From f736fb6be8d5211c5d5c87dedb12aa930d25d263 Mon Sep 17 00:00:00 2001
From: xljiulang <366193849@qq.com>
Date: Sun, 18 Jul 2021 03:29:19 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81ip=E8=AE=BF=E9=97=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
FastGithub.ReverseProxy/CertGenerator.cs | 13 ++++-
.../KestrelServerOptionsExtensions.cs | 58 +++++++++++++++----
2 files changed, 60 insertions(+), 11 deletions(-)
diff --git a/FastGithub.ReverseProxy/CertGenerator.cs b/FastGithub.ReverseProxy/CertGenerator.cs
index ab57a2e..2ca6ee4 100644
--- a/FastGithub.ReverseProxy/CertGenerator.cs
+++ b/FastGithub.ReverseProxy/CertGenerator.cs
@@ -16,6 +16,7 @@ using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
+using System.Net;
using System.Text;
using X509Certificate2 = System.Security.Cryptography.X509Certificates.X509Certificate2;
@@ -114,7 +115,17 @@ namespace FastGithub.ReverseProxy
certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue());
}
- var names = domains.Select(domain => new GeneralName(GeneralName.DnsName, domain)).ToArray();
+ var names = domains.Select(domain =>
+ {
+ var nameType = GeneralName.DnsName;
+ if (IPAddress.TryParse(domain, out _))
+ {
+ nameType = GeneralName.IPAddress;
+ }
+ return new GeneralName(nameType, domain);
+
+ }).ToArray();
+
var subjectAltName = new GeneralNames(names);
certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
return certGenerator.Generate(signatureFactory);
diff --git a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
index 0b49500..8fa4da0 100644
--- a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
+++ b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
@@ -5,6 +5,11 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Net.NetworkInformation;
+using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
@@ -35,25 +40,58 @@ namespace FastGithub
kestrel.ListenAnyIP(443, listen =>
listen.UseHttps(https =>
https.ServerCertificateSelector = (ctx, domain) =>
- GetOrCreateCert(domain)));
+ GetDomainCert(domain, caPublicCerPath, caPrivateKeyPath)));
logger.LogInformation("https反向代理服务启动成功");
+ }
+ ///
+ /// 获取颁发给指定域名的证书
+ ///
+ ///
+ ///
+ ///
+ ///
+ private static X509Certificate2 GetDomainCert(string domain, string caPublicCerPath, string caPrivateKeyPath)
+ {
+ return domainCerts.GetOrAdd(domain, GetOrCreateCert).Value;
- X509Certificate2 GetOrCreateCert(string key)
+ Lazy GetOrCreateCert(string host)
{
- if (key == string.Empty)
+ return new Lazy(() =>
{
- key = "github.com";
- }
-
- return domainCerts.GetOrAdd(key, domain => new Lazy(() =>
- {
- var domains = new[] { domain };
+ var domains = GetDomains(host).Distinct();
var validFrom = DateTime.Today.AddYears(-1);
var validTo = DateTime.Today.AddYears(10);
return CertGenerator.Generate(domains, 2048, validFrom, validTo, caPublicCerPath, caPrivateKeyPath);
- }, LazyThreadSafetyMode.ExecutionAndPublication)).Value;
+ }, LazyThreadSafetyMode.ExecutionAndPublication);
+ }
+ }
+
+ ///
+ /// 获取域名
+ ///
+ ///
+ ///
+ private static IEnumerable GetDomains(string host)
+ {
+ if (string.IsNullOrEmpty(host) == false)
+ {
+ yield return host;
+ }
+
+ yield return Environment.MachineName;
+ yield return IPAddress.Loopback.ToString();
+
+ foreach (var @interface in NetworkInterface.GetAllNetworkInterfaces())
+ {
+ foreach (var addressInfo in @interface.GetIPProperties().UnicastAddresses)
+ {
+ if (addressInfo.Address.AddressFamily == AddressFamily.InterNetwork)
+ {
+ yield return addressInfo.Address.ToString();
+ }
+ }
}
}