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.jiangzeyin.common.DefaultSystemLog;
@ -14,10 +15,7 @@ import cn.keepbx.jpom.service.system.NginxService;
import cn.keepbx.jpom.service.system.WhitelistDirectoryService;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.github.odiszapc.nginxparser.NgxBlock;
import com.github.odiszapc.nginxparser.NgxConfig;
import com.github.odiszapc.nginxparser.NgxDumper;
import com.github.odiszapc.nginxparser.NgxParam;
import com.github.odiszapc.nginxparser.*;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@ -26,6 +24,8 @@ import org.springframework.web.bind.annotation.ResponseBody;
import javax.annotation.Resource;
import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
@ -46,6 +46,9 @@ public class NginxController extends BaseController {
@Resource
private NginxService nginxService;
/**
* nginx管理
*/
@RequestMapping(value = "nginx", method = RequestMethod.GET, produces = MediaType.TEXT_HTML_VALUE)
public String ngx() {
JSONArray ngxDirectory = whitelistDirectoryService.getNgxDirectory();
@ -55,6 +58,9 @@ public class NginxController extends BaseController {
return "system/nginx";
}
/**
* nginx配置
*/
@RequestMapping(value = "nginx_setting", method = RequestMethod.GET, produces = MediaType.TEXT_HTML_VALUE)
public String setting(String path, String name, String type) {
JSONArray ngxDirectory = whitelistDirectoryService.getNgxDirectory();
@ -68,7 +74,6 @@ public class NginxController extends BaseController {
JSONObject jsonObject = nginxService.getItem(file.getPath());
String string = FileUtil.readUtf8String(file);
jsonObject.put("context", string);
// String name = file.getName();
jsonObject.put("name", nginxService.paresName(path, file.getAbsolutePath()));
jsonObject.put("whitePath", path);
setAttribute("data", jsonObject);
@ -107,7 +112,14 @@ public class NginxController extends BaseController {
if (!whitelistDirectoryService.checkNgxDirectory(whitePath)) {
return JsonMessage.getString(400, "请选择正确的白名单");
}
boolean add = "add".equals(genre);
boolean add = false;
String msg = "修改";
if ("add".equals(genre)) {
msg = "新增";
add = true;
}
//nginx文件
File file = FileUtil.file(whitePath, name);
if ("quick".equals(type)) {
String port = getParameter("port");
if (StrUtil.isEmpty(port)) {
@ -117,19 +129,20 @@ public class NginxController extends BaseController {
if (StrUtil.isEmpty(domain)) {
return JsonMessage.getString(400, "请填写域名");
}
if (!whitePath.endsWith("/")) {
whitePath += "/";
}
String cachePath = whitePath + name.substring(0, name.indexOf(".")) + "/";
//添加配置信息
context = getQuickNgx(cachePath, port, domain);
} else {
if (StrUtil.isEmpty(context)) {
return JsonMessage.getString(400, "请填写配置信息");
String location = getParameter("location");
if (StrUtil.isEmpty(location)) {
return JsonMessage.getString(400, "请填写代理地址");
}
String convert = getParameter("convert");
String cert = getParameter("cert");
String key = getParameter("key");
boolean autoHttps = "true".equalsIgnoreCase(convert);
context = updateNgxServer(file.getAbsolutePath(), domain, cert, key, autoHttps, location);
}
if (StrUtil.isEmpty(context)) {
return JsonMessage.getString(400, "请填写配置信息");
}
try {
File file = FileUtil.file(whitePath, name);
if (add) {
if (file.exists()) {
return JsonMessage.getString(400, "该文件已存在");
@ -145,70 +158,264 @@ public class NginxController extends BaseController {
FileUtil.writeString(context, file, CharsetUtil.UTF_8);
} catch (Exception e) {
DefaultSystemLog.ERROR().error(e.getMessage(), e);
if (!add) {
return JsonMessage.getString(400, "修改失败");
return JsonMessage.getString(400, msg + "失败");
}
return JsonMessage.getString(200, msg + "成功");
}
/**
* 修改nginx
*
* @param path nginx路径
* @param domain 域名
* @param cert 证书地址
* @param key 私钥地址
* @param autoHttps 开启http自动跳转到https
* @param location 代理地址
*/
private String updateNgxServer(String path, String domain, String cert, String key, boolean autoHttps, String location) {
//是否增加https证书配置
boolean addCert = StrUtil.isNotEmpty(cert) || autoHttps;
try {
NgxConfig conf = NgxConfig.read(path);
