commit components.js

优化文字提示
2023-06-18 19:51:47 +08:00 · 2023-06-18 16:19:16 +08:00 · 2023-06-17 21:53:08 +08:00 · 2023-06-17 21:53:00 +08:00 · 2023-06-16 11:34:39 +08:00 · 2023-06-16 09:54:51 +08:00
512 changed files with 14735 additions and 2856 deletions
--- a/README.md
+++ b/README.md
@@ -54,7 +54,10 @@
 * [管理平台](https://github.com/TeaOSLab/EdgeAdmin)

 ## 联系我们
-有什么问题和建议都可以加入QQ群 `659832182` 或者 [Telegram群](https://t.me/+5kVCMGxQhZxiODY9) 。
+有什么问题和建议都可以加入 [Telegram群](https://t.me/+5kVCMGxQhZxiODY9) 
+
+## 企业版
+* [GoEdge企业版](https://goedge.cn/commercial) - 功能更强大的CDN系统

 ## 感谢
 * 感谢 [Gitee](https://gitee.com/) 提供国内源代码托管平台
--- a/build/build.sh
+++ b/build/build.sh
@@ -105,8 +105,8 @@ function build() {
 	find "$DIST" -name ".DS_Store" -delete
 	find "$DIST" -name ".gitignore" -delete
 	find "$DIST" -name "*.less" -delete
-	find "$DIST" -name "*.css.map" -delete
-	find "$DIST" -name "*.js.map" -delete
+	#find "$DIST" -name "*.css.map" -delete
+	#find "$DIST" -name "*.js.map" -delete

 	# zip
 	echo "zip files ..."
--- a/build/licenses/README.md
+++ b/build/licenses/README.md
@@ -1 +1 @@
-这个目录下我们列举了所有需要公开声明的第三方License，如果有遗漏，烦请告知 iwind.liu@gmail.com。再次感谢这些开源软件项目和贡献人员！ 
+这个目录下我们列举了所有需要公开声明的第三方License，如果有遗漏，烦请告知 goedge.cdn@gmail.com。再次感谢这些开源软件项目和贡献人员！ 
--- a/cmd/edge-admin/main.go
+++ b/cmd/edge-admin/main.go
@@ -2,6 +2,7 @@ package main

 import (
 	"bytes"
+	"flag"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/apps"
 	"github.com/TeaOSLab/EdgeAdmin/internal/configs"
@@ -24,7 +25,7 @@ func main() {
 	var app = apps.NewAppCmd().
 		Version(teaconst.Version).
 		Product(teaconst.ProductName).
-		Usage(teaconst.ProcessName+" [-v|start|stop|restart|service|daemon|reset|recover|demo|upgrade]").
+		Usage(teaconst.ProcessName+" [-h|-v|start|stop|restart|service|daemon|reset|recover|demo|upgrade]").
 		Usage(teaconst.ProcessName+" [dev|prod]").
 		Option("-h", "show this help").
 		Option("-v", "show version").
@@ -38,7 +39,7 @@ func main() {
 		Option("demo", "switch to demo mode").
 		Option("dev", "switch to 'dev' mode").
 		Option("prod", "switch to 'prod' mode").
-		Option("upgrade", "upgrade from official site")
+		Option("upgrade [--url=URL]", "upgrade from official site or an url")

 	app.On("daemon", func() {
 		nodes.NewAdminNode().Daemon()
@@ -138,7 +139,12 @@ func main() {
 		}
 	})
 	app.On("upgrade", func() {
-		var manager = utils.NewUpgradeManager("admin")
+		var downloadURL = ""
+		var flagSet = flag.NewFlagSet("", flag.ContinueOnError)
+		flagSet.StringVar(&downloadURL, "url", "", "new version download url")
+		_ = flagSet.Parse(os.Args[2:])
+
+		var manager = utils.NewUpgradeManager("admin", downloadURL)
 		log.Println("checking latest version ...")
 		var ticker = time.NewTicker(1 * time.Second)
 		go func() {
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,10 +1,11 @@
 FROM alpine:latest
-LABEL maintainer="iwind.liu@gmail.com"
+LABEL maintainer="goedge.cdn@gmail.com"
 ENV TZ "Asia/Shanghai"
-ENV VERSION 0.5.8
+ENV VERSION 1.1.0
 ENV ROOT_DIR /usr/local/goedge
 ENV TAR_FILE edge-admin-linux-amd64-plus-v${VERSION}.zip
 ENV TAR_URL "https://dl.goedge.cn/edge/v${VERSION}/edge-admin-linux-amd64-plus-v${VERSION}.zip"
+#ENV TAR_URL "http://192.168.2.60:8080/edge-admin-linux-amd64-plus-v${VERSION}.zip" # your local repository

 RUN apk add --no-cache tzdata

--- a/go.mod
+++ b/go.mod
@@ -8,14 +8,15 @@ require (
 	github.com/TeaOSLab/EdgeCommon v0.0.0-00010101000000-000000000000
 	github.com/cespare/xxhash v1.1.0
 	github.com/go-sql-driver/mysql v1.5.0
-	github.com/iwind/TeaGo v0.0.0-20220304043459-0dd944a5b475
+	github.com/iwind/TeaGo v0.0.0-20230304012706-c1f4a4e27470
 	github.com/iwind/gosock v0.0.0-20211103081026-ee4652210ca4
 	github.com/miekg/dns v1.1.43
 	github.com/shirou/gopsutil/v3 v3.22.5
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/tealeg/xlsx/v3 v3.2.3
 	github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119
-	golang.org/x/sys v0.2.0
+	golang.org/x/crypto v0.7.0
+	golang.org/x/sys v0.6.0
 	google.golang.org/grpc v1.45.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -26,18 +27,15 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.0 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kr/pretty v0.2.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/rogpeppe/fastuuid v1.2.0 // indirect
 	github.com/shabbyrobe/xmlwriter v0.0.0-20200208144257-9fca06d00ffa // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/net v0.2.0 // indirect
-	golang.org/x/text v0.4.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	google.golang.org/genproto v0.0.0-20220317150908-0efb43f6373e // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
--- a/go.sum
+++ b/go.sum
@@ -21,7 +21,6 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/go-rendezvous v0.0.0-20200624174652-8d2f3be8b2d9/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -75,13 +74,11 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/iwind/TeaGo v0.0.0-20210411134150-ddf57e240c2f/go.mod h1:KU4mS7QNiZ7QWEuDBk1zw0/Q2LrAPZv3tycEFBsuUwc=
-github.com/iwind/TeaGo v0.0.0-20220304043459-0dd944a5b475 h1:EseyfFaQOjWanGiby9KMw7PjDBMg/95tLDgIw/ns0Cw=
-github.com/iwind/TeaGo v0.0.0-20220304043459-0dd944a5b475/go.mod h1:HRHK0zoC/og3c9/hKosD9yYVMTnnzm3PgXUdhRYHaLc=
+github.com/iwind/TeaGo v0.0.0-20230304012706-c1f4a4e27470 h1:TuRxvKRv9PxKVijWOkUnZm5TeanQqWGUJyPx9u6cra4=
+github.com/iwind/TeaGo v0.0.0-20230304012706-c1f4a4e27470/go.mod h1:fi/Pq+/5m2HZoseM+39dMF57ANXRt6w4PkGu3NXPc5s=
 github.com/iwind/gosock v0.0.0-20211103081026-ee4652210ca4 h1:VWGsCqTzObdlbf7UUE3oceIpcEKi4C/YBUszQXk118A=
 github.com/iwind/gosock v0.0.0-20211103081026-ee4652210ca4/go.mod h1:H5Q7SXwbx3a97ecJkaS2sD77gspzE7HFUafBO0peEyA=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -93,11 +90,7 @@ github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2
 github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -112,7 +105,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pkg/profile v1.5.0 h1:042Buzk+NhDI+DeSAA62RwJL8VAuZUMQZUjCsRz1Mug=
 github.com/pkg/profile v1.5.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
@@ -132,7 +124,6 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tealeg/xlsx/v3 v3.2.3 h1:MXnVh+9Y8cUglowItTy2HL3Kv6z+q/0aNjeKuTsVqZQ=
 github.com/tealeg/xlsx/v3 v3.2.3/go.mod h1:0hGmAEoZ48SS1ZAE6eqZJkJVXgOMY+8a33vjXa8S8HA=
@@ -147,6 +138,8 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20200513190911-00229845015e/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
@@ -171,8 +164,8 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -200,15 +193,16 @@ golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -263,7 +257,6 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/internal/apps/app_cmd.go
+++ b/internal/apps/app_cmd.go
@@ -209,7 +209,7 @@ func (this *AppCmd) runStop() {
 	fmt.Println(this.product+" stopped ok, pid:", types.String(pid))
 }

-// 重启
+// RunRestart 重启
 func (this *AppCmd) RunRestart() {
 	this.runStop()
 	time.Sleep(1 * time.Second)
--- a/internal/configloaders/admin_module.go
+++ b/internal/configloaders/admin_module.go
@@ -167,7 +167,7 @@ func AllModuleMaps() []maps.Map {
 			"url":  "/dashboard",
 		},
 		{
-			"name": "网站服务",
+			"name": "网站列表",
 			"code": AdminModuleCodeServer,
 			"url":  "/servers",
 		},
--- a/internal/configloaders/security_config.go
+++ b/internal/configloaders/security_config.go
@@ -29,7 +29,7 @@ func LoadSecurityConfig() (*systemconfigs.SecurityConfig, error) {
 		return nil, err
 	}

-	v := reflect.Indirect(reflect.ValueOf(config)).Interface().(systemconfigs.SecurityConfig)
+	var v = reflect.Indirect(reflect.ValueOf(config)).Interface().(systemconfigs.SecurityConfig)
 	return &v, nil
 }

@@ -83,7 +83,12 @@ func loadSecurityConfig() (*systemconfigs.SecurityConfig, error) {
 		return sharedSecurityConfig, nil
 	}

-	config := &systemconfigs.SecurityConfig{}
+	var config = &systemconfigs.SecurityConfig{
+		Frame:                  FrameSameOrigin,
+		AllowLocal:             true,
+		CheckClientFingerprint: false,
+		CheckClientRegion:      true,
+	}
 	err = json.Unmarshal(resp.ValueJSON, config)
 	if err != nil {
 		logs.Println("[SECURITY_MANAGER]" + err.Error())
@@ -100,7 +105,9 @@ func loadSecurityConfig() (*systemconfigs.SecurityConfig, error) {

 func defaultSecurityConfig() *systemconfigs.SecurityConfig {
 	return &systemconfigs.SecurityConfig{
-		Frame:      FrameSameOrigin,
-		AllowLocal: true,
+		Frame:                  FrameSameOrigin,
+		AllowLocal:             true,
+		CheckClientFingerprint: false,
+		CheckClientRegion:      true,
 	}
 }
--- a/internal/configs/api_config.go
+++ b/internal/configs/api_config.go
@@ -21,9 +21,9 @@ type APIConfig struct {
 // LoadAPIConfig 加载API配置
 func LoadAPIConfig() (*APIConfig, error) {
 	// 候选文件
-	localFile := Tea.ConfigFile("api.yaml")
-	isFromLocal := false
-	paths := []string{localFile}
+	var localFile = Tea.ConfigFile("api.yaml")
+	var isFromLocal = false
+	var paths = []string{localFile}
 	homeDir, homeErr := os.UserHomeDir()
 	if homeErr == nil {
 		paths = append(paths, homeDir+"/."+teaconst.ProcessName+"/api.yaml")
@@ -45,7 +45,7 @@ func LoadAPIConfig() (*APIConfig, error) {
 		return nil, err
 	}

-	config := &APIConfig{}
+	var config = &APIConfig{}
 	err = yaml.Unmarshal(data, config)
 	if err != nil {
 		return nil, err
@@ -155,3 +155,15 @@ func (this *APIConfig) WriteFile(path string) error {

 	return nil
 }
+
+// Clone 克隆当前配置
+func (this *APIConfig) Clone() *APIConfig {
+	return &APIConfig{
+		RPC: struct {
+			Endpoints     []string `yaml:"endpoints"`
+			DisableUpdate bool     `yaml:"disableUpdate"`
+		}{},
+		NodeId: this.NodeId,
+		Secret: this.Secret,
+	}
+}
--- a/internal/configs/plus_config.go
+++ b/internal/configs/plus_config.go
@@ -1,42 +0,0 @@
-// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
-
-package configs
-
-import (
-	"encoding/json"
-	"github.com/iwind/TeaGo/Tea"
-	"os"
-)
-
-var plusConfigFile = "plus.cache.json"
-
-type PlusConfig struct {
-	IsPlus     bool     `json:"isPlus"`
-	Components []string `json:"components"`
-	DayTo      string   `json:"dayTo"`
-}
-
-func ReadPlusConfig() *PlusConfig {
-	data, err := os.ReadFile(Tea.ConfigFile(plusConfigFile))
-	if err != nil {
-		return &PlusConfig{IsPlus: false}
-	}
-	var config = &PlusConfig{IsPlus: false}
-	err = json.Unmarshal(data, config)
-	if err != nil {
-		return config
-	}
-	return config
-}
-
-func WritePlusConfig(config *PlusConfig) error {
-	configJSON, err := json.Marshal(config)
-	if err != nil {
-		return err
-	}
-	err = os.WriteFile(Tea.ConfigFile(plusConfigFile), configJSON, 0777)
-	if err != nil {
-		return err
-	}
-	return nil
-}
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,9 +1,9 @@
 package teaconst

 const (
-	Version = "0.5.9"
+	Version = "1.2.0"

-	APINodeVersion = "0.5.9"
+	APINodeVersion = "1.2.0"

 	ProductName   = "Edge Admin"
 	ProcessName   = "edge-admin"
@@ -18,5 +18,5 @@ const (
 	CookieSID = "edgesid"

 	SystemdServiceName = "edge-admin"
-	UpdatesURL         = "https://goedge.cn/api/boot/versions?os=${os}&arch=${arch}"
+	UpdatesURL         = "https://goedge.cn/api/boot/versions?os=${os}&arch=${arch}&version=${version}"
 )
--- a/internal/const/vars.go
+++ b/internal/const/vars.go
@@ -2,6 +2,11 @@

 package teaconst

+import (
+	"os"
+	"strings"
+)
+
 var (
 	IsRecoverMode = false

@@ -10,4 +15,18 @@ var (

 	NewVersionCode        = "" // 有新的版本
 	NewVersionDownloadURL = "" // 新版本下载地址
+
+	IsMain = checkMain()
 )
+
+// 检查是否为主程序
+func checkMain() bool {
+	if len(os.Args) == 1 ||
+		(len(os.Args) >= 2 && os.Args[1] == "pprof") {
+		return true
+	}
+	exe, _ := os.Executable()
+	return strings.HasSuffix(exe, ".test") ||
+		strings.HasSuffix(exe, ".test.exe") ||
+		strings.Contains(exe, "___")
+}
--- a/internal/gen/generate.go
+++ b/internal/gen/generate.go
@@ -9,6 +9,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/conds/condutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/Tea"
 	"github.com/iwind/TeaGo/files"
@@ -115,6 +116,16 @@ func generateComponentsJSFile() error {
 		buffer.Write([]byte{'\n', '\n'})
 	}

+	// WAF操作符
+	wafOperatorsJSON, err := json.Marshal(firewallconfigs.AllRuleOperators)
+	if err != nil {
+		logs.Println("ComponentsAction marshal waf rule operators failed: " + err.Error())
+	} else {
+		buffer.WriteString("window.WAF_RULE_OPERATORS = ")
+		buffer.Write(wafOperatorsJSON)
+		buffer.Write([]byte{'\n', '\n'})
+	}
+
 	fp, err := os.OpenFile(filepath.Clean(Tea.PublicFile("/js/components.src.js")), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0777)
 	if err != nil {
 		return err
--- a/internal/nodes/admin_node.go
+++ b/internal/nodes/admin_node.go
@@ -12,7 +12,6 @@ import (
 	"github.com/iwind/TeaGo/logs"
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/rands"
-	"github.com/iwind/TeaGo/sessions"
 	"github.com/iwind/TeaGo/types"
 	"github.com/iwind/gosock/pkg/gosock"
 	"gopkg.in/yaml.v3"
@@ -21,6 +20,8 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
+	"path/filepath"
+	"strings"
 	"syscall"
 	"time"
 )
@@ -84,11 +85,19 @@ func (this *AdminNode) Run() {
 	// 启动API节点
 	this.startAPINode()

