fix: http mode not working

fix: use "email|uid" for global limit user identify
update: tls alpn challenge for apply certificate

common/limiter/limiter.go

@@ -1,10 +1,10 @@
-// Package limiter is to control the links that go into the dispather
+// Package limiter is to control the links that go into the dispatcher
 package limiter
 
 import (
 	"context"
 	"fmt"
-	"strconv"
+	"strings"
 	"sync"
 	"time"
 
@@ -160,7 +160,7 @@ func (l *Limiter) GetUserBucket(tag string, email string, ip string) (limiter *r
 		if l.g.limit > 0 {
 			ctx, cancel := context.WithTimeout(context.Background(), time.Second*time.Duration(l.g.timeout))
 			defer cancel()
-			uidString := strconv.Itoa(uid)
+			uidString := email[strings.Index(email, "|")+1:]
 			// If any device is online
 			if exists, err := l.r.Exists(ctx, uidString).Result(); err != nil {
 				newError(fmt.Sprintf("Redis: %v", err)).AtError().WriteToLog()

common/mylego/setup.go

@@ -63,12 +63,12 @@ func createNonExistingFolder(path string) error {
 func setupChallenges(l *LegoCMD, client *lego.Client) {
 	switch l.C.CertMode {
 	case "http":
-		err := client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "5001"))
+		err := client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", ""))
 		if err != nil {
 			log.Panic(err)
 		}
 	case "tls":
-		err := client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", "5002"))
+		err := client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("", ""))
 		if err != nil {
 			log.Panic(err)
 		}

main/config.yml.example

@@ -54,7 +54,7 @@ Nodes:
           Dest: 80 # Required, Destination of fallback, check https://xtls.github.io/config/features/fallback.html for details.
           ProxyProtocolVer: 0 # Send PROXY protocol version, 0 for dsable
       CertConfig:
-        CertMode: dns # Option about how to get certificate: none, file, http, dns. Choose "none" will forcedly disable the tls config.
+        CertMode: dns # Option about how to get certificate: none, file, http, tls, dns. Choose "none" will forcedly disable the tls config.
         CertDomain: "node1.test.com" # Domain to cert
         CertFile: /etc/XrayR/cert/node1.test.com.cert # Provided if the CertMode is file
         KeyFile: /etc/XrayR/cert/node1.test.com.key

service/controller/inboundbuilder.go

@@ -197,12 +197,13 @@ func InboundBuilder(config *Config, nodeInfo *api.NodeInfo, tag string) (*core.I
 }
 
 func getCertFile(certConfig *mylego.CertConfig) (certFile string, keyFile string, err error) {
-	if certConfig.CertMode == "file" {
+	switch certConfig.CertMode {
+	case "file":
 		if certConfig.CertFile == "" || certConfig.KeyFile == "" {
 			return "", "", fmt.Errorf("cert file path or key file path not exist")
 		}
 		return certConfig.CertFile, certConfig.KeyFile, nil
-	} else if certConfig.CertMode == "dns" {
+	case "dns":
 		lego, err := mylego.New(certConfig)
 		if err != nil {
 			return "", "", err
@@ -212,7 +213,7 @@ func getCertFile(certConfig *mylego.CertConfig) (certFile string, keyFile string
 			return "", "", err
 		}
 		return certPath, keyPath, err
-	} else if certConfig.CertMode == "http" {
+	case "http", "tls":
 		lego, err := mylego.New(certConfig)
 		if err != nil {
 			return "", "", err
@@ -222,10 +223,10 @@ func getCertFile(certConfig *mylego.CertConfig) (certFile string, keyFile string
 			return "", "", err
 		}
 		return certPath, keyPath, err
-	}
-
+	default:
 		return "", "", fmt.Errorf("unsupported certmode: %s", certConfig.CertMode)
 	}
+}
 
 func buildVlessFallbacks(fallbackConfigs []*FallBackConfig) ([]*conf.VLessInboundFallback, error) {
 	if fallbackConfigs == nil {