优化细节

页面底部增加GoEdge官网和文档链接
优化升级提示文字
2021-10-10 20:17:40 +08:00 · 2021-10-10 16:38:45 +08:00 · 2021-10-10 16:33:27 +08:00 · 2021-10-10 16:30:21 +08:00 · 2021-10-10 10:52:58 +08:00 · 2021-10-10 10:35:14 +08:00
444 changed files with 14235 additions and 2807 deletions
--- a/build/build.sh
+++ b/build/build.sh
@@ -65,6 +65,8 @@ function build() {
 	# delete hidden files
 	find $DIST -name ".DS_Store" -delete
 	find $DIST -name ".gitignore" -delete
+	find $DIST -name "*.less" -delete
+	find $DIST -name "*.css.map" -delete

 	# zip
 	echo "zip files ..."
--- a/internal/configloaders/admin_module.go
+++ b/internal/configloaders/admin_module.go
@@ -182,7 +182,7 @@ func AllModuleMaps() []maps.Map {
 	}
 	if teaconst.IsPlus {
 		m = append(m, maps.Map{
-			"name": "自建DNS",
+			"name": "智能DNS",
 			"code": AdminModuleCodeNS,
 			"url":  "/ns",
 		})
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,9 +1,9 @@
 package teaconst

 const (
-	Version = "0.3.0"
+	Version = "0.3.2"

-	APINodeVersion = "0.3.0"
+	APINodeVersion = "0.3.2"

 	ProductName   = "Edge Admin"
 	ProcessName   = "edge-admin"
--- a/internal/rpc/rpc_client.go
+++ b/internal/rpc/rpc_client.go
@@ -103,6 +103,10 @@ func (this *RPCClient) NodeIPAddressLogRPC() pb.NodeIPAddressLogServiceClient {
 	return pb.NewNodeIPAddressLogServiceClient(this.pickConn())
 }

+func (this *RPCClient) NodeIPAddressThresholdRPC() pb.NodeIPAddressThresholdServiceClient {
+	return pb.NewNodeIPAddressThresholdServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) NodeValueRPC() pb.NodeValueServiceClient {
 	return pb.NewNodeValueServiceClient(this.pickConn())
 }
@@ -304,6 +308,10 @@ func (this *RPCClient) ReportNodeRPC() pb.ReportNodeServiceClient {
 	return pb.NewReportNodeServiceClient(this.pickConn())
 }

+func (this *RPCClient) ReportNodeGroupRPC() pb.ReportNodeGroupServiceClient {
+	return pb.NewReportNodeGroupServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) ReportResultRPC() pb.ReportResultServiceClient {
 	return pb.NewReportResultServiceClient(this.pickConn())
 }
@@ -356,6 +364,14 @@ func (this *RPCClient) ACMETaskRPC() pb.ACMETaskServiceClient {
 	return pb.NewACMETaskServiceClient(this.pickConn())
 }

+func (this *RPCClient) ACMEProviderRPC() pb.ACMEProviderServiceClient {
+	return pb.NewACMEProviderServiceClient(this.pickConn())
+}
+
+func (this *RPCClient) ACMEProviderAccountRPC() pb.ACMEProviderAccountServiceClient {
+	return pb.NewACMEProviderAccountServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) UserRPC() pb.UserServiceClient {
 	return pb.NewUserServiceClient(this.pickConn())
 }
--- a/internal/web/actions/default/clusters/cluster/createBatch.go
+++ b/internal/web/actions/default/clusters/cluster/createBatch.go
@@ -95,6 +95,7 @@ func (this *CreateBatchAction) RunPost(params struct {
 			Name:      "IP地址",
 			Ip:        ip,
 			CanAccess: true,
+			IsUp:      true,
 		})
 		if err != nil {
 			this.ErrorPage(err)
--- a/internal/web/actions/default/clusters/cluster/createNode.go
+++ b/internal/web/actions/default/clusters/cluster/createNode.go
@@ -167,32 +167,49 @@ func (this *CreateNodeAction) RunPost(params struct {
 	nodeId := createResp.NodeId

 	// IP地址
-	for _, address := range ipAddresses {
-		addressId := address.GetInt64("id")
-		if addressId > 0 {
+	for _, addr := range ipAddresses {
+		addrId := addr.GetInt64("id")
+		if addrId > 0 {
 			_, err = this.RPC().NodeIPAddressRPC().UpdateNodeIPAddressNodeId(this.AdminContext(), &pb.UpdateNodeIPAddressNodeIdRequest{
-				NodeIPAddressId: addressId,
+				NodeIPAddressId: addrId,
 				NodeId:          nodeId,
 			})
-		} else {
-			var thresholdsJSON = []byte{}
-			var thresholds = address.GetSlice("thresholds")
-			if len(thresholds) > 0 {
-				thresholdsJSON, _ = json.Marshal(thresholds)
+			if err != nil {
+				this.ErrorPage(err)
+				return
 			}
-
-			_, err = this.RPC().NodeIPAddressRPC().CreateNodeIPAddress(this.AdminContext(), &pb.CreateNodeIPAddressRequest{
-				NodeId:         nodeId,
-				Role:           nodeconfigs.NodeRoleNode,
-				Name:           address.GetString("name"),
-				Ip:             address.GetString("ip"),
-				CanAccess:      address.GetBool("canAccess"),
-				ThresholdsJSON: thresholdsJSON,
+		} else {
+			createResp, err := this.RPC().NodeIPAddressRPC().CreateNodeIPAddress(this.AdminContext(), &pb.CreateNodeIPAddressRequest{
+				NodeId:    nodeId,
+				Role:      nodeconfigs.NodeRoleNode,
+				Name:      addr.GetString("name"),
+				Ip:        addr.GetString("ip"),
+				CanAccess: addr.GetBool("canAccess"),
+				IsUp:      addr.GetBool("isUp"),
 			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			addrId = createResp.NodeIPAddressId
 		}
-		if err != nil {
-			this.ErrorPage(err)
-			return
+
+		// 阈值
+		var thresholds = addr.GetSlice("thresholds")
+		if len(thresholds) > 0 {
+			thresholdsJSON, err := json.Marshal(thresholds)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			_, err = this.RPC().NodeIPAddressThresholdRPC().UpdateAllNodeIPAddressThresholds(this.AdminContext(), &pb.UpdateAllNodeIPAddressThresholdsRequest{
+				NodeIPAddressId:             addrId,
+				NodeIPAddressThresholdsJSON: thresholdsJSON,
+			})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
 		}
 	}

--- a/internal/web/actions/default/clusters/cluster/init.go
+++ b/internal/web/actions/default/clusters/cluster/init.go
@@ -4,7 +4,11 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/groups"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node"
-	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/thresholds"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/settings/cache"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/settings/dns"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/settings/ssh"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/settings/system"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/settings/thresholds"
 	clusters "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/clusterutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
@@ -42,10 +46,14 @@ func init() {
 			Post("/start", new(node.StartAction)).
 			Post("/stop", new(node.StopAction)).
 			Post("/up", new(node.UpAction)).
-			Get("/thresholds", new(thresholds.IndexAction)).
 			Get("/detail", new(node.DetailAction)).
 			GetPost("/updateDNSPopup", new(node.UpdateDNSPopupAction)).
 			Post("/syncDomain", new(node.SyncDomainAction)).
+			GetPost("/settings/cache", new(cache.IndexAction)).
+			GetPost("/settings/dns", new(dns.IndexAction)).
+			GetPost("/settings/system", new(system.IndexAction)).
+			GetPost("/settings/ssh", new(ssh.IndexAction)).
+			GetPost("/settings/thresholds", new(thresholds.IndexAction)).

 			// 分组相关
 			Prefix("/clusters/cluster/groups").
--- a/internal/web/actions/default/clusters/cluster/node/detail.go
+++ b/internal/web/actions/default/clusters/cluster/node/detail.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/ipAddresses/ipaddressutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
@@ -68,7 +69,7 @@ func (this *DetailAction) RunGet(params struct {
 	}

 	// IP地址
-	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleNode,
 	})
@@ -76,17 +77,15 @@ func (this *DetailAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	var ipAddresses = ipAddressesResp.Addresses
+	var ipAddresses = ipAddressesResp.NodeIPAddresses
 	ipAddressMaps := []maps.Map{}
-	for _, addr := range ipAddressesResp.Addresses {
-		var thresholds = []*nodeconfigs.NodeValueThresholdConfig{}
-		if len(addr.ThresholdsJSON) > 0 {
-			err = json.Unmarshal(addr.ThresholdsJSON, &thresholds)
-			if err != nil {
-				this.ErrorPage(err)
-				return
-			}
+	for _, addr := range ipAddressesResp.NodeIPAddresses {
+		thresholds, err := ipaddressutils.InitNodeIPAddressThresholds(this.Parent(), addr.Id)
+		if err != nil {
+			this.ErrorPage(err)
+			return
 		}
+
 		ipAddressMaps = append(ipAddressMaps, maps.Map{
 			"id":         addr.Id,
 			"name":       addr.Name,
--- a/internal/web/actions/default/clusters/cluster/node/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/index.go
@@ -20,7 +20,7 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	NodeId int64
 }) {
-	err := nodeutils.InitNodeInfo(this, params.NodeId)
+	_, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
 	if err != nil {
 		this.ErrorPage(err)
 		return
--- a/internal/web/actions/default/clusters/cluster/node/install.go
+++ b/internal/web/actions/default/clusters/cluster/node/install.go
@@ -3,6 +3,7 @@ package node
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
@@ -25,16 +26,11 @@ func (this *InstallAction) RunGet(params struct {
 	this.Data["nodeId"] = params.NodeId

 	// 节点
-	nodeResp, err := this.RPC().NodeRPC().FindEnabledNode(this.AdminContext(), &pb.FindEnabledNodeRequest{NodeId: params.NodeId})
+	node, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	node := nodeResp.Node
-	if node == nil {
-		this.WriteString("找不到要操作的节点")
-		return
-	}

 	// 安装信息
 	if node.InstallStatus != nil {
@@ -84,15 +80,12 @@ func (this *InstallAction) RunGet(params struct {
 	}
 	this.Data["apiEndpoints"] = "\"" + strings.Join(apiEndpoints, "\", \"") + "\""

-	this.Data["node"] = maps.Map{
-		"id":          node.Id,
-		"name":        node.Name,
-		"installDir":  node.InstallDir,
-		"isInstalled": node.IsInstalled,
-		"uniqueId":    node.UniqueId,
-		"secret":      node.Secret,
-		"cluster":     clusterMap,
-	}
+	var nodeMap = this.Data["node"].(maps.Map)
+	nodeMap["installDir"] = node.InstallDir
+	nodeMap["isInstalled"] = node.IsInstalled
+	nodeMap["uniqueId"] = node.UniqueId
+	nodeMap["secret"] = node.Secret
+	nodeMap["cluster"] = clusterMap

 	this.Show()
 }
--- a/internal/web/actions/default/clusters/cluster/node/logs.go
+++ b/internal/web/actions/default/clusters/cluster/node/logs.go
@@ -25,7 +25,7 @@ func (this *LogsAction) RunGet(params struct {
 	Level   string
 }) {
 	// 初始化节点信息（用于菜单）
-	err := nodeutils.InitNodeInfo(this, params.NodeId)
+	_, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
 	if err != nil {
 		this.ErrorPage(err)
 		return
--- a/internal/web/actions/default/clusters/cluster/node/nodeutils/utils.go
+++ b/internal/web/actions/default/clusters/cluster/node/nodeutils/utils.go
@@ -4,31 +4,91 @@ package nodeutils

 import (
 	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 	"strconv"
 )

