3 months ago · 4dbbf59c82
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 
				 NAME = sing-box
			
 
				 COMMIT = $(shell git rev-parse --short HEAD)
			
 
				-TAGS_GO120 = with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api,with_quic,with_utls
			
 
				+TAGS_GO120 = with_gvisor,with_dhcp,with_wireguard,with_reality_server,with_clash_api,with_quic,with_utls,with_acme
			
 
				 TAGS_GO121 = with_ech
			
 
				 TAGS ?= $(TAGS_GO118),$(TAGS_GO120),$(TAGS_GO121)
			
 
				 TAGS_TEST ?= with_gvisor,with_quic,with_wireguard,with_grpc,with_ech,with_utls,with_reality_server
			
--- a/common/tls/acme.go
+++ b/common/tls/acme.go
@@ -5,13 +5,13 @@ package tls
 
				 import (
			
 
				 	"context"
			
 
				 	"crypto/tls"
			
 
				-	"os"
			
 
				 	"strings"
			
 
				 
			
 
				 	"github.com/sagernet/sing-box/adapter"
			
 
				 	C "github.com/sagernet/sing-box/constant"
			
 
				 	"github.com/sagernet/sing-box/option"
			
 
				 	E "github.com/sagernet/sing/common/exceptions"
			
 
				+	"github.com/sagernet/sing/common/logger"
			
 
				 
			
 
				 	"github.com/caddyserver/certmagic"
			
 
				 	"github.com/libdns/alidns"
			
@@ -37,7 +37,38 @@ func (w *acmeWrapper) Close() error {
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				-func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
			
 
				+type acmeLogWriter struct {
			
 
				+	logger logger.Logger
			
 
				+}
			
 
				+
			
 
				+func (w *acmeLogWriter) Write(p []byte) (n int, err error) {
			
 
				+	logLine := strings.ReplaceAll(string(p), "	", ": ")
			
 
				+	switch {
			
 
				+	case strings.HasPrefix(logLine, "error: "):
			
 
				+		w.logger.Error(logLine[7:])
			
 
				+	case strings.HasPrefix(logLine, "warn: "):
			
 
				+		w.logger.Warn(logLine[6:])
			
 
				+	case strings.HasPrefix(logLine, "info: "):
			
 
				+		w.logger.Info(logLine[6:])
			
 
				+	case strings.HasPrefix(logLine, "debug: "):
			
 
				+		w.logger.Debug(logLine[7:])
			
 
				+	default:
			
 
				+		w.logger.Debug(logLine)
			
 
				+	}
			
 
				+	return len(p), nil
			
 
				+}
			
 
				+
			
 
				+func (w *acmeLogWriter) Sync() error {
			
 
				+	return nil
			
 
				+}
			
 
				+
			
 
				+func encoderConfig() zapcore.EncoderConfig {
			
 
				+	config := zap.NewProductionEncoderConfig()
			
 
				+	config.TimeKey = zapcore.OmitKey
			
 
				+	return config
			
 
				+}
			
 
				+
			
 
				+func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
			
 
				 	var acmeServer string
			
 
				 	switch options.Provider {
			
 
				 	case "", "letsencrypt":
			
@@ -58,14 +89,15 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 
				 	} else {
			
 
				 		storage = certmagic.Default.Storage
			
 
				 	}
			
 
				+	zapLogger := zap.New(zapcore.NewCore(
			
 
				+		zapcore.NewConsoleEncoder(encoderConfig()),
			
 
				+		&acmeLogWriter{logger: logger},
			
 
				+		zap.DebugLevel,
			
 
				+	))
			
 
				 	config := &certmagic.Config{
			
 
				 		DefaultServerName: options.DefaultServerName,
			
 
				 		Storage:           storage,
			
 
				-		Logger: zap.New(zapcore.NewCore(
			
 
				-			zapcore.NewConsoleEncoder(zap.NewProductionEncoderConfig()),
			
 
				-			os.Stderr,
			
 
				-			zap.InfoLevel,
			
 
				-		)),
			
 
				+		Logger:            zapLogger,
			
 
				 	}
			
 
				 	acmeConfig := certmagic.ACMEIssuer{
			
 
				 		CA:                      acmeServer,
			
@@ -75,7 +107,7 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 
				 		DisableTLSALPNChallenge: options.DisableTLSALPNChallenge,
			
 
				 		AltHTTPPort:             int(options.AlternativeHTTPPort),
			
 
				 		AltTLSALPNPort:          int(options.AlternativeTLSPort),
			
 
				-		Logger:                  config.Logger,
			
 
				+		Logger:                  zapLogger,
			
 
				 	}
			
 
				 	if dnsOptions := options.DNS01Challenge; dnsOptions != nil && dnsOptions.Provider != "" {
			
 
				 		var solver certmagic.DNS01Solver
			
@@ -103,6 +135,7 @@ func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Con
 
				 		GetConfigForCert: func(certificate certmagic.Certificate) (*certmagic.Config, error) {
			
 
				 			return config, nil
			
 
				 		},
			
 
				+		Logger: zapLogger,
			
 
				 	})
			
 
				 	config = certmagic.New(cache, *config)
			
 
				 	var tlsConfig *tls.Config
			
--- a/common/tls/acme_stub.go
+++ b/common/tls/acme_stub.go
@@ -9,8 +9,9 @@ import (
 
				 	"github.com/sagernet/sing-box/adapter"
			
 
				 	"github.com/sagernet/sing-box/option"
			
 
				 	E "github.com/sagernet/sing/common/exceptions"
			
 
				+	"github.com/sagernet/sing/common/logger"
			
 
				 )
			
 
				 
			
 
				-func startACME(ctx context.Context, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
			
 
				+func startACME(ctx context.Context, logger logger.Logger, options option.InboundACMEOptions) (*tls.Config, adapter.Service, error) {
			
 
				 	return nil, nil, E.New(`ACME is not included in this build, rebuild with -tags with_acme`)
			
 
				 }
			
--- a/common/tls/std_server.go
+++ b/common/tls/std_server.go
@@ -157,7 +157,7 @@ func NewSTDServer(ctx context.Context, logger log.Logger, options option.Inbound
 
				 	var err error
			
 
				 	if options.ACME != nil && len(options.ACME.Domain) > 0 {
			
 
				 		//nolint:staticcheck
			
 
				-		tlsConfig, acmeService, err = startACME(ctx, common.PtrValueOrDefault(options.ACME))
			
 
				+		tlsConfig, acmeService, err = startACME(ctx, logger, common.PtrValueOrDefault(options.ACME))
			
 
				 		if err != nil {
			
 
				 			return nil, err
			
 
				 		}