Collection<NgxEntry> entries = conf.getEntries();
boolean hasCert = false;
//将证书指定域名和server监听域名一致的取出来
List<NgxBlock> ngxEntries = new ArrayList<>();
NgxConfig config = new NgxConfig();
for (NgxEntry entry : entries) {
if (entry instanceof NgxBlock) {
NgxBlock block = (NgxBlock) entry;
NgxParam serverName = block.findParam("server_name");
String values = serverName.getValue();
//判断域名是否相等
if (checkDomain(values, domain)) {
//将域名相同的server取出来
ngxEntries.add(block);
NgxParam sslCertificate = block.findParam("ssl_certificate");
if (null != sslCertificate) {
hasCert = true;
}
continue;
}
}
config.addEntry(entry);
}
//添加证书
if (addCert) {
updateNgxCert(config, ngxEntries, hasCert, domain, cert, key, autoHttps, location);
} else {
return JsonMessage.getString(400, "新增失败");
NgxBlock block;
if (ngxEntries.size() <= 0) {
block = new NgxBlock();
block.addValue("server");
} else {
block = ngxEntries.get(0);
}
config.addEntry(block);
updateNgxServer(block, domain, location);
}
return new NgxDumper(config).dump();
} catch (Exception e) {
DefaultSystemLog.ERROR().error(e.getMessage(), e);
}
return null;
}
/**
* 判断域名是否相等
*
* @param serverName 配置中的域名
* @param domain 域名
*/
private boolean checkDomain(String serverName, String domain) {
boolean pass = serverName.equalsIgnoreCase(domain);
if (!pass) {
List<String> list = StrSpliter.splitTrim(serverName, " ", true);
List<String> domainList = StrSpliter.splitTrim(domain, " ", true);
for (String str : domainList) {
if (list.contains(str)) {
pass = true;
break;
}
}
}
if (add) {
return JsonMessage.getString(200, "新增成功");
return pass;
}
/**
* 修改nginx
*
* @param conf 配置信息
* @param list 监听该域名的server集合
* @param hasCert server集合中是否有证书配置
* @param domain 域名
* @param cert 证书位置
* @param key 私钥路径
* @param autoHttps 开启http自动跳转到https
* @param location 代理地址
*/
private void updateNgxCert(NgxConfig conf, List<NgxBlock> list, boolean hasCert, String domain, String
cert, String key, boolean autoHttps, String location) {
int size = list.size();
if (size <= 0) {
NgxBlock block = new NgxBlock();
block.addValue("server");
//修改nginx证书配置
updateNgxSSlServer(block, domain, cert, key, location);
conf.addEntry(block);
if (autoHttps) {
NgxBlock block1 = addAutoHttps(domain);
conf.addEntry(block1);
}
return;
}
if (size < 2 || !hasCert) {
NgxBlock block = list.get(0);
updateNgxSSlServer(block, domain, cert, key, location);
conf.addEntry(block);
} else {
return JsonMessage.getString(200, "修改成功");
for (NgxBlock block : list) {
NgxParam sslCertificate = block.findParam("ssl_certificate");
if (null != sslCertificate) {
updateNgxSSlServer(block, domain, cert, key, location);
conf.addEntry(block);
continue;
}
if (!autoHttps) {
conf.addEntry(block);
}
}
}
if (autoHttps) {
NgxBlock block1 = addAutoHttps(domain);
conf.addEntry(block1);
}
}
/**
* 添加配置信息
* 修改nginx证书配置
*
* @param cachePath 缓存地址
* @param port 端口
* @param domain 监听地址
* @param block block
* @param domain 域名
* @param cert 证书地址
* @param key 私钥地址
* @param proxy 代理地址
*/
private String getQuickNgx(String cachePath, String port, String domain) {
String location = getParameter("location");
String convert = getParameter("convert");
String cert = getParameter("cert");
String key = getParameter("key");
String cacheStatus = getParameter("cacheStatus");
NgxConfig config = new NgxConfig();
if ("true".equals(cacheStatus)) {
int cacheSize = getParameterInt("cacheSize", 1024);
int inactive = getParameterInt("inactive", 30);
String value = " proxy_cache_path " + cachePath + " levels=1:2 keys_zone=mycache:10m max_size=" + cacheSize +
"m inactive=" + inactive + "m use_temp_path=off";
addNgxParam(config, value);
private void updateNgxSSlServer(NgxBlock block, String domain, String cert, String key, String proxy) {
updateNgxBlockParam(block, "443 ssl", "listen");
updateNgxBlockParam(block, domain, "server_name");
updateNgxBlockParam(block, "on", "ssl");
updateNgxBlockParam(block, cert, "ssl_certificate");
updateNgxBlockParam(block, key, "ssl_certificate_key");
updateNgxBlockParam(block, "shared:SSL:1m", "ssl_session_cache");
