添加信号关闭函数并改进错误处理

在signalchan包中新增CloseSignal函数以正确关闭信号通道，并在多个文件中改进了错误处理，增加了详细的错误信息。

src/certssl/account/data.go

@@ -1,6 +1,7 @@
 package account
 
 import (
+	"fmt"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 	"time"
@@ -19,7 +20,7 @@ type Account struct {
 func newAccount(email string, client *lego.Client) (Account, error) {
 	res, err := register(client)
 	if err != nil {
-		return Account{}, err
+		return Account{}, fmt.Errorf("new account failed: %s", err.Error())
 	}
 
 	now := time.Now()

src/certssl/account/load.go

@@ -15,7 +15,7 @@ func loadAccount(dir string, email string) (Account, error) {
 
 	file, err := os.Open(filepath)
 	if err != nil {
-		return Account{}, err
+		return Account{}, fmt.Errorf("open account file failed: %s", err.Error())
 	}
 	defer func() {
 		_ = file.Close()
@@ -26,7 +26,7 @@ func loadAccount(dir string, email string) (Account, error) {
 
 	err = dec.Decode(&account)
 	if err != nil {
-		return Account{}, err
+		return Account{}, fmt.Errorf("decode account failed: %s", err.Error())
 	}
 
 	if time.Now().After(account.ExpirationTime) {

src/certssl/account/main.go

@@ -2,30 +2,31 @@ package account
 
 import (
 	"errors"
+	"fmt"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 	"os"
-	"path"
 )
 
-func GetAccount(basedir string, email string, client *lego.Client) (*registration.Resource, error) {
-	dir := path.Join(basedir, "account")
-	err := os.MkdirAll(basedir, 0775)
+func GetAccount(dir string, email string, client *lego.Client) (*registration.Resource, error) {
+	err := os.MkdirAll(dir, 0775)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to create directory %s: %s", dir, err.Error())
 	}
 
 	account, err := loadAccount(dir, email)
 	if err != nil && errors.Is(err, ErrExpiredAccount) {
 		account, err = newAccount(email, client)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("not local account, new account failed: %s", err.Error())
 		}
 
 		err = saveAccount(dir, account)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("not local account, save account failed: %s", err.Error())
 		}
+
+		fmt.Printf("account register success %s\n", email)
 	} else if err != nil {
 		return nil, nil
 	}

src/certssl/account/register.go

@@ -1,6 +1,7 @@
 package account
 
 import (
+	"fmt"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 )
@@ -12,7 +13,7 @@ func register(client *lego.Client) (*registration.Resource, error) {
 
 	reg, err := client.Registration.Register(regOption)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("register failed: %s", err.Error())
 	}
 
 	return reg, nil

src/certssl/account/save.go

@@ -11,7 +11,7 @@ import (
 func saveAccount(dir string, account Account) error {
 	err := os.MkdirAll(dir, 0775)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to create directory %s: %s", dir, err.Error())
 	}
 	filepath := path.Join(dir, fmt.Sprintf("%s.account", account.Email))
 

src/certssl/applycert/main.go

@@ -2,22 +2,21 @@ package applycert
 
 import (
 	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
+	"fmt"
 	"github.com/SongZihuan/Http-Demo/src/certssl/account"
 	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge/http01"
 	"github.com/go-acme/lego/v4/lego"
 	"net"
+	"path"
 	"time"
 )
 
 func ApplyCert(basedir string, email string, httpsAddress string, domain string) (crypto.PrivateKey, *certificate.Resource, error) {
-	privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+	privateKey, err := certcrypto.GeneratePrivateKey(certcrypto.RSA4096)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("generate private key failed: %s", err.Error())
 	}
 
 	user := newUser(email, privateKey)
@@ -27,22 +26,22 @@ func ApplyCert(basedir string, email string, httpsAddress string, domain string)
 	config.Certificate.Timeout = 30 * 24 * time.Hour
 	client, err := lego.NewClient(config)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("new client failed: %s", err.Error())
 	}
 
 	iface, port, err := net.SplitHostPort(httpsAddress)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("split host port failed: %s", err.Error())
 	}
 
 	err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer(domain, port))
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("set http01 provider failed: %s", err.Error())
 	}
 
