🎨 Implement HTTPS network serving (#16912)

* Add use TLS for network serving configuration option * kernel: Implement TLS certificate generation * kernel: server: Use https for fixed port proxy when needed * Allow exporting the CA Certificate file * Implement import and export of CA Certs
2026-02-21 06:24:06 +01:00 · 2026-01-27 05:59:11 +01:00 · 2026-01-27 05:59:11 +01:00 · 43ea6757d5
commit 43ea6757d5
parent e7621b7a5f
11 changed files with 759 additions and 10 deletions
--- a/kernel/server/serve.go
+++ b/kernel/server/serve.go
@ -210,14 +210,32 @@ func Serve(fastMode bool, cookieKey string) {
 	if !fastMode {
 		rewritePortJSON(pid, port)
 	}
-	logging.LogInfof("kernel [pid=%s] http server [%s] is booting", pid, host+":"+port)
+
+	// Prepare TLS if enabled
+	var certPath, keyPath string
+	useTLS := model.Conf.System.NetworkServeTLS && model.Conf.System.NetworkServe
+	if useTLS {
+		// Ensure TLS certificates exist (proxy will use them directly)
+		var tlsErr error
+		certPath, keyPath, tlsErr = util.GetOrCreateTLSCert()
+		if tlsErr != nil {
+			logging.LogErrorf("failed to get TLS certificates: %s", tlsErr)
+			if !fastMode {
+				os.Exit(logging.ExitCodeUnavailablePort)
+			}
+			return
+		}
+		logging.LogInfof("kernel [pid=%s] http server [%s] is booting (TLS will be enabled on fixed port proxy)", pid, host+":"+port)
+	} else {
+		logging.LogInfof("kernel [pid=%s] http server [%s] is booting", pid, host+":"+port)
+	}
 	util.HttpServing = true

 	go util.HookUILoaded()

 	go func() {
 		time.Sleep(1 * time.Second)
-		go proxy.InitFixedPortService(host)
+		go proxy.InitFixedPortService(host, useTLS, certPath, keyPath)
 		go proxy.InitPublishService()
 		// 反代服务器启动失败不影响核心服务器启动
 	}()