damon/links
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正 Proxied、 SSL/TLS 设为 Flexible、开启 Always Use HTTPS

Browse Source
This commit is contained in:
root
2026-06-10 06:44:57 +08:00
parent a68b83fcbd
commit 5dea4c8b28
31 changed files with 950 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files
patches/application/common/service/CloudflareService.php
+65 -15
View File
@@ -80,8 +80,7 @@ class CloudflareService
}
/**
* 聚合检测三项状态
* Zone/NS 检测通过后,自动将根域名 A 记录指向 server_ip 并校验
* 聚合检测 Zone/NS/DNS 状态;NS 已验证且 Zone 已激活时,静默校验并修正 A 记录、Proxied、SSL、HTTPS
*
* @param array $row 域名记录
* @return array{zone_status: string, ns_status: string, dns_status: string, check_result: string}
@@ -140,12 +139,12 @@ class CloudflareService
$dnsStatus = 'failed';
$messages[] = 'DNS:server_ip格式无效';
} else {
try {
if ($this->hasRootCnameConflict($zoneId, $domain)) {
$dnsStatus = 'failed';
$messages[] = 'DNS:根域名存在CNAME记录,无法创建A记录';
} else {
$this->upsertRootARecord($zoneId, $domain, $this->serverIp);
if ($this->hasRootCnameConflict($zoneId, $domain)) {
$dnsStatus = 'failed';
$messages[] = 'DNS:根域名存在CNAME记录,无法创建A记录';
} else {
try {
$this->reconcileCloudflareConfig($zoneId, $domain, $this->serverIp);
if ($this->verifyRootARecord($zoneId, $domain, $this->serverIp)) {
$dnsStatus = 'created';
$messages[] = 'DNS:已创建(A=' . $this->serverIp . ')';
@@ -153,10 +152,10 @@ class CloudflareService
$dnsStatus = 'pending';
$messages[] = 'DNS:待创建(A记录未指向' . $this->serverIp . ')';
}
} catch (\Throwable $e) {
$dnsStatus = 'failed';
$messages[] = 'DNS:操作失败(' . $e->getMessage() . ')';
}
} catch (\Throwable $e) {
$dnsStatus = 'failed';
$messages[] = 'DNS:操作失败(' . $e->getMessage() . ')';
}
}
@@ -193,6 +192,49 @@ class CloudflareService
}
/**
* NS 已验证且 Zone 已激活时:读取 Proxied / SSL / HTTPS / A 记录,与期望值不一致则修正
*
* @throws Exception
*/
private function reconcileCloudflareConfig(string $zoneId, string $domain, string $ip): void
{
$this->ensureZoneEdgeSettings($zoneId);
$this->upsertRootARecord($zoneId, $domain, $ip);
}
/**
* 读取 Zone 单项设置值
*
* @throws Exception
*/
private function getZoneSettingValue(string $zoneId, string $settingId): string
{
$response = $this->request('GET', '/zones/' . $zoneId . '/settings/' . $settingId);
return strtolower(trim((string)($response['result']['value'] ?? '')));
}
/**
* SSL/TLS=Flexible、Always Use HTTPS=开启;已与期望一致则跳过 PATCH
*
* @throws Exception
*/
private function ensureZoneEdgeSettings(string $zoneId): void
{
if ($this->getZoneSettingValue($zoneId, 'ssl') !== 'flexible') {
$this->request('PATCH', '/zones/' . $zoneId . '/settings/ssl', [
'value' => 'flexible',
]);
}
if ($this->getZoneSettingValue($zoneId, 'always_use_https') !== 'on') {
$this->request('PATCH', '/zones/' . $zoneId . '/settings/always_use_https', [
'value' => 'on',
]);
}
}
/**
* 创建或更新根域名 A 记录(IP 与 Proxied 与期望不一致时修正)
*
* @throws Exception
*/
private function upsertRootARecord(string $zoneId, string $domain, string $ip): void
@@ -204,7 +246,7 @@ class CloudflareService
'name' => $domain,
'content' => $ip,
'ttl' => 1,
'proxied' => false,
'proxied' => true,
]);
return;
}
@@ -212,25 +254,33 @@ class CloudflareService
foreach ($records as $record) {
$recordId = (string)($record['id'] ?? '');
$content = (string)($record['content'] ?? '');
if ($recordId === '' || $content === $ip) {
$proxied = (bool)($record['proxied'] ?? false);
if ($recordId === '') {
continue;
}
if ($content === $ip && $proxied) {
continue;
}
$this->request('PATCH', '/zones/' . $zoneId . '/dns_records/' . $recordId, [
'content' => $ip,
'ttl' => 1,
'proxied' => false,
'proxied' => true,
]);
}
}
/**
* 校验根域名 A 记录:content 指向 server_ip 且已开启 Proxy
*
* @throws Exception
*/
private function verifyRootARecord(string $zoneId, string $domain, string $ip): bool
{
$records = $this->listRootARecords($zoneId, $domain);
foreach ($records as $record) {
if ((string)($record['content'] ?? '') === $ip) {
$content = (string)($record['content'] ?? '');
$proxied = (bool)($record['proxied'] ?? false);
if ($content === $ip && $proxied) {
return true;
}
}