 // InitNodeInfo 初始化节点信息
-func InitNodeInfo(action actionutils.ActionInterface, nodeId int64) error {
+func InitNodeInfo(parentAction *actionutils.ParentAction, nodeId int64) (*pb.Node, error) {
 	// 节点信息（用于菜单）
-	nodeResp, err := action.RPC().NodeRPC().FindEnabledNode(action.AdminContext(), &pb.FindEnabledNodeRequest{NodeId: nodeId})
+	nodeResp, err := parentAction.RPC().NodeRPC().FindEnabledNode(parentAction.AdminContext(), &pb.FindEnabledNodeRequest{NodeId: nodeId})
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if nodeResp.Node == nil {
-		return errors.New("node '" + strconv.FormatInt(nodeId, 10) + "' not found")
+		return nil, errors.New("node '" + strconv.FormatInt(nodeId, 10) + "' not found")
 	}
 	var node = nodeResp.Node
-	action.ViewData()["node"] = maps.Map{
-		"id":   node.Id,
-		"name": node.Name,
-		"isOn": node.IsOn,
-		"isUp": node.IsUp,
+
+	var groupMap maps.Map
+	if node.NodeGroup != nil {
+		groupMap = maps.Map{
+			"id":   node.NodeGroup.Id,
+			"name": node.NodeGroup.Name,
+		}
 	}
+
+	parentAction.Data["node"] = maps.Map{
+		"id":    node.Id,
+		"name":  node.Name,
+		"isOn":  node.IsOn,
+		"isUp":  node.IsUp,
+		"group": groupMap,
+	}
+	var clusterId int64 = 0
 	if node.NodeCluster != nil {
-		action.ViewData()["clusterId"] = node.NodeCluster.Id
+		parentAction.Data["clusterId"] = node.NodeCluster.Id
+		clusterId = node.NodeCluster.Id
 	}
-	return nil
+
+	// 左侧菜单
+	var prefix = "/clusters/cluster/node"
+	var query = "clusterId=" + types.String(clusterId) + "&nodeId=" + types.String(nodeId)
+	var menuItem = parentAction.Data.GetString("secondMenuItem")
+
+	var menuItems = []maps.Map{
+		{
+			"name":     "基础设置",
+			"url":      prefix + "/update?" + query,
+			"isActive": menuItem == "basic",
+		},
+		{
+			"name":     "DNS设置",
+			"url":      prefix + "/settings/dns?" + query,
+			"isActive": menuItem == "dns",
+		},
+		{
+			"name":     "缓存设置",
+			"url":      prefix + "/settings/cache?" + query,
+			"isActive": menuItem == "cache",
+		},
+	}
+	if teaconst.IsPlus {
+		menuItems = append(menuItems, []maps.Map{
+			{
+				"name":     "阈值设置",
+				"url":      prefix + "/settings/thresholds?" + query,
+				"isActive": menuItem == "threshold",
+			},
+		}...)
+	}
+	menuItems = append(menuItems, []maps.Map{
+		{
+			"name":     "SSH设置",
+			"url":      prefix + "/settings/ssh?" + query,
+			"isActive": menuItem == "ssh",
+		},
+		{
+			"name":     "系统设置",
+			"url":      prefix + "/settings/system?" + query,
+			"isActive": menuItem == "system",
+		},
+	}...)
+	parentAction.Data["leftMenuItems"] = menuItems
+
+	return nodeResp.Node, nil
 }
--- a/internal/web/actions/default/clusters/cluster/node/settings/cache/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/settings/cache/index.go
@@ -0,0 +1,117 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package cache
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "update")
+	this.SecondMenu("cache")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	NodeId int64
+}) {
+	node, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 缓存硬盘 & 内存容量
+	var maxCacheDiskCapacity maps.Map = nil
+	if node.MaxCacheDiskCapacity != nil {
+		maxCacheDiskCapacity = maps.Map{
+			"count": node.MaxCacheDiskCapacity.Count,
+			"unit":  node.MaxCacheDiskCapacity.Unit,
+		}
+	} else {
+		maxCacheDiskCapacity = maps.Map{
+			"count": 0,
+			"unit":  "gb",
+		}
+	}
+
+	var maxCacheMemoryCapacity maps.Map = nil
+	if node.MaxCacheMemoryCapacity != nil {
+		maxCacheMemoryCapacity = maps.Map{
+			"count": node.MaxCacheMemoryCapacity.Count,
+			"unit":  node.MaxCacheMemoryCapacity.Unit,
+		}
+	} else {
+		maxCacheMemoryCapacity = maps.Map{
+			"count": 0,
+			"unit":  "gb",
+		}
+	}
+
+	var nodeMap = this.Data["node"].(maps.Map)
+	nodeMap["maxCacheDiskCapacity"] = maxCacheDiskCapacity
+	nodeMap["maxCacheMemoryCapacity"] = maxCacheMemoryCapacity
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	NodeId                     int64
+	MaxCacheDiskCapacityJSON   []byte
+	MaxCacheMemoryCapacityJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改节点 %d 缓存设置", params.NodeId)
+
+	// 缓存硬盘 & 内存容量
+	var pbMaxCacheDiskCapacity *pb.SizeCapacity
+	if len(params.MaxCacheDiskCapacityJSON) > 0 {
+		var sizeCapacity = &shared.SizeCapacity{}
+		err := json.Unmarshal(params.MaxCacheDiskCapacityJSON, sizeCapacity)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		pbMaxCacheDiskCapacity = &pb.SizeCapacity{
+			Count: sizeCapacity.Count,
+			Unit:  sizeCapacity.Unit,
+		}
+	}
+
+	var pbMaxCacheMemoryCapacity *pb.SizeCapacity
+	if len(params.MaxCacheMemoryCapacityJSON) > 0 {
+		var sizeCapacity = &shared.SizeCapacity{}
+		err := json.Unmarshal(params.MaxCacheMemoryCapacityJSON, sizeCapacity)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		pbMaxCacheMemoryCapacity = &pb.SizeCapacity{
+			Count: sizeCapacity.Count,
+			Unit:  sizeCapacity.Unit,
+		}
+	}
+
+	_, err := this.RPC().NodeRPC().UpdateNodeCache(this.AdminContext(), &pb.UpdateNodeCacheRequest{
+		NodeId:                 params.NodeId,
+		MaxCacheDiskCapacity:   pbMaxCacheDiskCapacity,
+		MaxCacheMemoryCapacity: pbMaxCacheMemoryCapacity,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/node/settings/dns/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/settings/dns/index.go
@@ -0,0 +1,125 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package dns
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "update")
+	this.SecondMenu("dns")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	NodeId int64
+}) {
+	node, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// DNS相关
+	var clusters = []*pb.NodeCluster{node.NodeCluster}
+	clusters = append(clusters, node.SecondaryNodeClusters...)
+	var allDNSRouteMaps = map[int64][]maps.Map{} // domain id => routes
+	var routeMaps = map[int64][]maps.Map{}       // domain id => routes
+	for _, cluster := range clusters {
+		dnsInfoResp, err := this.RPC().NodeRPC().FindEnabledNodeDNS(this.AdminContext(), &pb.FindEnabledNodeDNSRequest{
+			NodeId:        params.NodeId,
+			NodeClusterId: cluster.Id,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var dnsInfo = dnsInfoResp.Node
+		if dnsInfo.DnsDomainId <= 0 || len(dnsInfo.DnsDomainName) == 0 {
+			continue
+		}
+		var domainId = dnsInfo.DnsDomainId
+		var domainName = dnsInfo.DnsDomainName
+		if len(dnsInfo.Routes) > 0 {
+			for _, route := range dnsInfo.Routes {
+				routeMaps[domainId] = append(routeMaps[domainId], maps.Map{
+					"domainId":   domainId,
+					"domainName": domainName,
+					"code":       route.Code,
+					"name":       route.Name,
+				})
+			}
+		}
+
+		// 所有线路选项
+		routesResp, err := this.RPC().DNSDomainRPC().FindAllDNSDomainRoutes(this.AdminContext(), &pb.FindAllDNSDomainRoutesRequest{DnsDomainId: dnsInfoResp.Node.DnsDomainId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		for _, route := range routesResp.Routes {
+			allDNSRouteMaps[domainId] = append(allDNSRouteMaps[domainId], maps.Map{
+				"domainId":   domainId,
+				"domainName": domainName,
+				"name":       route.Name,
+				"code":       route.Code,
+			})
+		}
+	}
+
+	var domainRoutes = []maps.Map{}
+	for _, m := range routeMaps {
+		domainRoutes = append(domainRoutes, m...)
+	}
+	this.Data["dnsRoutes"] = domainRoutes
+
+	var allDomainRoutes = []maps.Map{}
+	for _, m := range allDNSRouteMaps {
+		allDomainRoutes = append(allDomainRoutes, m...)
+	}
+	this.Data["allDNSRoutes"] = allDomainRoutes
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	NodeId        int64
+	DnsDomainId   int64
+	DnsRoutesJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改节点 %d DNS设置", params.NodeId)
+
+	dnsRouteCodes := []string{}
+	if len(params.DnsRoutesJSON) > 0 {
+		err := json.Unmarshal(params.DnsRoutesJSON, &dnsRouteCodes)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	_, err := this.RPC().NodeRPC().UpdateNodeDNS(this.AdminContext(), &pb.UpdateNodeDNSRequest{
+		NodeId:      params.NodeId,
+		IpAddr:      "",
+		DnsDomainId: 0,
+		Routes:      dnsRouteCodes,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/node/settings/ssh/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/settings/ssh/index.go
@@ -0,0 +1,114 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package ssh
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "update")
+	this.SecondMenu("ssh")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	NodeId int64
+}) {
+	node, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 登录信息
+	var loginMap maps.Map = nil
+	if node.NodeLogin != nil {
+		loginParams := maps.Map{}
+		if len(node.NodeLogin.Params) > 0 {
+			err = json.Unmarshal(node.NodeLogin.Params, &loginParams)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+
+		grantMap := maps.Map{}
+		grantId := loginParams.GetInt64("grantId")
+		if grantId > 0 {
+			grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: grantId})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			if grantResp.NodeGrant != nil {
+				grantMap = maps.Map{
+					"id":         grantResp.NodeGrant.Id,
+					"name":       grantResp.NodeGrant.Name,
+					"method":     grantResp.NodeGrant.Method,
+					"methodName": grantutils.FindGrantMethodName(grantResp.NodeGrant.Method),
+					"username":   grantResp.NodeGrant.Username,
+				}
+			}
+		}
+
+		loginMap = maps.Map{
+			"id":     node.NodeLogin.Id,
+			"name":   node.NodeLogin.Name,
+			"type":   node.NodeLogin.Type,
+			"params": loginParams,
+			"grant":  grantMap,
+		}
+	}
+
+	var nodeMap = this.Data["node"].(maps.Map)
+	nodeMap["login"] = loginMap
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	NodeId int64
+
+	LoginId int64
+	GrantId int64
+	SshHost string
+	SshPort int
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改节点 %d SSH登录信息", params.NodeId)
+
+	// TODO 检查登录授权
+	loginInfo := &pb.NodeLogin{
+		Id:   params.LoginId,
+		Name: "SSH",
+		Type: "ssh",
+		Params: maps.Map{
+			"grantId": params.GrantId,
+			"host":    params.SshHost,
+			"port":    params.SshPort,
+		}.AsJSON(),
+	}
+
+	_, err := this.RPC().NodeRPC().UpdateNodeLogin(this.AdminContext(), &pb.UpdateNodeLoginRequest{
+		NodeId:    params.NodeId,
+		NodeLogin: loginInfo,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/node/settings/system/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/settings/system/index.go
@@ -0,0 +1,61 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package system
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "update")
+	this.SecondMenu("system")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	NodeId int64
+}) {
+	node, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 获取节点信息
+	var nodeMap = this.Data["node"].(maps.Map)
+	nodeMap["maxCPU"] = node.MaxCPU
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	NodeId int64
+	MaxCPU int32
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改节点 %d 系统信息", params.NodeId)
+
+	if params.MaxCPU < 0 {
+		this.Fail("CPU线程数不能小于0")
+	}
+
+	_, err := this.RPC().NodeRPC().UpdateNodeSystem(this.AdminContext(), &pb.UpdateNodeSystemRequest{
+		NodeId: params.NodeId,
+		MaxCPU: params.MaxCPU,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/node/settings/thresholds/index.go
+++ b/internal/web/actions/default/clusters/cluster/node/settings/thresholds/index.go
@@ -15,22 +15,22 @@ type IndexAction struct {
 }

 func (this *IndexAction) Init() {
-	this.Nav("", "node", "threshold")
+	this.Nav("", "", "update")
+	this.SecondMenu("threshold")
 }

 func (this *IndexAction) RunGet(params struct {
 	ClusterId int64
 	NodeId    int64
 }) {
-	this.Data["nodeId"] = params.NodeId
-
-	// 初始化节点信息（用于菜单）
-	err := nodeutils.InitNodeInfo(this, params.NodeId)
+	_, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}

+	this.Data["nodeId"] = params.NodeId
+
 	// 列出所有阈值
 	thresholdsResp, err := this.RPC().NodeThresholdRPC().FindAllEnabledNodeThresholds(this.AdminContext(), &pb.FindAllEnabledNodeThresholdsRequest{
 		Role:          "node",
--- a/internal/web/actions/default/clusters/cluster/node/status.go
+++ b/internal/web/actions/default/clusters/cluster/node/status.go
@@ -6,7 +6,7 @@ import (
 	"github.com/iwind/TeaGo/maps"
 )

-// 节点状态
+// StatusAction 节点状态
 type StatusAction struct {
 	actionutils.ParentAction
 }
--- a/internal/web/actions/default/clusters/cluster/node/update.go
+++ b/internal/web/actions/default/clusters/cluster/node/update.go
@@ -4,11 +4,10 @@ import (
 	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
-	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/node/nodeutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/ipAddresses/ipaddressutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 )
@@ -19,12 +18,18 @@ type UpdateAction struct {

 func (this *UpdateAction) Init() {
 	this.Nav("", "node", "update")
-	this.SecondMenu("nodes")
+	this.SecondMenu("basic")
 }

 func (this *UpdateAction) RunGet(params struct {
 	NodeId int64
 }) {
+	_, err := nodeutils.InitNodeInfo(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
 	this.Data["nodeId"] = params.NodeId

 	nodeResp, err := this.RPC().NodeRPC().FindEnabledNode(this.AdminContext(), &pb.FindEnabledNodeRequest{NodeId: params.NodeId})
@@ -47,7 +52,7 @@ func (this *UpdateAction) RunGet(params struct {
 	}

 	// IP地址
-	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleNode,
 	})
@@ -56,14 +61,11 @@ func (this *UpdateAction) RunGet(params struct {
 		return
 	}
 	ipAddressMaps := []maps.Map{}
-	for _, addr := range ipAddressesResp.Addresses {
-		var thresholds = []*nodeconfigs.NodeValueThresholdConfig{}
-		if len(addr.ThresholdsJSON) > 0 {
-			err = json.Unmarshal(addr.ThresholdsJSON, &thresholds)
-			if err != nil {
-				this.ErrorPage(err)
-				return
-			}
+	for _, addr := range ipAddressesResp.NodeIPAddresses {
+		thresholds, err := ipaddressutils.InitNodeIPAddressThresholds(this.Parent(), addr.Id)
+		if err != nil {
+			this.ErrorPage(err)
+			return
 		}

 		ipAddressMaps = append(ipAddressMaps, maps.Map{
@@ -77,105 +79,6 @@ func (this *UpdateAction) RunGet(params struct {
 		})
 	}

-	// DNS相关
-	var clusters = []*pb.NodeCluster{node.NodeCluster}
-	clusters = append(clusters, node.SecondaryNodeClusters...)
-	var allDNSRouteMaps = map[int64][]maps.Map{} // domain id => routes
-	var routeMaps = map[int64][]maps.Map{}       // domain id => routes
-	for _, cluster := range clusters {
-		dnsInfoResp, err := this.RPC().NodeRPC().FindEnabledNodeDNS(this.AdminContext(), &pb.FindEnabledNodeDNSRequest{
-			NodeId:        params.NodeId,
-			NodeClusterId: cluster.Id,
-		})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		var dnsInfo = dnsInfoResp.Node
-		if dnsInfo.DnsDomainId <= 0 || len(dnsInfo.DnsDomainName) == 0 {
-			continue
-		}
-		var domainId = dnsInfo.DnsDomainId
-		var domainName = dnsInfo.DnsDomainName
-		if len(dnsInfo.Routes) > 0 {
-			for _, route := range dnsInfo.Routes {
-				routeMaps[domainId] = append(routeMaps[domainId], maps.Map{
-					"domainId":   domainId,
-					"domainName": domainName,
-					"code":       route.Code,
-					"name":       route.Name,
-				})
-			}
-		}
-
-		// 所有线路选项
-		routesResp, err := this.RPC().DNSDomainRPC().FindAllDNSDomainRoutes(this.AdminContext(), &pb.FindAllDNSDomainRoutesRequest{DnsDomainId: dnsInfoResp.Node.DnsDomainId})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		for _, route := range routesResp.Routes {
-			allDNSRouteMaps[domainId] = append(allDNSRouteMaps[domainId], maps.Map{
-				"domainId":   domainId,
-				"domainName": domainName,
-				"name":       route.Name,
-				"code":       route.Code,
-			})
-		}
-	}
-
-	var domainRoutes = []maps.Map{}
-	for _, m := range routeMaps {
-		domainRoutes = append(domainRoutes, m...)
-	}
-	this.Data["dnsRoutes"] = domainRoutes
-
-	var allDomainRoutes = []maps.Map{}
-	for _, m := range allDNSRouteMaps {
-		allDomainRoutes = append(allDomainRoutes, m...)
-	}
-	this.Data["allDNSRoutes"] = allDomainRoutes
-
-	// 登录信息
-	var loginMap maps.Map = nil
-	if node.NodeLogin != nil {
-		loginParams := maps.Map{}
-		if len(node.NodeLogin.Params) > 0 {
-			err = json.Unmarshal(node.NodeLogin.Params, &loginParams)
-			if err != nil {
-				this.ErrorPage(err)
-				return
-			}
-		}
-
-		grantMap := maps.Map{}
-		grantId := loginParams.GetInt64("grantId")
-		if grantId > 0 {
-			grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: grantId})
-			if err != nil {
-				this.ErrorPage(err)
-				return
-			}
-			if grantResp.NodeGrant != nil {
-				grantMap = maps.Map{
-					"id":         grantResp.NodeGrant.Id,
-					"name":       grantResp.NodeGrant.Name,
-					"method":     grantResp.NodeGrant.Method,
-					"methodName": grantutils.FindGrantMethodName(grantResp.NodeGrant.Method),
-					"username":   grantResp.NodeGrant.Username,
-				}
-			}
-		}
-
-		loginMap = maps.Map{
-			"id":     node.NodeLogin.Id,
-			"name":   node.NodeLogin.Name,
-			"type":   node.NodeLogin.Type,
-			"params": loginParams,
-			"grant":  grantMap,
-		}
-	}
-
 	// 分组
 	var groupMap maps.Map = nil
 	if node.NodeGroup != nil {
@@ -194,45 +97,14 @@ func (this *UpdateAction) RunGet(params struct {
 		}
 	}

-	// 缓存硬盘 & 内存容量
-	var maxCacheDiskCapacity maps.Map = nil
-	if node.MaxCacheDiskCapacity != nil {
-		maxCacheDiskCapacity = maps.Map{
-			"count": node.MaxCacheDiskCapacity.Count,
-			"unit":  node.MaxCacheDiskCapacity.Unit,
-		}
-	} else {
-		maxCacheDiskCapacity = maps.Map{
-			"count": 0,
-			"unit":  "gb",
-		}
-	}
-
-	var maxCacheMemoryCapacity maps.Map = nil
-	if node.MaxCacheMemoryCapacity != nil {
-		maxCacheMemoryCapacity = maps.Map{
-			"count": node.MaxCacheMemoryCapacity.Count,
-			"unit":  node.MaxCacheMemoryCapacity.Unit,
-		}
-	} else {
-		maxCacheMemoryCapacity = maps.Map{
-			"count": 0,
-			"unit":  "gb",
-		}
-	}
-
 	var m = maps.Map{
-		"id":                     node.Id,
-		"name":                   node.Name,
-		"ipAddresses":            ipAddressMaps,
-		"cluster":                clusterMap,
-		"login":                  loginMap,
-		"maxCPU":                 node.MaxCPU,
-		"isOn":                   node.IsOn,
-		"group":                  groupMap,
-		"region":                 regionMap,
-		"maxCacheDiskCapacity":   maxCacheDiskCapacity,
-		"maxCacheMemoryCapacity": maxCacheMemoryCapacity,
+		"id":          node.Id,
+		"name":        node.Name,
+		"ipAddresses": ipAddressMaps,
+		"cluster":     clusterMap,
+		"isOn":        node.IsOn,
+		"group":       groupMap,
+		"region":      regionMap,
 	}

 	if node.NodeCluster != nil {
@@ -263,24 +135,15 @@ func (this *UpdateAction) RunGet(params struct {
 }

 func (this *UpdateAction) RunPost(params struct {
-	LoginId                    int64
-	NodeId                     int64
-	GroupId                    int64
-	RegionId                   int64
-	Name                       string
-	IPAddressesJSON            []byte `alias:"ipAddressesJSON"`
-	PrimaryClusterId           int64
-	SecondaryClusterIds        []byte
-	GrantId                    int64
-	SshHost                    string
-	SshPort                    int
-	MaxCPU                     int32
-	IsOn                       bool
-	MaxCacheDiskCapacityJSON   []byte
-	MaxCacheMemoryCapacityJSON []byte
-
-	DnsDomainId   int64
-	DnsRoutesJSON []byte
+	LoginId             int64
+	NodeId              int64
+	GroupId             int64
+	RegionId            int64
+	Name                string
+	IPAddressesJSON     []byte `alias:"ipAddressesJSON"`
+	PrimaryClusterId    int64
+	SecondaryClusterIds []byte
+	IsOn                bool

 	Must *actions.Must
 }) {
@@ -322,56 +185,6 @@ func (this *UpdateAction) RunPost(params struct {
 		this.Fail("请至少输入一个IP地址")
 	}

-	dnsRouteCodes := []string{}
-	if len(params.DnsRoutesJSON) > 0 {
-		err := json.Unmarshal(params.DnsRoutesJSON, &dnsRouteCodes)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	// TODO 检查登录授权
-	loginInfo := &pb.NodeLogin{
-		Id:   params.LoginId,
-		Name: "SSH",
-		Type: "ssh",
-		Params: maps.Map{
-			"grantId": params.GrantId,
-			"host":    params.SshHost,
-			"port":    params.SshPort,
-		}.AsJSON(),
-	}
-
-	// 缓存硬盘 & 内存容量
-	var pbMaxCacheDiskCapacity *pb.SizeCapacity
-	if len(params.MaxCacheDiskCapacityJSON) > 0 {
-		var sizeCapacity = &shared.SizeCapacity{}
-		err := json.Unmarshal(params.MaxCacheDiskCapacityJSON, sizeCapacity)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		pbMaxCacheDiskCapacity = &pb.SizeCapacity{
-			Count: sizeCapacity.Count,
-			Unit:  sizeCapacity.Unit,
-		}
-	}
-
-	var pbMaxCacheMemoryCapacity *pb.SizeCapacity
-	if len(params.MaxCacheMemoryCapacityJSON) > 0 {
-		var sizeCapacity = &shared.SizeCapacity{}
-		err := json.Unmarshal(params.MaxCacheMemoryCapacityJSON, sizeCapacity)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		pbMaxCacheMemoryCapacity = &pb.SizeCapacity{
-			Count: sizeCapacity.Count,
-			Unit:  sizeCapacity.Unit,
-		}
-	}
-
 	// 保存
 	_, err := this.RPC().NodeRPC().UpdateNode(this.AdminContext(), &pb.UpdateNodeRequest{
 		NodeId:                  params.NodeId,
@@ -380,13 +193,7 @@ func (this *UpdateAction) RunPost(params struct {
 		Name:                    params.Name,
 		NodeClusterId:           params.PrimaryClusterId,
 		SecondaryNodeClusterIds: secondaryClusterIds,
-		NodeLogin:               loginInfo,
-		MaxCPU:                  params.MaxCPU,
 		IsOn:                    params.IsOn,
-		DnsDomainId:             params.DnsDomainId,
-		DnsRoutes:               dnsRouteCodes,
-		MaxCacheDiskCapacity:    pbMaxCacheDiskCapacity,
-		MaxCacheMemoryCapacity:  pbMaxCacheMemoryCapacity,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -394,7 +201,7 @@ func (this *UpdateAction) RunPost(params struct {
 	}