+	// 启动IP库
+	this.startIPLibrary()
+
 	// 启动Web服务
+	sessionManager, err := NewSessionManager()
+	if err != nil {
+		log.Fatal("start session failed: " + err.Error())
+		return
+	}
 	TeaGo.NewServer(false).
 		AccessLog(false).
 		EndAll().
-		Session(sessions.NewFileSessionManager(86400, secret), teaconst.CookieSID).
+		Session(sessionManager, teaconst.CookieSID).
 		ReadHeaderTimeout(3 * time.Second).
 		ReadTimeout(1200 * time.Second).
 		Start()
@@ -360,6 +369,16 @@ func (this *AdminNode) listenSock() error {
 					}
 				}

+				// 停止当前目录下的API节点
+				var apiSock = gosock.NewTmpSock("edge-api")
+				apiReply, err := apiSock.Send(&gosock.Command{Code: "info"})
+				if err == nil {
+					adminExe, _ := os.Executable()
+					if len(adminExe) > 0 && apiReply != nil && strings.HasPrefix(maps.NewMap(apiReply.Params).GetString("path"), filepath.Dir(filepath.Dir(adminExe))) {
+						_, _ = apiSock.Send(&gosock.Command{Code: "stop"})
+					}
+				}
+
 				// 退出主进程
 				events.Notify(events.EventQuit)
 				os.Exit(0)
--- a/internal/nodes/admin_node_ext.go
+++ b/internal/nodes/admin_node_ext.go
@@ -0,0 +1,18 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package nodes
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	"github.com/iwind/TeaGo/logs"
+)
+
+// 启动IP库
+func (this *AdminNode) startIPLibrary() {
+	logs.Println("[NODE]initializing ip library ...")
+	err := iplibrary.InitDefault()
+	if err != nil {
+		logs.Println("[NODE]initialize ip library failed: "+err.Error())
+	}
+}
--- a/internal/nodes/session_manager.go
+++ b/internal/nodes/session_manager.go
@@ -0,0 +1,98 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package nodes
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/logs"
+	"strings"
+)
+
+// SessionManager SESSION管理
+type SessionManager struct {
+	life uint
+}
+
+func NewSessionManager() (*SessionManager, error) {
+	return &SessionManager{}, nil
+}
+
+func (this *SessionManager) Init(config *actions.SessionConfig) {
+	this.life = config.Life
+}
+
+func (this *SessionManager) Read(sid string) map[string]string {
+	// 忽略OTP
+	if strings.HasSuffix(sid, "_otp") {
+		return map[string]string{}
+	}
+
+	var result = map[string]string{}
+
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		return map[string]string{}
+	}
+
+	resp, err := rpcClient.LoginSessionRPC().FindLoginSession(rpcClient.Context(0), &pb.FindLoginSessionRequest{Sid: sid})
+	if err != nil {
+		logs.Println("SESSION", "read '"+sid+"' failed: "+err.Error())
+		result["@error"] = err.Error()
+		return result
+	}
+
+	var session = resp.LoginSession
+	if session == nil || len(session.ValuesJSON) == 0 {
+		return result
+	}
+
+	err = json.Unmarshal(session.ValuesJSON, &result)
+	if err != nil {
+		logs.Println("SESSION", "decode '"+sid+"' values failed: "+err.Error())
+	}
+
+	return result
+}
+
+func (this *SessionManager) WriteItem(sid string, key string, value string) bool {
+	// 忽略OTP
+	if strings.HasSuffix(sid, "_otp") {
+		return false
+	}
+
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		return false
+	}
+
+	_, err = rpcClient.LoginSessionRPC().WriteLoginSessionValue(rpcClient.Context(0), &pb.WriteLoginSessionValueRequest{
+		Sid:   sid,
+		Key:   key,
+		Value: value,
+	})
+	if err != nil {
+		logs.Println("SESSION", "write sid:'"+sid+"' key:'"+key+"' failed: "+err.Error())
+	}
+
+	return true
+}
+
+func (this *SessionManager) Delete(sid string) bool {
+	// 忽略OTP
+	if strings.HasSuffix(sid, "_otp") {
+		return false
+	}
+
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		return false
+	}
+	_, err = rpcClient.LoginSessionRPC().DeleteLoginSession(rpcClient.Context(0), &pb.DeleteLoginSessionRequest{Sid: sid})
+	if err != nil {
+		logs.Println("SESSION", "delete '"+sid+"' failed: "+err.Error())
+	}
+	return true
+}
--- a/internal/rpc/rpc_client.go
+++ b/internal/rpc/rpc_client.go
@@ -407,6 +407,10 @@ func (this *RPCClient) LoginRPC() pb.LoginServiceClient {
 	return pb.NewLoginServiceClient(this.pickConn())
 }

+func (this *RPCClient) LoginSessionRPC() pb.LoginSessionServiceClient {
+	return pb.NewLoginSessionServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) NodeTaskRPC() pb.NodeTaskServiceClient {
 	return pb.NewNodeTaskServiceClient(this.pickConn())
 }
@@ -540,8 +544,11 @@ func (this *RPCClient) init() error {
 		}

 		var conn *grpc.ClientConn
-		var callOptions = grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(128*1024*1024),
-			grpc.UseCompressor(gzip.Name))
+		var callOptions = grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(128<<20),
+			grpc.MaxCallSendMsgSize(128<<20),
+			grpc.UseCompressor(gzip.Name),
+		)
 		if u.Scheme == "http" {
 			conn, err = grpc.Dial(apiHost, grpc.WithTransportCredentials(insecure.NewCredentials()), callOptions)
 		} else if u.Scheme == "https" {
--- a/internal/rpc/rpc_utils.go
+++ b/internal/rpc/rpc_utils.go
@@ -2,6 +2,9 @@ package rpc

 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configs"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"strings"
 	"sync"
 )

@@ -28,3 +31,39 @@ func SharedRPC() (*RPCClient, error) {
 	sharedRPC = client
 	return sharedRPC, nil
 }
+
+// IsConnError 是否为连接错误
+func IsConnError(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	// 检查是否为连接错误
+	statusErr, ok := status.FromError(err)
+	if ok {
+		var errorCode = statusErr.Code()
+		return errorCode == codes.Unavailable || errorCode == codes.Canceled
+	}
+
+	if strings.Contains(err.Error(), "code = Canceled") {
+		return true
+	}
+
+	return false
+}
+
+// IsUnimplementedError 检查是否为未实现错误
+func IsUnimplementedError(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	statusErr, ok := status.FromError(err)
+	if ok {
+		if statusErr.Code() == codes.Unimplemented {
+			return true
+		}
+	}
+
+	return false
+}
--- a/internal/tasks/task_check_updates.go
+++ b/internal/tasks/task_check_updates.go
@@ -87,6 +87,7 @@ func (this *CheckUpdatesTask) Loop() error {
 	var apiURL = teaconst.UpdatesURL
 	apiURL = strings.ReplaceAll(apiURL, "${os}", runtime.GOOS)
 	apiURL = strings.ReplaceAll(apiURL, "${arch}", runtime.GOARCH)
+	apiURL = strings.ReplaceAll(apiURL, "${version}", teaconst.Version)
 	resp, err := http.Get(apiURL)
 	if err != nil {
 		return errors.New("read api failed: " + err.Error())
@@ -118,7 +119,7 @@ func (this *CheckUpdatesTask) Loop() error {
 			var vMap = maps.NewMap(version)
 			if vMap.GetString("code") == "admin" {
 				var latestVersion = vMap.GetString("version")
-				if stringutil.VersionCompare(teaconst.Version, latestVersion) < 0 {
+				if stringutil.VersionCompare(teaconst.Version, latestVersion) < 0 && (len(config.IgnoredVersion) == 0 || stringutil.VersionCompare(latestVersion, config.IgnoredVersion) > 0) {
 					teaconst.NewVersionCode = latestVersion
 					teaconst.NewVersionDownloadURL = dlHost + vMap.GetString("url")
 					return nil
--- a/internal/utils/apinodeutils/deploy_file.go
+++ b/internal/utils/apinodeutils/deploy_file.go
@@ -0,0 +1,79 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package apinodeutils
+
+import (
+	"crypto/md5"
+	"fmt"
+	"io"
+	"os"
+)
+
+// DeployFile 部署文件描述
+type DeployFile struct {
+	OS      string
+	Arch    string
+	Version string
+	Path    string
+}
+
+// Sum 计算概要
+func (this *DeployFile) Sum() (string, error) {
+	fp, err := os.Open(this.Path)
+	if err != nil {
+		return "", err
+	}
+	defer func() {
+		_ = fp.Close()
+	}()
+
+	m := md5.New()
+	buffer := make([]byte, 128*1024)
+	for {
+		n, err := fp.Read(buffer)
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			return "", err
+		}
+		_, err = m.Write(buffer[:n])
+		if err != nil {
+			return "", err
+		}
+	}
+	sum := m.Sum(nil)
+	return fmt.Sprintf("%x", sum), nil
+}
+
+// Read 读取一个片段数据
+func (this *DeployFile) Read(offset int64) (data []byte, newOffset int64, err error) {
+	fp, err := os.Open(this.Path)
+	if err != nil {
+		return nil, offset, err
+	}
+	defer func() {
+		_ = fp.Close()
+	}()
+
+	stat, err := fp.Stat()
+	if err != nil {
+		return nil, offset, err
+	}
+	if offset >= stat.Size() {
+		return nil, offset, io.EOF
+	}
+
+	_, err = fp.Seek(offset, io.SeekStart)
+	if err != nil {
+		return nil, offset, err
+	}
+
+	buffer := make([]byte, 128*1024)
+	n, err := fp.Read(buffer)
+	if err != nil {
+		return nil, offset, err
+	}
+
+	return buffer[:n], offset + int64(n), nil
+}
--- a/internal/utils/apinodeutils/deploy_manager.go
+++ b/internal/utils/apinodeutils/deploy_manager.go
@@ -0,0 +1,96 @@
+package apinodeutils
+
+import (
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/files"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"regexp"
+)
+
+// DeployManager 节点部署文件管理器
+// 如果节点部署文件有变化，需要重启API节点以便于生效
+type DeployManager struct {
+	dir string
+}
+
+// NewDeployManager 获取新节点部署文件管理器
+func NewDeployManager() *DeployManager {
+	var manager = &DeployManager{
+		dir: Tea.Root + "/edge-api/deploy",
+	}
+	manager.LoadNodeFiles()
+	manager.LoadNSNodeFiles()
+	return manager
+}
+
+// LoadNodeFiles 加载所有边缘节点文件
+func (this *DeployManager) LoadNodeFiles() []*DeployFile {
+	var keyMap = map[string]*DeployFile{} // key => File
+
+	var reg = regexp.MustCompile(`^edge-node-(\w+)-(\w+)-v([0-9.]+)\.zip$`)
+	for _, file := range files.NewFile(this.dir).List() {
+		var name = file.Name()
+		if !reg.MatchString(name) {
+			continue
+		}
+		var matches = reg.FindStringSubmatch(name)
+		var osName = matches[1]
+		var arch = matches[2]
+		var version = matches[3]
+
+		var key = osName + "_" + arch
+		oldFile, ok := keyMap[key]
+		if ok && stringutil.VersionCompare(oldFile.Version, version) > 0 {
+			continue
+		}
+		keyMap[key] = &DeployFile{
+			OS:      osName,
+			Arch:    arch,
+			Version: version,
+			Path:    file.Path(),
+		}
+	}
+
+	var result = []*DeployFile{}
+	for _, v := range keyMap {
+		result = append(result, v)
+	}
+
+	return result
+}
+
+// LoadNSNodeFiles 加载所有NS节点安装文件
+func (this *DeployManager) LoadNSNodeFiles() []*DeployFile {
+	var keyMap = map[string]*DeployFile{} // key => File
+
+	var reg = regexp.MustCompile(`^edge-dns-(\w+)-(\w+)-v([0-9.]+)\.zip$`)
+	for _, file := range files.NewFile(this.dir).List() {
+		var name = file.Name()
+		if !reg.MatchString(name) {
+			continue
+		}
+		var matches = reg.FindStringSubmatch(name)
+		var osName = matches[1]
+		var arch = matches[2]
+		var version = matches[3]
+
+		var key = osName + "_" + arch
+		oldFile, ok := keyMap[key]
+		if ok && stringutil.VersionCompare(oldFile.Version, version) > 0 {
+			continue
+		}
+		keyMap[key] = &DeployFile{
+			OS:      osName,
+			Arch:    arch,
+			Version: version,
+			Path:    file.Path(),
+		}
+	}
+
+	var result = []*DeployFile{}
+	for _, v := range keyMap {
+		result = append(result, v)
+	}
+
+	return result
+}
--- a/internal/utils/apinodeutils/manager.go
+++ b/internal/utils/apinodeutils/manager.go
@@ -0,0 +1,30 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package apinodeutils
+
+var SharedManager = NewManager()
+
+type Manager struct {
+	upgraderMap map[int64]*Upgrader
+}
+
+func NewManager() *Manager {
+	return &Manager{
+		upgraderMap: map[int64]*Upgrader{},
+	}
+}
+
+func (this *Manager) AddUpgrader(upgrader *Upgrader) {
+	this.upgraderMap[upgrader.apiNodeId] = upgrader
+}
+
+func (this *Manager) FindUpgrader(apiNodeId int64) *Upgrader {
+	return this.upgraderMap[apiNodeId]
+}
+
+func (this *Manager) RemoveUpgrader(upgrader *Upgrader) {
+	if upgrader == nil {
+		return
+	}
+	delete(this.upgraderMap, upgrader.apiNodeId)
+}
--- a/internal/utils/apinodeutils/upgrader.go
+++ b/internal/utils/apinodeutils/upgrader.go
@@ -0,0 +1,349 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package apinodeutils
+
+import (
+	"compress/gzip"
+	"context"
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"github.com/TeaOSLab/EdgeAdmin/internal/configs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/Tea"
+	"github.com/iwind/TeaGo/types"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"io"
+	"os"
+	"path/filepath"
+	"runtime"
+)
+
+type Progress struct {
+	Percent float64
+}
+
+type Upgrader struct {
+	progress  *Progress
+	apiExe    string
+	apiNodeId int64
+}
+
+func NewUpgrader(apiNodeId int64) *Upgrader {
+	return &Upgrader{
+		apiExe:    apiExe(),
+		progress:  &Progress{Percent: 0},
+		apiNodeId: apiNodeId,
+	}
+}
+
+func (this *Upgrader) Upgrade() error {
+	sharedClient, err := rpc.SharedRPC()
+	if err != nil {
+		return err
+	}
+	apiNodeResp, err := sharedClient.APINodeRPC().FindEnabledAPINode(sharedClient.Context(0), &pb.FindEnabledAPINodeRequest{ApiNodeId: this.apiNodeId})
+	if err != nil {
+		return err
+	}
+	var apiNode = apiNodeResp.ApiNode
+	if apiNode == nil {
+		return errors.New("could not find api node with id '" + types.String(this.apiNodeId) + "'")
+	}
+
+	apiConfig, err := configs.LoadAPIConfig()
+	if err != nil {
+		return err
+	}
+	var newAPIConfig = apiConfig.Clone()
+	newAPIConfig.RPC.Endpoints = apiNode.AccessAddrs
+
+	rpcClient, err := rpc.NewRPCClient(newAPIConfig, false)
+	if err != nil {
+		return err
+	}
+
+	// 升级边缘节点
+	err = this.upgradeNodes(sharedClient.Context(0), rpcClient)
+	if err != nil {
+		return err
+	}
+
+	// 升级NS节点
+	err = this.upgradeNSNodes(sharedClient.Context(0), rpcClient)
+	if err != nil {
+		return err
+	}
+
+	// 升级API节点
+	err = this.upgradeAPINode(sharedClient.Context(0), rpcClient)
+	if err != nil {
+		return errors.New("upgrade api node failed: " + err.Error())
+	}
+
+	return nil
+}
+
+// Progress 查看升级进程
+func (this *Upgrader) Progress() *Progress {
+	return this.progress
+}
+
+// 升级API节点
+func (this *Upgrader) upgradeAPINode(ctx context.Context, rpcClient *rpc.RPCClient) error {
+	versionResp, err := rpcClient.APINodeRPC().FindCurrentAPINodeVersion(ctx, &pb.FindCurrentAPINodeVersionRequest{})
+	if err != nil {
+		return err
+	}
+	if !Tea.IsTesting() /** 开发环境下允许突破此限制方便测试 **/ &&
+		(stringutil.VersionCompare(versionResp.Version, "0.6.4" /** 从0.6.4开始支持 **/) < 0 || versionResp.Os != runtime.GOOS || versionResp.Arch != runtime.GOARCH) {
+		return errors.New("could not upgrade api node v" + versionResp.Version + "/" + versionResp.Os + "/" + versionResp.Arch)
+	}
+
+	// 检查本地文件版本
+	canUpgrade, reason := CanUpgrade(versionResp.Version, versionResp.Os, versionResp.Arch)
+	if !canUpgrade {
+		return errors.New(reason)
+	}
+
+	localVersion, err := lookupLocalVersion()
+	if err != nil {
+		return errors.New("lookup version failed: " + err.Error())
+	}
+
+	// 检查要升级的文件
+	var gzFile = this.apiExe + "." + localVersion + ".gz"
+
+	gzReader, err := os.Open(gzFile)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			return err
+		}
+		err = func() error {
+			// 压缩文件
+			exeReader, err := os.Open(this.apiExe)
+			if err != nil {
+				return err
+			}
+			defer func() {
+				_ = exeReader.Close()
+			}()
+			var tmpGzFile = gzFile + ".tmp"
+			gzFileWriter, err := os.OpenFile(tmpGzFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
+			if err != nil {
+				return err
+			}
+			var gzWriter = gzip.NewWriter(gzFileWriter)
+			defer func() {
+				_ = gzWriter.Close()
+				_ = gzFileWriter.Close()
+
+				_ = os.Rename(tmpGzFile, gzFile)
+			}()
+			_, err = io.Copy(gzWriter, exeReader)
+			if err != nil {
+				return err
+			}
+
+			return nil
+		}()
+		if err != nil {
+			return err
+		}
+		gzReader, err = os.Open(gzFile)
+		if err != nil {
+			return err
+		}
+	}
+
+	defer func() {
+		_ = gzReader.Close()
+	}()
+
+	// 开始上传
+	var hash = md5.New()
+	var buf = make([]byte, 128*4096)
+	var isFirst = true
+	stat, err := gzReader.Stat()
+	if err != nil {
+		return err
+	}
+	var totalSize = stat.Size()
+	if totalSize == 0 {
+		_ = gzReader.Close()
+		_ = os.Remove(gzFile)
+		return errors.New("invalid gz file")
+	}
+
+	var uploadedSize int64 = 0
+	for {
+		n, err := gzReader.Read(buf)
+		if n > 0 {
+			// 计算Hash
+			hash.Write(buf[:n])
+
+			// 上传
+			_, uploadErr := rpcClient.APINodeRPC().UploadAPINodeFile(rpcClient.Context(0), &pb.UploadAPINodeFileRequest{
+				Filename:     filepath.Base(this.apiExe),
+				Sum:          "",
+				ChunkData:    buf[:n],
+				IsFirstChunk: isFirst,
+				IsLastChunk:  false,
+			})
+			if uploadErr != nil {
+				return uploadErr
+			}
+
+			// 进度
+			uploadedSize += int64(n)
+			this.progress = &Progress{Percent: float64(uploadedSize*100) / float64(totalSize)}
+		}
+		if isFirst {
+			isFirst = false
+		}
+		if err != nil {
+			if err != io.EOF {
+				return err
+			}
+			if err == io.EOF {
+				_, uploadErr := rpcClient.APINodeRPC().UploadAPINodeFile(rpcClient.Context(0), &pb.UploadAPINodeFileRequest{
+					Filename:     filepath.Base(this.apiExe),
+					Sum:          fmt.Sprintf("%x", hash.Sum(nil)),
+					ChunkData:    buf[:n],
+					IsFirstChunk: isFirst,
+					IsLastChunk:  true,
+				})
+				if uploadErr != nil {
+					return uploadErr
+				}
+
+				break
+			}
+		}
+	}
+
+	return nil
+}
+
+// 升级边缘节点
+func (this *Upgrader) upgradeNodes(ctx context.Context, rpcClient *rpc.RPCClient) error {
+	// 本地的
+	var manager = NewDeployManager()
+	var localFileMap = map[string]*DeployFile{} // os_arch => *DeployFile
+	for _, deployFile := range manager.LoadNodeFiles() {
+		localFileMap[deployFile.OS+"_"+deployFile.Arch] = deployFile
+	}
+
+	remoteFilesResp, err := rpcClient.APINodeRPC().FindLatestDeployFiles(ctx, &pb.FindLatestDeployFilesRequest{})
+	if err != nil {
+		return err
+	}
+
+	var remoteFileMap = map[string]*pb.FindLatestDeployFilesResponse_DeployFile{} // os_arch => *DeployFile
+	for _, nodeFile := range remoteFilesResp.NodeDeployFiles {
+		remoteFileMap[nodeFile.Os+"_"+nodeFile.Arch] = nodeFile
+	}
+
+	// 对比版本
+	for key, deployFile := range localFileMap {
+		remoteDeployFile, ok := remoteFileMap[key]
+		if !ok || stringutil.VersionCompare(remoteDeployFile.Version, deployFile.Version) < 0 {
+			err = this.uploadNodeDeployFile(ctx, rpcClient, deployFile.Path)
+			if err != nil {
+				return errors.New("upload deploy file '" + filepath.Base(deployFile.Path) + "' failed: " + err.Error())
+			}
+		}
+	}
+
+	return nil
+}
+
+// 升级NS节点
+func (this *Upgrader) upgradeNSNodes(ctx context.Context, rpcClient *rpc.RPCClient) error {
+	// 本地的
+	var manager = NewDeployManager()
+	var localFileMap = map[string]*DeployFile{} // os_arch => *DeployFile
+	for _, deployFile := range manager.LoadNSNodeFiles() {
+		localFileMap[deployFile.OS+"_"+deployFile.Arch] = deployFile
+	}
+
+	remoteFilesResp, err := rpcClient.APINodeRPC().FindLatestDeployFiles(ctx, &pb.FindLatestDeployFilesRequest{})
+	if err != nil {
+		return err
+	}
+
+	var remoteFileMap = map[string]*pb.FindLatestDeployFilesResponse_DeployFile{} // os_arch => *DeployFile
+	for _, nodeFile := range remoteFilesResp.NsNodeDeployFiles {
+		remoteFileMap[nodeFile.Os+"_"+nodeFile.Arch] = nodeFile
+	}
+
+	// 对比版本
+	for key, deployFile := range localFileMap {
+		remoteDeployFile, ok := remoteFileMap[key]
+		if !ok || stringutil.VersionCompare(remoteDeployFile.Version, deployFile.Version) < 0 {
+			err = this.uploadNodeDeployFile(ctx, rpcClient, deployFile.Path)
+			if err != nil {
+				return errors.New("upload deploy file '" + filepath.Base(deployFile.Path) + "' failed: " + err.Error())
+			}
+		}
+	}
+
+	return nil
+}
+
+// 上传节点文件
+func (this *Upgrader) uploadNodeDeployFile(ctx context.Context, rpcClient *rpc.RPCClient, path string) error {
+	fp, err := os.Open(path)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = fp.Close()
+	}()
+
+	var buf = make([]byte, 128*4096)
+	var isFirst = true
+
+	var hash = md5.New()
+
+	for {
+		n, err := fp.Read(buf)
+		if n > 0 {
+			hash.Write(buf[:n])
+
+			_, uploadErr := rpcClient.APINodeRPC().UploadDeployFileToAPINode(ctx, &pb.UploadDeployFileToAPINodeRequest{
+				Filename:     filepath.Base(path),
+				Sum:          "",
+				ChunkData:    buf[:n],
+				IsFirstChunk: isFirst,
+				IsLastChunk:  false,
+			})
+			if uploadErr != nil {
+				return uploadErr
+			}
+			isFirst = false
+		}
+		if err != nil {
+			if err == io.EOF {
+				err = nil
+
+				_, uploadErr := rpcClient.APINodeRPC().UploadDeployFileToAPINode(ctx, &pb.UploadDeployFileToAPINodeRequest{
+					Filename:     filepath.Base(path),
+					Sum:          fmt.Sprintf("%x", hash.Sum(nil)),
+					ChunkData:    nil,
+					IsFirstChunk: false,
+					IsLastChunk:  true,
+				})
+				if uploadErr != nil {
+					return uploadErr
+				}
+
+				break
+			}
+			return err
+		}
+	}
+
+	return nil
+}
--- a/internal/utils/apinodeutils/upgrader_test.go
+++ b/internal/utils/apinodeutils/upgrader_test.go
@@ -0,0 +1,22 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package apinodeutils_test
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/apinodeutils"
+	_ "github.com/iwind/TeaGo/bootstrap"
+	"runtime"
+	"testing"
+)
+
+func TestUpgrader_CanUpgrade(t *testing.T) {
+	t.Log(apinodeutils.CanUpgrade("0.6.3", runtime.GOOS, runtime.GOARCH))
+}
+
+func TestUpgrader_Upgrade(t *testing.T) {
+	var upgrader = apinodeutils.NewUpgrader(1)
+	err := upgrader.Upgrade()
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/utils/apinodeutils/utils.go
+++ b/internal/utils/apinodeutils/utils.go
@@ -0,0 +1,77 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package apinodeutils
+
+import (
+	"bytes"
+	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/iwind/TeaGo/Tea"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"os"
+	"os/exec"
+	"regexp"
+	"runtime"
+	"strings"
+)
+
+func CanUpgrade(apiVersion string, osName string, arch string) (canUpgrade bool, reason string) {
+	if len(apiVersion) == 0 {
+		return false, "current api version should not be empty"
+	}
+
+	if stringutil.VersionCompare(apiVersion, "0.6.4") < 0 {
+		return false, "api node version must greater than or equal to 0.6.4"
+	}
+
+	if osName != runtime.GOOS {
+		return false, "os not match: " + osName
+	}
+	if arch != runtime.GOARCH {
+		return false, "arch not match: " + arch
+	}
+
+	stat, err := os.Stat(apiExe())
+	if err != nil {
+		return false, "stat error: " + err.Error()
+	}
+	if stat.IsDir() {
+		return false, "is directory"
+	}
+
+	localVersion, err := lookupLocalVersion()
+	if err != nil {
+		return false, "lookup version failed: " + err.Error()
+	}
+	if localVersion != teaconst.APINodeVersion {
+		return false, "not newest api node"
+	}
+	if stringutil.VersionCompare(localVersion, apiVersion) <= 0 {
+		return false, "need not upgrade, local '" + localVersion + "' vs remote '" + apiVersion + "'"
+	}
+
+	return true, ""
+}
+
+func lookupLocalVersion() (string, error) {
+	var cmd = exec.Command(apiExe(), "-V")
+	var output = &bytes.Buffer{}
+	cmd.Stdout = output
+	err := cmd.Run()
+	if err != nil {
+		return "", err
+	}
+	var localVersion = strings.TrimSpace(output.String())
+
+	// 检查版本号
+	var reg = regexp.MustCompile(`^[\d.]+$`)
+	if !reg.MatchString(localVersion) {
+		return "", errors.New("lookup version failed: " + localVersion)
+	}
+
+	return localVersion, nil
+}
+
+func apiExe() string {
+	return Tea.Root + "/edge-api/bin/edge-api"
+}
--- a/internal/utils/dateutils/utils.go
+++ b/internal/utils/dateutils/utils.go
@@ -0,0 +1,12 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package dateutils
+
+// SplitYmd 分隔Ymd格式的日期
+// Ymd => Y-m-d
+func SplitYmd(day string) string {
+	if len(day) != 8 {
+		return day
+	}
+	return day[:4] + "-" + day[4:6] + "-" + day[6:]
+}
--- a/internal/utils/lookup.go
+++ b/internal/utils/lookup.go
@@ -1,26 +1,40 @@
 package utils