-	reg, err := account.GetAccount(basedir, user.GetEmail(), client)
+	reg, err := account.GetAccount(path.Join(basedir, "account"), user.GetEmail(), client)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("get account failed: %s", err.Error())
 	}
 	user.setRegistration(reg)
 
@@ -57,17 +56,17 @@ func ApplyCert(basedir string, email string, httpsAddress string, domain string)
 
 	resource, err := client.Certificate.Obtain(request)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("obtain certificate failed: %s", err.Error())
 	}
 
-	err = writerWithDate(basedir, resource)
+	err = writerWithDate(path.Join(basedir, "cert-backup"), resource)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("writer certificate backup failed: %s", err.Error())
 	}
 
 	err = writer(basedir, resource)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("writer certificate failed: %s", err.Error())
 	}
 
 	return privateKey, resource, nil

src/certssl/applycert/read.go

@@ -10,28 +10,28 @@ import (
 	"path"
 )
 
-func ReadLocalCertificateAndPrivateKey(dir string) (crypto.PrivateKey, *x509.Certificate, error) {
-	cert, err := readCertificate(dir)
+func ReadLocalCertificateAndPrivateKey(basedir string) (crypto.PrivateKey, *x509.Certificate, error) {
+	cert, err := readCertificate(basedir)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("read certificate failed: %s", err.Error())
 	}
 
-	privateKey, err := readPrivateKey(dir)
+	privateKey, err := readPrivateKey(basedir)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("read private key failed: %s", err.Error())
 	}
 
 	return privateKey, cert, nil
 }
 
-func readCertificate(dir string) (*x509.Certificate, error) {
+func readCertificate(basedir string) (*x509.Certificate, error) {
 	// 请替换为你的证书文件路径
-	certPath := path.Join(dir, filename.FileCertificate)
+	certPath := path.Join(basedir, filename.FileCertificate)
 
 	// 读取PEM编码的证书文件
 	pemData, err := os.ReadFile(certPath)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to read certificate file: %v", err)
 	}
 
 	// 解析PEM编码的数据
@@ -49,9 +49,9 @@ func readCertificate(dir string) (*x509.Certificate, error) {
 	return cert, nil
 }
 
-func readPrivateKey(dir string) (crypto.PrivateKey, error) {
+func readPrivateKey(basedir string) (crypto.PrivateKey, error) {
 	// 请替换为你的RSA私钥文件路径
-	keyPath := path.Join(dir, filename.FilePrivateKey)
+	keyPath := path.Join(basedir, filename.FilePrivateKey)
 
 	// 读取PEM编码的私钥文件
 	pemData, err := os.ReadFile(keyPath)

src/certssl/applycert/write.go

@@ -9,10 +9,10 @@ import (
 	"path"
 )
 
-func writerWithDate(baseDir string, resource *certificate.Resource) error {
+func writerWithDate(dir string, resource *certificate.Resource) error {
 	cert, err := utils.ReadCertificate(resource.Certificate)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to read certificate: %s", err.Error())
 	}
 
 	domain := cert.Subject.CommonName
@@ -25,28 +25,28 @@ func writerWithDate(baseDir string, resource *certificate.Resource) error {
 	month := fmt.Sprintf("%d", cert.NotBefore.Month())
 	day := fmt.Sprintf("%d", cert.NotBefore.Day())
 
-	dir := path.Join(baseDir, domain, year, month, day)
-	err = os.MkdirAll(dir, 0775)
+	backupdir := path.Join(dir, domain, year, month, day)
+	err = os.MkdirAll(backupdir, 0775)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FilePrivateKey), resource.PrivateKey, os.ModePerm)
+	err = os.WriteFile(path.Join(backupdir, filename.FilePrivateKey), resource.PrivateKey, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileCertificate), resource.Certificate, os.ModePerm)
+	err = os.WriteFile(path.Join(backupdir, filename.FileCertificate), resource.Certificate, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileIssuerCertificate), resource.IssuerCertificate, os.ModePerm)
+	err = os.WriteFile(path.Join(backupdir, filename.FileIssuerCertificate), resource.IssuerCertificate, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileCSR), resource.CSR, os.ModePerm)
+	err = os.WriteFile(path.Join(backupdir, filename.FileCSR), resource.CSR, os.ModePerm)
 	if err != nil {
 		return err
 	}
@@ -54,28 +54,28 @@ func writerWithDate(baseDir string, resource *certificate.Resource) error {
 	return nil
 }
 