 	// 禁用老的IP地址
-	_, err = this.RPC().NodeIPAddressRPC().DisableAllIPAddressesWithNodeId(this.AdminContext(), &pb.DisableAllIPAddressesWithNodeIdRequest{
+	_, err = this.RPC().NodeIPAddressRPC().DisableAllNodeIPAddressesWithNodeId(this.AdminContext(), &pb.DisableAllNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleNode,
 	})
--- a/internal/web/actions/default/clusters/cluster/node/updateDNSPopup.go
+++ b/internal/web/actions/default/clusters/cluster/node/updateDNSPopup.go
@@ -85,10 +85,12 @@ func (this *UpdateDNSPopupAction) RunPost(params struct {
 	defer this.CreateLog(oplogs.LevelInfo, "修改节点 %d 的DNS设置", params.NodeId)

 	routes := []string{}
-	err := json.Unmarshal(params.DnsRoutesJSON, &routes)
-	if err != nil {
-		this.ErrorPage(err)
-		return
+	if len(params.DnsRoutesJSON) > 0 {
+		err := json.Unmarshal(params.DnsRoutesJSON, &routes)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
 	}

 	params.Must.
@@ -100,7 +102,7 @@ func (this *UpdateDNSPopupAction) RunPost(params struct {
 	}

 	// 执行修改
-	_, err = this.RPC().NodeRPC().UpdateNodeDNS(this.AdminContext(), &pb.UpdateNodeDNSRequest{
+	_, err := this.RPC().NodeRPC().UpdateNodeDNS(this.AdminContext(), &pb.UpdateNodeDNSRequest{
 		NodeId:      params.NodeId,
 		IpAddr:      params.IpAddr,
 		DnsDomainId: params.DomainId,
--- a/internal/web/actions/default/clusters/cluster/nodes.go
+++ b/internal/web/actions/default/clusters/cluster/nodes.go
@@ -123,7 +123,7 @@ func (this *NodesAction) RunGet(params struct {
 		}

 		// IP
-		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 			NodeId: node.Id,
 			Role:   nodeconfigs.NodeRoleNode,
 		})
@@ -132,7 +132,7 @@ func (this *NodesAction) RunGet(params struct {
 			return
 		}
 		ipAddresses := []maps.Map{}
-		for _, addr := range ipAddressesResp.Addresses {
+		for _, addr := range ipAddressesResp.NodeIPAddresses {
 			ipAddresses = append(ipAddresses, maps.Map{
 				"id":        addr.Id,
 				"name":      addr.Name,
--- a/internal/web/actions/default/clusters/cluster/settings/dns/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/dns/index.go
@@ -46,6 +46,13 @@ func (this *IndexAction) RunGet(params struct {
 		this.Data["domainName"] = dnsInfoResp.Domain.Name
 	}

+	if len(dnsInfoResp.CnameRecords) == 0 {
+		this.Data["cnameRecords"] = []string{}
+	} else {
+		this.Data["cnameRecords"] = dnsInfoResp.CnameRecords
+	}
+	this.Data["ttl"] = dnsInfoResp.Ttl
+
 	this.Show()
 }

@@ -56,6 +63,8 @@ func (this *IndexAction) RunPost(params struct {
 	DnsName         string
 	NodesAutoSync   bool
 	ServersAutoSync bool
+	CnameRecords    []string
+	Ttl             int32

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -97,6 +106,8 @@ func (this *IndexAction) RunPost(params struct {
 		DnsDomainId:     params.DnsDomainId,
 		NodesAutoSync:   params.NodesAutoSync,
 		ServersAutoSync: params.ServersAutoSync,
+		CnameRecords:    params.CnameRecords,
+		Ttl:             params.Ttl,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
+++ b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
@@ -45,6 +45,7 @@ func (this *ClusterHelper) BeforeAction(actionPtr actions.ActionWrapper) (goNext
 			action.WriteString("can not find cluster")
 			return
 		}
+		action.Data["currentClusterName"] = cluster.Name

 		clusterInfo, err := dao.SharedNodeClusterDAO.FindEnabledNodeClusterConfigInfo(ctx, clusterId)
 		if err != nil {
--- a/internal/web/actions/default/clusters/index.go
+++ b/internal/web/actions/default/clusters/index.go
@@ -193,7 +193,7 @@ func (this *IndexAction) searchNodes(keyword string) {
 		}

 		// IP
-		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 			NodeId: node.Id,
 			Role:   nodeconfigs.NodeRoleNode,
 		})
@@ -202,7 +202,7 @@ func (this *IndexAction) searchNodes(keyword string) {
 			return
 		}
 		ipAddresses := []maps.Map{}
-		for _, addr := range ipAddressesResp.Addresses {
+		for _, addr := range ipAddressesResp.NodeIPAddresses {
 			ipAddresses = append(ipAddresses, maps.Map{
 				"id":        addr.Id,
 				"name":      addr.Name,
--- a/internal/web/actions/default/clusters/monitors/groups/options.go
+++ b/internal/web/actions/default/clusters/monitors/groups/options.go
@@ -0,0 +1,32 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package groups
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type OptionsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *OptionsAction) RunPost(params struct{}) {
+	resp, err := this.RPC().ReportNodeGroupRPC().FindAllEnabledReportNodeGroups(this.AdminContext(), &pb.FindAllEnabledReportNodeGroupsRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var groupMaps = []maps.Map{}
+	for _, group := range resp.ReportNodeGroups {
+		groupMaps = append(groupMaps, maps.Map{
+			"id":   group.Id,
+			"name": group.Name,
+		})
+	}
+	this.Data["groups"] = groupMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/dashboard/index.go
+++ b/internal/web/actions/default/dashboard/index.go
@@ -40,6 +40,10 @@ func (this *IndexAction) RunGet(params struct{}) {
 		}
 	}

+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct{}) {
 	// 读取看板数据
 	resp, err := this.RPC().AdminRPC().ComposeAdminDashboard(this.AdminContext(), &pb.ComposeAdminDashboardRequest{
 		ApiVersion: teaconst.APINodeVersion,
@@ -50,14 +54,17 @@ func (this *IndexAction) RunGet(params struct{}) {
 	}
 	this.Data["dashboard"] = maps.Map{
 		"defaultClusterId": resp.DefaultNodeClusterId,
-		
-		"countServers":      resp.CountServers,
-		"countNodeClusters": resp.CountNodeClusters,
-		"countNodes":        resp.CountNodes,
-		"countUsers":        resp.CountUsers,
-		"countAPINodes":     resp.CountAPINodes,
-		"countDBNodes":      resp.CountDBNodes,
-		"countUserNodes":    resp.CountUserNodes,
+
+		"countServers":          resp.CountServers,
+		"countNodeClusters":     resp.CountNodeClusters,
+		"countNodes":            resp.CountNodes,
+		"countOfflineNodes":     resp.CountOfflineNodes,
+		"countUsers":            resp.CountUsers,
+		"countAPINodes":         resp.CountAPINodes,
+		"countOfflineAPINodes":  resp.CountOfflineAPINodes,
+		"countDBNodes":          resp.CountDBNodes,
+		"countUserNodes":        resp.CountUserNodes,
+		"countOfflineUserNodes": resp.CountOfflineUserNodes,

 		"canGoServers":  configloaders.AllowModule(this.AdminId(), configloaders.AdminModuleCodeServer),
 		"canGoNodes":    configloaders.AllowModule(this.AdminId(), configloaders.AdminModuleCodeNode),
@@ -85,8 +92,14 @@ func (this *IndexAction) RunGet(params struct{}) {
 		statMaps := []maps.Map{}
 		for _, stat := range resp.HourlyTrafficStats {
 			statMaps = append(statMaps, maps.Map{
-				"bytes": stat.Bytes,
-				"hour":  stat.Hour[8:],
+				"bytes":               stat.Bytes,
+				"cachedBytes":         stat.CachedBytes,
+				"countRequests":       stat.CountRequests,
+				"countCachedRequests": stat.CountCachedRequests,
+				"countAttackRequests": stat.CountAttackRequests,
+				"attackBytes":         stat.AttackBytes,
+				"day":                 stat.Hour[4:6] + "月" + stat.Hour[6:8] + "日",
+				"hour":                stat.Hour[8:],
 			})
 		}
 		this.Data["hourlyTrafficStats"] = statMaps
@@ -97,8 +110,13 @@ func (this *IndexAction) RunGet(params struct{}) {
 		statMaps := []maps.Map{}
 		for _, stat := range resp.DailyTrafficStats {
 			statMaps = append(statMaps, maps.Map{
-				"bytes": stat.Bytes,
-				"day":   stat.Day[4:6] + "月" + stat.Day[6:] + "日",
+				"bytes":               stat.Bytes,
+				"cachedBytes":         stat.CachedBytes,
+				"countRequests":       stat.CountRequests,
+				"countCachedRequests": stat.CountCachedRequests,
+				"countAttackRequests": stat.CountAttackRequests,
+				"attackBytes":         stat.AttackBytes,
+				"day":                 stat.Day[4:6] + "月" + stat.Day[6:] + "日",
 			})
 		}
 		this.Data["dailyTrafficStats"] = statMaps
@@ -172,6 +190,20 @@ func (this *IndexAction) RunGet(params struct{}) {
 		}
 	}

+	// 域名排行
+	{
+		var statMaps = []maps.Map{}
+		for _, stat := range resp.TopDomainStats {
+			statMaps = append(statMaps, maps.Map{
+				"serverId":      stat.ServerId,
+				"domain":        stat.Domain,
+				"countRequests": stat.CountRequests,
+				"bytes":         stat.Bytes,
+			})
+		}
+		this.Data["topDomainStats"] = statMaps
+	}
+
 	// 指标
 	{
 		var chartMaps = []maps.Map{}
@@ -210,5 +242,5 @@ func (this *IndexAction) RunGet(params struct{}) {
 		this.Data["metricCharts"] = chartMaps
 	}

-	this.Show()
+	this.Success()
 }
--- a/internal/web/actions/default/dns/clusters/cluster.go
+++ b/internal/web/actions/default/dns/clusters/cluster.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
 )

 type ClusterAction struct {
@@ -61,6 +62,12 @@ func (this *ClusterAction) RunGet(params struct {
 		dnsMap["providerTypeName"] = dnsResp.Provider.TypeName
 	}

+	if len(dnsResp.CnameRecords) > 0 {
+		dnsMap["cnameRecords"] = dnsResp.CnameRecords
+	} else {
+		dnsMap["cnameRecords"] = []string{}
+	}
+
 	this.Data["dnsInfo"] = dnsMap

 	// 节点DNS解析记录
@@ -203,5 +210,60 @@ func (this *ClusterAction) RunGet(params struct {
 	}
 	this.Data["issues"] = issueMaps

+	// 当前正在执行的任务
+	resp, err := this.RPC().DNSTaskRPC().FindAllDoingDNSTasks(this.AdminContext(), &pb.FindAllDoingDNSTasksRequest{
+		NodeClusterId: params.ClusterId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	taskMaps := []maps.Map{}
+	for _, task := range resp.DnsTasks {
+		var clusterMap maps.Map = nil
+		var nodeMap maps.Map = nil
+		var serverMap maps.Map = nil
+		var domainMap maps.Map = nil
+
+		if task.NodeCluster != nil {
+			clusterMap = maps.Map{
+				"id":   task.NodeCluster.Id,
+				"name": task.NodeCluster.Name,
+			}
+		}
+		if task.Node != nil {
+			nodeMap = maps.Map{
+				"id":   task.Node.Id,
+				"name": task.Node.Name,
+			}
+		}
+		if task.Server != nil {
+			serverMap = maps.Map{
+				"id":   task.Server.Id,
+				"name": task.Server.Name,
+			}
+		}
+		if task.DnsDomain != nil {
+			domainMap = maps.Map{
+				"id":   task.DnsDomain.Id,
+				"name": task.DnsDomain.Name,
+			}
+		}
+
+		taskMaps = append(taskMaps, maps.Map{
+			"id":          task.Id,
+			"type":        task.Type,
+			"isDone":      task.IsDone,
+			"isOk":        task.IsOk,
+			"error":       task.Error,
+			"updatedTime": timeutil.FormatTime("Y-m-d H:i:s", task.UpdatedAt),
+			"cluster":     clusterMap,
+			"node":        nodeMap,
+			"server":      serverMap,
+			"domain":      domainMap,
+		})
+	}
+	this.Data["tasks"] = taskMaps
+
 	this.Show()
 }
--- a/internal/web/actions/default/dns/issues/updateNodePopup.go
+++ b/internal/web/actions/default/dns/issues/updateNodePopup.go
@@ -85,10 +85,12 @@ func (this *UpdateNodePopupAction) RunPost(params struct {
 	defer this.CreateLog(oplogs.LevelInfo, "修改节点 %d 的DNS设置", params.NodeId)

 	routes := []string{}
-	err := json.Unmarshal(params.DnsRoutesJSON, &routes)
-	if err != nil {
-		this.ErrorPage(err)
-		return
+	if len(params.DnsRoutesJSON) > 0 {
+		err := json.Unmarshal(params.DnsRoutesJSON, &routes)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
 	}

 	params.Must.
@@ -100,7 +102,7 @@ func (this *UpdateNodePopupAction) RunPost(params struct {
 	}

 	// 执行修改
-	_, err = this.RPC().NodeRPC().UpdateNodeDNS(this.AdminContext(), &pb.UpdateNodeDNSRequest{
+	_, err := this.RPC().NodeRPC().UpdateNodeDNS(this.AdminContext(), &pb.UpdateNodeDNSRequest{
 		NodeId:      params.NodeId,
 		IpAddr:      params.IpAddr,
 		DnsDomainId: params.DomainId,
--- a/internal/web/actions/default/dns/updateClusterPopup.go
+++ b/internal/web/actions/default/dns/updateClusterPopup.go
@@ -9,7 +9,7 @@ import (
 	"github.com/iwind/TeaGo/maps"
 )

-// 修改集群的DNS设置
+// UpdateClusterPopupAction 修改集群的DNS设置
 type UpdateClusterPopupAction struct {
 	actionutils.ParentAction
 }
@@ -46,6 +46,14 @@ func (this *UpdateClusterPopupAction) RunGet(params struct {
 		this.Data["providerId"] = 0
 	}

+	if len(dnsResp.CnameRecords) == 0 {
+		this.Data["cnameRecords"] = []string{}
+	} else {
+		this.Data["cnameRecords"] = dnsResp.CnameRecords
+	}
+
+	this.Data["ttl"] = dnsResp.Ttl
+
 	// 所有服务商
 	providerTypesResp, err := this.RPC().DNSProviderRPC().FindAllDNSProviderTypes(this.AdminContext(), &pb.FindAllDNSProviderTypesRequest{})
 	if err != nil {
@@ -70,6 +78,8 @@ func (this *UpdateClusterPopupAction) RunPost(params struct {
 	DomainId        int64
 	NodesAutoSync   bool
 	ServersAutoSync bool
+	CnameRecords    []string
+	Ttl             int32

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -103,6 +113,8 @@ func (this *UpdateClusterPopupAction) RunPost(params struct {
 		DnsDomainId:     params.DomainId,
 		NodesAutoSync:   params.NodesAutoSync,
 		ServersAutoSync: params.ServersAutoSync,
+		CnameRecords:    params.CnameRecords,
+		Ttl:             params.Ttl,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/nodes/ipAddresses/createPopup.go
+++ b/internal/web/actions/default/nodes/ipAddresses/createPopup.go
@@ -30,20 +30,22 @@ func (this *CreatePopupAction) RunPost(params struct {
 	IP             string `alias:"ip"`
 	CanAccess      bool
 	Name           string
+	IsUp           bool
 	ThresholdsJSON []byte

 	Must *actions.Must
 }) {
-	ip := net.ParseIP(params.IP)
-	if len(ip) == 0 {
-		this.Fail("请输入正确的IP")
-	}
-
 	params.Must.
 		Field("ip", params.IP).
 		Require("请输入IP地址")