 import (
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/iwind/TeaGo/logs"
 	"github.com/miekg/dns"
 )

-// LookupCNAME 获取CNAME
-func LookupCNAME(host string) (string, error) {
-	config, err := dns.ClientConfigFromFile("/etc/resolv.conf")
-	if err != nil {
-		return "", err
+var sharedDNSClient *dns.Client
+var sharedDNSConfig *dns.ClientConfig
+
+func init() {
+	if !teaconst.IsMain {
+		return
 	}

-	c := new(dns.Client)
-	m := new(dns.Msg)
+	config, err := dns.ClientConfigFromFile("/etc/resolv.conf")
+	if err != nil {
+		logs.Println("ERROR: configure dns client failed: " + err.Error())
+		return
+	}
+
+	sharedDNSConfig = config
+	sharedDNSClient = &dns.Client{}
+}
+
+// LookupCNAME 获取CNAME
+func LookupCNAME(host string) (string, error) {
+	var m = new(dns.Msg)

 	m.SetQuestion(host+".", dns.TypeCNAME)
 	m.RecursionDesired = true

 	var lastErr error
-	for _, serverAddr := range config.Servers {
-		r, _, err := c.Exchange(m, configutils.QuoteIP(serverAddr)+":"+config.Port)
+	for _, serverAddr := range sharedDNSConfig.Servers {
+		r, _, err := sharedDNSClient.Exchange(m, configutils.QuoteIP(serverAddr)+":"+sharedDNSConfig.Port)
 		if err != nil {
 			lastErr = err
 			continue
--- a/internal/utils/lookup_test.go
+++ b/internal/utils/lookup_test.go
@@ -0,0 +1,12 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package utils_test
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"testing"
+)
+
+func TestLookupCNAME(t *testing.T) {
+	t.Log(utils.LookupCNAME("www.yun4s.cn"))
+}
--- a/internal/utils/numberutils/utils.go
+++ b/internal/utils/numberutils/utils.go
@@ -75,7 +75,7 @@ func FormatCount(count int64) string {
 	return fmt.Sprintf("%.1fB", float32(count)/1000/1000/1000)
 }

-func FormatFloat(f interface{}, decimal int) string {
+func FormatFloat(f any, decimal int) string {
 	if f == nil {
 		return ""
 	}
@@ -101,10 +101,29 @@ func FormatFloat(f interface{}, decimal int) string {
 	return ""
 }

-func FormatFloat2(f interface{}) string {
+func FormatFloat2(f any) string {
 	return FormatFloat(f, 2)
 }

+// PadFloatZero 为浮点型数字字符串填充足够的0
+func PadFloatZero(s string, countZero int) string {
+	if countZero <= 0 {
+		return s
+	}
+	if len(s) == 0 {
+		s = "0"
+	}
+	var index = strings.Index(s, ".")
+	if index < 0 {
+		return s + "." + strings.Repeat("0", countZero)
+	}
+	var decimalLen = len(s) - 1 - index
+	if decimalLen < countZero {
+		return s + strings.Repeat("0", countZero-decimalLen)
+	}
+	return s
+}
+
 var decimalReg = regexp.MustCompile(`^(\d+\.\d+)([a-zA-Z]+)?$`)

 // TrimZeroSuffix 去除小数数字尾部多余的0
--- a/internal/utils/numberutils/utils_test.go
+++ b/internal/utils/numberutils/utils_test.go
@@ -4,6 +4,7 @@ package numberutils_test

 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
+	"github.com/iwind/TeaGo/assert"
 	"testing"
 )

@@ -49,6 +50,24 @@ func TestFormatFloat(t *testing.T) {
 	t.Log(numberutils.FormatFloat(-221745.12, 2))
 }

+func TestFormatFloat2(t *testing.T) {
+	t.Log(numberutils.FormatFloat2(0))
+	t.Log(numberutils.FormatFloat2(0.0))
+	t.Log(numberutils.FormatFloat2(1.23456))
+	t.Log(numberutils.FormatFloat2(1.0))
+}
+
+func TestPadFloatZero(t *testing.T) {
+	var a = assert.NewAssertion(t)
+	a.IsTrue(numberutils.PadFloatZero("1", 0) == "1")
+	a.IsTrue(numberutils.PadFloatZero("1", 2) == "1.00")
+	a.IsTrue(numberutils.PadFloatZero("1.1", 2) == "1.10")
+	a.IsTrue(numberutils.PadFloatZero("1.12", 2) == "1.12")
+	a.IsTrue(numberutils.PadFloatZero("1.123", 2) == "1.123")
+	a.IsTrue(numberutils.PadFloatZero("10000.123", 2) == "10000.123")
+	a.IsTrue(numberutils.PadFloatZero("", 2) == "0.00")
+}
+
 func TestTrimZeroSuffix(t *testing.T) {
 	for _, s := range []string{
 		"1",
--- a/internal/utils/service_linux.go
+++ b/internal/utils/service_linux.go
@@ -128,7 +128,7 @@ After=network-online.target
 [Service]
 Type=simple
 Restart=always
-RestartSec=1s
+RestartSec=5s
 ExecStart=` + exePath + ` daemon
 ExecStop=` + exePath + ` stop
 ExecReload=` + exePath + ` reload
--- a/internal/utils/taskutils/concurrent.go
+++ b/internal/utils/taskutils/concurrent.go
@@ -0,0 +1,56 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package taskutils
+
+import (
+	"errors"
+	"reflect"
+	"sync"
+)
+
+func RunConcurrent(tasks any, concurrent int, f func(task any)) error {
+	if tasks == nil {
+		return nil
+	}
+	var tasksValue = reflect.ValueOf(tasks)
+	if tasksValue.Type().Kind() != reflect.Slice {
+		return errors.New("ony works for slice")
+	}
+
+	var countTasks = tasksValue.Len()
+	if countTasks == 0 {
+		return nil
+	}
+
+	if concurrent <= 0 {
+		concurrent = 8
+	}
+	if concurrent > countTasks {
+		concurrent = countTasks
+	}
+
+	var taskChan = make(chan any, countTasks)
+	for i := 0; i < countTasks; i++ {
+		taskChan <- tasksValue.Index(i).Interface()
+	}
+
+	var wg = &sync.WaitGroup{}
+	wg.Add(concurrent)
+	for i := 0; i < concurrent; i++ {
+		go func() {
+			defer wg.Done()
+
+			for {
+				select {
+				case task := <-taskChan:
+					f(task)
+				default:
+					return
+				}
+			}
+		}()
+	}
+	wg.Wait()
+
+	return nil
+}
--- a/internal/utils/taskutils/concurrent_test.go
+++ b/internal/utils/taskutils/concurrent_test.go
@@ -0,0 +1,17 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package taskutils_test
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils/taskutils"
+	"testing"
+)
+
+func TestRunConcurrent(t *testing.T) {
+	err := taskutils.RunConcurrent([]string{"a", "b", "c", "d", "e"}, 3, func(task any) {
+		t.Log("run", task)
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+}
--- a/internal/utils/upgrade_manager.go
+++ b/internal/utils/upgrade_manager.go
@@ -52,11 +52,14 @@ type UpgradeManager struct {
 	writer        *UpgradeFileWriter
 	body          io.ReadCloser
 	isCancelled   bool
+
+	downloadURL string
 }