-func writer(dir string, resource *certificate.Resource) error {
-	err := os.MkdirAll(dir, 0775)
+func writer(basedir string, resource *certificate.Resource) error {
+	err := os.MkdirAll(basedir, 0775)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to create directory %s: %s", basedir, err.Error())
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FilePrivateKey), resource.PrivateKey, os.ModePerm)
+	err = os.WriteFile(path.Join(basedir, filename.FilePrivateKey), resource.PrivateKey, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileCertificate), resource.Certificate, os.ModePerm)
+	err = os.WriteFile(path.Join(basedir, filename.FileCertificate), resource.Certificate, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileIssuerCertificate), resource.IssuerCertificate, os.ModePerm)
+	err = os.WriteFile(path.Join(basedir, filename.FileIssuerCertificate), resource.IssuerCertificate, os.ModePerm)
 	if err != nil {
 		return err
 	}
 
-	err = os.WriteFile(path.Join(dir, filename.FileCSR), resource.CSR, os.ModePerm)
+	err = os.WriteFile(path.Join(basedir, filename.FileCSR), resource.CSR, os.ModePerm)
 	if err != nil {
 		return err
 	}

src/certssl/main.go

@@ -5,7 +5,7 @@ import (
 	"crypto/x509"
 	"fmt"
 	"github.com/SongZihuan/Http-Demo/src/certssl/applycert"
-	utils2 "github.com/SongZihuan/Http-Demo/src/utils"
+	"github.com/SongZihuan/Http-Demo/src/utils"
 	"time"
 )
 
@@ -14,27 +14,27 @@ func GetCertificateAndPrivateKey(basedir string, email string, httpsAddress stri
 		email = "no-reply@example.com"
 	}
 
-	if !utils2.IsValidEmail(email) {
+	if !utils.IsValidEmail(email) {
 		return nil, nil, fmt.Errorf("not a valid email")
 	}
 
-	if !utils2.IsValidDomain(domain) {
+	if !utils.IsValidDomain(domain) {
 		return nil, nil, fmt.Errorf("not a valid domain")
 	}
 
 	privateKey, cert, err := applycert.ReadLocalCertificateAndPrivateKey(basedir)
-	if err == nil && utils2.CheckCertWithDomain(cert, domain) && utils2.CheckCertWithTime(cert, 5*24*time.Hour) {
+	if err == nil && utils.CheckCertWithDomain(cert, domain) && utils.CheckCertWithTime(cert, 5*24*time.Hour) {
 		return privateKey, cert, nil
 	}
 
 	privateKey, resource, err := applycert.ApplyCert(basedir, email, httpsAddress, domain)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("apply cert failed: %s", err.Error())
 	}
 
-	cert, err = utils2.ReadCertificate(resource.Certificate)
+	cert, err = utils.ReadCertificate(resource.Certificate)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("read cert failed: %s", err.Error())
 	}
 
 	return privateKey, cert, nil
@@ -61,7 +61,7 @@ func WatchCertificateAndPrivateKey(dir string, email string, httpsAddress string
 			privateKey, cert, err := watchCertificateAndPrivateKey(dir, email, httpsAddress, domain, oldPrivateKey, oldCert)
 			if err != nil {
 				newchan <- NewCert{
-					Error: err,
+					Error: fmt.Errorf("watch cert failed: %s", err.Error()),
 				}
 			} else if privateKey != nil || cert != nil {
 				newchan <- NewCert{
@@ -78,26 +78,26 @@ func watchCertificateAndPrivateKey(dir string, email string, httpsAddress string
 		email = "no-reply@example.com"
 	}
 
-	if !utils2.IsValidEmail(email) {
+	if !utils.IsValidEmail(email) {
 		return nil, nil, fmt.Errorf("not a valid email")
 	}
 