-	var thresholds = []*nodeconfigs.NodeValueThresholdConfig{}
+	ip := net.ParseIP(params.IP)
+	if len(ip) == 0 {
+		this.FailField("ip", "请输入正确的IP")
+	}
+
+	// 阈值设置
+	var thresholds = []*nodeconfigs.IPAddressThresholdConfig{}
 	if teaconst.IsPlus && len(params.ThresholdsJSON) > 0 {
 		_ = json.Unmarshal(params.ThresholdsJSON, &thresholds)
 	}
@@ -54,7 +56,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 		"ip":         params.IP,
 		"id":         0,
 		"isOn":       true,
-		"isUp":       true,
+		"isUp":       params.IsUp,
 		"thresholds": thresholds,
 	}
 	this.Success()
--- a/internal/web/actions/default/nodes/ipAddresses/ipaddressutils/utils.go
+++ b/internal/web/actions/default/nodes/ipAddresses/ipaddressutils/utils.go
@@ -16,12 +16,6 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 		return err
 	}
 	for _, addr := range addresses {
-		var thresholdsJSON = []byte{}
-		var thresholds = addr.GetSlice("thresholds")
-		if len(thresholds) > 0 {
-			thresholdsJSON, _ = json.Marshal(thresholds)
-		}
-
 		addrId := addr.GetInt64("id")
 		if addrId > 0 {
 			var isOn = false
@@ -37,19 +31,36 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 				Name:            addr.GetString("name"),
 				CanAccess:       addr.GetBool("canAccess"),
 				IsOn:            isOn,
-				ThresholdsJSON:  thresholdsJSON,
+				IsUp:            addr.GetBool("isUp"),
 			})
 			if err != nil {
 				return err
 			}
 		} else {
-			_, err = parentAction.RPC().NodeIPAddressRPC().CreateNodeIPAddress(parentAction.AdminContext(), &pb.CreateNodeIPAddressRequest{
-				NodeId:         nodeId,
-				Role:           role,
-				Name:           addr.GetString("name"),
-				Ip:             addr.GetString("ip"),
-				CanAccess:      addr.GetBool("canAccess"),
-				ThresholdsJSON: thresholdsJSON,
+			createResp, err := parentAction.RPC().NodeIPAddressRPC().CreateNodeIPAddress(parentAction.AdminContext(), &pb.CreateNodeIPAddressRequest{
+				NodeId:    nodeId,
+				Role:      role,
+				Name:      addr.GetString("name"),
+				Ip:        addr.GetString("ip"),
+				CanAccess: addr.GetBool("canAccess"),
+				IsUp:      addr.GetBool("isUp"),
+			})
+			if err != nil {
+				return err
+			}
+			addrId = createResp.NodeIPAddressId
+		}
+
+		// 保存阈值
+		var thresholds = addr.GetSlice("thresholds")
+		if len(thresholds) > 0 {
+			thresholdsJSON, err := json.Marshal(thresholds)
+			if err != nil {
+				return err
+			}
+			_, err = parentAction.RPC().NodeIPAddressThresholdRPC().UpdateAllNodeIPAddressThresholds(parentAction.AdminContext(), &pb.UpdateAllNodeIPAddressThresholdsRequest{
+				NodeIPAddressId:             addrId,
+				NodeIPAddressThresholdsJSON: thresholdsJSON,
 			})
 			if err != nil {
 				return err
@@ -58,3 +69,35 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 	}
 	return nil
 }
+
+// InitNodeIPAddressThresholds 初始化IP阈值
+func InitNodeIPAddressThresholds(parentAction *actionutils.ParentAction, addrId int64) ([]*nodeconfigs.IPAddressThresholdConfig, error) {
+	thresholdsResp, err := parentAction.RPC().NodeIPAddressThresholdRPC().FindAllEnabledNodeIPAddressThresholds(parentAction.AdminContext(), &pb.FindAllEnabledNodeIPAddressThresholdsRequest{NodeIPAddressId: addrId})
+	if err != nil {
+		return nil, err
+	}
+	var thresholds = []*nodeconfigs.IPAddressThresholdConfig{}
+	if len(thresholdsResp.NodeIPAddressThresholds) > 0 {
+		for _, pbThreshold := range thresholdsResp.NodeIPAddressThresholds {
+			var threshold = &nodeconfigs.IPAddressThresholdConfig{
+				Id:      pbThreshold.Id,
+				Items:   []*nodeconfigs.IPAddressThresholdItemConfig{},
+				Actions: []*nodeconfigs.IPAddressThresholdActionConfig{},
+			}
+			if len(pbThreshold.ItemsJSON) > 0 {
+				err = json.Unmarshal(pbThreshold.ItemsJSON, &threshold.Items)
+				if err != nil {
+					return nil, err
+				}
+			}
+			if len(pbThreshold.ActionsJSON) > 0 {
+				err = json.Unmarshal(pbThreshold.ActionsJSON, &threshold.Actions)
+				if err != nil {
+					return nil, err
+				}
+			}
+			thresholds = append(thresholds, threshold)
+		}
+	}
+	return thresholds, nil
+}
--- a/internal/web/actions/default/nodes/ipAddresses/updatePopup.go
+++ b/internal/web/actions/default/nodes/ipAddresses/updatePopup.go
@@ -34,6 +34,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	Name           string
 	CanAccess      bool
 	IsOn           bool
+	IsUp           bool
 	ThresholdsJSON []byte

 	Must *actions.Must
@@ -43,7 +44,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		Require("请输入IP地址")

 	// 获取IP地址信息
-	var isUp = true
+	var isUp = params.IsUp
 	if params.AddressId > 0 {
 		addressResp, err := this.RPC().NodeIPAddressRPC().FindEnabledNodeIPAddress(this.AdminContext(), &pb.FindEnabledNodeIPAddressRequest{NodeIPAddressId: params.AddressId})
 		if err != nil {
@@ -54,7 +55,6 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		if address == nil {
 			this.Fail("找不到要修改的地址")
 		}
-		isUp = address.IsUp
 	}

 	ip := net.ParseIP(params.IP)
@@ -62,7 +62,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		this.Fail("请输入正确的IP")
 	}

-	var thresholds = []*nodeconfigs.NodeValueThresholdConfig{}
+	var thresholds = []*nodeconfigs.IPAddressThresholdConfig{}
 	if teaconst.IsPlus && len(params.ThresholdsJSON) > 0 {
 		_ = json.Unmarshal(params.ThresholdsJSON, &thresholds)
 	}
--- a/internal/web/actions/default/ns/clusters/cluster/createNode.go
+++ b/internal/web/actions/default/ns/clusters/cluster/createNode.go
@@ -79,8 +79,8 @@ func (this *CreateNodeAction) RunPost(params struct {
 	nodeId := createResp.NsNodeId

 	// IP地址
-	for _, address := range ipAddresses {
-		addressId := address.GetInt64("id")
+	for _, addrMap := range ipAddresses {
+		addressId := addrMap.GetInt64("id")
 		if addressId > 0 {
 			_, err = this.RPC().NodeIPAddressRPC().UpdateNodeIPAddressNodeId(this.AdminContext(), &pb.UpdateNodeIPAddressNodeIdRequest{
 				NodeIPAddressId: addressId,
@@ -90,9 +90,10 @@ func (this *CreateNodeAction) RunPost(params struct {
 			_, err = this.RPC().NodeIPAddressRPC().CreateNodeIPAddress(this.AdminContext(), &pb.CreateNodeIPAddressRequest{
 				NodeId:    nodeId,
 				Role:      nodeconfigs.NodeRoleDNS,
-				Name:      address.GetString("name"),
-				Ip:        address.GetString("ip"),
-				CanAccess: address.GetBool("canAccess"),
+				Name:      addrMap.GetString("name"),
+				Ip:        addrMap.GetString("ip"),
+				CanAccess: addrMap.GetBool("canAccess"),
+				IsUp:      addrMap.GetBool("isUp"),
 			})
 		}
 		if err != nil {
--- a/internal/web/actions/default/ns/clusters/cluster/index.go
+++ b/internal/web/actions/default/ns/clusters/cluster/index.go
@@ -81,7 +81,7 @@ func (this *IndexAction) RunGet(params struct {
 		}

 		// IP
-		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+		ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 			NodeId: node.Id,
 			Role:   nodeconfigs.NodeRoleDNS,
 		})
@@ -90,7 +90,7 @@ func (this *IndexAction) RunGet(params struct {
 			return
 		}
 		ipAddresses := []maps.Map{}
-		for _, addr := range ipAddressesResp.Addresses {
+		for _, addr := range ipAddressesResp.NodeIPAddresses {
 			ipAddresses = append(ipAddresses, maps.Map{
 				"id":        addr.Id,
 				"name":      addr.Name,
--- a/internal/web/actions/default/ns/clusters/cluster/node/index.go
+++ b/internal/web/actions/default/ns/clusters/cluster/node/index.go
@@ -56,7 +56,7 @@ func (this *IndexAction) RunGet(params struct {
 	}

 	// IP地址
-	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleDNS,
 	})
@@ -65,7 +65,7 @@ func (this *IndexAction) RunGet(params struct {
 		return
 	}
 	ipAddressMaps := []maps.Map{}
-	for _, addr := range ipAddressesResp.Addresses {
+	for _, addr := range ipAddressesResp.NodeIPAddresses {
 		ipAddressMaps = append(ipAddressMaps, maps.Map{
 			"id":        addr.Id,
 			"name":      addr.Name,
--- a/internal/web/actions/default/ns/clusters/cluster/node/update.go
+++ b/internal/web/actions/default/ns/clusters/cluster/node/update.go
@@ -46,7 +46,7 @@ func (this *UpdateAction) RunGet(params struct {
 	}

 	// IP地址
-	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+	ipAddressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleDNS,
 	})
@@ -55,7 +55,7 @@ func (this *UpdateAction) RunGet(params struct {
 		return
 	}
 	ipAddressMaps := []maps.Map{}
-	for _, addr := range ipAddressesResp.Addresses {
+	for _, addr := range ipAddressesResp.NodeIPAddresses {
 		ipAddressMaps = append(ipAddressMaps, maps.Map{
 			"id":        addr.Id,
 			"name":      addr.Name,
@@ -213,7 +213,7 @@ func (this *UpdateAction) RunPost(params struct {
 	}

 	// 禁用老的IP地址
-	_, err = this.RPC().NodeIPAddressRPC().DisableAllIPAddressesWithNodeId(this.AdminContext(), &pb.DisableAllIPAddressesWithNodeIdRequest{
+	_, err = this.RPC().NodeIPAddressRPC().DisableAllNodeIPAddressesWithNodeId(this.AdminContext(), &pb.DisableAllNodeIPAddressesWithNodeIdRequest{
 		NodeId: params.NodeId,
 		Role:   nodeconfigs.NodeRoleDNS,
 	})
--- a/internal/web/actions/default/ns/test/nodeOptions.go
+++ b/internal/web/actions/default/ns/test/nodeOptions.go
@@ -28,7 +28,7 @@ func (this *NodeOptionsAction) RunPost(params struct {
 			continue
 		}

-		addressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledIPAddressesWithNodeIdRequest{
+		addressesResp, err := this.RPC().NodeIPAddressRPC().FindAllEnabledNodeIPAddressesWithNodeId(this.AdminContext(), &pb.FindAllEnabledNodeIPAddressesWithNodeIdRequest{
 			NodeId: node.Id,
 			Role:   nodeconfigs.NodeRoleDNS,
 		})
@@ -36,7 +36,7 @@ func (this *NodeOptionsAction) RunPost(params struct {
 			this.ErrorPage(err)
 			return
 		}
-		var addresses = addressesResp.Addresses
+		var addresses = addressesResp.NodeIPAddresses
 		if len(addresses) == 0 {
 			continue
 		}
--- a/internal/web/actions/default/servers/addPortPopup.go
+++ b/internal/web/actions/default/servers/addPortPopup.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 	"regexp"
 	"strings"
 )
@@ -18,9 +19,10 @@ func (this *AddPortPopupAction) Init() {
 }

 func (this *AddPortPopupAction) RunGet(params struct {
-	ServerType string
-	Protocol   string
-	From       string
+	ServerType   string
+	Protocol     string
+	From         string
+	SupportRange bool
 }) {
 	this.Data["from"] = params.From

@@ -36,10 +38,14 @@ func (this *AddPortPopupAction) RunGet(params struct {
 	}
 	this.Data["protocols"] = protocols

+	this.Data["supportRange"] = params.SupportRange
+
 	this.Show()
 }

 func (this *AddPortPopupAction) RunPost(params struct {
+	SupportRange bool
+
 	Protocol string
 	Address  string

@@ -50,26 +56,69 @@ func (this *AddPortPopupAction) RunPost(params struct {
 		"protocol":  params.Protocol,
 		"host":      "",
 		"portRange": "",
+		"minPort":   0,
+		"maxPort":   0,
 	}

-	// TODO 判断端口不能小于1
-	// TODO 判断端口号不能大于65535
-
-	digitRegexp := regexp.MustCompile(`^\d+$`)
-	if digitRegexp.MatchString(params.Address) {
-		addr["portRange"] = params.Address
-	} else if strings.Contains(params.Address, ":") {
+	var portRegexp = regexp.MustCompile(`^\d+$`)
+	if portRegexp.MatchString(params.Address) { // 单个端口
+		addr["portRange"] = this.checkPort(params.Address)
+	} else if params.SupportRange && regexp.MustCompile(`^\d+\s*-\s*\d+$`).MatchString(params.Address) { // Port1-Port2
+		addr["portRange"], addr["minPort"], addr["maxPort"] = this.checkPortRange(params.Address)
+	} else if strings.Contains(params.Address, ":") { // IP:Port
 		index := strings.LastIndex(params.Address, ":")
 		addr["host"] = strings.TrimSpace(params.Address[:index])
 		port := strings.TrimSpace(params.Address[index+1:])
-		if !digitRegexp.MatchString(port) {
-			this.Fail("端口只能是一个数字")
+		if portRegexp.MatchString(port) {
+			addr["portRange"] = this.checkPort(port)
+		} else if params.SupportRange && regexp.MustCompile(`^\d+\s*-\s*\d+$`).MatchString(port) { // Port1-Port2
+			addr["portRange"], addr["minPort"], addr["maxPort"] = this.checkPortRange(port)
+		} else {
+			this.FailField("address", "请输入正确的端口或者网络地址")
 		}
-		addr["portRange"] = port
 	} else {
-		this.Fail("请输入正确的端口或者网络地址")
+		this.FailField("address", "请输入正确的端口或者网络地址")
 	}

 	this.Data["address"] = addr
 	this.Success()
 }
+
+func (this *AddPortPopupAction) checkPort(port string) (portRange string) {
+	var intPort = types.Int(port)
+	if intPort < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if intPort > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+	return port
+}
+
+func (this *AddPortPopupAction) checkPortRange(port string) (portRange string, minPort int, maxPort int) {
+	var pieces = strings.Split(port, "-")
+	var piece1 = strings.TrimSpace(pieces[0])
+	var piece2 = strings.TrimSpace(pieces[1])
+	var port1 = types.Int(piece1)
+	var port2 = types.Int(piece2)
+
+	if port1 < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if port1 > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+
+	if port2 < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if port2 > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+
+	if port1 > port2 {
+		port1, port2 = port2, port1
+	}
+
+	return types.String(port1) + "-" + types.String(port2), port1, port2
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
@@ -0,0 +1,100 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ProviderCode string
+}) {
+	this.Data["providerCode"] = params.ProviderCode
+
+	// 服务商列表
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name":           provider.Name,
+			"code":           provider.Code,
+			"description":    provider.Description,
+			"requireEAB":     provider.RequireEAB,
+			"eabDescription": provider.EabDescription,
+		})
+	}
+
+	this.Data["providers"] = providerMaps
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var accountId int64
+	defer func() {
+		this.CreateLogInfo("创建ACME服务商账号 %d", accountId)
+	}()
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	createResp, err := this.RPC().ACMEProviderAccountRPC().CreateACMEProviderAccount(this.AdminContext(), &pb.CreateACMEProviderAccountRequest{
+		Name:         params.Name,
+		ProviderCode: params.ProviderCode,
+		EabKid:       params.EabKid,
+		EabKey:       params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	accountId = createResp.AcmeProviderAccountId
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/delete.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/delete.go
@@ -0,0 +1,26 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	AccountId int64
+}) {
+	defer this.CreateLogInfo("删除ACME服务商账号 %d", params.AccountId)
+
+	_, err := this.RPC().ACMEProviderAccountRPC().DeleteACMEProviderAccount(this.AdminContext(), &pb.DeleteACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/index.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/index.go
@@ -0,0 +1,61 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "account")
+}
+
+func (this *IndexAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().ACMEProviderAccountRPC().CountAllEnabledACMEProviderAccounts(this.AdminContext(), &pb.CountAllEnabledACMEProviderAccountsRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var count = countResp.Count
+	var page = this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().ListEnabledACMEProviderAccounts(this.AdminContext(), &pb.ListEnabledACMEProviderAccountsRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		var providerMap maps.Map
+		if account.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name":       account.AcmeProvider.Name,
+				"code":       account.AcmeProvider.Code,
+				"requireEAB": account.AcmeProvider.RequireEAB,
+			}
+		}
+
+		accountMaps = append(accountMaps, maps.Map{
+			"id":       account.Id,
+			"isOn":     account.IsOn,
+			"name":     account.Name,
+			"eabKid":   account.EabKid,
+			"eabKey":   account.EabKey,
+			"provider": providerMap,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
@@ -0,0 +1,108 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	AccountId int64
+}) {
+	// 账号信息
+	accountResp, err := this.RPC().ACMEProviderAccountRPC().FindEnabledACMEProviderAccount(this.AdminContext(), &pb.FindEnabledACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var account = accountResp.AcmeProviderAccount
+	if account == nil {
+		this.NotFound("ACMEProviderAccount", params.AccountId)
+		return
+	}
+
+	var providerMap maps.Map
+	if account.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name":           account.AcmeProvider.Name,
+			"code":           account.AcmeProvider.Code,
+			"description":    account.AcmeProvider.Description,
+			"eabDescription": account.AcmeProvider.EabDescription,
+			"requireEAB":     account.AcmeProvider.RequireEAB,
+		}
+	}
+
+	this.Data["account"] = maps.Map{
+		"id":           account.Id,
+		"name":         account.Name,
+		"isOn":         account.IsOn,
+		"providerCode": account.ProviderCode,
+		"eabKid":       account.EabKid,
+		"eabKey":       account.EabKey,
+		"provider":     providerMap,
+	}
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	AccountId    int64
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改ACME服务商账号 %d", params.AccountId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	_, err = this.RPC().ACMEProviderAccountRPC().UpdateACMEProviderAccount(this.AdminContext(), &pb.UpdateACMEProviderAccountRequest{
+		AcmeProviderAccountId: params.AccountId,
+		Name:                  params.Name,
+		EabKid:                params.EabKid,
+		EabKey:                params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/create.go
+++ b/internal/web/actions/default/servers/certs/acme/create.go
@@ -35,15 +35,31 @@ func (this *CreateAction) RunGet(params struct{}) {
 		}

 		userMaps = append(userMaps, maps.Map{
-			"id":          user.Id,
-			"description": description,
-			"email":       user.Email,
+			"id":           user.Id,
+			"description":  description,
+			"email":        user.Email,
+			"providerCode": user.AcmeProviderCode,
 		})
 	}
 	this.Data["users"] = userMaps