-func NewUpgradeManager(component string) *UpgradeManager {
+func NewUpgradeManager(component string, downloadURL string) *UpgradeManager {
 	return &UpgradeManager{
-		component: component,
+		component:   component,
+		downloadURL: downloadURL,
 		client: &http.Client{
 			Transport: &http.Transport{
 				TLSClientConfig: &tls.Config{
@@ -96,8 +99,8 @@ func (this *UpgradeManager) Start() error {
 	}

 	// 检查新版本
-	var downloadURL = ""
-	{
+	var downloadURL = this.downloadURL
+	if len(downloadURL) == 0 {
 		var url = teaconst.UpdatesURL
 		var osName = runtime.GOOS
 		if Tea.IsTesting() && osName == "darwin" {
@@ -105,10 +108,12 @@ func (this *UpgradeManager) Start() error {
 		}
 		url = strings.ReplaceAll(url, "${os}", osName)
 		url = strings.ReplaceAll(url, "${arch}", runtime.GOARCH)
+		url = strings.ReplaceAll(url, "${version}", teaconst.Version)
 		req, err := http.NewRequest(http.MethodGet, url, nil)
 		if err != nil {
 			return errors.New("create url request failed: " + err.Error())
 		}
+		req.Header.Set("User-Agent", "Edge-Admin/"+teaconst.Version)

 		resp, err := this.client.Do(req)
 		if err != nil {
@@ -169,6 +174,7 @@ func (this *UpgradeManager) Start() error {
 		if err != nil {
 			return errors.New("create download request failed: " + err.Error())
 		}
+		req.Header.Set("User-Agent", "Edge-Admin/"+teaconst.Version)

 		resp, err := this.client.Do(req)
 		if err != nil {
--- a/internal/utils/upgrade_manager_test.go
+++ b/internal/utils/upgrade_manager_test.go
@@ -9,7 +9,7 @@ import (
 )

 func TestNewUpgradeManager(t *testing.T) {
-	var manager = utils.NewUpgradeManager("admin")
+	var manager = utils.NewUpgradeManager("admin", "")

 	var ticker = time.NewTicker(2 * time.Second)
 	go func() {
--- a/internal/web/actions/actionutils/tabbar.go
+++ b/internal/web/actions/actionutils/tabbar.go
@@ -2,37 +2,49 @@ package actionutils

 import (
 	"github.com/iwind/TeaGo/actions"
-	"github.com/iwind/TeaGo/maps"
 )

+type TabItem struct {
+	Name       string `json:"name"`
+	SubName    string `json:"subName"`
+	URL        string `json:"url"`
+	Icon       string `json:"icon"`
+	IsActive   bool   `json:"isActive"`
+	IsRight    bool   `json:"isRight"`
+	IsTitle    bool   `json:"isTitle"`
+	IsDisabled bool   `json:"isDisabled"`
+}
+
 // Tabbar Tabbar定义
 type Tabbar struct {
-	items []maps.Map
+	items []*TabItem
 }

 // NewTabbar 获取新对象
 func NewTabbar() *Tabbar {
 	return &Tabbar{
-		items: []maps.Map{},
+		items: []*TabItem{},
 	}
 }

 // Add 添加菜单项
-func (this *Tabbar) Add(name string, subName string, url string, icon string, active bool) maps.Map {
-	m := maps.Map{
-		"name":    name,
-		"subName": subName,
-		"url":     url,
-		"icon":    icon,
-		"active":  active,
-		"right":   false,
+func (this *Tabbar) Add(name string, subName string, url string, icon string, active bool) *TabItem {
+	var m = &TabItem{
+		Name:       name,
+		SubName:    subName,
+		URL:        url,
+		Icon:       icon,
+		IsActive:   active,
+		IsRight:    false,
+		IsTitle:    false,
+		IsDisabled: false,
 	}
 	this.items = append(this.items, m)
 	return m
 }

 // Items 取得所有的Items
-func (this *Tabbar) Items() []maps.Map {
+func (this *Tabbar) Items() []*TabItem {
 	return this.items
 }

--- a/internal/web/actions/actionutils/utils.go
+++ b/internal/web/actions/actionutils/utils.go
@@ -24,10 +24,19 @@ import (

 // Fail 提示服务器错误信息
 func Fail(action actions.ActionWrapper, err error) {
-	if err != nil {
-		logs.Println("[" + reflect.TypeOf(action).String() + "]" + findStack(err.Error()))
+	if err == nil {
+		err = errors.New("unknown error")
 	}
-	action.Object().Fail(teaconst.ErrServer + "（" + err.Error() + "）")
+
+	logs.Println("[" + reflect.TypeOf(action).String() + "]" + findStack(err.Error()))
+
+	_, _, isLocalAPI, issuesHTML := parseAPIErr(action, err)
+	if isLocalAPI && len(issuesHTML) > 0 {
+		action.Object().Fail(teaconst.ErrServer + "（" + err.Error() + "；最近一次错误提示：" + issuesHTML + "）")
+	} else {
+		action.Object().Fail(teaconst.ErrServer + "（" + err.Error() + "）")
+	}
+
 }

 // FailPage 提示页面错误信息
@@ -38,71 +47,15 @@ func FailPage(action actions.ActionWrapper, err error) {

 	logs.Println("[" + reflect.TypeOf(action).String() + "]" + findStack(err.Error()))

-	// 当前API终端地址
-	var apiEndpoints = []string{}
-	apiConfig, apiConfigErr := configs.LoadAPIConfig()
-	if apiConfigErr == nil && apiConfig != nil {
-		apiEndpoints = append(apiEndpoints, apiConfig.RPC.Endpoints...)
-	}
-
-	var isRPCConnError bool
-	err, isRPCConnError = rpcerrors.HumanError(err, apiEndpoints, Tea.ConfigFile("api.yaml"))
-	var apiNodeIsStarting = false
-	var apiNodeProgress = ""
-	if isRPCConnError {
-		// API节点是否正在启动
-		var sock = gosock.NewTmpSock("edge-api")
-		reply, err := sock.SendTimeout(&gosock.Command{
-			Code:   "starting",
-			Params: nil,
-		}, 1*time.Second)
-		if err == nil && reply != nil {
-			var params = maps.NewMap(reply.Params)
-			if params.GetBool("isStarting") {
-				apiNodeIsStarting = true
-
-				var progressMap = params.GetMap("progress")
-				apiNodeProgress = progressMap.GetString("description")
-			}
-		}
-	}
-
 	action.Object().ResponseWriter.WriteHeader(http.StatusInternalServerError)
 	if len(action.Object().Request.Header.Get("X-Requested-With")) > 0 {
 		action.Object().WriteString(teaconst.ErrServer)
 	} else {
-		// 本地的一些错误提示
-		var isLocalAPI = false
-		if isRPCConnError {
-			host, _, hostErr := net.SplitHostPort(action.Object().Request.Host)
-			if hostErr == nil {
-				for _, endpoint := range apiEndpoints {
-					if strings.HasPrefix(endpoint, "http://"+host) || strings.HasPrefix(endpoint, "https://"+host) || strings.HasPrefix(endpoint, host) {
-						isLocalAPI = true
-						break
-					}
-				}
-			}
-		}
-
-		var issuesHTML = ""
-		if isLocalAPI {
-			// 读取本地API节点的issues
-			issuesData, issuesErr := os.ReadFile(Tea.Root + "/edge-api/logs/issues.log")
-			if issuesErr == nil {
-				var issueMaps = []maps.Map{}
-				issuesErr = json.Unmarshal(issuesData, &issueMaps)
-				if issuesErr == nil && len(issueMaps) > 0 {
-					var issueMap = issueMaps[0]
-					issuesHTML = "本地API节点启动错误：" + issueMap.GetString("message") + "，处理建议：" + issueMap.GetString("suggestion")
-				}
-			}
-		}
-
+		apiNodeIsStarting, apiNodeProgress, _, issuesHTML := parseAPIErr(action, err)
 		var html = `<!DOCTYPE html>
 <html>
 	<head>
-		<title>有系统错误需要处理</title>
+		<title>正在处理...</title>
 		<meta charset="UTF-8"/>
 		<style type="text/css">
 		hr { border-top: 1px #ccc solid; }
@@ -116,7 +69,7 @@ func FailPage(action actions.ActionWrapper, err error) {
 			html += "<div class=\"red\">API节点正在启动，请耐心等待完成"

 			if len(apiNodeProgress) > 0 {
-				html += "：" + apiNodeProgress
+				html += "：" + apiNodeProgress + "（刷新当前页面查看最新状态）"
 			}

 			html += "</div>"
@@ -187,3 +140,61 @@ func findStack(err string) string {

 	return err
 }
+
+// 分析API节点的错误信息
+func parseAPIErr(action actions.ActionWrapper, err error) (apiNodeIsStarting bool, apiNodeProgress string, isLocalAPI bool, issuesHTML string) {
+	// 当前API终端地址
+	var apiEndpoints = []string{}
+	apiConfig, apiConfigErr := configs.LoadAPIConfig()
+	if apiConfigErr == nil && apiConfig != nil {
+		apiEndpoints = append(apiEndpoints, apiConfig.RPC.Endpoints...)
+	}
+
+	var isRPCConnError bool
+	err, isRPCConnError = rpcerrors.HumanError(err, apiEndpoints, Tea.ConfigFile("api.yaml"))
+	if isRPCConnError {
+		// API节点是否正在启动
+		var sock = gosock.NewTmpSock("edge-api")
+		reply, err := sock.SendTimeout(&gosock.Command{
+			Code:   "starting",
+			Params: nil,
+		}, 1*time.Second)
+		if err == nil && reply != nil {
+			var params = maps.NewMap(reply.Params)
+			if params.GetBool("isStarting") {
+				apiNodeIsStarting = true
+
+				var progressMap = params.GetMap("progress")
+				apiNodeProgress = progressMap.GetString("description")
+			}
+		}
+	}
+
+	// 本地的一些错误提示
+	if isRPCConnError {
+		host, _, hostErr := net.SplitHostPort(action.Object().Request.Host)
+		if hostErr == nil {
+			for _, endpoint := range apiEndpoints {
+				if strings.HasPrefix(endpoint, "http://"+host) || strings.HasPrefix(endpoint, "https://"+host) || strings.HasPrefix(endpoint, host) {
+					isLocalAPI = true
+					break
+				}
+			}
+		}
+	}
+
+	if isLocalAPI {
+		// 读取本地API节点的issues
+		issuesData, issuesErr := os.ReadFile(Tea.Root + "/edge-api/logs/issues.log")
+		if issuesErr == nil {
+			var issueMaps = []maps.Map{}
+			issuesErr = json.Unmarshal(issuesData, &issueMaps)
+			if issuesErr == nil && len(issueMaps) > 0 {
+				var issueMap = issueMaps[0]
+				issuesHTML = "本地API节点启动错误：" + issueMap.GetString("message") + "，处理建议：" + issueMap.GetString("suggestion")
+			}
+		}
+	}
+
+	return
+}
--- a/internal/web/actions/default/admins/admin.go
+++ b/internal/web/actions/default/admins/admin.go
@@ -45,6 +45,7 @@ func (this *AdminAction) RunGet(params struct {
 		"isOn":            admin.IsOn,
 		"isSuper":         admin.IsSuper,
 		"canLogin":        admin.CanLogin,
+		"hasWeakPassword": admin.HasWeakPassword,
 		"countAccessKeys": countAccessKeys,
 	}

--- a/internal/web/actions/default/admins/index.go
+++ b/internal/web/actions/default/admins/index.go
@@ -15,34 +15,46 @@ func (this *IndexAction) Init() {
 	this.Nav("", "", "")
 }

-func (this *IndexAction) RunGet(params struct{}) {
-	countResp, err := this.RPC().AdminRPC().CountAllEnabledAdmins(this.AdminContext(), &pb.CountAllEnabledAdminsRequest{})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	page := this.NewPage(countResp.Count)
-	this.Data["page"] = page.AsHTML()
+func (this *IndexAction) RunGet(params struct {
+	Keyword         string
+	HasWeakPassword bool
+}) {
+	this.Data["keyword"] = params.Keyword
+	this.Data["hasWeakPassword"] = params.HasWeakPassword

-	adminsResp, err := this.RPC().AdminRPC().ListEnabledAdmins(this.AdminContext(), &pb.ListEnabledAdminsRequest{
-		Offset: page.Offset,
-		Size:   page.Size,
+	countResp, err := this.RPC().AdminRPC().CountAllEnabledAdmins(this.AdminContext(), &pb.CountAllEnabledAdminsRequest{
+		Keyword:         params.Keyword,
+		HasWeakPassword: params.HasWeakPassword,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	adminMaps := []maps.Map{}
+	var page = this.NewPage(countResp.Count)
+	this.Data["page"] = page.AsHTML()
+
+	adminsResp, err := this.RPC().AdminRPC().ListEnabledAdmins(this.AdminContext(), &pb.ListEnabledAdminsRequest{
+		Keyword:         params.Keyword,
+		HasWeakPassword: params.HasWeakPassword,
+		Offset:          page.Offset,
+		Size:            page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var adminMaps = []maps.Map{}
 	for _, admin := range adminsResp.Admins {
 		adminMaps = append(adminMaps, maps.Map{
-			"id":           admin.Id,
-			"isOn":         admin.IsOn,
-			"isSuper":      admin.IsSuper,
-			"username":     admin.Username,
-			"fullname":     admin.Fullname,
-			"createdTime":  timeutil.FormatTime("Y-m-d H:i:s", admin.CreatedAt),
-			"otpLoginIsOn": admin.OtpLogin != nil && admin.OtpLogin.IsOn,
-			"canLogin":     admin.CanLogin,
+			"id":              admin.Id,
+			"isOn":            admin.IsOn,
+			"isSuper":         admin.IsSuper,
+			"username":        admin.Username,
+			"fullname":        admin.Fullname,
+			"createdTime":     timeutil.FormatTime("Y-m-d H:i:s", admin.CreatedAt),
+			"otpLoginIsOn":    admin.OtpLogin != nil && admin.OtpLogin.IsOn,
+			"canLogin":        admin.CanLogin,
+			"hasWeakPassword": admin.HasWeakPassword,
 		})
 	}
 	this.Data["admins"] = adminMaps
--- a/internal/web/actions/default/clusters/cluster/createBatch.go
+++ b/internal/web/actions/default/clusters/cluster/createBatch.go
@@ -39,6 +39,17 @@ func (this *CreateBatchAction) RunGet(params struct {
 	}
 	this.Data["leftMenuItems"] = leftMenuItems

+	// 限额
+	maxNodes, leftNodes, err := this.findNodesQuota()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["quota"] = maps.Map{
+		"maxNodes":  maxNodes,
+		"leftNodes": leftNodes,
+	}
+
 	this.Show()
 }

