自安装根证书

FastGithub.ReverseProxy/ListenOptionsHttpsExtensions.cs

@@ -1,6 +1,8 @@
 using FastGithub.ReverseProxy;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Concurrent;
 using System.Security.Cryptography.X509Certificates;
@@ -21,6 +23,27 @@ namespace FastGithub
         /// <returns></returns>
         public static ListenOptions UseGithubHttps(this ListenOptions listenOptions, string caPublicCerPath, string caPrivateKeyPath)
         {
+            if (OperatingSystem.IsWindows())
+            {
+                try
+                {
+                    var caCert = new X509Certificate2(caPublicCerPath);
+                    using var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
+                    store.Open(OpenFlags.ReadWrite);
+                    if (store.Certificates.Find(X509FindType.FindByThumbprint, caCert.Thumbprint, true).Count == 0)
+                    {
+                        store.Add(caCert);
+                        store.Close();
+                    }
+                }
+                catch (Exception ex)
+                {
+                    var loggerFactory = listenOptions.ApplicationServices.GetRequiredService<LoggerFactory>();
+                    var logger = loggerFactory.CreateLogger($"{nameof(FastGithub)}{nameof(ReverseProxy)}");
+                    logger.LogError($"安装根证书{caPublicCerPath}失败：{ex.Message}");
+                }
+            }
+
             return listenOptions.UseHttps(https =>
             {
                 var certs = new ConcurrentDictionary<string, X509Certificate2>();

FastGithub/FastGithub.csproj

@@ -5,6 +5,7 @@
 		<TargetFrameworks>net5.0;net6.0</TargetFrameworks>
 		<PackageLicenseExpression>MIT</PackageLicenseExpression>
 		<ApplicationIcon>app.ico</ApplicationIcon>
+		<ANCMPreConfiguredForIIS>true</ANCMPreConfiguredForIIS>
 	</PropertyGroup>
 
 	<PropertyGroup Condition="'$(TargetFramework)' == 'net6.0'">
@@ -25,19 +26,19 @@
 
 	<ItemGroup>
 		<None Update="appsettings.domain.json.example">
-		  <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
 		</None>
 		<None Update="appsettings.github.json">
-		  <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
 		</None>
 		<None Update="appsettings.json">
 			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
 		</None>
 		<None Update="FastGithub_CA.cer">
-		  <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
 		</None>
 		<None Update="FastGithub_CA.key">
-		  <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
 		</None>
 		<None Update="README.MD">
 			<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>

FastGithub/Program.cs

@@ -49,7 +49,7 @@ namespace FastGithub
                     });
 
                     web.UseKestrel(kestrel =>
-                    {
+                    {                        
                         kestrel.ListenAnyIP(443, listen => listen.UseGithubHttps("FastGithub_CA.cer", "FastGithub_CA.key"));
                     });
                 });

FastGithub/README.MD

@@ -1,6 +1,10 @@
 # FastGithub
 github定制版的dns服务，解析github最优的ip
 
+### 安装根证书
+默认开启github反向代理功能，开启之后dns返回github的ip指向FastGithub自身。
+需要在浏览器所在的设备安装FastGithub_CA.cer到`将所有的证书都放入下载存储\受信任的根证书颁发机构`
+
 ### 本机使用
 * 运行FastGithub程序，本机的网络适配器的dns会自动变成127.0.0.1
 * 如果网络适配器的dns没有变成127.0.0.1，请手工修改网络适配器的dns