+	// 证书服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name": provider.Name,
+			"code": provider.Code,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	// 域名解析服务商
-	providersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
+	dnsProvidersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
 		AdminId: this.AdminId(),
 		UserId:  0,
 	})
@@ -51,15 +67,15 @@ func (this *CreateAction) RunGet(params struct{}) {
 		this.ErrorPage(err)
 		return
 	}
-	providerMaps := []maps.Map{}
-	for _, provider := range providersResp.DnsProviders {
-		providerMaps = append(providerMaps, maps.Map{
+	dnsProviderMaps := []maps.Map{}
+	for _, provider := range dnsProvidersResp.DnsProviders {
+		dnsProviderMaps = append(dnsProviderMaps, maps.Map{
 			"id":       provider.Id,
 			"name":     provider.Name,
 			"typeName": provider.TypeName,
 		})
 	}
-	this.Data["providers"] = providerMaps
+	this.Data["dnsProviders"] = dnsProviderMaps

 	this.Show()
 }
--- a/internal/web/actions/default/servers/certs/acme/index.go
+++ b/internal/web/actions/default/servers/certs/acme/index.go
@@ -136,6 +136,26 @@ func (this *IndexAction) RunGet(params struct {
 		if task.AcmeUser == nil {
 			continue
 		}
+
+		// 服务商
+		var providerMap maps.Map
+		if task.AcmeUser.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": task.AcmeUser.AcmeProvider.Name,
+				"code": task.AcmeUser.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if task.AcmeUser.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   task.AcmeUser.AcmeProviderAccount.Id,
+				"name": task.AcmeUser.AcmeProviderAccount.Name,
+			}
+		}
+
+		// DNS服务商
 		dnsProviderMap := maps.Map{}
 		if task.AuthType == "dns" && task.DnsProvider != nil {
 			dnsProviderMap = maps.Map{
@@ -170,8 +190,10 @@ func (this *IndexAction) RunGet(params struct {
 			"id":       task.Id,
 			"authType": task.AuthType,
 			"acmeUser": maps.Map{
-				"id":    task.AcmeUser.Id,
-				"email": task.AcmeUser.Email,
+				"id":       task.AcmeUser.Id,
+				"email":    task.AcmeUser.Email,
+				"provider": providerMap,
+				"account":  accountMap,
 			},
 			"dnsProvider": dnsProviderMap,
 			"dnsDomain":   task.DnsDomain,
--- a/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
+++ b/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
@@ -0,0 +1,33 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package users
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type AccountsWithCodeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AccountsWithCodeAction) RunPost(params struct {
+	Code string
+}) {
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().FindAllACMEProviderAccountsWithProviderCode(this.AdminContext(), &pb.FindAllACMEProviderAccountsWithProviderCodeRequest{AcmeProviderCode: params.Code})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		accountMaps = append(accountMaps, maps.Map{
+			"id":   account.Id,
+			"name": account.Name,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/users/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/createPopup.go
@@ -16,12 +16,30 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct{}) {
+	// 服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"code":       provider.Code,
+			"name":       provider.Name,
+			"requireEAB": provider.RequireEAB,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	this.Show()
 }

 func (this *CreatePopupAction) RunPost(params struct {
-	Email       string
-	Description string
+	Email        string
+	ProviderCode string
+	AccountId    int64
+	Description  string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -29,11 +47,44 @@ func (this *CreatePopupAction) RunPost(params struct {
 	params.Must.
 		Field("email", params.Email).
 		Require("请输入邮箱").
-		Email("请输入正确的邮箱格式")
+		Email("请输入正确的邮箱格式").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择所属服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{
+		AcmeProviderCode: params.ProviderCode,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if providerResp.AcmeProvider == nil {
+		this.Fail("找不到要选择的证书")
+	}
+	if providerResp.AcmeProvider.RequireEAB {
+		if params.AccountId <= 0 {
+			this.Fail("此服务商要求必须选择或创建服务商账号")
+		}
+
+		// 同一个账号只能有一个用户
+		countResp, err := this.RPC().ACMEUserRPC().
+			CountACMEUsers(this.AdminContext(), &pb.CountAcmeUsersRequest{
+				AcmeProviderAccountId: params.AccountId,
+			})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if countResp.Count > 0 {
+			this.Fail("此服务商账号已被别的用户使用，请换成别的账号")
+		}
+	}

 	createResp, err := this.RPC().ACMEUserRPC().CreateACMEUser(this.AdminContext(), &pb.CreateACMEUserRequest{
-		Email:       params.Email,
-		Description: params.Description,
+		Email:                 params.Email,
+		Description:           params.Description,
+		AcmeProviderCode:      params.ProviderCode,
+		AcmeProviderAccountId: params.AccountId,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -42,9 +93,10 @@ func (this *CreatePopupAction) RunPost(params struct {

 	// 返回数据
 	this.Data["acmeUser"] = maps.Map{
-		"id":          createResp.AcmeUserId,
-		"description": params.Description,
-		"email":       params.Email,
+		"id":           createResp.AcmeUserId,
+		"description":  params.Description,
+		"email":        params.Email,
+		"providerCode": params.ProviderCode,
 	}

 	// 日志
--- a/internal/web/actions/default/servers/certs/acme/users/index.go
+++ b/internal/web/actions/default/servers/certs/acme/users/index.go
@@ -40,11 +40,31 @@ func (this *IndexAction) RunGet(params struct{}) {
 	}
 	userMaps := []maps.Map{}
 	for _, user := range usersResp.AcmeUsers {
+		// 服务商
+		var providerMap maps.Map
+		if user.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": user.AcmeProvider.Name,
+				"code": user.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if user.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   user.AcmeProviderAccount.Id,
+				"name": user.AcmeProviderAccount.Name,
+			}
+		}
+
 		userMaps = append(userMaps, maps.Map{
 			"id":          user.Id,
 			"email":       user.Email,
 			"description": user.Description,
 			"createdTime": timeutil.FormatTime("Y-m-d H:i:s", user.CreatedAt),
+			"provider":    providerMap,
+			"account":     accountMap,
 		})
 	}
 	this.Data["users"] = userMaps
--- a/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
@@ -29,10 +29,30 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		return
 	}

+	// 服务商
+	var providerMap maps.Map
+	if user.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name": user.AcmeProvider.Name,
+			"code": user.AcmeProvider.Code,
+		}
+	}
+
+	// 账号
+	var accountMap maps.Map
+	if user.AcmeProviderAccount != nil {
+		accountMap = maps.Map{
+			"id":   user.AcmeProviderAccount.Id,
+			"name": user.AcmeProviderAccount.Name,
+		}
+	}
+
 	this.Data["user"] = maps.Map{
 		"id":          user.Id,
 		"email":       user.Email,
 		"description": user.Description,
+		"provider":    providerMap,
+		"account":     accountMap,
 	}

 	this.Show()
--- a/internal/web/actions/default/servers/certs/init.go
+++ b/internal/web/actions/default/servers/certs/init.go
@@ -3,6 +3,7 @@ package certs
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/accounts"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/users"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
@@ -13,9 +14,7 @@ func init() {
 		server.
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
 			Helper(NewHelper()).
-
 			Data("teaSubMenu", "cert").
-
 			Prefix("/servers/certs").
 			Data("leftMenuItem", "cert").
 			Get("", new(IndexAction)).
@@ -31,7 +30,7 @@ func init() {
 			Get("/selectPopup", new(SelectPopupAction)).
 			Get("/datajs", new(DatajsAction)).

-			// ACME
+			// ACME任务
 			Prefix("/servers/certs/acme").
 			Data("leftMenuItem", "acme").
 			Get("", new(acme.IndexAction)).
@@ -40,13 +39,23 @@ func init() {
 			GetPost("/updateTaskPopup", new(acme.UpdateTaskPopupAction)).
 			Post("/deleteTask", new(acme.DeleteTaskAction)).

+			// ACME用户
 			Prefix("/servers/certs/acme/users").
 			Get("", new(users.IndexAction)).
 			GetPost("/createPopup", new(users.CreatePopupAction)).
 			GetPost("/updatePopup", new(users.UpdatePopupAction)).
 			Post("/delete", new(users.DeleteAction)).
 			GetPost("/selectPopup", new(users.SelectPopupAction)).
+			Post("/accountsWithCode", new(users.AccountsWithCodeAction)).

+			// ACME账号
+			Prefix("/servers/certs/acme/accounts").
+			Get("", new(accounts.IndexAction)).
+			GetPost("/createPopup", new(accounts.CreatePopupAction)).
+			GetPost("/updatePopup", new(accounts.UpdatePopupAction)).
+			Post("/delete", new(accounts.DeleteAction)).
+
+			//
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/certs/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/updatePopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	timeutil "github.com/iwind/TeaGo/utils/time"
 )

 type UpdatePopupAction struct {
@@ -45,6 +46,8 @@ func (this *UpdatePopupAction) RunGet(params struct {
 func (this *UpdatePopupAction) RunPost(params struct {
 	CertId int64

+	TextMode bool
+
 	Name        string
 	IsCA        bool
 	Description string
@@ -53,6 +56,9 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	CertFile *actions.File
 	KeyFile  *actions.File

+	CertText string
+	KeyText  string
+
 	Must *actions.Must
 }) {
 	// 创建日志
@@ -82,18 +88,31 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入证书说明")

-	if params.CertFile != nil {
-		certConfig.CertData, err = params.CertFile.Read()
-		if err != nil {
-			this.Fail("读取证书文件内容错误，请重新上传")
+	if params.TextMode {
+		if len(params.CertText) > 0 {
+			certConfig.CertData = []byte(params.CertText)
 		}
-	}

-	if !params.IsCA {
-		if params.KeyFile != nil {
-			certConfig.KeyData, err = params.KeyFile.Read()
+		if !params.IsCA {
+			if len(params.KeyText) > 0 {
+				certConfig.KeyData = []byte(params.KeyText)
+			}
+		}
+	} else {
+
+		if params.CertFile != nil {
+			certConfig.CertData, err = params.CertFile.Read()
 			if err != nil {
-				this.Fail("读取密钥文件内容错误，请重新上传")
+				this.FailField("certFile", "读取证书文件内容错误，请重新上传")
+			}
+		}
+
+		if !params.IsCA {
+			if params.KeyFile != nil {
+				certConfig.KeyData, err = params.KeyFile.Read()
+				if err != nil {
+					this.FailField("keyFile", "读取私钥文件内容错误，请重新上传")
+				}
 			}
 		}
 	}
@@ -109,6 +128,10 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		}
 	}

+	if len(timeutil.Format("Y", certConfig.TimeEnd())) != 4 {
+		this.Fail("证书格式错误：无法读取到证书有效期")
+	}
+
 	// 保存
 	_, err = this.RPC().SSLCertRPC().UpdateSSLCert(this.AdminContext(), &pb.UpdateSSLCertRequest{
 		SslCertId:   params.CertId,
--- a/internal/web/actions/default/servers/certs/uploadPopup.go
+++ b/internal/web/actions/default/servers/certs/uploadPopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	timeutil "github.com/iwind/TeaGo/utils/time"
 )

 type UploadPopupAction struct {
@@ -22,6 +23,7 @@ func (this *UploadPopupAction) RunGet(params struct{}) {
 }

 func (this *UploadPopupAction) RunPost(params struct {
+	TextMode    bool
 	Name        string
 	IsCA        bool
 	Description string
@@ -30,6 +32,9 @@ func (this *UploadPopupAction) RunPost(params struct {
 	CertFile *actions.File
 	KeyFile  *actions.File

+	CertText string
+	KeyText  string
+
 	Must *actions.Must
 }) {
 	params.Must.
@@ -39,22 +44,37 @@ func (this *UploadPopupAction) RunPost(params struct {
 	certData := []byte{}
 	keyData := []byte{}

-	if params.CertFile == nil {
-		this.Fail("请选择要上传的证书文件")
-	}
-	var err error
-	certData, err = params.CertFile.Read()
-	if err != nil {
-		this.Fail("读取证书文件内容错误，请重新上传")
-	}
+	if params.TextMode {
+		if len(params.CertText) == 0 {
+			this.FailField("certText", "请输入证书内容")
+		}

-	if !params.IsCA {
-		if params.KeyFile == nil {
-			this.Fail("请选择要上传的私钥文件")
-		} else {
-			keyData, err = params.KeyFile.Read()
-			if err != nil {
-				this.Fail("读取密钥文件内容错误，请重新上传")
+		if !params.IsCA {
+			if len(params.KeyText) == 0 {
+				this.FailField("keyText", "请输入私钥内容")
+			}
+		}
+
+		certData = []byte(params.CertText)
+		keyData = []byte(params.KeyText)
+	} else {
+		if params.CertFile == nil {
+			this.FailField("certFile", "请选择要上传的证书文件")
+		}
+		var err error
+		certData, err = params.CertFile.Read()
+		if err != nil {
+			this.FailField("certFile", "读取证书文件内容错误，请重新上传")
+		}
+
+		if !params.IsCA {
+			if params.KeyFile == nil {
+				this.FailField("keyFile", "请选择要上传的私钥文件")
+			} else {
+				keyData, err = params.KeyFile.Read()
+				if err != nil {
+					this.FailField("keyFile", "读取密钥文件内容错误，请重新上传")
+				}
 			}
 		}
 	}
@@ -65,7 +85,7 @@ func (this *UploadPopupAction) RunPost(params struct {
 		CertData: certData,
 		KeyData:  keyData,
 	}
-	err = sslConfig.Init()
+	err := sslConfig.Init()
 	if err != nil {
 		if params.IsCA {
 			this.Fail("证书校验错误：" + err.Error())
@@ -73,6 +93,9 @@ func (this *UploadPopupAction) RunPost(params struct {
 			this.Fail("证书或密钥校验错误：" + err.Error())
 		}
 	}
+	if len(timeutil.Format("Y", sslConfig.TimeEnd())) != 4 {
+		this.Fail("证书格式错误：无法读取到证书有效期")
+	}

 	// 保存
 	createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
--- a/internal/web/actions/default/servers/components/waf/group.go
+++ b/internal/web/actions/default/servers/components/waf/group.go
@@ -73,6 +73,14 @@ func (this *GroupAction) RunGet(params struct {
 			"name": set.Name,
 			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
 				rule := v.(*firewallconfigs.HTTPFirewallRule)
+
+				// 校验
+				var errString = ""
+				var err = rule.Init()
+				if err != nil {
+					errString = err.Error()
+				}
+
 				return maps.Map{
 					"param":             rule.Param,
 					"paramFilters":      rule.ParamFilters,
@@ -81,6 +89,7 @@ func (this *GroupAction) RunGet(params struct {
 					"isCaseInsensitive": rule.IsCaseInsensitive,
 					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
 					"checkpointOptions": rule.CheckpointOptions,
+					"err":               errString,
 				}
 			}),
 			"isOn":      set.IsOn,
--- a/internal/web/actions/default/servers/components/waf/index.go
+++ b/internal/web/actions/default/servers/components/waf/index.go
@@ -70,10 +70,17 @@ func (this *IndexAction) RunGet(params struct {
 		}
 		countClusters := countClustersResp.Count

+		// mode
+		if len(policy.Mode) == 0 {
+			policy.Mode = firewallconfigs.FirewallModeDefend
+		}
+
 		policyMaps = append(policyMaps, maps.Map{
 			"id":            policy.Id,
 			"isOn":          policy.IsOn,
 			"name":          policy.Name,
+			"mode":          policy.Mode,
+			"modeInfo":      firewallconfigs.FindFirewallMode(policy.Mode),
 			"countInbound":  countInbound,
 			"countOutbound": countOutbound,
 			"countClusters": countClusters,
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 )

@@ -46,11 +47,17 @@ func (this *PolicyAction) RunGet(params struct {
 		}
 	}

+	// 模式
+	if len(firewallPolicy.Mode) == 0 {
+		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
+	}
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":           firewallPolicy.Id,
 		"name":         firewallPolicy.Name,
 		"isOn":         firewallPolicy.IsOn,
 		"description":  firewallPolicy.Description,
+		"mode":         firewallPolicy.Mode,
+		"modeInfo":     firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
 		"groups":       internalGroups,
 		"blockOptions": firewallPolicy.BlockOptions,
 	}
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -1,6 +1,7 @@
 package waf