--- a/internal/web/actions/default/clusters/cluster/createBatch_ext.go
+++ b/internal/web/actions/default/clusters/cluster/createBatch_ext.go
@@ -0,0 +1,8 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package cluster
+
+func (this *CreateBatchAction) findNodesQuota() (maxNodes int32, leftNodes int32, err error) {
+	return
+}
--- a/internal/web/actions/default/clusters/cluster/createNode.go
+++ b/internal/web/actions/default/clusters/cluster/createNode.go
@@ -30,6 +30,11 @@ func (this *CreateNodeAction) Init() {
 func (this *CreateNodeAction) RunGet(params struct {
 	ClusterId int64
 }) {
+	if params.ClusterId <= 0 {
+		this.RedirectURL("/clusters")
+		return
+	}
+
 	var leftMenuItems = []maps.Map{
 		{
 			"name":     "单个创建",
@@ -92,6 +97,17 @@ func (this *CreateNodeAction) RunGet(params struct {
 	// 安装文件下载
 	this.Data["installerFiles"] = clusterutils.ListInstallerFiles()

+	// 限额
+	maxNodes, leftNodes, err := this.findNodesQuota()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["quota"] = maps.Map{
+		"maxNodes":  maxNodes,
+		"leftNodes": leftNodes,
+	}
+
 	this.Show()
 }

--- a/internal/web/actions/default/clusters/cluster/createNode_ext.go
+++ b/internal/web/actions/default/clusters/cluster/createNode_ext.go
@@ -0,0 +1,8 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package cluster
+
+func (this *CreateNodeAction) findNodesQuota() (maxNodes int32, leftNodes int32, err error) {
+	return
+}
--- a/internal/web/actions/default/clusters/cluster/init.go
+++ b/internal/web/actions/default/clusters/cluster/init.go
@@ -20,6 +20,7 @@ func init() {
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeNode)).
 			Helper(clusters.NewClusterHelper()).
 			Data("teaMenu", "clusters").
+			Data("teaSubMenu", "cluster").
 			Prefix("/clusters/cluster").
 			Get("", new(IndexAction)).
 			Get("/nodes", new(NodesAction)).
--- a/internal/web/actions/default/clusters/cluster/node/detail.go
+++ b/internal/web/actions/default/clusters/cluster/node/detail.go
@@ -89,7 +89,7 @@ func (this *DetailAction) RunGet(params struct {
 		return
 	}
 	var ipAddresses = ipAddressesResp.NodeIPAddresses
-	ipAddressMaps := []maps.Map{}
+	var ipAddressMaps = []maps.Map{}
 	for _, addr := range ipAddressesResp.NodeIPAddresses {
 		thresholds, err := ipaddressutils.InitNodeIPAddressThresholds(this.Parent(), addr.Id)
 		if err != nil {
@@ -103,6 +103,15 @@ func (this *DetailAction) RunGet(params struct {
 			addr.Ip = addr.BackupIP
 		}

+		// 专属集群
+		var addrClusterMaps = []maps.Map{}
+		for _, addrCluster := range addr.NodeClusters {
+			addrClusterMaps = append(addrClusterMaps, maps.Map{
+				"id":   addrCluster.Id,
+				"name": addrCluster.Name,
+			})
+		}
+
 		ipAddressMaps = append(ipAddressMaps, maps.Map{
 			"id":         addr.Id,
 			"name":       addr.Name,
@@ -111,6 +120,7 @@ func (this *DetailAction) RunGet(params struct {
 			"canAccess":  addr.CanAccess,
 			"isOn":       addr.IsOn,
 			"isUp":       addr.IsUp,
+			"clusters":   addrClusterMaps,
 			"thresholds": thresholds,
 		})
 	}
@@ -152,16 +162,33 @@ func (this *DetailAction) RunGet(params struct {
 			if !addr.CanAccess || !addr.IsUp || !addr.IsOn {
 				continue
 			}
+
+			// 过滤集群
+			if len(addr.NodeClusters) > 0 {
+				var inCluster = false
+				for _, addrCluster := range addr.NodeClusters {
+					if addrCluster.Id == cluster.Id {
+						inCluster = true
+					}
+				}
+				if !inCluster {
+					continue
+				}
+			}
+
 			for _, route := range dnsInfo.Routes {
 				var recordType = "A"
 				if utils.IsIPv6(addr.Ip) {
 					recordType = "AAAA"
 				}
 				recordMaps = append(recordMaps, maps.Map{
-					"name":  dnsInfo.NodeClusterDNSName + "." + domainName,
-					"type":  recordType,
-					"route": route.Name,
-					"value": addr.Ip,
+					"name":        dnsInfo.NodeClusterDNSName + "." + domainName,
+					"type":        recordType,
+					"route":       route.Name,
+					"value":       addr.Ip,
+					"clusterName": cluster.Name,
+					"isBackup":    dnsInfo.IsBackupForCluster || dnsInfo.IsBackupForGroup,
+					"isOffline":   dnsInfo.IsOffline,
 				})
 			}
 		}
@@ -179,8 +206,8 @@ func (this *DetailAction) RunGet(params struct {
 			}
 		}

-		grantMap := maps.Map{}
-		grantId := loginParams.GetInt64("grantId")
+		var grantMap = maps.Map{}
+		var grantId = loginParams.GetInt64("grantId")
 		if grantId > 0 {
 			grantResp, err := this.RPC().NodeGrantRPC().FindEnabledNodeGrant(this.AdminContext(), &pb.FindEnabledNodeGrantRequest{NodeGrantId: grantId})
 			if err != nil {
@@ -318,25 +345,29 @@ func (this *DetailAction) RunGet(params struct {
 	}

 	this.Data["node"] = maps.Map{
-		"id":                node.Id,
-		"name":              node.Name,
-		"ipAddresses":       ipAddressMaps,
-		"cluster":           clusterMap,
-		"secondaryClusters": secondaryClustersMaps,
-		"login":             loginMap,
-		"installDir":        node.InstallDir,
-		"isInstalled":       node.IsInstalled,
-		"uniqueId":          node.UniqueId,
-		"secret":            node.Secret,
-		"maxCPU":            node.MaxCPU,
-		"isOn":              node.IsOn,
-		"records":           recordMaps,
-		"routes":            routeMaps,
-		"level":             node.Level,
-		"levelInfo":         nodeconfigs.FindNodeLevel(int(node.Level)),
-		"lnAddrs":           lnAddrs,
-		"enableIPLists":     node.EnableIPLists,
-		"apiNodeAddrs":      apiNodeAddrStrings,
+		"id":                 node.Id,
+		"name":               node.Name,
+		"ipAddresses":        ipAddressMaps,
+		"cluster":            clusterMap,
+		"secondaryClusters":  secondaryClustersMaps,
+		"login":              loginMap,
+		"installDir":         node.InstallDir,
+		"isInstalled":        node.IsInstalled,
+		"uniqueId":           node.UniqueId,
+		"secret":             node.Secret,
+		"maxCPU":             node.MaxCPU,
+		"isOn":               node.IsOn,
+		"records":            recordMaps,
+		"routes":             routeMaps,
+		"level":              node.Level,
+		"levelInfo":          nodeconfigs.FindNodeLevel(int(node.Level)),
+		"lnAddrs":            lnAddrs,
+		"enableIPLists":      node.EnableIPLists,
+		"apiNodeAddrs":       apiNodeAddrStrings,
+		"offlineDay":         node.OfflineDay,
+		"isOffline":          len(node.OfflineDay) > 0 && node.OfflineDay < timeutil.Format("Ymd"),
+		"isBackupForCluster": node.IsBackupForCluster,
+		"isBackupForGroup":   node.IsBackupForGroup,

 		"status": maps.Map{
 			"isActive":             status.IsActive,
--- a/internal/web/actions/default/clusters/cluster/node/update.go
+++ b/internal/web/actions/default/clusters/cluster/node/update.go
@@ -64,12 +64,22 @@ func (this *UpdateAction) RunGet(params struct {
 	}
 	var ipAddressMaps = []maps.Map{}
 	for _, addr := range ipAddressesResp.NodeIPAddresses {
+		// 阈值
 		thresholds, err := ipaddressutils.InitNodeIPAddressThresholds(this.Parent(), addr.Id)
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}

+		// 专属集群
+		var clusterMaps = []maps.Map{}
+		for _, addrCluster := range addr.NodeClusters {
+			clusterMaps = append(clusterMaps, maps.Map{
+				"id":   addrCluster.Id,
+				"name": addrCluster.Name,
+			})
+		}
+
 		ipAddressMaps = append(ipAddressMaps, maps.Map{
 			"id":         addr.Id,
 			"name":       addr.Name,
@@ -78,6 +88,7 @@ func (this *UpdateAction) RunGet(params struct {
 			"isOn":       addr.IsOn,
 			"isUp":       addr.IsUp,
 			"thresholds": thresholds,
+			"clusters":   clusterMaps,
 		})
 	}

--- a/internal/web/actions/default/clusters/cluster/nodes.go
+++ b/internal/web/actions/default/clusters/cluster/nodes.go
@@ -32,11 +32,12 @@ func (this *NodesAction) RunGet(params struct {
 	Keyword        string
 	Level          int32

-	CpuOrder        string
-	MemoryOrder     string
-	TrafficInOrder  string
-	TrafficOutOrder string
-	LoadOrder       string
+	CpuOrder         string
+	MemoryOrder      string
+	TrafficInOrder   string
+	TrafficOutOrder  string
+	LoadOrder        string
+	ConnectionsOrder string
 }) {
 	this.Data["groupId"] = params.GroupId
 	this.Data["regionId"] = params.RegionId
@@ -44,7 +45,7 @@ func (this *NodesAction) RunGet(params struct {
 	this.Data["activeState"] = params.ActiveState
 	this.Data["keyword"] = params.Keyword
 	this.Data["level"] = params.Level
-	this.Data["hasOrder"] = len(params.CpuOrder) > 0 || len(params.MemoryOrder) > 0 || len(params.TrafficInOrder) > 0 || len(params.TrafficOutOrder) > 0 || len(params.LoadOrder) > 0
+	this.Data["hasOrder"] = len(params.CpuOrder) > 0 || len(params.MemoryOrder) > 0 || len(params.TrafficInOrder) > 0 || len(params.TrafficOutOrder) > 0 || len(params.LoadOrder) > 0 || len(params.ConnectionsOrder) > 0

 	// 集群是否已经设置了线路
 	clusterDNSResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeClusterDNS(this.AdminContext(), &pb.FindEnabledNodeClusterDNSRequest{NodeClusterId: params.ClusterId})
@@ -112,6 +113,10 @@ func (this *NodesAction) RunGet(params struct {
 		req.LoadAsc = true
 	} else if params.LoadOrder == "desc" {
 		req.LoadDesc = true
+	} else if params.ConnectionsOrder == "asc" {
+		req.ConnectionsAsc = true
+	} else if params.ConnectionsOrder == "desc" {
+		req.ConnectionsDesc = true
 	}
 	nodesResp, err := this.RPC().NodeRPC().ListEnabledNodesMatch(this.AdminContext(), req)
 	if err != nil {
@@ -121,8 +126,8 @@ func (this *NodesAction) RunGet(params struct {
 	var nodeMaps = []maps.Map{}
 	for _, node := range nodesResp.Nodes {
 		// 状态
-		isSynced := false
-		status := &nodeconfigs.NodeStatus{}
+		var isSynced = false
+		var status = &nodeconfigs.NodeStatus{}
 		if len(node.StatusJSON) > 0 {
 			err = json.Unmarshal(node.StatusJSON, &status)
 			if err != nil {
@@ -142,8 +147,17 @@ func (this *NodesAction) RunGet(params struct {
 			this.ErrorPage(err)
 			return
 		}
-		ipAddresses := []maps.Map{}
+		var ipAddresses = []maps.Map{}
 		for _, addr := range ipAddressesResp.NodeIPAddresses {
+			// 专属集群
+			var addrClusterMaps = []maps.Map{}
+			for _, addrCluster := range addr.NodeClusters {
+				addrClusterMaps = append(addrClusterMaps, maps.Map{
+					"id":   addrCluster.Id,
+					"name": addrCluster.Name,
+				})
+			}
+
 			ipAddresses = append(ipAddresses, maps.Map{
 				"id":        addr.Id,
 				"name":      addr.Name,
@@ -151,6 +165,7 @@ func (this *NodesAction) RunGet(params struct {
 				"canAccess": addr.CanAccess,
 				"isUp":      addr.IsUp,
 				"isOn":      addr.IsOn,
+				"clusters":  addrClusterMaps,
 			})
 		}

@@ -194,6 +209,8 @@ func (this *NodesAction) RunGet(params struct {
 			"isInstalled": node.IsInstalled,
 			"isOn":        node.IsOn,
 			"isUp":        node.IsUp,
+			"isBackup":    node.IsBackupForCluster || node.IsBackupForGroup,
+			"offlineDay":  node.OfflineDay,
 			"installStatus": maps.Map{
 				"isRunning":  node.InstallStatus.IsRunning,
 				"isFinished": node.InstallStatus.IsFinished,
@@ -201,16 +218,17 @@ func (this *NodesAction) RunGet(params struct {
 				"error":      node.InstallStatus.Error,
 			},
 			"status": maps.Map{
-				"isActive":        status.IsActive,
-				"updatedAt":       status.UpdatedAt,
-				"hostname":        status.Hostname,
-				"cpuUsage":        status.CPUUsage,
-				"cpuUsageText":    fmt.Sprintf("%.2f%%", status.CPUUsage*100),
-				"memUsage":        status.MemoryUsage,
-				"memUsageText":    fmt.Sprintf("%.2f%%", status.MemoryUsage*100),
-				"trafficInBytes":  status.TrafficInBytes,
-				"trafficOutBytes": status.TrafficOutBytes,
-				"load1m":          numberutils.FormatFloat2(status.Load1m),
+				"isActive":         status.IsActive,
+				"updatedAt":        status.UpdatedAt,
+				"hostname":         status.Hostname,
+				"cpuUsage":         status.CPUUsage,
+				"cpuUsageText":     fmt.Sprintf("%.2f%%", status.CPUUsage*100),
+				"memUsage":         status.MemoryUsage,
+				"memUsageText":     fmt.Sprintf("%.2f%%", status.MemoryUsage*100),
+				"trafficInBytes":   status.TrafficInBytes,
+				"trafficOutBytes":  status.TrafficOutBytes,
+				"load1m":           numberutils.PadFloatZero(numberutils.FormatFloat2(status.Load1m), 2),
+				"countConnections": status.ConnectionCount,
 			},
 			"cluster": maps.Map{
 				"id":   node.NodeCluster.Id,
--- a/internal/web/actions/default/clusters/cluster/settings/global-server-config/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/global-server-config/index.go
@@ -64,6 +64,7 @@ p { color: grey; }
 </body>
 </html>`
 	}
+
 	this.Data["httpAllDomainMismatchActionContentHTML"] = httpAllDomainMismatchActionContentHTML

 	this.Show()
@@ -77,14 +78,25 @@ func (this *IndexAction) RunPost(params struct {
 	HttpAllAllowMismatchDomainsJSON        []byte
 	HttpAllAllowNodeIP                     bool
 	HttpAllDefaultDomain                   string
+	HttpAllNodeIPPageHTML                  string
+	HttpAllNodeIPShowPage                  bool
+	HttpAllForceLnRequest                  bool
+
+	HttpAllSupportsLowVersionHTTP  bool
+	HttpAllMatchCertFromAllServers bool

 	HttpAccessLogEnableRequestHeaders     bool
 	HttpAccessLogEnableResponseHeaders    bool
 	HttpAccessLogCommonRequestHeadersOnly bool
 	HttpAccessLogEnableCookies            bool
+	HttpAccessLogEnableServerNotFound     bool

 	LogRecordServerError bool

+	PerformanceAutoReadTimeout  bool
+	PerformanceAutoWriteTimeout bool
+	PerformanceDebug            bool
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
@@ -124,17 +136,33 @@ func (this *IndexAction) RunPost(params struct {
 		}
 	}

+	// 域名
 	config.HTTPAll.AllowMismatchDomains = allowMismatchDomains
 	config.HTTPAll.AllowNodeIP = params.HttpAllAllowNodeIP
 	config.HTTPAll.DefaultDomain = params.HttpAllDefaultDomain
+	config.HTTPAll.NodeIPShowPage = params.HttpAllNodeIPShowPage
+	config.HTTPAll.NodeIPPageHTML = params.HttpAllNodeIPPageHTML

+	// HTTP All
+	config.HTTPAll.SupportsLowVersionHTTP = params.HttpAllSupportsLowVersionHTTP
+	config.HTTPAll.MatchCertFromAllServers = params.HttpAllMatchCertFromAllServers
+	config.HTTPAll.ForceLnRequest = params.HttpAllForceLnRequest
+
+	// 访问日志
 	config.HTTPAccessLog.EnableRequestHeaders = params.HttpAccessLogEnableRequestHeaders
 	config.HTTPAccessLog.EnableResponseHeaders = params.HttpAccessLogEnableResponseHeaders
 	config.HTTPAccessLog.CommonRequestHeadersOnly = params.HttpAccessLogCommonRequestHeadersOnly
 	config.HTTPAccessLog.EnableCookies = params.HttpAccessLogEnableCookies
+	config.HTTPAccessLog.EnableServerNotFound = params.HttpAccessLogEnableServerNotFound