-	if !utils2.IsValidDomain(domain) {
+	if !utils.IsValidDomain(domain) {
 		return nil, nil, fmt.Errorf("not a valid domain")
 	}
 
-	if utils2.CheckCertWithDomain(oldCert, domain) && utils2.CheckCertWithTime(oldCert, 5*24*time.Hour) {
+	if utils.CheckCertWithDomain(oldCert, domain) && utils.CheckCertWithTime(oldCert, 5*24*time.Hour) {
 		return nil, nil, nil
 	}
 
 	privateKey, resource, err := applycert.ApplyCert(dir, email, httpsAddress, domain)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("apply cert fail: %s", err.Error())
 	}
 
-	cert, err := utils2.ReadCertificate(resource.Certificate)
+	cert, err := utils.ReadCertificate(resource.Certificate)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, fmt.Errorf("read cert failed: %s", err.Error())
 	}
 
 	return privateKey, cert, nil

src/httpserver/server.go

@@ -30,5 +30,5 @@ func RunServer() error {
 	if err != nil && errors.Is(err, http.ErrServerClosed) {
 		return ErrStop
 	}
-	return err
+	return fmt.Errorf("http server error: %s", err)
 }

src/httpsslserver/server.go

@@ -35,7 +35,7 @@ func InitHttpSSLServer() (err error) {
 
 	PrivateKey, Certificate, err = certssl.GetCertificateAndPrivateKey(HttpSSLCertDir, HttpSSLEmail, HttpSSLAddress, HttpSSLDomain)
 	if err != nil {
-		return err
+		return fmt.Errorf("Init htttps error: %s", err.Error())
 	}
 
 	return initHttpSSLServer()
@@ -81,7 +81,7 @@ ListenCycle:
 			ReloadMutex.Unlock() // 等待证书更换完毕
 			continue ListenCycle
 		} else if err != nil {
-			return err
+			return fmt.Errorf("https server error: %s", err.Error())
 		}
 	}
 }
@@ -92,7 +92,7 @@ func WatchCert(stopchan chan bool) {
 	go func() {
 		err := certssl.WatchCertificateAndPrivateKey(HttpSSLCertDir, HttpSSLEmail, HttpSSLAddress, HttpSSLDomain, PrivateKey, Certificate, stopchan, newchan)
 		if err != nil {
-			fmt.Printf("watch cert error: %s", err.Error())
+			fmt.Printf("watch https cert server error: %s", err.Error())
 		}
 	}()
 
@@ -103,7 +103,7 @@ func WatchCert(stopchan chan bool) {
 				close(newchan)
 				return
 			} else if res.Error != nil {
-				fmt.Printf("watch cert error: %s", res.Error.Error())
+				fmt.Printf("https cert reload server error: %s", res.Error.Error())
 			} else if res.PrivateKey == nil && res.Certificate == nil {
 				func() {
 					ReloadMutex.Lock()
@@ -114,7 +114,7 @@ func WatchCert(stopchan chan bool) {
 
 					err := HttpSSLServer.Shutdown(ctx)
 					if err != nil {
-						fmt.Printf("reload error: %s", err.Error())
+						fmt.Printf("https server reload error: %s", err.Error())
 					}
 
 					PrivateKey = res.PrivateKey

src/mainfunc/v1.go

@@ -32,6 +32,7 @@ func MainV1() (exitcode int) {
 		fmt.Printf("init signal fail: %s\n", err.Error())
 		return 1
 	}
+	defer signalchan.CloseSignal()
 
 	err = httpserver.InitHttpServer()
 	if err != nil {
@@ -41,6 +42,10 @@ func MainV1() (exitcode int) {
 
 	var httpchan = make(chan error)
 	var httpsslchan = make(chan error)
+	defer func() {
+		close(httpchan)
+		close(httpsslchan)
+	}()
 
 	go func() {
 		httpchan <- httpserver.RunServer()

src/signalchan/signal.go

@@ -20,3 +20,8 @@ func InitSignal() (err error) {
 	signal.Notify(SignalChan, syscall.SIGINT, syscall.SIGTERM)
 	return nil
 }
+
+func CloseSignal() {
+	signal.Stop(SignalChan)
+	close(SignalChan)
+}