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
@@ -37,14 +38,22 @@ func (this *UpdateAction) RunGet(params struct {
 			StatusCode: http.StatusForbidden,
 			Body:       "Blocked By WAF",
 			URL:        "",
+			Timeout:    60,
 		}
 	}

+	// mode
+	if len(firewallPolicy.Mode) == 0 {
+		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
+	}
+	this.Data["modes"] = firewallconfigs.FindAllFirewallModes()
+
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":           firewallPolicy.Id,
 		"name":         firewallPolicy.Name,
 		"description":  firewallPolicy.Description,
 		"isOn":         firewallPolicy.IsOn,
+		"mode":         firewallPolicy.Mode,
 		"blockOptions": firewallPolicy.BlockOptions,
 	}

@@ -77,6 +86,7 @@ func (this *UpdateAction) RunPost(params struct {
 	BlockOptionsJSON []byte
 	Description      string
 	IsOn             bool
+	Mode             string

 	Must *actions.Must
 }) {
@@ -87,13 +97,21 @@ func (this *UpdateAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入策略名称")

-	_, err := this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
+	// 校验JSON
+	var blockOptions = &firewallconfigs.HTTPFirewallBlockAction{}
+	err := json.Unmarshal(params.BlockOptionsJSON, blockOptions)
+	if err != nil {
+		this.Fail("拦截动作参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
 		HttpFirewallPolicyId: params.FirewallPolicyId,
 		IsOn:                 params.IsOn,
 		Name:                 params.Name,
 		Description:          params.Description,
 		FirewallGroupCodes:   params.GroupCodes,
 		BlockOptionsJSON:     params.BlockOptionsJSON,
+		Mode:                 params.Mode,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/groups/createPopup.go
+++ b/internal/web/actions/default/servers/components/groups/createPopup.go
--- a/internal/web/actions/default/servers/components/groups/delete.go
+++ b/internal/web/actions/default/servers/components/groups/delete.go
@@ -1,4 +1,4 @@
-package groups
+package group

