定制 daanra/laravel-lets-encrypt 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

daanra/laravel-lets-encrypt

Composer 安装命令:

composer require daanra/laravel-lets-encrypt

包简介

A Laravel package to easily generate SSL certificates using Let's Encrypt

README 文档

README

Latest Version on Packagist GitHub Tests Action Status Total Downloads

A Laravel package for easily generating and renewing SSL certificates using Let's Encrypt. This package is especially useful if you have a Laravel application that manages the SSL certificates of many domains. This package is not recommended if you just need to generate a single SSL certificate for your application.

This package is essentially a Laravel-friendly wrapper around Acme PHP.

Installation

You can install the package via composer:

composer require daanra/laravel-lets-encrypt

If you're having installation problems with conflicting dependencies caused by Guzzle then you might want to run:

composer require daanra/laravel-lets-encrypt guzzlehttp/guzzle:^6.0  -w

Publish the configuration file and the migration:

php artisan vendor:publish --provider="Daanra\LaravelLetsEncrypt\LetsEncryptServiceProvider" --tag="lets-encrypt"

Run the migration:

php artisan migrate

Note:

You somehow have to return a stored challenge whenever it it retrieved from the /.well-known/acme-challenge endpoint. You could do this by configuring NGINX/Apache appropriately or by registering a route:

Route::get('/.well-known/acme-challenge/{token}', function (string $token) {
    return \Illuminate\Support\Facades\Storage::get('public/.well-known/acme-challenge/' . $token);
})

Sometimes the /.well-known/ prefix is disabled by default in the NGINX/Apache config (see #4). Make sure it is forwarded to your Laravel application if you want Laravel to return the challenge.

Usage

Creating a new SSL certificate for a specific domain is easy:

// Puts several jobs on the queue to handle the communication with the lets-encrypt server
[$certificate, $pendingDispatch] = \Daanra\LaravelLetsEncrypt\Facades\LetsEncrypt::create('mydomain.com');

// You could, for example, chain some jobs to enable a new virtual host
// in Apache and send a notification once the website is available
[$certificate, $pendingDispatch] = \Daanra\LaravelLetsEncrypt\Facades\LetsEncrypt::create('mydomain.com', [
    new CreateNewApacheVirtualHost('mydomain.com'), 
    new ReloadApache(),
    new NotifyUserOfNewCertificate(request()->user()),
]);

// You can also do it synchronously:
\Daanra\LaravelLetsEncrypt\Facades\LetsEncrypt::createNow('mydomain.com');

Alternative syntax available from v0.3.0:

LetsEncrypt::certificate('mydomain.com')
            ->chain([
                new SomeJob()
            ])
            ->delay(5)
            ->retryAfter(4)
            ->setTries(4)
            ->setRetryList([1, 5, 10])
            ->create(); // or ->renew()

Where you can specify values for all jobs:

  • tries (The number of times the job may be attempted)
  • retryAfter (The number of seconds to wait before retrying the job)
  • retryList (The list of seconds to wait before retrying the job)
  • chain (Chain some jobs after the certificate has successfully been obtained)
  • delay (Set the desired delay for the job)

You could also achieve the same by using an artisan command:

php artisan lets-encrypt:create -d mydomain.com

Certificates are stored in the database. You can query them like so:

// All certificates
\Daanra\LaravelLetsEncrypt\Models\LetsEncryptCertificate::all();
// All expired certificates
\Daanra\LaravelLetsEncrypt\Models\LetsEncryptCertificate::query()->expired()->get();
// All currently valid certificates
\Daanra\LaravelLetsEncrypt\Models\LetsEncryptCertificate::query()->valid()->get();
// All certificates that should be renewed (because they're more than 60 days old)
\Daanra\LaravelLetsEncrypt\Models\LetsEncryptCertificate::query()->requiresRenewal()->get();

// Find certificate by domain
$certificate = LetsEncryptCertificate::where('domain', 'mydomain.com')->first();
// If you no longer need it, you can soft delete
$certificate->delete();
// Or use a hard delete
$certificate->forceDelete();

Subject Alternative Names

It's also possible to specify Subject Alternative Names as below (requires >= 0.5.0):

LetsEncrypt::certificate('mydomain.com')
        ->setSubjectAlternativeNames(['mydomain2.com'])
        ->create(); 

Failure events

If one of the jobs fails, one of the following events will be dispatched:

Daanra\LaravelLetsEncrypt\Events\CleanUpChallengeFailed
Daanra\LaravelLetsEncrypt\Events\ChallengeAuthorizationFailed
Daanra\LaravelLetsEncrypt\Events\RegisterAccountFailed
Daanra\LaravelLetsEncrypt\Events\RequestAuthorizationFailed
Daanra\LaravelLetsEncrypt\Events\RequestCertificateFailed
Daanra\LaravelLetsEncrypt\Events\StoreCertificateFailed
Daanra\LaravelLetsEncrypt\Events\RenewExpiringCertificatesFailed

Every event implements the Daanra\LaravelLetsEncrypt\Interfaces\LetsEncryptCertificateFailed interface so you can listen for that as well.

Automatically renewing certificates

Certificates are valid for 90 days. Before those 90 days are over, you will want to renew them. To do so, you could add the following to your App\Console\Kernel:

protected function schedule(Schedule $schedule)
{
    $schedule->job(new \Daanra\LaravelLetsEncrypt\Jobs\RenewExpiringCertificates)->daily();
}

This will automatically renew every certificate that is older than 60 days, ensuring that they never expire.

Configuration

By default this package will use Let's Encrypt's staging server to issue certificates. You should set:

LETS_ENCRYPT_API_URL=https://acme-v02.api.letsencrypt.org/directory

in the .env file of your production server.

By default, this package will attempt to validate a certificate using a HTTP-01 challenge. For this reason, a file will be temporarily stored in your application's storage directory under the path app/public/.well-known/acme-challenge/<CHALLENGE_TOKEN>. You can customise this behavior by setting a custom PathGenerator class in your config under path_generator. Note that Let's Encrypt expects the following path:

/.well-known/acme-challenge/<CHALLENGE_TOKEN>

to return the contents of the file located at $pathGenerator->getPath($token).

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email opensource@daanraatjes.dev instead of using the issue tracker. If you have a question, please open an issue instead of sending an email.

Credits

License

The MIT License (MIT). Please see License File for more information.

daanra/laravel-lets-encrypt 适用场景与选型建议

daanra/laravel-lets-encrypt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 55.73k 次下载、GitHub Stars 达 226, 最近一次更新时间为 2020 年 09 月 29 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「laravel」 「encrypt」 「ssl」 「certificate」 「lets」 「daanra」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 daanra/laravel-lets-encrypt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 daanra/laravel-lets-encrypt 我们能提供哪些服务?
定制开发 / 二次开发

基于 daanra/laravel-lets-encrypt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 55.73k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 226
  • 点击次数: 21
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 226
  • Watchers: 5
  • Forks: 30
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2020-09-29