+	// 日志
 	config.Log.RecordServerError = params.LogRecordServerError

+	// 性能
+	config.Performance.AutoReadTimeout = params.PerformanceAutoReadTimeout
+	config.Performance.AutoWriteTimeout = params.PerformanceAutoWriteTimeout
+	config.Performance.Debug = params.PerformanceDebug
+
 	err = config.Init()
 	if err != nil {
 		this.Fail("配置校验失败：" + err.Error())
--- a/internal/web/actions/default/clusters/cluster/settings/health/runPopup.go
+++ b/internal/web/actions/default/clusters/cluster/settings/health/runPopup.go
@@ -15,7 +15,17 @@ func (this *RunPopupAction) Init() {
 	this.Nav("", "", "")
 }

-func (this *RunPopupAction) RunGet(params struct{}) {
+func (this *RunPopupAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	// 检查是否已部署服务
+	countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithNodeClusterId(this.AdminContext(), &pb.CountAllEnabledServersWithNodeClusterIdRequest{NodeClusterId: params.ClusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasServers"] = countServersResp.Count > 0
+
 	this.Show()
 }

--- a/internal/web/actions/default/clusters/cluster/settings/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/index.go
@@ -89,6 +89,19 @@ func (this *IndexAction) RunGet(params struct {
 		}
 	}

+	// DNS信息
+	var fullDomainName = ""
+	if len(cluster.DnsName) > 0 && cluster.DnsDomainId > 0 {
+		domainResp, err := this.RPC().DNSDomainRPC().FindBasicDNSDomain(this.AdminContext(), &pb.FindBasicDNSDomainRequest{DnsDomainId: cluster.DnsDomainId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if domainResp.DnsDomain != nil {
+			fullDomainName = cluster.DnsName + "." + domainResp.DnsDomain.Name
+		}
+	}
+
 	this.Data["cluster"] = maps.Map{
 		"id":                  cluster.Id,
 		"name":                cluster.Name,
@@ -100,6 +113,7 @@ func (this *IndexAction) RunGet(params struct {
 		"autoRemoteStart":     cluster.AutoRemoteStart,
 		"autoInstallNftables": cluster.AutoInstallNftables,
 		"sshParams":           sshParams,
+		"domainName":          fullDomainName,
 	}

 	// 默认值
--- a/internal/web/actions/default/clusters/cluster/settings/init.go
+++ b/internal/web/actions/default/clusters/cluster/settings/init.go
@@ -24,6 +24,7 @@ func init() {
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeNode)).
 			Helper(clusters.NewClusterHelper()).
 			Prefix("/clusters/cluster/settings").
+			Data("teaSubMenu", "cluster").
 			GetPost("", new(IndexAction)).

 			// 健康检查
--- a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
+++ b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
@@ -29,9 +29,9 @@ func (this *ClusterHelper) BeforeAction(actionPtr actions.ActionWrapper) (goNext

 	action.Data["teaMenu"] = "clusters"

-	selectedTabbar := action.Data.GetString("mainTab")
-	clusterId := action.ParamInt64("clusterId")
-	clusterIdString := strconv.FormatInt(clusterId, 10)
+	var selectedTabbar = action.Data.GetString("mainTab")
+	var clusterId = action.ParamInt64("clusterId")
+	var clusterIdString = strconv.FormatInt(clusterId, 10)
 	action.Data["clusterId"] = clusterId

 	if clusterId > 0 {
@@ -57,18 +57,49 @@ func (this *ClusterHelper) BeforeAction(actionPtr actions.ActionWrapper) (goNext
 			return
 		}

+		var nodeId = action.ParamInt64("nodeId")
+		var isInCluster = nodeId <= 0
+
 		var tabbar = actionutils.NewTabbar()
-		tabbar.Add("集群列表", "", "/clusters", "", false)
-		if teaconst.IsPlus {
-			tabbar.Add("集群看板", "", "/clusters/cluster/boards?clusterId="+clusterIdString, "chart line area", selectedTabbar == "board")
+		{
+			var url = "/clusters"
+			if !isInCluster {
+				url = "/clusters/cluster/nodes?clusterId=" + clusterIdString
+			}
+			tabbar.Add("", "", url, "arrow left", false)
+		}
+		{
+			var url = "/clusters/cluster?clusterId=" + clusterIdString
+			if !isInCluster {
+				url = "/clusters/cluster/nodes?clusterId=" + clusterIdString
+			}
+
+			var item = tabbar.Add(cluster.Name, "", url, "angle right", true)
+			item.IsTitle = true
+		}
+		if teaconst.IsPlus {
+			{
+				var item = tabbar.Add("集群看板", "", "/clusters/cluster/boards?clusterId="+clusterIdString, "chart line area", selectedTabbar == "board")
+				item.IsDisabled = !isInCluster
+			}
+		}
+		{
+			var item = tabbar.Add("节点列表", "", "/clusters/cluster/nodes?clusterId="+clusterIdString, "server", selectedTabbar == "node")
+			item.IsDisabled = !isInCluster
+		}
+
+		{
+			var item = tabbar.Add("集群设置", "", "/clusters/cluster/settings?clusterId="+clusterIdString, "setting", selectedTabbar == "setting")
+			item.IsDisabled = !isInCluster
+		}
+		{
+			var item = tabbar.Add("删除集群", "", "/clusters/cluster/delete?clusterId="+clusterIdString, "trash", selectedTabbar == "delete")
+			item.IsDisabled = !isInCluster
 		}
-		tabbar.Add("集群节点", "", "/clusters/cluster/nodes?clusterId="+clusterIdString, "server", selectedTabbar == "node")
-		tabbar.Add("集群设置", "", "/clusters/cluster/settings?clusterId="+clusterIdString, "setting", selectedTabbar == "setting")
-		tabbar.Add("删除集群", "", "/clusters/cluster/delete?clusterId="+clusterIdString, "trash", selectedTabbar == "delete")
 		actionutils.SetTabbar(action, tabbar)

 		// 左侧菜单
-		secondMenuItem := action.Data.GetString("secondMenuItem")
+		var secondMenuItem = action.Data.GetString("secondMenuItem")
 		switch selectedTabbar {
 		case "setting":
 			var menuItems = this.createSettingMenu(cluster, clusterInfo, secondMenuItem)
@@ -97,14 +128,39 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, info *pb.F
 		"isActive": selectedItem == "basic",
 		"isOn":     true,
 	})
+
 	items = append(items, maps.Map{
-		"name":     "缓存设置",
+		"name":     "DNS设置",
+		"url":      "/clusters/cluster/settings/dns?clusterId=" + clusterId,
+		"isActive": selectedItem == "dns",
+		"isOn":     cluster.DnsDomainId > 0 || len(cluster.DnsName) > 0,
+	})
+	items = append(items, maps.Map{
+		"name":     "健康检查",
+		"url":      "/clusters/cluster/settings/health?clusterId=" + clusterId,
+		"isActive": selectedItem == "health",
+		"isOn":     info != nil && info.HealthCheckIsOn,
+	})
+
+	items = append(items, maps.Map{
+		"name": "-",
+	})
+
+	items = append(items, maps.Map{
+		"name":     "网站设置",
+		"url":      "/clusters/cluster/settings/global-server-config?clusterId=" + clusterId,
+		"isActive": selectedItem == "globalServerConfig",
+		"isOn":     true,
+	})
+
+	items = append(items, maps.Map{
+		"name":     "缓存策略",
 		"url":      "/clusters/cluster/settings/cache?clusterId=" + clusterId,
 		"isActive": selectedItem == "cache",
 		"isOn":     cluster.HttpCachePolicyId > 0,
 	})
 	items = append(items, maps.Map{
-		"name":     "WAF设置",
+		"name":     "WAF策略",
 		"url":      "/clusters/cluster/settings/waf?clusterId=" + clusterId,
 		"isActive": selectedItem == "waf",
 		"isOn":     cluster.HttpFirewallPolicyId > 0,
@@ -132,20 +188,6 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, info *pb.F
 		"isActive": false,
 	})

-	items = append(items, maps.Map{
-		"name":     "DNS设置",
-		"url":      "/clusters/cluster/settings/dns?clusterId=" + clusterId,
-		"isActive": selectedItem == "dns",
-		"isOn":     cluster.DnsDomainId > 0 || len(cluster.DnsName) > 0,
-	})
-
-	items = append(items, maps.Map{
-		"name":     "健康检查",
-		"url":      "/clusters/cluster/settings/health?clusterId=" + clusterId,
-		"isActive": selectedItem == "health",
-		"isOn":     info != nil && info.HealthCheckIsOn,
-	})
-
 	items = append(items, maps.Map{
 		"name":     "DDoS防护",
 		"url":      "/clusters/cluster/settings/ddos-protection?clusterId=" + clusterId,
@@ -153,12 +195,6 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, info *pb.F
 		"isOn":     info != nil && info.HasDDoSProtection,
 	})

-	items = append(items, maps.Map{
-		"name":     "服务设置",
-		"url":      "/clusters/cluster/settings/global-server-config?clusterId=" + clusterId,
-		"isActive": selectedItem == "globalServerConfig",
-	})
-
 	items = append(items, maps.Map{
 		"name": "-",
 	})
--- a/internal/web/actions/default/clusters/createNode.go
+++ b/internal/web/actions/default/clusters/createNode.go
@@ -0,0 +1,52 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package clusters
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/types"
+)
+
+type CreateNodeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreateNodeAction) Init() {
+	this.Nav("", "cluster", "createNode")
+}
+
+func (this *CreateNodeAction) RunGet(params struct{}) {
+	// 集群总数
+	totalClustersResp, err := this.RPC().NodeClusterRPC().CountAllEnabledNodeClusters(this.AdminContext(), &pb.CountAllEnabledNodeClustersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["totalNodeClusters"] = totalClustersResp.Count
+
+	// 节点总数
+	totalNodesResp, err := this.RPC().NodeRPC().CountAllEnabledNodes(this.AdminContext(), &pb.CountAllEnabledNodesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["totalNodes"] = totalNodesResp.Count
+
+	// 如果只有一个默认集群，那么直接跳转到集群
+	clustersResp, err := this.RPC().NodeClusterRPC().ListEnabledNodeClusters(this.AdminContext(), &pb.ListEnabledNodeClustersRequest{
+		Offset:  0,
+		Size:    2,
+		Keyword: "",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if len(clustersResp.NodeClusters) == 1 {
+		this.RedirectURL("/clusters/cluster/createNode?clusterId=" + types.String(clustersResp.NodeClusters[0].Id))
+		return
+	}
+
+	this.Show()
+}
--- a/internal/web/actions/default/clusters/grants/create.go
+++ b/internal/web/actions/default/clusters/grants/create.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/grants/grantutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"golang.org/x/crypto/ssh"
 )

 type CreateAction struct {
@@ -50,6 +51,18 @@ func (this *CreateAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
--- a/internal/web/actions/default/clusters/grants/createPopup.go
+++ b/internal/web/actions/default/clusters/grants/createPopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )

 type CreatePopupAction struct {
@@ -51,6 +52,18 @@ func (this *CreatePopupAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
--- a/internal/web/actions/default/clusters/grants/update.go
+++ b/internal/web/actions/default/clusters/grants/update.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )

 type UpdateAction struct {
@@ -83,6 +84,18 @@ func (this *UpdateAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
--- a/internal/web/actions/default/clusters/grants/updatePopup.go
+++ b/internal/web/actions/default/clusters/grants/updatePopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"golang.org/x/crypto/ssh"
 )

 type UpdatePopupAction struct {
@@ -83,6 +84,18 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		if len(params.PrivateKey) == 0 {
 			this.FailField("privateKey", "请输入RSA私钥")
 		}
+
+		// 验证私钥
+		var err error
+		if len(params.Passphrase) > 0 {
+			_, err = ssh.ParsePrivateKeyWithPassphrase([]byte(params.PrivateKey), []byte(params.Passphrase))
+		} else {
+			_, err = ssh.ParsePrivateKey([]byte(params.PrivateKey))
+		}
+		if err != nil {
+			this.Fail("私钥验证失败，请检查格式：" + err.Error())
+			return
+		}
 	default:
 		this.Fail("请选择正确的认证方式")
 	}
--- a/internal/web/actions/default/clusters/init.go
+++ b/internal/web/actions/default/clusters/init.go
@@ -13,9 +13,11 @@ func init() {
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeNode)).
 			Helper(clusterutils.NewClustersHelper()).
 			Data("teaMenu", "clusters").
+			Data("teaSubMenu", "cluster").
 			Prefix("/clusters").
 			Get("", new(IndexAction)).
 			GetPost("/create", new(CreateAction)).
+			GetPost("/createNode", new(CreateNodeAction)).
 			Post("/pin", new(PinAction)).
 			Get("/nodes", new(NodesAction)).

--- a/internal/web/actions/default/clusters/logs/deleteAll.go
+++ b/internal/web/actions/default/clusters/logs/deleteAll.go
@@ -0,0 +1,60 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package logs
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAllAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAllAction) RunPost(params struct {
+	DayFrom   string
+	DayTo     string
+	Keyword   string
+	Level     string
+	Type      string // unread, needFix
+	Tag       string
+	ClusterId int64
+	NodeId    int64
+}) {
+	defer this.CreateLogInfo("批量删除节点运行日志")
+
+	// 目前仅允许通过关键词删除，防止误删
+	if len(params.Keyword) == 0 {
+		this.Fail("目前仅允许通过关键词删除")
+		return
+	}
+
+	var fixedState configutils.BoolState = 0
+	var allServers = false
+	if params.Type == "needFix" {
+		fixedState = configutils.BoolStateNo
+		allServers = true
+	}
+
+	_, err := this.RPC().NodeLogRPC().DeleteNodeLogs(this.AdminContext(), &pb.DeleteNodeLogsRequest{
+		NodeClusterId: params.ClusterId,
+		NodeId:        params.NodeId,
+		Role:          nodeconfigs.NodeRoleNode,
+		DayFrom:       params.DayFrom,
+		DayTo:         params.DayTo,
+		Keyword:       params.Keyword,
+		Level:         params.Level,
+		IsUnread:      params.Type == "unread",
+		Tag:           params.Tag,
+		FixedState:    int32(fixedState),
+		AllServers:    allServers,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/logs/index.go
+++ b/internal/web/actions/default/clusters/logs/index.go
@@ -39,6 +39,7 @@ func (this *IndexAction) RunGet(params struct {
 	this.Data["dayFrom"] = params.DayFrom
 	this.Data["dayTo"] = params.DayTo
 	this.Data["keyword"] = params.Keyword
+	this.Data["searchedKeyword"] = params.Keyword
 	this.Data["level"] = params.Level
 	this.Data["type"] = params.Type
 	this.Data["tag"] = params.Tag
@@ -97,6 +98,8 @@ func (this *IndexAction) RunGet(params struct {
 		return
 	}
 	var count = countResp.Count
+	this.Data["countLogs"] = count
+
 	var page = this.NewPage(count)
 	this.Data["page"] = page.AsHTML()

--- a/internal/web/actions/default/clusters/logs/init.go
+++ b/internal/web/actions/default/clusters/logs/init.go
@@ -18,6 +18,7 @@ func init() {
 			Post("/readAllLogs", new(ReadAllLogsAction)).
 			Post("/fix", new(FixAction)).
 			Post("/fixAll", new(FixAllAction)).
+			Post("/deleteAll", new(DeleteAllAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/clusters/nodes.go
+++ b/internal/web/actions/default/clusters/nodes.go
@@ -33,11 +33,12 @@ func (this *NodesAction) RunGet(params struct {
 	Keyword        string
 	Level          int32

-	CpuOrder        string
-	MemoryOrder     string
-	TrafficInOrder  string
-	TrafficOutOrder string
-	LoadOrder       string
+	CpuOrder         string
+	MemoryOrder      string
+	TrafficInOrder   string
+	TrafficOutOrder  string
+	LoadOrder        string
+	ConnectionsOrder string
 }) {
 	this.Data["groupId"] = params.GroupId
 	this.Data["regionId"] = params.RegionId
@@ -46,7 +47,7 @@ func (this *NodesAction) RunGet(params struct {
 	this.Data["keyword"] = params.Keyword
 	this.Data["level"] = params.Level
 	this.Data["clusterId"] = params.ClusterId
-	this.Data["hasOrder"] = len(params.CpuOrder) > 0 || len(params.MemoryOrder) > 0 || len(params.TrafficInOrder) > 0 || len(params.TrafficOutOrder) > 0 || len(params.LoadOrder) > 0
+	this.Data["hasOrder"] = len(params.CpuOrder) > 0 || len(params.MemoryOrder) > 0 || len(params.TrafficInOrder) > 0 || len(params.TrafficOutOrder) > 0 || len(params.LoadOrder) > 0 || len(params.ConnectionsOrder) > 0