updateNgxBlockParam(block, "5m", "ssl_session_timeout");
updateNgxBlockParam(block, "HIGH:!aNULL:!MD5", "ssl_ciphers");
updateNgxBlockParam(block, "on", "ssl_prefer_server_ciphers");
NgxBlock location = block.findBlock("location");
if (location == null) {
location = new NgxBlock();
block.addEntry(location);
location.addValue("location /");
}
NgxBlock sever = new NgxBlock();
sever.addValue("server");
addNgxParam(sever, "listen " + port);
addNgxParam(sever, "server_name " + domain);
if (StrUtil.isNotEmpty(cert)) {
addNgxParam(sever, "ssl on");
addNgxParam(sever, "ssl_certificate " + cert);
addNgxParam(sever, "ssl_certificate_key " + key);
addNgxParam(sever, "ssl_prefer_server_ciphers on");
addNgxParam(sever, "ssl_session_cache shared:SSL:1m");
addNgxParam(sever, "ssl_session_timeout 5m");
addNgxParam(sever, "ssl_ciphers HIGH:!aNULL:!MD5");
if ("true".equals(convert)) {
NgxBlock httpSever = new NgxBlock();
httpSever.addValue("server");
addNgxParam(httpSever, "listen 80");
addNgxParam(httpSever, "server_name " + domain);
addNgxParam(httpSever, "rewrite ^(.*)$ https://$host$1 permanent");
config.addEntry(httpSever);
//修改location
updateLocation(location, proxy);
}
/**
* 添加http自动跳转到https
*
* @param domain 域名
* @return block
*/
private NgxBlock addAutoHttps(String domain) {
NgxBlock block = new NgxBlock();
block.addValue("server");
addNgxParam(block, "server_name " + domain);
addNgxParam(block, "listen 80");
addNgxParam(block, "rewrite ^(.*)$ https://$host$1 permanent");
return block;
}
/**
* 修改 server
*
* @param block block
* @param domain 域名
* @param proxy 代理地址
*/
private void updateNgxServer(NgxBlock block, String domain, String proxy) {
updateNgxBlockParam(block, "80", "listen");
updateNgxBlockParam(block, domain, "server_name");
NgxBlock location = block.findBlock("location");
if (location == null) {
location = new NgxBlock();
location.addValue("location /");
block.addEntry(location);
}
//修改location
updateLocation(location, proxy);
}
/**
* 修改location
*
* @param block block
* @param proxy 代理地址
*/
private void updateLocation(NgxBlock block, String proxy) {
updateNgxBlockParam(block, proxy, "proxy_pass");
updateNgxBlockParam(block, "$http_host", "proxy_set_header", "Host");
updateNgxBlockParam(block, "$remote_addr", "proxy_set_header", "X-Real-IP");
updateNgxBlockParam(block, "$proxy_add_x_forwarded_for", "proxy_set_header", "X-Forwarded-For");
}
/**
* 修改参数
*
* @param block block
* @param name 参数名称
* @param value 参数值
*/
private void updateNgxBlockParam(NgxBlock block, String value, String... name) {
NgxParam param = null;
if (1 == name.length) {
param = block.findParam(name);
} else {
List<NgxEntry> list = block.findAll(NgxParam.class, name);
for (NgxEntry entry : list) {
NgxParam ngxParam = (NgxParam) entry;
List<NgxToken> tokens = (List<NgxToken>) ngxParam.getTokens();
boolean pass = false;
for (int i = 0; i < name.length; i++) {
String tokenName = name[i].trim();
try {
String token = tokens.get(i).getToken();
if (!tokenName.equals(token)) {
pass = false;
break;
}
} catch (Exception e) {
pass = false;
break;
}
pass = true;
}
if (pass) {
param = ngxParam;
break;
}
}
}
NgxBlock locationBlock = new NgxBlock();
locationBlock.addValue("location /");
addNgxParam(locationBlock, "proxy_pass " + location);
addNgxParam(locationBlock, "proxy_set_header Host $http_host");
addNgxParam(locationBlock, "proxy_set_header X-Real-IP $remote_addr");
addNgxParam(locationBlock, "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for");
sever.addEntry(locationBlock);
config.addEntry(sever);
return new NgxDumper(config).dump();
String join = StrUtil.join(" ", name);
if (param == null) {
param = new NgxParam();
param.addValue(join + " " + value);
block.addEntry(param);
} else {
param = new NgxParam();
param.addValue(join + " " + value);
}
}
private void addNgxParam(NgxBlock block, String value) {

4
src/main/resources/vm/system/nginxSetting.vm
View File

@ -9,6 +9,10 @@
padding: 10px;
}
.div_hidden {
display: none !important;
}
.context {
height: 65vh;
}