 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
--- a/internal/web/actions/default/servers/groups/group/index.go
+++ b/internal/web/actions/default/servers/groups/group/index.go
@@ -0,0 +1,193 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package group
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "group.index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+	Keyword string
+}) {
+	this.Data["keyword"] = params.Keyword
+
+	group, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["group"] = maps.Map{
+		"id":   group.Id,
+		"name": group.Name,
+	}
+
+	// 是否有用户管理权限
+	this.Data["canVisitUser"] = configloaders.AllowModule(this.AdminId(), configloaders.AdminModuleCodeUser)
+
+	// 服务列表
+	countResp, err := this.RPC().ServerRPC().CountAllEnabledServersMatch(this.AdminContext(), &pb.CountAllEnabledServersMatchRequest{
+		ServerGroupId: params.GroupId,
+		Keyword:       params.Keyword,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 服务列表
+	serversResp, err := this.RPC().ServerRPC().ListEnabledServersMatch(this.AdminContext(), &pb.ListEnabledServersMatchRequest{
+		Offset:        page.Offset,
+		Size:          page.Size,
+		ServerGroupId: params.GroupId,
+		Keyword:       params.Keyword,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	serverMaps := []maps.Map{}
+	for _, server := range serversResp.Servers {
+		config := &serverconfigs.ServerConfig{}
+		err = json.Unmarshal(server.Config, config)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		// 端口列表
+		portMaps := []maps.Map{}
+		if len(server.HttpJSON) > 0 && config.HTTP.IsOn {
+			for _, listen := range config.HTTP.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.PortRange,
+				})
+			}
+		}
+		if config.HTTPS != nil && config.HTTPS.IsOn {
+			for _, listen := range config.HTTPS.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.PortRange,
+				})
+			}
+		}
+		if config.TCP != nil && config.TCP.IsOn {
+			for _, listen := range config.TCP.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.PortRange,
+				})
+			}
+		}
+		if config.TLS != nil && config.TLS.IsOn {
+			for _, listen := range config.TLS.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.PortRange,
+				})
+			}
+		}
+		if config.Unix != nil && config.Unix.IsOn {
+			for _, listen := range config.Unix.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.Host,
+				})
+			}
+		}
+		if config.UDP != nil && config.UDP.IsOn {
+			for _, listen := range config.UDP.Listen {
+				portMaps = append(portMaps, maps.Map{
+					"protocol":  listen.Protocol,
+					"portRange": listen.PortRange,
+				})
+			}
+		}
+
+		// 分组
+		groupMaps := []maps.Map{}
+		if len(server.ServerGroups) > 0 {
+			for _, group := range server.ServerGroups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":   group.Id,
+					"name": group.Name,
+				})
+			}
+		}
+
+		// 域名列表
+		serverNames := []*serverconfigs.ServerNameConfig{}
+		if server.IsAuditing || (server.AuditingResult != nil && !server.AuditingResult.IsOk) {
+			server.ServerNamesJSON = server.AuditingServerNamesJSON
+		}
+		auditingIsOk := true
+		if !server.IsAuditing && server.AuditingResult != nil && !server.AuditingResult.IsOk {
+			auditingIsOk = false
+		}
+		if len(server.ServerNamesJSON) > 0 {
+			err = json.Unmarshal(server.ServerNamesJSON, &serverNames)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+		}
+		countServerNames := 0
+		for _, serverName := range serverNames {
+			if len(serverName.SubNames) == 0 {
+				countServerNames++
+			} else {
+				countServerNames += len(serverName.SubNames)
+			}
+		}
+
+		// 用户
+		var userMap maps.Map = nil
+		if server.User != nil {
+			userMap = maps.Map{
+				"id":       server.User.Id,
+				"fullname": server.User.Fullname,
+			}
+		}
+
+		serverMaps = append(serverMaps, maps.Map{
+			"id":   server.Id,
+			"isOn": server.IsOn,
+			"name": server.Name,
+			"cluster": maps.Map{
+				"id":   server.NodeCluster.Id,
+				"name": server.NodeCluster.Name,
+			},
+			"ports":            portMaps,
+			"serverTypeName":   serverconfigs.FindServerType(server.Type).GetString("name"),
+			"groups":           groupMaps,
+			"serverNames":      serverNames,
+			"countServerNames": countServerNames,
+			"isAuditing":       server.IsAuditing,
+			"auditingIsOk":     auditingIsOk,
+			"user":             userMap,
+		})
+	}
+	this.Data["servers"] = serverMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/servergrouputils/utils.go
+++ b/internal/web/actions/default/servers/groups/group/servergrouputils/utils.go
@@ -0,0 +1,151 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package servergrouputils
+
+import (
+	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
+)
+
+// InitGroup 初始化分组信息
+func InitGroup(parent *actionutils.ParentAction, groupId int64, menuItem string) (*pb.ServerGroup, error) {
+	groupResp, err := parent.RPC().ServerGroupRPC().FindEnabledServerGroup(parent.AdminContext(), &pb.FindEnabledServerGroupRequest{ServerGroupId: groupId})
+	if err != nil {
+		return nil, err
+	}
+	var group = groupResp.ServerGroup
+	if group == nil {
+		return nil, errors.New("group with id '" + types.String(groupId) + "' not found")
+	}
+
+	parent.Data["group"] = maps.Map{
+		"id":   group.Id,
+		"name": group.Name,
+	}
+
+	// 初始化设置菜单
+	if len(menuItem) > 0 {
+		// 获取设置概要信息
+		configInfoResp, err := parent.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(parent.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{ServerGroupId: groupId})
+		if err != nil {
+			return group, err
+		}
+
+		var urlPrefix = "/servers/groups/group/settings"
+		var leftMenuItems = []maps.Map{
+			{
+				"name":     "HTTP代理",
+				"url":      urlPrefix + "/httpReverseProxy?groupId=" + types.String(groupId),
+				"isActive": menuItem == "httpReverseProxy",
+				"isOn":     configInfoResp.HasHTTPReverseProxy,
+			},
+			{
+				"name":     "TCP代理",
+				"url":      urlPrefix + "/tcpReverseProxy?groupId=" + types.String(groupId),
+				"isActive": menuItem == "tcpReverseProxy",
+				"isOn":     configInfoResp.HasTCPReverseProxy,
+			},
+			{
+				"name":     "UDP代理",
+				"url":      urlPrefix + "/udpReverseProxy?groupId=" + types.String(groupId),
+				"isActive": menuItem == "udpReverseProxy",
+				"isOn":     configInfoResp.HasUDPReverseProxy,
+			},
+		}
+
+		if teaconst.IsPlus {
+			leftMenuItems = append([]maps.Map{
+				{
+					"name":     "Web设置",
+					"url":      urlPrefix + "/web?groupId=" + types.String(groupId),
+					"isActive": menuItem == "web",
+					"isOn":     configInfoResp.HasRootConfig,
+				},
+			}, leftMenuItems...)
+			leftMenuItems = append(leftMenuItems, []maps.Map{
+				{
+					"name": "-",
+					"url":  "",
+				},
+				{
+					"name":     "WAF",
+					"url":      urlPrefix + "/waf?groupId=" + types.String(groupId),
+					"isActive": menuItem == "waf",
+					"isOn":     configInfoResp.HasWAFConfig,
+				},
+				{
+					"name":     "缓存",
+					"url":      urlPrefix + "//cache?groupId=" + types.String(groupId),
+					"isActive": menuItem == "cache",
+					"isOn":     configInfoResp.HasCacheConfig,
+				},
+				{
+					"name":     "字符编码",
+					"url":      urlPrefix + "/charset?groupId=" + types.String(groupId),
+					"isActive": menuItem == "charset",
+					"isOn":     configInfoResp.HasCharsetConfig,
+				},
+				{
+					"name":     "访问日志",
+					"url":      urlPrefix + "/accessLog?groupId=" + types.String(groupId),
+					"isActive": menuItem == "accessLog",
+					"isOn":     configInfoResp.HasAccessLogConfig,
+				},
+				{
+					"name":     "统计",
+					"url":      urlPrefix + "/stat?groupId=" + types.String(groupId),
+					"isActive": menuItem == "stat",
+					"isOn":     configInfoResp.HasStatConfig,
+				},
+				{
+					"name":     "内容压缩",
+					"url":      urlPrefix + "/compression?groupId=" + types.String(groupId),
+					"isActive": menuItem == "compression",
+					"isOn":     configInfoResp.HasCompressionConfig,
+				},
+				{
+					"name":     "特殊页面",
+					"url":      urlPrefix + "/pages?groupId=" + types.String(groupId),
+					"isActive": menuItem == "pages",
+					"isOn":     configInfoResp.HasPagesConfig,
+				},
+				{
+					"name":     "HTTP Header",
+					"url":      urlPrefix + "/headers?groupId=" + types.String(groupId),
+					"isActive": menuItem == "headers",
+					"isOn":     configInfoResp.HasRequestHeadersConfig || configInfoResp.HasResponseHeadersConfig,
+				},
+				{
+					"name":     "Websocket",
+					"url":      urlPrefix + "/websocket?groupId=" + types.String(groupId),
+					"isActive": menuItem == "websocket",
+					"isOn":     configInfoResp.HasWebsocketConfig,
+				},
+				{
+					"name":     "WebP",
+					"url":      urlPrefix + "/webp?groupId=" + types.String(groupId),
+					"isActive": menuItem == "webp",
+					"isOn":     configInfoResp.HasWebPConfig,
+				},
+			}...)
+		}
+
+		leftMenuItems = append(leftMenuItems, maps.Map{
+			"name": "-",
+			"url":  "",
+		})
+		leftMenuItems = append(leftMenuItems, maps.Map{
+			"name":     "访客IP地址",
+			"url":      urlPrefix + "/remoteAddr?groupId=" + types.String(groupId),
+			"isActive": menuItem == "remoteAddr",
+			"isOn":     configInfoResp.HasRemoteAddrConfig,
+		})
+		parent.Data["leftMenuItems"] = leftMenuItems
+	}
+
+	return group, nil
+}
--- a/internal/web/actions/default/servers/groups/group/settings/accessLog/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/accessLog/index.go
@@ -0,0 +1,68 @@
+package accessLog
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("accessLog")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "accessLog")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 获取配置
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["webId"] = webConfig.Id
+	this.Data["accessLogConfig"] = webConfig.AccessLogRef
+
+	// 通用变量
+	this.Data["fields"] = serverconfigs.HTTPAccessLogFields
+	this.Data["defaultFieldCodes"] = serverconfigs.HTTPAccessLogDefaultFieldsCodes
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId         int64
+	AccessLogJSON []byte
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的访问日志设置", params.WebId)
+
+	// TODO 检查参数
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebAccessLog(this.AdminContext(), &pb.UpdateHTTPWebAccessLogRequest{
+		WebId:         params.WebId,
+		AccessLogJSON: params.AccessLogJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/accessLog/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/accessLog/init.go
@@ -0,0 +1,19 @@
+package accessLog
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/accessLog").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/index.go
@@ -0,0 +1,88 @@
+package cache
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("cache")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "cache")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["cacheConfig"] = webConfig.Cache
+
+	this.Data["cachePolicy"] = nil
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId     int64
+	CacheJSON []byte
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的缓存设置", params.WebId)
+
+	// 校验配置
+	cacheConfig := &serverconfigs.HTTPCacheConfig{}
+	err := json.Unmarshal(params.CacheJSON, cacheConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	err = cacheConfig.Init()
+	if err != nil {
+		this.Fail("检查配置失败：" + err.Error())
+	}
+
+	// 去除不必要的部分
+	for _, cacheRef := range cacheConfig.CacheRefs {
+		cacheRef.CachePolicy = nil
+	}
+
+	cacheJSON, err := json.Marshal(cacheConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCache(this.AdminContext(), &pb.UpdateHTTPWebCacheRequest{
+		WebId:     params.WebId,
+		CacheJSON: cacheJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/init.go
@@ -0,0 +1,21 @@
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/cache").
+			GetPost("", new(IndexAction)).
+			GetPost("/purge", new(PurgeAction)).
+			GetPost("/preheat", new(PreheatAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/preheat.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/preheat.go
@@ -0,0 +1,143 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"strings"
+)
+
+type PreheatAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PreheatAction) Init() {
+	this.Nav("", "setting", "preheat")
+	this.SecondMenu("cache")
+}
+
+func (this *PreheatAction) RunGet(params struct {
+	ServerId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webConfig"] = webConfig
+
+	this.Show()
+}
+
+func (this *PreheatAction) RunPost(params struct {
+	ServerId int64
+	WebId    int64
+	Keys     string
+
+	Must *actions.Must
+}) {
+
+	// 创建日志
+	defer this.CreateLog(oplogs.LevelInfo, "预热服务 %d 缓存", params.ServerId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithId(this.AdminContext(), params.WebId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if webConfig == nil {
+		this.NotFound("httpWeb", params.WebId)
+		return
+	}
+	var cache = webConfig.Cache
+	if cache == nil || !cache.IsOn {
+		this.Fail("当前没有开启缓存")
+	}
+
+	serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var server = serverResp.Server
+	if server == nil || server.NodeCluster == nil {
+		this.NotFound("server", params.ServerId)
+		return
+	}
+
+	var clusterId = server.NodeCluster.Id
+
+	clusterResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeCluster(this.AdminContext(), &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var cluster = clusterResp.NodeCluster
+	if cluster == nil {
+		this.NotFound("nodeCluster", clusterId)
+		return
+	}
+	var cachePolicyId = cluster.HttpCachePolicyId
+	if cachePolicyId == 0 {
+		this.Fail("当前集群没有设置缓存策略")
+	}
+
+	cachePolicyResp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPCachePolicyConfigRequest{HttpCachePolicyId: cachePolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	cachePolicyJSON := cachePolicyResp.HttpCachePolicyJSON
+	if len(cachePolicyJSON) == 0 {
+		this.Fail("找不到要操作的缓存策略")
+	}
+
+	if len(params.Keys) == 0 {
+		this.Fail("请输入要预热的Key列表")
+	}
+
+	realKeys := []string{}
+	for _, key := range strings.Split(params.Keys, "\n") {
+		key = strings.TrimSpace(key)
+		if len(key) == 0 {
+			continue
+		}
+		if lists.ContainsString(realKeys, key) {
+			continue
+		}
+		realKeys = append(realKeys, key)
+	}
+
+	// 发送命令
+	msg := &messageconfigs.PreheatCacheMessage{
+		CachePolicyJSON: cachePolicyJSON,
+		Keys:            realKeys,
+	}
+	results, err := nodeutils.SendMessageToCluster(this.AdminContext(), clusterId, messageconfigs.MessageCodePreheatCache, msg, 300)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	isAllOk := true
+	for _, result := range results {
+		if !result.IsOK {
+			isAllOk = false
+			break
+		}
+	}
+
+	this.Data["isAllOk"] = isAllOk
+	this.Data["results"] = results
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/purge.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/purge.go
@@ -0,0 +1,149 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"strings"
+)
+
+type PurgeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PurgeAction) Init() {
+	this.Nav("", "setting", "purge")
+	this.SecondMenu("cache")
+}
+
+func (this *PurgeAction) RunGet(params struct {
+	ServerId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webConfig"] = webConfig
+
+	this.Show()
+}
+
+func (this *PurgeAction) RunPost(params struct {
+	ServerId int64
+	WebId    int64
+	Type     string
+	Keys     string
+
+	Must *actions.Must
+}) {
+
+	// 创建日志
+	defer this.CreateLog(oplogs.LevelInfo, "删除服务 %d 缓存", params.ServerId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithId(this.AdminContext(), params.WebId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if webConfig == nil {
+		this.NotFound("httpWeb", params.WebId)
+		return
+	}
+	var cache = webConfig.Cache
+	if cache == nil || !cache.IsOn {
+		this.Fail("当前没有开启缓存")
+	}
+
+	serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var server = serverResp.Server
+	if server == nil || server.NodeCluster == nil {
+		this.NotFound("server", params.ServerId)
+		return
+	}
+
+	var clusterId = server.NodeCluster.Id
+
+	clusterResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeCluster(this.AdminContext(), &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var cluster = clusterResp.NodeCluster
+	if cluster == nil {
+		this.NotFound("nodeCluster", clusterId)
+		return
+	}
+	var cachePolicyId = cluster.HttpCachePolicyId
+	if cachePolicyId == 0 {
+		this.Fail("当前集群没有设置缓存策略")
+	}
+
+	cachePolicyResp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPCachePolicyConfigRequest{HttpCachePolicyId: cachePolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	cachePolicyJSON := cachePolicyResp.HttpCachePolicyJSON
+	if len(cachePolicyJSON) == 0 {
+		this.Fail("找不到要操作的缓存策略")
+	}
+
+	if len(params.Keys) == 0 {
+		this.Fail("请输入要删除的Key列表")
+	}
+
+	realKeys := []string{}
+	for _, key := range strings.Split(params.Keys, "\n") {
+		key = strings.TrimSpace(key)
+		if len(key) == 0 {
+			continue
+		}
+		if lists.ContainsString(realKeys, key) {
+			continue
+		}
+		realKeys = append(realKeys, key)
+	}
+
+	// 发送命令
+	msg := &messageconfigs.PurgeCacheMessage{
+		CachePolicyJSON: cachePolicyJSON,
+		Keys:            realKeys,
+	}
+	if params.Type == "prefix" {
+		msg.Type = messageconfigs.PurgeCacheMessageTypeDir
+	} else {
+		msg.Type = messageconfigs.PurgeCacheMessageTypeFile
+	}
+	results, err := nodeutils.SendMessageToCluster(this.AdminContext(), clusterId, messageconfigs.MessageCodePurgeCache, msg, 10)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	isAllOk := true
+	for _, result := range results {
+		if !result.IsOK {
+			isAllOk = false
+			break
+		}
+	}
+
+	this.Data["isAllOk"] = isAllOk
+	this.Data["results"] = results
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/charset/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/charset/index.go
@@ -0,0 +1,64 @@
+package charset
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("charset")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "charset")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["charsetConfig"] = webConfig.Charset
+
+	this.Data["usualCharsets"] = configutils.UsualCharsets
+	this.Data["allCharsets"] = configutils.AllCharsets
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId       int64
+	CharsetJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的字符集设置", params.WebId)
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebCharset(this.AdminContext(), &pb.UpdateHTTPWebCharsetRequest{
+		WebId:       params.WebId,
+		CharsetJSON: params.CharsetJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/charset/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/charset/init.go
@@ -0,0 +1,19 @@
+package charset
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/charset").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/compression/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/compression/index.go
@@ -0,0 +1,78 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package compression
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("compression")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "compression")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// WebId
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+
+	this.Data["compressionConfig"] = webConfig.Compression
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId           int64
+	CompressionJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改Web %d 的压缩设置", params.WebId)
+
+	// 校验配置
+	var compressionConfig = &serverconfigs.HTTPCompressionConfig{}
+	err := json.Unmarshal(params.CompressionJSON, compressionConfig)
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	err = compressionConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCompression(this.AdminContext(), &pb.UpdateHTTPWebCompressionRequest{
+		WebId:           params.WebId,
+		CompressionJSON: params.CompressionJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/compression/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/compression/init.go
@@ -0,0 +1,19 @@
+package compression
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/compression").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/headers/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/headers/index.go
@@ -0,0 +1,158 @@
+package headers
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("header")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "headers")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	webId := webConfig.Id
+	this.Data["webId"] = webId
+
+	isChanged := false
+	if webConfig.RequestHeaderPolicy == nil {
+		createHeaderPolicyResp, err := this.RPC().HTTPHeaderPolicyRPC().CreateHTTPHeaderPolicy(this.AdminContext(), &pb.CreateHTTPHeaderPolicyRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		headerPolicyId := createHeaderPolicyResp.HeaderPolicyId
+		ref := &shared.HTTPHeaderPolicyRef{
+			IsPrior:        false,
+			IsOn:           true,
+			HeaderPolicyId: headerPolicyId,
+		}
+		refJSON, err := json.Marshal(ref)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRequestHeader(this.AdminContext(), &pb.UpdateHTTPWebRequestHeaderRequest{
+			WebId:      webId,
+			HeaderJSON: refJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		isChanged = true
+	}
+	if webConfig.ResponseHeaderPolicy == nil {
+		createHeaderPolicyResp, err := this.RPC().HTTPHeaderPolicyRPC().CreateHTTPHeaderPolicy(this.AdminContext(), &pb.CreateHTTPHeaderPolicyRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		headerPolicyId := createHeaderPolicyResp.HeaderPolicyId
+		ref := &shared.HTTPHeaderPolicyRef{
+			IsPrior:        false,
+			IsOn:           true,
+			HeaderPolicyId: headerPolicyId,
+		}
+		refJSON, err := json.Marshal(ref)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebResponseHeader(this.AdminContext(), &pb.UpdateHTTPWebResponseHeaderRequest{
+			WebId:      webId,
+			HeaderJSON: refJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		isChanged = true
+	}
+
+	// 重新获取配置
+	if isChanged {
+		webConfig, err = dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["requestHeaderRef"] = webConfig.RequestHeaderPolicyRef
+	this.Data["requestHeaderPolicy"] = webConfig.RequestHeaderPolicy
+	this.Data["responseHeaderRef"] = webConfig.ResponseHeaderPolicyRef
+	this.Data["responseHeaderPolicy"] = webConfig.ResponseHeaderPolicy
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId              int64
+	Type               string
+	RequestHeaderJSON  []byte
+	ResponseHeaderJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的Header设置", params.WebId)
+
+	switch params.Type {
+	case "request":
+		// 检查配置
+		var requestHeaderRef = &shared.HTTPHeaderPolicyRef{}
+		err := json.Unmarshal(params.RequestHeaderJSON, requestHeaderRef)
+		if err != nil {
+			this.Fail("请求Header配置校验失败：" + err.Error() + ", JSON: " + string(params.RequestHeaderJSON))
+		}
+
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRequestHeader(this.AdminContext(), &pb.UpdateHTTPWebRequestHeaderRequest{
+			WebId:      params.WebId,
+			HeaderJSON: params.RequestHeaderJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	case "response":
+		// 校验配置
+		var responseHeaderRef = &shared.HTTPHeaderPolicyRef{}
+		err := json.Unmarshal(params.ResponseHeaderJSON, responseHeaderRef)
+		if err != nil {
+			this.Fail("响应Header配置校验失败：" + err.Error() + ", JSON: " + string(params.ResponseHeaderJSON))
+		}
+
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebResponseHeader(this.AdminContext(), &pb.UpdateHTTPWebResponseHeaderRequest{
+			WebId:      params.WebId,
+			HeaderJSON: params.ResponseHeaderJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/headers/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/headers/init.go
@@ -0,0 +1,19 @@
+package headers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/headers").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/index.go
@@ -0,0 +1,87 @@
+package httpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// IndexAction 源站列表
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.FirstMenu("index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "httpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["serverType"] = "httpProxy"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupHTTPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupHTTPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyRef"] = reverseProxyRef
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	primaryOriginMaps := []maps.Map{}
+	backupOriginMaps := []maps.Map{}
+	for _, originConfig := range reverseProxy.PrimaryOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		primaryOriginMaps = append(primaryOriginMaps, m)
+	}
+	for _, originConfig := range reverseProxy.BackupOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		backupOriginMaps = append(backupOriginMaps, m)
+	}
+	this.Data["primaryOrigins"] = primaryOriginMaps
+	this.Data["backupOrigins"] = backupOriginMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/init.go
@@ -0,0 +1,21 @@
+package httpReverseProxy
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/httpReverseProxy").
+			Get("", new(IndexAction)).
+			GetPost("/scheduling", new(SchedulingAction)).
+			GetPost("/setting", new(SettingAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/scheduling.go
+++ b/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/scheduling.go
@@ -0,0 +1,54 @@
+package httpReverseProxy
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/schedulingconfigs"
+)
+
+type SchedulingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SchedulingAction) Init() {
+	this.FirstMenu("scheduling")
+}
+
+func (this *SchedulingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "httpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "http"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupHTTPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupHTTPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyId"] = reverseProxy.Id
+
+	schedulingCode := reverseProxy.FindSchedulingConfig().Code
+	schedulingMap := schedulingconfigs.FindSchedulingType(schedulingCode)
+	if schedulingMap == nil {
+		this.ErrorPage(errors.New("invalid scheduling code '" + schedulingCode + "'"))
+		return
+	}
+	this.Data["scheduling"] = schedulingMap
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/setting.go
+++ b/internal/web/actions/default/servers/groups/group/settings/httpReverseProxy/setting.go
@@ -0,0 +1,102 @@
+package httpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type SettingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SettingAction) Init() {
+	this.FirstMenu("setting")
+}
+
+func (this *SettingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "httpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "http"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupHTTPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupHTTPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["reverseProxyRef"] = reverseProxyRef
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	this.Show()
+}
+
+func (this *SettingAction) RunPost(params struct {
+	GroupId             int64
+	ReverseProxyRefJSON []byte
+	ReverseProxyJSON    []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改分组 %d 的反向代理设置", params.GroupId)
+
+	// TODO 校验配置
+
+	reverseProxyConfig := &serverconfigs.ReverseProxyConfig{}
