package maker import ( "context" "encoding/json" "os" "path/filepath" "gitea.loveuer.com/yizhisec/pkg3/logger" "yizhisec.com/hsv2/forge/pkg/downloader" "yizhisec.com/hsv2/forge/pkg/model" ) func (m *maker) Proxy(ctx context.Context) error { const ( binURL = "https://artifactory.yizhisec.com:443/artifactory/filestore/hsv2/bin/caddy" systemdSvc = `[Unit] Description=YiZhiSec Caddy Reverse Proxy After=network.target [Service] Type=simple User=root ExecStart=/usr/local/bin/caddy run --config /etc/caddy/caddy.json StandardOutput=journal StandardError=journal Nice=-20 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target` ) location := filepath.Join(m.workdir, "dependency", "proxy") logger.Info("☑️ maker.Proxy: 开始构建 caddy 反向代理...") logger.Debug("☑️ maker.Proxy: 创建目录 %s", location) if err := os.MkdirAll(location, 0755); err != nil { logger.Debug("❌ maker.Proxy: 创建目录失败: %v", err) return err } logger.Debug("✅ maker.Proxy: 创建目录 %s 成功", location) logger.Debug("☑️ maker.Proxy: 下载 caddy 二进制..., url = %s, dest = %s", binURL, filepath.Join(location, "caddy")) if err := downloader.Download( ctx, binURL, filepath.Join(location, "caddy"), downloader.WithInsecureSkipVerify(), downloader.WithFileMode(0755), ); err != nil { logger.Debug("❌ maker.Proxy: 下载 caddy 失败, url = %s, err = %v", binURL, err) return err } logger.Debug("✅ maker.Proxy: 下载 caddy 成功, url = %s", binURL) logger.Debug("☑️ maker.Proxy: 写入 caddy.json 文件..., dest = %s", filepath.Join(location, "caddy.json")) caddyConfig := model.CaddyConfig{ "apps": &model.CaddyApp{ Layer4: &model.CaddyLayer4{ Servers: map[string]*model.CaddyServer{ "proxy_8443": { Listen: []string{":8443"}, Routes: []*model.CaddyRoute{ { Handle: []*model.CaddyHandle{ { Handler: "proxy", Upstreams: []*model.CaddyUpstream{ {Dial: []string{"__ip_1__:32443"}}, {Dial: []string{"__ip_2__:32443"}}, }, HealthChecks: &model.CaddyHealthCheck{ Active: &model.CaddyActive{ Interval: "10s", Timeout: "2s", Port: 32443, }, Passive: &model.CaddyPassive{ FailDuration: "30s", MaxFails: 2, }, }, LoadBalancing: &model.CaddyLoadBalancing{ Selection: &model.CaddySelection{ Policy: "round_robin", }, }, }, }, }, }, }, "proxy_443": { Listen: []string{":443"}, Routes: []*model.CaddyRoute{ { Handle: []*model.CaddyHandle{ { Handler: "proxy", Upstreams: []*model.CaddyUpstream{ {Dial: []string{"__ip_1__:31443"}}, {Dial: []string{"__ip_2__:31443"}}, }, HealthChecks: &model.CaddyHealthCheck{ Active: &model.CaddyActive{ Interval: "10s", Timeout: "2s", Port: 31443, }, Passive: &model.CaddyPassive{ FailDuration: "30s", MaxFails: 2, }, }, LoadBalancing: &model.CaddyLoadBalancing{ Selection: &model.CaddySelection{ Policy: "round_robin", }, }, }, }, }, }, }, }, }, }, } bs, _ := json.MarshalIndent(caddyConfig, "", " ") if err := os.WriteFile(filepath.Join(location, "caddy.json"), []byte(bs), 0644); err != nil { logger.Debug("❌ maker.Proxy: 写入 Caddyfile 失败, dest = %s, err = %v", filepath.Join(location, "caddy.json"), err) return err } logger.Debug("✅ maker.Proxy: 写入 Caddyfile 文件成功, dest = %s", filepath.Join(location, "caddy.json")) logger.Debug("☑️ maker.Proxy: 写入 caddy.service 文件..., dest = %s", filepath.Join(location, "caddy.service")) if err := os.WriteFile(filepath.Join(location, "caddy.service"), []byte(systemdSvc), 0644); err != nil { logger.Debug("❌ maker.Proxy: 写入 caddy.service 失败, dest = %s, err = %v", filepath.Join(location, "caddy.service"), err) return err } logger.Debug("✅ maker.Proxy: 写入 caddy.service 文件成功, dest = %s", filepath.Join(location, "caddy.service")) logger.Info("✅ maker.Proxy: 构建 caddy 反向代理成功!!!") return nil }