重构证书部署逻辑，检查 SSL 目录配置。添加了公共 IP 检索功能，并改进了证书部署过程中的错误处理。更新了配置结构标签，以实现 YAML 兼容性。

orange-juzipi · orange-juzipi · commit b392085c3310 · 2025-09-29T16:17:46.000+08:00
diff --git a/internal/client/cert_deploy.go b/internal/client/cert_deploy.go
@@ -46,32 +46,38 @@ func (cd *CertDeployer) DeployCertificate(domain, url string) error {
 
 	fmt.Printf("证书下载完成: %s\n", zipFile)
 
-	// 证书文件夹名
-	folderName := domain + "_certificates"
+	// 2. 检查是否配置了SSL目录
+	sslPath := config.GetConfig().SSL.Path
+	if sslPath != "" {
+		// 证书文件夹名
+		folderName := domain + "_certificates"
+
+		// 1. 解压zip文件
+		extractDir := filepath.Join(certsDir, folderName)
+		if err := cd.extractZip(zipFile, extractDir); err != nil {
+			return fmt.Errorf("解压证书失败: %w", err)
+		}
 
-	// 1. 解压zip文件
-	extractDir := filepath.Join(certsDir, folderName)
-	if err := cd.extractZip(zipFile, extractDir); err != nil {
-		return fmt.Errorf("解压证书失败: %w", err)
-	}
+		// 移动到配置的SSL目录
+		if err := cd.moveCertificates(extractDir, sslPath, folderName); err != nil {
+			return fmt.Errorf("移动证书失败: %w", err)
+		}
 
-	// 2. 移动到配置的SSL目录
-	sslPath := config.GetConfig().SSL.Path
-	if err := cd.moveCertificates(extractDir, sslPath, folderName); err != nil {
-		return fmt.Errorf("移动证书失败: %w", err)
-	}
+		// 3. 测试nginx配置
+		if err := cd.testNginxConfig(); err != nil {
+			return fmt.Errorf("nginx配置测试失败: %w", err)
+		}
 
-	// 3. 测试nginx配置
-	if err := cd.testNginxConfig(); err != nil {
-		return fmt.Errorf("nginx配置测试失败: %w", err)
-	}
+		// 4. 重新加载nginx
+		if err := cd.reloadNginx(); err != nil {
+			return fmt.Errorf("nginx重新加载失败: %w", err)
+		}
+		fmt.Printf("证书部署完成: %s\n", domain)
 
-	// 4. 重新加载nginx
-	if err := cd.reloadNginx(); err != nil {
-		return fmt.Errorf("nginx重新加载失败: %w", err)
+	} else {
+		fmt.Println("未配置SSL目录，证书已下载到: ", zipFile)
 	}
 
-	fmt.Printf("证书部署完成: %s\n", domain)
 	return nil
 }
 
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -9,27 +9,27 @@ import (
 )
 
 var (
-	Config  *Configuration
-	Version = "v0.0.1"
-	URL     = URLLocal
-	// URL      = URLProd
+	Config   *Configuration
+	Version  = "v0.0.1"
+	URL      = URLProd
 	URLProd  = "https://cert.yzys.cc/deploy"
 	URLLocal = "http://localhost:9000/deploy"
 )
 
 // Configuration 应用配置结构
 type Configuration struct {
-	Server ServerConfig `mapstructure:"server"`
-	SSL    SSLConfig    `mapstructure:"ssl"`
+	Server ServerConfig `yaml:"server"`
+	SSL    SSLConfig    `yaml:"ssl"`
 }
 
 type (
 	ServerConfig struct {
-		AccessKey string `mapstructure:"accessKey"`
+		AccessKey string `yaml:"accessKey"`
+		Env       string `yaml:"env"`
 	}
 
 	SSLConfig struct {
-		Path string `mapstructure:"path"`
+		Path string `yaml:"path"`
 	}
 )
 