+	err := json.Unmarshal(params.ReverseProxyJSON, reverseProxyConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	err = reverseProxyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	// 设置是否启用
+	_, err = this.RPC().ServerGroupRPC().UpdateServerGroupHTTPReverseProxy(this.AdminContext(), &pb.UpdateServerGroupHTTPReverseProxyRequest{
+		ServerGroupId:    params.GroupId,
+		ReverseProxyJSON: params.ReverseProxyRefJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 设置反向代理相关信息
+	_, err = this.RPC().ReverseProxyRPC().UpdateReverseProxy(this.AdminContext(), &pb.UpdateReverseProxyRequest{
+		ReverseProxyId:  reverseProxyConfig.Id,
+		RequestHostType: types.Int32(reverseProxyConfig.RequestHostType),
+		RequestHost:     reverseProxyConfig.RequestHost,
+		RequestURI:      reverseProxyConfig.RequestURI,
+		StripPrefix:     reverseProxyConfig.StripPrefix,
+		AutoFlush:       reverseProxyConfig.AutoFlush,
+		AddHeaders:      reverseProxyConfig.AddHeaders,
+	})
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/index/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/index/index.go
@@ -0,0 +1,28 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package reverseProxy
+
+import (
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/iwind/TeaGo/types"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	if teaconst.IsPlus {
+		this.RedirectURL("/servers/groups/group/settings/web?groupId=" + types.String(params.GroupId))
+	} else {
+		this.RedirectURL("/servers/groups/group/settings/httpReverseProxy?groupId=" + types.String(params.GroupId))
+	}
+	return
+}
--- a/internal/web/actions/default/servers/groups/group/settings/index/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/index/init.go
@@ -0,0 +1,22 @@
+package reverseProxy
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/locationutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(locationutils.NewLocationHelper()).
+			Helper(serverutils.NewServerHelper()).
+			Data("mainTab", "setting").
+			Prefix("/servers/groups/group/settings").
+			Get("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/pages/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/pages/index.go
@@ -0,0 +1,73 @@
+package pages
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("pages")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "pages")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["pages"] = webConfig.Pages
+	this.Data["shutdownConfig"] = webConfig.Shutdown
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId        int64
+	PagesJSON    string
+	ShutdownJSON string
+	Must         *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的设置", params.WebId)
+
+	// TODO 检查配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebPages(this.AdminContext(), &pb.UpdateHTTPWebPagesRequest{
+		WebId:     params.WebId,
+		PagesJSON: []byte(params.PagesJSON),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebShutdown(this.AdminContext(), &pb.UpdateHTTPWebShutdownRequest{
+		WebId:        params.WebId,
+		ShutdownJSON: []byte(params.ShutdownJSON),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/pages/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/pages/init.go
@@ -0,0 +1,19 @@
+package pages
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/pages").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/remoteAddr/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/remoteAddr/index.go
@@ -0,0 +1,68 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package remoteAddr
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("remoteAddr")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "remoteAddr")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["remoteAddrConfig"] = webConfig.RemoteAddr
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId          int64
+	RemoteAddrJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var remoteAddrConfig = &serverconfigs.HTTPRemoteAddrConfig{}
+	err := json.Unmarshal(params.RemoteAddrJSON, remoteAddrConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRemoteAddr(this.AdminContext(), &pb.UpdateHTTPWebRemoteAddrRequest{
+		WebId:          params.WebId,
+		RemoteAddrJSON: params.RemoteAddrJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/remoteAddr/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/remoteAddr/init.go
@@ -0,0 +1,19 @@
+package remoteAddr
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/remoteAddr").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/stat/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/stat/index.go
@@ -0,0 +1,60 @@
+package stat
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("stat")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "stat")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["statConfig"] = webConfig.StatRef
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	StatJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的统计设置", params.WebId)
+
+	// TODO 校验配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebStat(this.AdminContext(), &pb.UpdateHTTPWebStatRequest{
+		WebId:    params.WebId,
+		StatJSON: params.StatJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/stat/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/stat/init.go
@@ -0,0 +1,19 @@
+package stat
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/stat").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/index.go
@@ -0,0 +1,87 @@
+package tcpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// IndexAction 源站列表
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.FirstMenu("index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "tcpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["serverType"] = "tcpProxy"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupTCPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupTCPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyRef"] = reverseProxyRef
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	primaryOriginMaps := []maps.Map{}
+	backupOriginMaps := []maps.Map{}
+	for _, originConfig := range reverseProxy.PrimaryOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		primaryOriginMaps = append(primaryOriginMaps, m)
+	}
+	for _, originConfig := range reverseProxy.BackupOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		backupOriginMaps = append(backupOriginMaps, m)
+	}
+	this.Data["primaryOrigins"] = primaryOriginMaps
+	this.Data["backupOrigins"] = backupOriginMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/init.go
@@ -0,0 +1,21 @@
+package tcpReverseProxy
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/tcpReverseProxy").
+			Get("", new(IndexAction)).
+			GetPost("/scheduling", new(SchedulingAction)).
+			GetPost("/setting", new(SettingAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/scheduling.go
+++ b/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/scheduling.go
@@ -0,0 +1,54 @@
+package tcpReverseProxy
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/schedulingconfigs"
+)
+
+type SchedulingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SchedulingAction) Init() {
+	this.FirstMenu("scheduling")
+}
+
+func (this *SchedulingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "tcpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "tcp"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupTCPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupTCPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyId"] = reverseProxy.Id
+
+	schedulingCode := reverseProxy.FindSchedulingConfig().Code
+	schedulingMap := schedulingconfigs.FindSchedulingType(schedulingCode)
+	if schedulingMap == nil {
+		this.ErrorPage(errors.New("invalid scheduling code '" + schedulingCode + "'"))
+		return
+	}
+	this.Data["scheduling"] = schedulingMap
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/setting.go
+++ b/internal/web/actions/default/servers/groups/group/settings/tcpReverseProxy/setting.go
@@ -0,0 +1,102 @@
+package tcpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type SettingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SettingAction) Init() {
+	this.FirstMenu("setting")
+}
+
+func (this *SettingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "tcpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "tcp"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupTCPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupTCPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["reverseProxyRef"] = reverseProxyRef
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	this.Show()
+}
+
+func (this *SettingAction) RunPost(params struct {
+	GroupId             int64
+	ReverseProxyRefJSON []byte
+	ReverseProxyJSON    []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改分组 %d 的反向代理设置", params.GroupId)
+
+	// TODO 校验配置
+
+	reverseProxyConfig := &serverconfigs.ReverseProxyConfig{}
+	err := json.Unmarshal(params.ReverseProxyJSON, reverseProxyConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	err = reverseProxyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	// 设置是否启用
+	_, err = this.RPC().ServerGroupRPC().UpdateServerGroupTCPReverseProxy(this.AdminContext(), &pb.UpdateServerGroupTCPReverseProxyRequest{
+		ServerGroupId:    params.GroupId,
+		ReverseProxyJSON: params.ReverseProxyRefJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 设置反向代理相关信息
+	_, err = this.RPC().ReverseProxyRPC().UpdateReverseProxy(this.AdminContext(), &pb.UpdateReverseProxyRequest{
+		ReverseProxyId:  reverseProxyConfig.Id,
+		RequestHostType: types.Int32(reverseProxyConfig.RequestHostType),
+		RequestHost:     reverseProxyConfig.RequestHost,
+		RequestURI:      reverseProxyConfig.RequestURI,
+		StripPrefix:     reverseProxyConfig.StripPrefix,
+		AutoFlush:       reverseProxyConfig.AutoFlush,
+		AddHeaders:      reverseProxyConfig.AddHeaders,
+	})
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/index.go
@@ -0,0 +1,87 @@
+package udpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+// IndexAction 源站列表
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.FirstMenu("index")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "udpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["serverType"] = "udpProxy"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupUDPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupUDPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyRef"] = reverseProxyRef
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	primaryOriginMaps := []maps.Map{}
+	backupOriginMaps := []maps.Map{}
+	for _, originConfig := range reverseProxy.PrimaryOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		primaryOriginMaps = append(primaryOriginMaps, m)
+	}
+	for _, originConfig := range reverseProxy.BackupOrigins {
+		if len(originConfig.Domains) == 0 {
+			originConfig.Domains = []string{}
+		}
+		m := maps.Map{
+			"id":      originConfig.Id,
+			"weight":  originConfig.Weight,
+			"addr":    originConfig.Addr.Protocol.String() + "://" + originConfig.Addr.Host + ":" + originConfig.Addr.PortRange,
+			"name":    originConfig.Name,
+			"isOn":    originConfig.IsOn,
+			"domains": originConfig.Domains,
+		}
+		backupOriginMaps = append(backupOriginMaps, m)
+	}
+	this.Data["primaryOrigins"] = primaryOriginMaps
+	this.Data["backupOrigins"] = backupOriginMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/init.go
@@ -0,0 +1,21 @@
+package udpReverseProxy
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/udpReverseProxy").
+			Get("", new(IndexAction)).
+			GetPost("/scheduling", new(SchedulingAction)).
+			GetPost("/setting", new(SettingAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/scheduling.go
+++ b/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/scheduling.go
@@ -0,0 +1,54 @@
+package udpReverseProxy
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/schedulingconfigs"
+)
+
+type SchedulingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SchedulingAction) Init() {
+	this.FirstMenu("scheduling")
+}
+
+func (this *SchedulingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "udpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "udp"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupUDPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupUDPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["reverseProxyId"] = reverseProxy.Id
+
+	schedulingCode := reverseProxy.FindSchedulingConfig().Code
+	schedulingMap := schedulingconfigs.FindSchedulingType(schedulingCode)
+	if schedulingMap == nil {
+		this.ErrorPage(errors.New("invalid scheduling code '" + schedulingCode + "'"))
+		return
+	}
+	this.Data["scheduling"] = schedulingMap
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/setting.go
+++ b/internal/web/actions/default/servers/groups/group/settings/udpReverseProxy/setting.go
@@ -0,0 +1,102 @@
+package udpReverseProxy
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type SettingAction struct {
+	actionutils.ParentAction
+}
+
+func (this *SettingAction) Init() {
+	this.FirstMenu("setting")
+}
+
+func (this *SettingAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "udpReverseProxy")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["family"] = "udp"
+
+	reverseProxyResp, err := this.RPC().ServerGroupRPC().FindAndInitServerGroupUDPReverseProxyConfig(this.AdminContext(), &pb.FindAndInitServerGroupUDPReverseProxyConfigRequest{ServerGroupId: params.GroupId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	reverseProxyRef := &serverconfigs.ReverseProxyRef{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyRefJSON, reverseProxyRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	reverseProxy := &serverconfigs.ReverseProxyConfig{}
+	err = json.Unmarshal(reverseProxyResp.ReverseProxyJSON, reverseProxy)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["reverseProxyRef"] = reverseProxyRef
+	this.Data["reverseProxyConfig"] = reverseProxy
+
+	this.Show()
+}
+
+func (this *SettingAction) RunPost(params struct {
+	GroupId             int64
+	ReverseProxyRefJSON []byte
+	ReverseProxyJSON    []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改分组 %d 的反向代理设置", params.GroupId)
+
+	// TODO 校验配置
+
+	reverseProxyConfig := &serverconfigs.ReverseProxyConfig{}
+	err := json.Unmarshal(params.ReverseProxyJSON, reverseProxyConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	err = reverseProxyConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	// 设置是否启用
+	_, err = this.RPC().ServerGroupRPC().UpdateServerGroupUDPReverseProxy(this.AdminContext(), &pb.UpdateServerGroupUDPReverseProxyRequest{
+		ServerGroupId:    params.GroupId,
+		ReverseProxyJSON: params.ReverseProxyRefJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 设置反向代理相关信息
+	_, err = this.RPC().ReverseProxyRPC().UpdateReverseProxy(this.AdminContext(), &pb.UpdateReverseProxyRequest{
+		ReverseProxyId:  reverseProxyConfig.Id,
+		RequestHostType: types.Int32(reverseProxyConfig.RequestHostType),
+		RequestHost:     reverseProxyConfig.RequestHost,
+		RequestURI:      reverseProxyConfig.RequestURI,
+		StripPrefix:     reverseProxyConfig.StripPrefix,
+		AutoFlush:       reverseProxyConfig.AutoFlush,
+		AddHeaders:      reverseProxyConfig.AddHeaders,
+	})
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/group.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/group.go
@@ -0,0 +1,100 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type GroupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	// policy
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	// group config
+	groupConfig, err := dao.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	this.Data["group"] = groupConfig
+
+	// rule sets
+	this.Data["sets"] = lists.Map(groupConfig.Sets, func(k int, v interface{}) interface{} {
+		set := v.(*firewallconfigs.HTTPFirewallRuleSet)
+
+		var actionMaps = []maps.Map{}
+		for _, action := range set.Actions {
+			def := firewallconfigs.FindActionDefinition(action.Code)
+			if def == nil {
+				continue
+			}
+
+			actionMaps = append(actionMaps, maps.Map{
+				"code":     strings.ToUpper(action.Code),
+				"name":     def.Name,
+				"category": def.Category,
+				"options":  action.Options,
+			})
+		}
+
+		return maps.Map{
+			"id":   set.Id,
+			"name": set.Name,
+			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
+				rule := v.(*firewallconfigs.HTTPFirewallRule)
+				var errString = ""
+				var err = rule.Init()
+				if err != nil {
+					errString = err.Error()
+				}
+				return maps.Map{
+					"param":             rule.Param,
+					"paramFilters":      rule.ParamFilters,
+					"operator":          rule.Operator,
+					"value":             rule.Value,
+					"isCaseInsensitive": rule.IsCaseInsensitive,
+					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
+					"checkpointOptions": rule.CheckpointOptions,
+					"err":               errString,
+				}
+			}),
+			"isOn":      set.IsOn,
+			"actions":   actionMaps,
+			"connector": strings.ToUpper(set.Connector),
+		}
+	})
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/groups.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/groups.go
@@ -0,0 +1,83 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type GroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupsAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupsAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	groupMaps := []maps.Map{}
+
+	// inbound
+	if params.Type == "inbound" {
+		if firewallPolicy.Inbound != nil {
+			for _, g := range firewallPolicy.Inbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	// outbound
+	if params.Type == "outbound" {
+		if firewallPolicy.Outbound != nil {
+			for _, g := range firewallPolicy.Outbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	this.Data["groups"] = groupMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/index.go
@@ -0,0 +1,76 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("waf")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "waf")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["firewallConfig"] = webConfig.FirewallRef
+
+	// 获取当前服务所在集群的WAF设置
+	this.Data["firewallPolicy"] = nil
+
+	// 当前的Server独立设置
+	if webConfig.FirewallRef == nil || webConfig.FirewallRef.FirewallPolicyId == 0 {
+		firewallPolicyId, err := dao.SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(this.AdminContext(), params.GroupId, 0, webConfig.Id, webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.Data["firewallPolicyId"] = firewallPolicyId
+	} else {
+		this.Data["firewallPolicyId"] = webConfig.FirewallRef.FirewallPolicyId
+	}
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId        int64
+	FirewallJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的WAF设置", params.WebId)
+
+	// TODO 检查配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebFirewall(this.AdminContext(), &pb.UpdateHTTPWebFirewallRequest{
+		WebId:        params.WebId,
+		FirewallJSON: params.FirewallJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/init.go
@@ -0,0 +1,33 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/waf/ipadmin"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(serverutils.NewServerHelper()).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/waf").
+			GetPost("", new(IndexAction)).
+			Get("/ipadmin/allowList", new(ipadmin.AllowListAction)).
+			Get("/ipadmin/denyList", new(ipadmin.DenyListAction)).
+			GetPost("/ipadmin/countries", new(ipadmin.CountriesAction)).
+			GetPost("/ipadmin/provinces", new(ipadmin.ProvincesAction)).
+			GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
+			Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).
+			GetPost("/ipadmin/test", new(ipadmin.TestAction)).
+
+			// 规则相关
+			Get("/groups", new(GroupsAction)).
+			Get("/group", new(GroupAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/allowList.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/allowList.go
@@ -0,0 +1,95 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type AllowListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AllowListAction) Init() {
+	this.Nav("", "setting", "allowList")
+	this.SecondMenu("waf")
+}
+
+func (this *AllowListAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindAllowIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "white")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/countries.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/countries.go
@@ -0,0 +1,121 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type CountriesAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CountriesAction) Init() {
+	this.Nav("", "setting", "country")
+	this.SecondMenu("waf")
+}
+
+func (this *CountriesAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	this.Data["subMenuItem"] = "region"
+
+	// 当前选中的地区
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedCountryIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
+	}
+
+	countriesResp, err := this.RPC().RegionCountryRPC().FindAllEnabledRegionCountries(this.AdminContext(), &pb.FindAllEnabledRegionCountriesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	countryMaps := []maps.Map{}
+	for _, country := range countriesResp.Countries {
+		countryMaps = append(countryMaps, maps.Map{
+			"id":        country.Id,
+			"name":      country.Name,
+			"letter":    strings.ToUpper(string(country.Pinyin[0][0])),
+			"isChecked": lists.ContainsInt64(selectedCountryIds, country.Id),
+		})
+	}
+	this.Data["countries"] = countryMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
+
+func (this *CountriesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	CountryIds       []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的国家和地区", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/deleteIP.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/deleteIP.go
@@ -0,0 +1,29 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteIPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteIPAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ItemId           int64
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "从WAF策略 %d 名单中删除IP %d", params.FirewallPolicyId, params.ItemId)
+
+	// TODO 判断权限
+
+	_, err := this.RPC().IPItemRPC().DeleteIPItem(this.AdminContext(), &pb.DeleteIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/denyList.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/denyList.go
@@ -0,0 +1,95 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type DenyListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DenyListAction) Init() {
+	this.Nav("", "setting", "denyList")
+	this.SecondMenu("waf")
+}
+
+func (this *DenyListAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindDenyIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "black")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/provinces.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/provinces.go
@@ -0,0 +1,122 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+const ChinaCountryId = 1
+
+type ProvincesAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ProvincesAction) Init() {
+	this.Nav("", "setting", "province")
+	this.SecondMenu("waf")
+}
+
+func (this *ProvincesAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["subMenuItem"] = "province"
+
+	// 当前选中的省份
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedProvinceIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
+	}
+
+	provincesResp, err := this.RPC().RegionProvinceRPC().FindAllEnabledRegionProvincesWithCountryId(this.AdminContext(), &pb.FindAllEnabledRegionProvincesWithCountryIdRequest{
+		CountryId: int64(ChinaCountryId),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	provinceMaps := []maps.Map{}
+	for _, province := range provincesResp.Provinces {
+		provinceMaps = append(provinceMaps, maps.Map{
+			"id":        province.Id,
+			"name":      province.Name,
+			"isChecked": lists.ContainsInt64(selectedProvinceIds, province.Id),
+		})
+	}
+	this.Data["provinces"] = provinceMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
+
+func (this *ProvincesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ProvinceIds      []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的省份", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
刘祥超	558b5e14f1	优化细节	2021-10-10 20:17:40 +08:00
刘祥超	a5ee2dd03b	页面底部增加GoEdge官网和文档链接	2021-10-10 16:38:45 +08:00
刘祥超	9e9fe78b8d	优化升级提示文字	2021-10-10 16:33:27 +08:00
刘祥超	265e126faf	TCP、TLS、UDP支持端口范围	2021-10-10 16:30:21 +08:00
刘祥超	af440e5c5b	服务分组增加特殊页面设置	2021-10-10 10:52:58 +08:00
刘祥超	32b8c91113	特殊页面可以直接使用HTML	2021-10-10 10:35:14 +08:00
刘祥超	dbc60ccca4	证书上传时可以选择输入文本内容	2021-10-09 17:30:05 +08:00
刘祥超	d5b5af5d3a	数据看板-WAF看板增加节点拦截排行和域名拦截排行	2021-10-09 16:01:17 +08:00
刘祥超	8c1bd3bc4e	增加新的界面风格theme4, theme5	2021-10-09 11:50:02 +08:00
刘祥超	8f638186a3	在服务看板中可以切换到附近的服务	2021-10-08 14:36:57 +08:00
刘祥超	0b5a27e674	支持更多的分组全局设置功能	2021-10-07 16:47:14 +08:00
刘祥超	870f1aaaec	WAF模式从pass改为bypass	2021-10-07 13:55:00 +08:00
刘祥超	23cb4dcbe5	服务支持自定义访客IP地址获取方式	2021-10-06 11:40:24 +08:00
刘祥超	4f125b4244	添加源站时自动去除专属域名中的末尾斜杠	2021-10-06 09:29:44 +08:00
刘祥超	2b9de7938f	在服务设置里也显示WAF策略的模式	2021-10-06 09:08:09 +08:00
刘祥超	75bb07184f	ACME使用EAB申请的账号只能绑定一个用户	2021-10-03 14:43:29 +08:00
刘祥超	1fb491d2e1	ACME证书增加ZeroSSL支持	2021-10-03 13:09:49 +08:00
刘祥超	0bc8bdd841	支持自动转换图像文件为WebP	2021-10-01 16:24:42 +08:00
刘祥超	71d4e2626e	自建DNS改成智能DNS	2021-09-30 13:20:50 +08:00
刘祥超	0b26cbdd01	WAF策略增加观察模式和通过模式	2021-09-30 11:30:36 +08:00
刘祥超	ca72b3c18b	内容压缩支持brotli和deflate	2021-09-29 20:12:27 +08:00
刘祥超	8676f2711b	在WAF规则产生错误时给予提示	2021-09-27 10:11:37 +08:00
刘祥超	788a86bdcf	看板增加离线节点数字	2021-09-27 09:23:48 +08:00
刘祥超	0df6b4b220	优化安装界面--设置管理员账号的交互	2021-09-26 15:08:53 +08:00
刘祥超	f14dcd5c28	缓存条件增加最小内容尺寸配置	2021-09-26 15:01:52 +08:00
刘祥超	f86548e046	版本改为0.3.2	2021-09-26 10:09:51 +08:00
刘祥超	9dea11ab11	节点设置中不显示阈值设置	2021-09-25 19:57:22 +08:00
刘祥超	00749f806c	优化编译脚本	2021-09-25 19:57:10 +08:00
刘祥超	e4e3591413	修改文字	2021-09-24 12:03:31 +08:00
刘祥超	3f847d7c7f	区域监控增加检测时间、结果页增加级别筛选	2021-09-23 10:02:32 +08:00
刘祥超	67a10994a4	提示已经有服务分组配置时加入分组链接	2021-09-22 19:46:22 +08:00
刘祥超	4016296e0b	可以在分组中设置一些全局配置选项	2021-09-22 19:39:38 +08:00
刘祥超	92777366ec	域名解析任务列表中增加集群解析页面链接/在域名解析--集群详情中显示正在执行的任务	2021-09-21 10:56:29 +08:00
刘祥超	beb34f8264	可以设置集群的DNS记录TTL	2021-09-20 20:01:15 +08:00
刘祥超	f6f8c5c858	在集群中可以设置自动加入DNS的CNAME记录	2021-09-20 16:37:41 +08:00
刘祥超	a19c4dffcd	反向代理源站实现使用域名分组	2021-09-20 11:54:28 +08:00
刘祥超	a5754971f6	开源版本也显示域名排行、缓存流量趋势、攻击流量趋势	2021-09-19 16:10:52 +08:00
刘祥超	dbe6435809	实现连通性变化发送通知功能	2021-09-18 14:22:01 +08:00
刘祥超	7e5b980600	优化消息弹窗交互	2021-09-18 11:02:23 +08:00
刘祥超	a6c3b70ee7	修改生成的YAML配置中可能含有tab的Bug	2021-09-16 15:06:37 +08:00
刘祥超	0a23e7951a	增加商业版激活功能	2021-09-16 10:32:58 +08:00
刘祥超	e0e3fc8fef	看板提醒商业版过期日期	2021-09-16 09:21:44 +08:00
刘祥超	a8b947f5ca	修复日期控件初始化格式可能错误的问题	2021-09-15 19:40:42 +08:00
刘祥超	0f28df51f1	优化界面	2021-09-15 19:22:54 +08:00
刘祥超	6e36528f35	IP地址详情中增加区域监控雷达图、数据列表	2021-09-15 17:54:03 +08:00
刘祥超	a885fdbea7	修复IP地址不能修改在线状态的Bug	2021-09-15 11:46:50 +08:00
刘祥超	713de74abb	调整部分命名	2021-09-14 19:39:41 +08:00
刘祥超	8db6a33e15	IP阈值动作增加WebHook	2021-09-14 15:27:54 +08:00
刘祥超	ed2d577be0	IP阈值增加节点分组和集群相关统计项目	2021-09-14 11:36:08 +08:00
刘祥超	084eddecbf	优化节点设置交互	2021-09-13 16:47:34 +08:00
刘祥超	5e09ba302a	IP地址支持手动上线和从备用IP中恢复	2021-09-13 13:45:39 +08:00
刘祥超	fa37b40435	实现节点自动切换到备用IP	2021-09-13 10:51:16 +08:00
刘祥超	c95dde5187	实现基础的IP地址阈值	2021-09-12 20:21:32 +08:00
刘祥超	4d5a4d501a	修复当集群没有绑定DNS域名时无法修改节点DNS信息的Bug	2021-09-11 20:12:06 +08:00
刘祥超	ce97f20826	实现基本的监控终端管理	2021-09-08 19:34:51 +08:00
刘祥超	ab9cd13abc	版本修改为0.3.1	2021-09-08 19:34:47 +08:00