 	// 集群是否已经设置了线路
 	clusterDNSResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeClusterDNS(this.AdminContext(), &pb.FindEnabledNodeClusterDNSRequest{NodeClusterId: params.ClusterId})
@@ -114,6 +115,10 @@ func (this *NodesAction) RunGet(params struct {
 		req.LoadAsc = true
 	} else if params.LoadOrder == "desc" {
 		req.LoadDesc = true
+	} else if params.ConnectionsOrder == "asc" {
+		req.ConnectionsAsc = true
+	} else if params.ConnectionsOrder == "desc" {
+		req.ConnectionsDesc = true
 	}
 	nodesResp, err := this.RPC().NodeRPC().ListEnabledNodesMatch(this.AdminContext(), req)
 	if err != nil {
@@ -123,8 +128,8 @@ func (this *NodesAction) RunGet(params struct {
 	var nodeMaps = []maps.Map{}
 	for _, node := range nodesResp.Nodes {
 		// 状态
-		isSynced := false
-		status := &nodeconfigs.NodeStatus{}
+		var isSynced = false
+		var status = &nodeconfigs.NodeStatus{}
 		if len(node.StatusJSON) > 0 {
 			err = json.Unmarshal(node.StatusJSON, &status)
 			if err != nil {
@@ -144,8 +149,17 @@ func (this *NodesAction) RunGet(params struct {
 			this.ErrorPage(err)
 			return
 		}
-		ipAddresses := []maps.Map{}
+		var ipAddresses = []maps.Map{}
 		for _, addr := range ipAddressesResp.NodeIPAddresses {
+			// 专属集群
+			var addrClusterMaps = []maps.Map{}
+			for _, addrCluster := range addr.NodeClusters {
+				addrClusterMaps = append(addrClusterMaps, maps.Map{
+					"id":   addrCluster.Id,
+					"name": addrCluster.Name,
+				})
+			}
+
 			ipAddresses = append(ipAddresses, maps.Map{
 				"id":        addr.Id,
 				"name":      addr.Name,
@@ -153,6 +167,7 @@ func (this *NodesAction) RunGet(params struct {
 				"canAccess": addr.CanAccess,
 				"isUp":      addr.IsUp,
 				"isOn":      addr.IsOn,
+				"clusters":  addrClusterMaps,
 			})
 		}

@@ -175,7 +190,7 @@ func (this *NodesAction) RunGet(params struct {
 		}

 		// DNS
-		dnsRouteNames := []string{}
+		var dnsRouteNames = []string{}
 		for _, route := range node.DnsRoutes {
 			dnsRouteNames = append(dnsRouteNames, route.Name)
 		}
@@ -196,6 +211,8 @@ func (this *NodesAction) RunGet(params struct {
 			"isInstalled": node.IsInstalled,
 			"isOn":        node.IsOn,
 			"isUp":        node.IsUp,
+			"isBackup":    node.IsBackupForCluster || node.IsBackupForGroup,
+			"offlineDay":  node.OfflineDay,
 			"installStatus": maps.Map{
 				"isRunning":  node.InstallStatus.IsRunning,
 				"isFinished": node.InstallStatus.IsFinished,
@@ -203,16 +220,17 @@ func (this *NodesAction) RunGet(params struct {
 				"error":      node.InstallStatus.Error,
 			},
 			"status": maps.Map{
-				"isActive":        status.IsActive,
-				"updatedAt":       status.UpdatedAt,
-				"hostname":        status.Hostname,
-				"cpuUsage":        status.CPUUsage,
-				"cpuUsageText":    numberutils.FormatFloat2(status.CPUUsage * 100),
-				"memUsage":        status.MemoryUsage,
-				"memUsageText":    numberutils.FormatFloat2(status.MemoryUsage * 100),
-				"trafficInBytes":  status.TrafficInBytes,
-				"trafficOutBytes": status.TrafficOutBytes,
-				"load1m":          numberutils.FormatFloat2(status.Load1m),
+				"isActive":         status.IsActive,
+				"updatedAt":        status.UpdatedAt,
+				"hostname":         status.Hostname,
+				"cpuUsage":         status.CPUUsage,
+				"cpuUsageText":     numberutils.FormatFloat2(status.CPUUsage*100) + "%",
+				"memUsage":         status.MemoryUsage,
+				"memUsageText":     numberutils.FormatFloat2(status.MemoryUsage*100) + "%",
+				"trafficInBytes":   status.TrafficInBytes,
+				"trafficOutBytes":  status.TrafficOutBytes,
+				"load1m":           numberutils.PadFloatZero(numberutils.FormatFloat2(status.Load1m), 2),
+				"countConnections": status.ConnectionCount,
 			},
 			"cluster": maps.Map{
 				"id":   node.NodeCluster.Id,
--- a/internal/web/actions/default/clusters/tasks/check.go
+++ b/internal/web/actions/default/clusters/tasks/check.go
@@ -3,23 +3,41 @@ package tasks
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"time"
 )

 type CheckAction struct {
 	actionutils.ParentAction
 }

-func (this *CheckAction) RunPost(params struct{}) {
-	resp, err := this.RPC().NodeTaskRPC().ExistsNodeTasks(this.AdminContext(), &pb.ExistsNodeTasksRequest{
-		ExcludeTypes: []string{"ipItemChanged"},
-	})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
+func (this *CheckAction) RunPost(params struct {
+	IsDoing   bool
+	HasError  bool
+	IsUpdated bool
+}) {
+	var isStream = this.Request.ProtoMajor >= 2
+	this.Data["isStream"] = isStream

-	this.Data["isDoing"] = resp.ExistTasks
-	this.Data["hasError"] = resp.ExistError
+	var maxTries = 10
+	for i := 0; i < maxTries; i++ {
+		resp, err := this.RPC().NodeTaskRPC().ExistsNodeTasks(this.AdminContext(), &pb.ExistsNodeTasksRequest{
+			ExcludeTypes: []string{"ipItemChanged"},
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		// 如果没有数据变化，继续查询
+		if i < maxTries-1 && params.IsUpdated && resp.ExistTasks == params.IsDoing && resp.ExistError == params.HasError && isStream {
+			time.Sleep(3 * time.Second)
+			continue
+		}
+
+		this.Data["isDoing"] = resp.ExistTasks
+		this.Data["hasError"] = resp.ExistError
+		break
+	}

 	this.Success()
 }
--- a/internal/web/actions/default/dashboard/index.go
+++ b/internal/web/actions/default/dashboard/index.go
@@ -30,7 +30,7 @@ func (this *IndexAction) RunGet(params struct{}) {
 	helpers.NotifyIPItemsCountChanges()
 	helpers.NotifyNodeLogsCountChange()

-	if teaconst.IsPlus {
+	if this.checkPlus() {
 		this.RedirectURL("/dashboard/boards")
 		return
 	}
@@ -276,5 +276,13 @@ func (this *IndexAction) RunPost(params struct{}) {
 		}
 	}

+	// 弱密码提示
+	countWeakAdminsResp, err := this.RPC().AdminRPC().CountAllEnabledAdmins(this.AdminContext(), &pb.CountAllEnabledAdminsRequest{HasWeakPassword: true})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["countWeakAdmins"] = countWeakAdminsResp.Count
+
 	this.Success()
 }
--- a/internal/web/actions/default/dashboard/index_ext.go
+++ b/internal/web/actions/default/dashboard/index_ext.go
@@ -0,0 +1,8 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package dashboard
+
+func (this *IndexAction) checkPlus() bool {
+	return false
+}
--- a/internal/web/actions/default/db/node.go
+++ b/internal/web/actions/default/db/node.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/db/dbnodeutils"
 	"github.com/iwind/TeaGo/maps"
+	"strings"
 )

 type NodeAction struct {
@@ -33,7 +34,7 @@ func (this *NodeAction) RunGet(params struct {
 		"host":        node.Host,
 		"port":        node.Port,
 		"username":    node.Username,
-		"password":    node.Password,
+		"password":    strings.Repeat("*", len(node.Password)),
 		"description": node.Description,
 	}

--- a/internal/web/actions/default/dns/clusters/cluster.go
+++ b/internal/web/actions/default/dns/clusters/cluster.go
@@ -25,7 +25,7 @@ func (this *ClusterAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	cluster := clusterResp.NodeCluster
+	var cluster = clusterResp.NodeCluster
 	if cluster == nil {
 		this.NotFound("nodeCluster", params.ClusterId)
 		return
@@ -42,7 +42,7 @@ func (this *ClusterAction) RunGet(params struct {
 		return
 	}
 	var defaultRoute = dnsResp.DefaultRoute
-	domainName := ""
+	var domainName = ""
 	var dnsMap = maps.Map{
 		"dnsName":          dnsResp.Name,
 		"domainId":         0,
@@ -70,19 +70,42 @@ func (this *ClusterAction) RunGet(params struct {

 	this.Data["dnsInfo"] = dnsMap

-	// 节点DNS解析记录
-	nodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesDNSWithNodeClusterId(this.AdminContext(), &pb.FindAllEnabledNodesDNSWithNodeClusterIdRequest{NodeClusterId: params.ClusterId})
+	// 未安装的节点
+	notInstalledNodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesDNSWithNodeClusterId(this.AdminContext(), &pb.FindAllEnabledNodesDNSWithNodeClusterIdRequest{
+		NodeClusterId: params.ClusterId,
+		IsInstalled:   false,
+	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	var nodeMaps = []maps.Map{}
+	var allNodes = notInstalledNodesResp.Nodes
+
+	// 节点DNS解析记录
+	nodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesDNSWithNodeClusterId(this.AdminContext(), &pb.FindAllEnabledNodesDNSWithNodeClusterIdRequest{
+		NodeClusterId: params.ClusterId,
+		IsInstalled:   true,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var installedNodeIdsMap = map[int64]bool{}
 	for _, node := range nodesResp.Nodes {
+		installedNodeIdsMap[node.Id] = true
+	}
+
+	allNodes = append(allNodes, nodesResp.Nodes...)
+
+	var nodeMaps = []maps.Map{}
+	for _, node := range allNodes {
+		var isInstalled = installedNodeIdsMap[node.Id]
+
 		if len(node.Routes) > 0 {
 			for _, route := range node.Routes {
 				// 检查是否已解析
 				var isResolved = false
-				if cluster.DnsDomainId > 0 && len(cluster.DnsName) > 0 && len(node.IpAddr) > 0 {
+				if isInstalled && cluster.DnsDomainId > 0 && len(cluster.DnsName) > 0 && len(node.IpAddr) > 0 {
 					var recordType = "A"
 					if utils.IsIPv6(node.IpAddr) {
 						recordType = "AAAA"
@@ -110,14 +133,17 @@ func (this *ClusterAction) RunGet(params struct {
 						"name": route.Name,
 						"code": route.Code,
 					},
-					"clusterId":  node.NodeClusterId,
-					"isResolved": isResolved,
+					"clusterId":   node.NodeClusterId,
+					"isResolved":  isResolved,
+					"isInstalled": isInstalled,
+					"isBackup":    node.IsBackupForCluster || node.IsBackupForGroup,
+					"isOffline":   node.IsOffline,
 				})
 			}
 		} else {
 			// 默认线路
 			var isResolved = false
-			if len(defaultRoute) > 0 {
+			if isInstalled && len(defaultRoute) > 0 {
 				var recordType = "A"
 				if utils.IsIPv6(node.IpAddr) {
 					recordType = "AAAA"
@@ -144,8 +170,11 @@ func (this *ClusterAction) RunGet(params struct {
 					"name": "",
 					"code": "",
 				},
-				"clusterId":  node.NodeClusterId,
-				"isResolved": isResolved,
+				"clusterId":   node.NodeClusterId,
+				"isResolved":  isResolved,
+				"isInstalled": isInstalled,
+				"isBackup":    node.IsBackupForCluster || node.IsBackupForGroup,
+				"isOffline":   node.IsOffline,
 			})
 		}
 	}
--- a/internal/web/actions/default/dns/domainOptions.go
+++ b/internal/web/actions/default/dns/domainOptions.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
+	"sort"
 )

 // DomainOptionsAction 域名列表选项
@@ -21,10 +22,18 @@ func (this *DomainOptionsAction) RunPost(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	domainMaps := []maps.Map{}
+
+	// 排序
+	if len(domainsResp.DnsDomains) > 0 {
+		sort.Slice(domainsResp.DnsDomains, func(i, j int) bool {
+			return domainsResp.DnsDomains[i].Name < domainsResp.DnsDomains[j].Name
+		})
+	}
+
+	var domainMaps = []maps.Map{}
 	for _, domain := range domainsResp.DnsDomains {
 		// 未开启或者已删除的先跳过
-		if !domain.IsOn || domain.IsDeleted {
+		if !domain.IsOn || domain.IsDeleted || !domain.IsUp {
 			continue
 		}

--- a/internal/web/actions/default/dns/domains/domainutils/utils.go
+++ b/internal/web/actions/default/dns/domains/domainutils/utils.go
@@ -133,6 +133,11 @@ func ValidateRecordValue(recordType dnsconfigs.RecordType, value string) (messag
 			message = "请输入正确的邮件服务器域名"
 			return
 		}
+	case dnsconfigs.RecordTypeSRV:
+		if len(value) == 0 {
+			message = "请输入主机名"
+			return
+		}
 	case dnsconfigs.RecordTypeTXT:
 		if len(value) > 512 {
 			message = "文本长度不能超出512字节"
--- a/internal/web/actions/default/dns/domains/nodesPopup.go
+++ b/internal/web/actions/default/dns/domains/nodesPopup.go
@@ -18,6 +18,8 @@ func (this *NodesPopupAction) Init() {
 func (this *NodesPopupAction) RunGet(params struct {
 	DomainId int64
 }) {
+	this.Data["domainId"] = params.DomainId
+
 	// 域名信息
 	domainResp, err := this.RPC().DNSDomainRPC().FindBasicDNSDomain(this.AdminContext(), &pb.FindBasicDNSDomainRequest{
 		DnsDomainId: params.DomainId,
@@ -26,7 +28,7 @@ func (this *NodesPopupAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	domain := domainResp.DnsDomain
+	var domain = domainResp.DnsDomain
 	if domain == nil {
 		this.NotFound("dnsDomain", params.DomainId)
 		return
@@ -35,7 +37,7 @@ func (this *NodesPopupAction) RunGet(params struct {
 	this.Data["domain"] = domain.Name