@@ -68,6 +68,10 @@ func validateConfig() error {
 		}
 	}
 
+	if Config.Server.Env == "local" {
+		URL = URLLocal
+	}
+
 	return nil
 }
 
diff --git a/internal/system/info.go b/internal/system/info.go
@@ -5,7 +5,9 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"io"
 	"net"
+	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -36,9 +38,11 @@ func GetSystemInfo() (*SystemInfo, error) {
 		info.Hostname = hostname
 	}
 
-	// 获取本机IP
-	if ip := getLocalIP(); ip != "" {
-		info.IP = ip
+	// 获取IP地址（优先公网IP，失败则使用内网IP）
+	if publicIP := getPublicIP(); publicIP != "" {
+		info.IP = publicIP
+	} else if localIP := getLocalIP(); localIP != "" {
+		info.IP = localIP
 	}
 
 	return info, nil
@@ -360,3 +364,64 @@ func trimNL(b []byte) []byte {
 	}
 	return b
 }
+
+// getPublicIP 获取公网IP地址
+func getPublicIP() string {
+	// 使用多个服务提供商，提高成功率
+	services := []string{
+		"https://checkip.amazonaws.com",
+		"https://ifconfig.me/ip",
+		"https://api.ipify.org",
+		"https://ipv4.icanhazip.com",
+		"https://api.ip.sb/ip", // 国内可能无法访问
+	}
+
+	for _, service := range services {
+		if ip := getIPFromService(service); ip != "" {
+			return ip
+		}
+	}
+	return ""
+}
+
+// getIPFromService 从指定服务获取IP地址
+func getIPFromService(serviceURL string) string {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	client := &http.Client{
+		Timeout: 5 * time.Second,
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "GET", serviceURL, nil)
+	if err != nil {
+		return ""
+	}
+
+	// 设置User-Agent，避免被某些服务拒绝
+	req.Header.Set("User-Agent", "cert-deploy-client/1.0")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return ""
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return ""
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return ""
+	}
+
+	ip := strings.TrimSpace(string(body))
+
+	// 验证IP地址格式
+	if net.ParseIP(ip) != nil {
+		return ip
+	}
+
+	return ""
+}

Original file line number	Diff line number	Diff line change
`@@ -9,27 +9,27 @@ import (`
`9`	`9`	`)`
`10`	`10`
`11`	`11`	`var (`
`12`		`- Config *Configuration`
`13`		`- Version = "v0.0.1"`
`14`		`- URL = URLLocal`
`15`		`- // URL = URLProd`
	`12`	`+ Config *Configuration`
	`13`	`+ Version = "v0.0.1"`
	`14`	`+ URL = URLProd`
`16`	`15`	`URLProd = "https://cert.yzys.cc/deploy"`
`17`	`16`	`URLLocal = "http://localhost:9000/deploy"`
`18`	`17`	`)`
`19`	`18`
`20`	`19`	`// Configuration 应用配置结构`
`21`	`20`	`type Configuration struct {`
`22`		- Server ServerConfig `mapstructure:"server"`
`23`		- SSL SSLConfig `mapstructure:"ssl"`
	`21`	+ Server ServerConfig `yaml:"server"`
	`22`	+ SSL SSLConfig `yaml:"ssl"`
`24`	`23`	`}`
`25`	`24`
`26`	`25`	`type (`
`27`	`26`	`ServerConfig struct {`
`28`		- AccessKey string `mapstructure:"accessKey"`
	`27`	+ AccessKey string `yaml:"accessKey"`
	`28`	+ Env string `yaml:"env"`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`SSLConfig struct {`
`32`		- Path string `mapstructure:"path"`
	`32`	+ Path string `yaml:"path"`
`33`	`33`	`}`
`34`	`34`	`)`
`35`	`35`
`@@ -68,6 +68,10 @@ func validateConfig() error {`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`
	`71`	`+ if Config.Server.Env == "local" {`
	`72`	`+ URL = URLLocal`
	`73`	`+ }`
	`74`	`+`
`71`	`75`	`return nil`
`72`	`76`	`}`
`73`	`77`