站点证书一年有效期
This commit is contained in:
陈国伟
parent
0eab66f8e6
commit
53f0461047
@ -1,10 +1,11 @@
|
|||||||
using FastGithub.ReverseProxy;
|
using FastGithub.ReverseProxy;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Server.Kestrel.Core;
|
using Microsoft.AspNetCore.Server.Kestrel.Core;
|
||||||
|
using Microsoft.Extensions.Caching.Memory;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Concurrent;
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
@ -12,7 +13,6 @@ using System.Net;
|
|||||||
using System.Net.NetworkInformation;
|
using System.Net.NetworkInformation;
|
||||||
using System.Net.Sockets;
|
using System.Net.Sockets;
|
||||||
using System.Security.Cryptography.X509Certificates;
|
using System.Security.Cryptography.X509Certificates;
|
||||||
using System.Threading;
|
|
||||||
|
|
||||||
namespace FastGithub
|
namespace FastGithub
|
||||||
{
|
{
|
||||||
@ -22,9 +22,9 @@ namespace FastGithub
|
|||||||
public static class KestrelServerOptionsExtensions
|
public static class KestrelServerOptionsExtensions
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// 域名与证书
|
/// 域名证书缓存
|
||||||
/// </summary>
|
/// </summary>
|
||||||
private static readonly ConcurrentDictionary<string, Lazy<X509Certificate2>> domainCerts = new();
|
private static readonly IMemoryCache domainCertCache = new MemoryCache(Options.Create(new MemoryCacheOptions()));
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// 监听https的反向代理
|
/// 监听https的反向代理
|
||||||
@ -51,6 +51,7 @@ namespace FastGithub
|
|||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// 生成根证书
|
/// 生成根证书
|
||||||
|
/// 10年
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="caPublicCerPath"></param>
|
/// <param name="caPublicCerPath"></param>
|
||||||
/// <param name="caPrivateKeyPath"></param>
|
/// <param name="caPrivateKeyPath"></param>
|
||||||
@ -64,8 +65,8 @@ namespace FastGithub
|
|||||||
File.Delete(caPublicCerPath);
|
File.Delete(caPublicCerPath);
|
||||||
File.Delete(caPrivateKeyPath);
|
File.Delete(caPrivateKeyPath);
|
||||||
|
|
||||||
var validFrom = DateTime.Today.AddYears(-10);
|
var validFrom = DateTime.Today.AddDays(-1);
|
||||||
var validTo = DateTime.Today.AddYears(50);
|
var validTo = DateTime.Today.AddYears(10);
|
||||||
CertGenerator.GenerateBySelf(new[] { nameof(FastGithub) }, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
|
CertGenerator.GenerateBySelf(new[] { nameof(FastGithub) }, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,7 +80,7 @@ namespace FastGithub
|
|||||||
{
|
{
|
||||||
if (OperatingSystem.IsWindows() == false)
|
if (OperatingSystem.IsWindows() == false)
|
||||||
{
|
{
|
||||||
logger.LogWarning($"不支持自动安装根证书{caPublicCerPath}:请根据你的系统平台情况安装和信任根证书");
|
logger.LogWarning($"不支持自动安装证书{caPublicCerPath}:请手动安装证书到根证书颁发机构");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -96,7 +97,7 @@ namespace FastGithub
|
|||||||
}
|
}
|
||||||
catch (Exception)
|
catch (Exception)
|
||||||
{
|
{
|
||||||
logger.LogWarning($"安装根证书{caPublicCerPath}失败:请手动安装到“将所有的证书都放入下载存储”\\“受信任的根证书颁发机构”");
|
logger.LogWarning($"安装证书{caPublicCerPath}失败:请手动安装到“将所有的证书都放入下载存储”\\“受信任的根证书颁发机构”");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -110,17 +111,18 @@ namespace FastGithub
|
|||||||
/// <returns></returns>
|
/// <returns></returns>
|
||||||
private static X509Certificate2 GetDomainCert(string? domain, string caPublicCerPath, string caPrivateKeyPath)
|
private static X509Certificate2 GetDomainCert(string? domain, string caPublicCerPath, string caPrivateKeyPath)
|
||||||
{
|
{
|
||||||
return domainCerts.GetOrAdd(domain ?? string.Empty, GetOrCreateCert).Value;
|
return domainCertCache.GetOrCreate(domain ?? string.Empty, GetOrCreateCert);
|
||||||
|
|
||||||
Lazy<X509Certificate2> GetOrCreateCert(string host)
|
// 生成域名的1年证书
|
||||||
|
X509Certificate2 GetOrCreateCert(ICacheEntry entry)
|
||||||
{
|
{
|
||||||
return new Lazy<X509Certificate2>(() =>
|
var host = (string)entry.Key;
|
||||||
{
|
var domains = GetDomains(host).Distinct();
|
||||||
var domains = GetDomains(host).Distinct();
|
var validFrom = DateTime.Today.AddDays(-1);
|
||||||
var validFrom = DateTime.Today.AddYears(-1);
|
var validTo = DateTime.Today.AddYears(1);
|
||||||
var validTo = DateTime.Today.AddYears(10);
|
|
||||||
return CertGenerator.GenerateByCa(domains, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
|
entry.SetAbsoluteExpiration(validTo);
|
||||||
}, LazyThreadSafetyMode.ExecutionAndPublication);
|
return CertGenerator.GenerateByCa(domains, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user