 	// 集群
-	clusterMaps := []maps.Map{}
+	var clusterMaps = []maps.Map{}
 	clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithDNSDomainId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithDNSDomainIdRequest{DnsDomainId: params.DomainId})
 	if err != nil {
 		this.ErrorPage(err)
@@ -43,18 +45,24 @@ func (this *NodesPopupAction) RunGet(params struct {
 	}

 	for _, cluster := range clustersResp.NodeClusters {
+		// 默认值
+		var defaultRoute = cluster.DnsDefaultRoute
+
 		// 节点DNS解析记录
-		nodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesDNSWithNodeClusterId(this.AdminContext(), &pb.FindAllEnabledNodesDNSWithNodeClusterIdRequest{NodeClusterId: cluster.Id})
+		nodesResp, err := this.RPC().NodeRPC().FindAllEnabledNodesDNSWithNodeClusterId(this.AdminContext(), &pb.FindAllEnabledNodesDNSWithNodeClusterIdRequest{
+			NodeClusterId: cluster.Id,
+			IsInstalled:   true,
+		})
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-		nodeMaps := []maps.Map{}
+		var nodeMaps = []maps.Map{}
 		for _, node := range nodesResp.Nodes {
 			if len(node.Routes) > 0 {
 				for _, route := range node.Routes {
 					// 检查是否有域名解析记录
-					isOk := false
+					var isResolved = false
 					if len(route.Name) > 0 && len(node.IpAddr) > 0 && len(cluster.DnsName) > 0 {
 						var recordType = "A"
 						if utils.IsIPv6(node.IpAddr) {
@@ -71,7 +79,7 @@ func (this *NodesPopupAction) RunGet(params struct {
 							this.ErrorPage(err)
 							return
 						}
-						isOk = checkResp.IsOk
+						isResolved = checkResp.IsOk
 					}

 					nodeMaps = append(nodeMaps, maps.Map{
@@ -83,10 +91,30 @@ func (this *NodesPopupAction) RunGet(params struct {
 							"code": route.Code,
 						},
 						"clusterId": node.NodeClusterId,
-						"isOk":      isOk,
+						"isOk":      isResolved,
 					})
 				}
 			} else {
+				// 默认线路
+				var isResolved = false
+				if len(defaultRoute) > 0 {
+					var recordType = "A"
+					if utils.IsIPv6(node.IpAddr) {
+						recordType = "AAAA"
+					}
+					checkResp, err := this.RPC().DNSDomainRPC().ExistDNSDomainRecord(this.AdminContext(), &pb.ExistDNSDomainRecordRequest{
+						DnsDomainId: cluster.DnsDomainId,
+						Name:        cluster.DnsName,
+						Type:        recordType,
+						Route:       defaultRoute,
+						Value:       node.IpAddr,
+					})
+					if err != nil {
+						this.ErrorPage(err)
+						return
+					}
+					isResolved = checkResp.IsOk
+				}
 				nodeMaps = append(nodeMaps, maps.Map{
 					"id":     node.Id,
 					"name":   node.Name,
@@ -96,7 +124,7 @@ func (this *NodesPopupAction) RunGet(params struct {
 						"code": "",
 					},
 					"clusterId": node.NodeClusterId,
-					"isOk":      false,
+					"isOk":      isResolved,
 				})
 			}
 		}
--- a/internal/web/actions/default/dns/domains/serversPopup.go
+++ b/internal/web/actions/default/dns/domains/serversPopup.go
@@ -17,6 +17,8 @@ func (this *ServersPopupAction) Init() {
 func (this *ServersPopupAction) RunGet(params struct {
 	DomainId int64
 }) {
+	this.Data["domainId"] = params.DomainId
+
 	// 域名信息
 	domainResp, err := this.RPC().DNSDomainRPC().FindBasicDNSDomain(this.AdminContext(), &pb.FindBasicDNSDomainRequest{
 		DnsDomainId: params.DomainId,
@@ -25,7 +27,7 @@ func (this *ServersPopupAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	domain := domainResp.DnsDomain
+	var domain = domainResp.DnsDomain
 	if domain == nil {
 		this.NotFound("dnsDomain", params.DomainId)
 		return
@@ -34,7 +36,7 @@ func (this *ServersPopupAction) RunGet(params struct {
 	this.Data["domain"] = domain.Name

 	// 服务信息
-	clusterMaps := []maps.Map{}
+	var clusterMaps = []maps.Map{}
 	clustersResp, err := this.RPC().NodeClusterRPC().FindAllEnabledNodeClustersWithDNSDomainId(this.AdminContext(), &pb.FindAllEnabledNodeClustersWithDNSDomainIdRequest{DnsDomainId: params.DomainId})
 	if err != nil {
 		this.ErrorPage(err)
@@ -46,9 +48,9 @@ func (this *ServersPopupAction) RunGet(params struct {
 			this.ErrorPage(err)
 			return
 		}
-		serverMaps := []maps.Map{}
+		var serverMaps = []maps.Map{}
 		for _, server := range serversResp.Servers {
-			isOk := false
+			var isOk = false
 			if len(cluster.DnsName) > 0 && len(server.DnsName) > 0 {
 				checkResp, err := this.RPC().DNSDomainRPC().ExistDNSDomainRecord(this.AdminContext(), &pb.ExistDNSDomainRecordRequest{
 					DnsDomainId: params.DomainId,
--- a/internal/web/actions/default/dns/init.go
+++ b/internal/web/actions/default/dns/init.go
@@ -16,6 +16,7 @@ func init() {
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeDNS)).
 			Helper(new(Helper)).
 			Prefix("/dns").
+			Data("teaSubMenu", "cluster").
 			Get("", new(IndexAction)).
 			GetPost("/updateClusterPopup", new(UpdateClusterPopupAction)).
 			Post("/providerOptions", new(ProviderOptionsAction)).
--- a/internal/web/actions/default/dns/providers/createPopup.go
+++ b/internal/web/actions/default/dns/providers/createPopup.go
@@ -64,6 +64,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 	// HuaweiDNS
 	ParamHuaweiAccessKeyId     string
 	ParamHuaweiAccessKeySecret string
+	ParamHuaweiEndpoint        string

 	// CloudFlare
 	ParamCloudFlareAPIKey string
@@ -119,6 +120,7 @@ func (this *CreatePopupAction) RunPost(params struct {

 		apiParams["accessKeyId"] = params.ParamHuaweiAccessKeyId
 		apiParams["accessKeySecret"] = params.ParamHuaweiAccessKeySecret
+		apiParams["endpoint"] = params.ParamHuaweiEndpoint
 	case "cloudFlare":
 		params.Must.
 			Field("paramCloudFlareAPIKey", params.ParamCloudFlareAPIKey).
--- a/internal/web/actions/default/dns/providers/updatePopup.go
+++ b/internal/web/actions/default/dns/providers/updatePopup.go
@@ -91,6 +91,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	// HuaweiDNS
 	ParamHuaweiAccessKeyId     string
 	ParamHuaweiAccessKeySecret string
+	ParamHuaweiEndpoint        string

 	// CloudFlare
 	ParamCloudFlareAPIKey string
@@ -148,6 +149,7 @@ func (this *UpdatePopupAction) RunPost(params struct {

 		apiParams["accessKeyId"] = params.ParamHuaweiAccessKeyId
 		apiParams["accessKeySecret"] = params.ParamHuaweiAccessKeySecret
+		apiParams["endpoint"] = params.ParamHuaweiEndpoint
 	case "cloudFlare":
 		params.Must.
 			Field("paramCloudFlareAPIKey", params.ParamCloudFlareAPIKey).
--- a/internal/web/actions/default/dns/tasks/check.go
+++ b/internal/web/actions/default/dns/tasks/check.go
@@ -3,21 +3,39 @@ package tasks
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"time"
 )

 type CheckAction struct {
 	actionutils.ParentAction
 }

-func (this *CheckAction) RunPost(params struct{}) {
-	resp, err := this.RPC().DNSTaskRPC().ExistsDNSTasks(this.AdminContext(), &pb.ExistsDNSTasksRequest{})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
+func (this *CheckAction) RunPost(params struct {
+	IsDoing   bool
+	HasError  bool
+	IsUpdated bool
+}) {
+	var isStream = this.Request.ProtoMajor >= 2
+	this.Data["isStream"] = isStream

-	this.Data["isDoing"] = resp.ExistTasks
-	this.Data["hasError"] = resp.ExistError
+	var maxTries = 10
+	for i := 0; i < maxTries; i++ {
+		resp, err := this.RPC().DNSTaskRPC().ExistsDNSTasks(this.AdminContext(), &pb.ExistsDNSTasksRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		// 如果没有数据变化，继续查询
+		if i < maxTries-1 && params.IsUpdated && resp.ExistTasks == params.IsDoing && resp.ExistError == params.HasError && isStream {
+			time.Sleep(3 * time.Second)
+			continue
+		}
+
+		this.Data["isDoing"] = resp.ExistTasks
+		this.Data["hasError"] = resp.ExistError
+		break
+	}

 	this.Success()
 }
--- a/internal/web/actions/default/index/checkOTP.go
+++ b/internal/web/actions/default/index/checkOTP.go
@@ -1,30 +0,0 @@
-package index
-
-import (
-	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/iwind/TeaGo/actions"
-)
-
-// 检查是否需要OTP
-type CheckOTPAction struct {
-	actionutils.ParentAction
-}
-
-func (this *CheckOTPAction) Init() {
-	this.Nav("", "", "")
-}
-
-func (this *CheckOTPAction) RunPost(params struct {
-	Username string
-
-	Must *actions.Must
-}) {
-	checkResp, err := this.RPC().AdminRPC().CheckAdminOTPWithUsername(this.AdminContext(), &pb.CheckAdminOTPWithUsernameRequest{Username: params.Username})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	this.Data["requireOTP"] = checkResp.RequireOTP
-	this.Success()
-}
--- a/internal/web/actions/default/index/index.go
+++ b/internal/web/actions/default/index/index.go
@@ -1,7 +1,6 @@
 package index

 import (
-	"encoding/json"
 	"fmt"
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
@@ -10,30 +9,64 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/index/loginutils"
+	adminserverutils "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/settings/server/admin-server-utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
-	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/types"
 	stringutil "github.com/iwind/TeaGo/utils/string"
-	"github.com/xlzd/gotp"
+	"net"
 	"time"
 )

+const regionDenyMessage = "当前软件系统暂时不为你所在的区域提供服务。"
+
 type IndexAction struct {
 	actionutils.ParentAction
 }

 // 首页（登录页）

-var TokenSalt = stringutil.Rand(32)
+// TokenKey 加密用的密钥
+var TokenKey = stringutil.Rand(32)

 func (this *IndexAction) RunGet(params struct {
 	From string

 	Auth *helpers.UserShouldAuth
 }) {
+	if !this.checkRegion() {
+		this.WriteString(regionDenyMessage)
+		return
+	}
+
+	// 是否自动从HTTP跳转到HTTPS
+	if this.Request.TLS == nil {
+		httpsPort, _ := adminserverutils.ReadServerHTTPS()
+		if httpsPort > 0 {
+			currentHost, _, err := net.SplitHostPort(this.Request.Host)
+			if err != nil {
+				currentHost = this.Request.Host
+			}
+
+			var newHost = configutils.QuoteIP(currentHost)
+			if httpsPort != 443 /** default https port **/ {
+				newHost += ":" + types.String(httpsPort)
+			}
+
+			// 如果没有前端反向代理，则跳转
+			if len(this.Request.Header.Get("X-Forwarded-For")) == 0 && len(this.Request.Header.Get("X-Real-Ip")) == 0 {
+				this.RedirectURL("https://" + newHost + this.Request.RequestURI)
+				return
+			}
+		}
+	}
+
 	// DEMO模式
 	this.Data["isDemo"] = teaconst.IsDemoMode

@@ -59,7 +92,7 @@ func (this *IndexAction) RunGet(params struct {
 	this.Data["menu"] = "signIn"

 	var timestamp = fmt.Sprintf("%d", time.Now().Unix())
-	this.Data["token"] = stringutil.Md5(TokenSalt+timestamp) + timestamp
+	this.Data["token"] = stringutil.Md5(TokenKey+timestamp) + timestamp
 	this.Data["from"] = params.From

 	uiConfig, err := configloaders.LoadAdminUIConfig()
@@ -83,6 +116,9 @@ func (this *IndexAction) RunGet(params struct {
 		this.Data["rememberLogin"] = securityConfig.AllowRememberLogin
 	}

+	// 删除Cookie
+	loginutils.UnsetCookie(this.Object())
+
 	this.Show()
 }

@@ -93,10 +129,16 @@ func (this *IndexAction) RunPost(params struct {
 	Password string
 	OtpCode  string
 	Remember bool
-	Must     *actions.Must
-	Auth     *helpers.UserShouldAuth
-	CSRF     *actionutils.CSRF
+
+	Must *actions.Must
+	Auth *helpers.UserShouldAuth
+	CSRF *actionutils.CSRF
 }) {
+	if !this.checkRegion() {
+		this.Fail(regionDenyMessage)
+		return
+	}
+
 	params.Must.
 		Field("username", params.Username).
 		Require("请输入用户名").
@@ -112,7 +154,7 @@ func (this *IndexAction) RunPost(params struct {
 		this.Fail("请通过登录页面登录")
 	}
 	var timestampString = params.Token[32:]
-	if stringutil.Md5(TokenSalt+timestampString) != params.Token[:32] {
+	if stringutil.Md5(TokenKey+timestampString) != params.Token[:32] {
 		this.FailField("refresh", "登录页面已过期，请刷新后重试")
 	}
 	var timestamp = types.Int64(timestampString)
@@ -123,6 +165,7 @@ func (this *IndexAction) RunPost(params struct {
 	rpcClient, err := rpc.SharedRPC()
 	if err != nil {
 		this.Fail("服务器出了点小问题：" + err.Error())
+		return
 	}
 	resp, err := rpcClient.AdminRPC().LoginAdmin(rpcClient.Context(0), &pb.LoginAdminRequest{
 		Username: params.Username,
@@ -136,6 +179,7 @@ func (this *IndexAction) RunPost(params struct {
 		}

 		actionutils.Fail(this, err)
+		return
 	}

 	if !resp.IsOk {
@@ -145,31 +189,37 @@ func (this *IndexAction) RunPost(params struct {
 		}

 		this.Fail("请输入正确的用户名密码")
+		return
 	}
+	var adminId = resp.AdminId

-	// 检查OTP
-	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.AdminContext(), &pb.FindEnabledLoginRequest{
-		AdminId: resp.AdminId,
-		Type:    "otp",
-	})
+	// 检查是否支持OTP
+	checkOTPResp, err := this.RPC().AdminRPC().CheckAdminOTPWithUsername(this.AdminContext(), &pb.CheckAdminOTPWithUsernameRequest{Username: params.Username})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn {
-		var loginParams = maps.Map{}
-		err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams)
+	var requireOTP = checkOTPResp.RequireOTP
+	this.Data["requireOTP"] = requireOTP
+	if requireOTP {
+		this.Data["remember"] = params.Remember
+
+		var sid = this.Session().Sid
+		this.Data["sid"] = sid
+		_, err = this.RPC().LoginSessionRPC().WriteLoginSessionValue(this.AdminContext(), &pb.WriteLoginSessionValueRequest{
+			Sid:   sid + "_otp",
+			Key:   "adminId",
+			Value: types.String(adminId),
+		})
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-		secret := loginParams.GetString("secret")
-		if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode {
-			this.Fail("请输入正确的OTP动态密码")
-		}
+		this.Success()
+		return
 	}

-	var adminId = resp.AdminId
+	// 写入SESSION
 	params.Auth.StoreAdmin(adminId, params.Remember)

 	// 记录日志
@@ -180,3 +230,13 @@ func (this *IndexAction) RunPost(params struct {

 	this.Success()
 }
+
+// 检查登录区域
+func (this *IndexAction) checkRegion() bool {
+	var ip = this.RequestRemoteIP()
+	var result = iplibrary.LookupIP(ip)
+	if result != nil && result.IsOk() && result.CountryId() > 0 && lists.ContainsInt64([]int64{9, 10}, result.CountryId()) {
+		return false
+	}
+	return true
+}
--- a/internal/web/actions/default/index/init.go
+++ b/internal/web/actions/default/index/init.go
@@ -7,9 +7,9 @@ import (
 func init() {
 	TeaGo.BeforeStart(func(server *TeaGo.Server) {
 		server.
-			Post("/checkOTP", new(CheckOTPAction)).
-			Prefix("/").
-			GetPost("", new(IndexAction)).
+			Prefix("").
+			GetPost("/", new(IndexAction)).
+			GetPost("/index/otp", new(OtpAction)).
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/index/loginutils/utils.go
+++ b/internal/web/actions/default/index/loginutils/utils.go
@@ -0,0 +1,86 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package loginutils
+
+import (
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeCommon/pkg/iplibrary"
+	"github.com/iwind/TeaGo/actions"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"net"
+	"net/http"
+)
+
+// CalculateClientFingerprint 计算客户端指纹
+func CalculateClientFingerprint(action *actions.ActionObject) string {
+	return stringutil.Md5(RemoteIP(action) + "@" + action.Request.UserAgent())
+}
+
+// RemoteIP 获取客户端IP
+// TODO 将来增加是否使用代理设置（即从X-Real-IP中获取IP）
+func RemoteIP(action *actions.ActionObject) string {
+	ip, _, _ := net.SplitHostPort(action.Request.RemoteAddr)
+	return ip
+}
+
+// LookupIPRegion 查找登录区域
+func LookupIPRegion(ip string) string {
+	if len(ip) == 0 {
+		return ""
+	}
+
+	var result = iplibrary.LookupIP(ip)
+	if result != nil && result.IsOk() {
+		// 这里不需要网络运营商信息
+		return result.CountryName() + "@" + result.ProvinceName() + "@" + result.CityName() + "@" + result.TownName()
+	}
+
+	return ""
+}
+
+// SetCookie 设置Cookie
+func SetCookie(action *actions.ActionObject, remember bool) {
+	if remember {
+		var cookie = &http.Cookie{
+			Name:     teaconst.CookieSID,
+			Value:    action.Session().Sid,
+			Path:     "/",
+			MaxAge:   14 * 86400,
+			HttpOnly: true,
+		}
+		if action.Request.TLS != nil {
+			cookie.SameSite = http.SameSiteStrictMode
+			cookie.Secure = true
+		}
+		action.AddCookie(cookie)
+	} else {
+		var cookie = &http.Cookie{
+			Name:     teaconst.CookieSID,
+			Value:    action.Session().Sid,
+			Path:     "/",
+			MaxAge:   0,
+			HttpOnly: true,
+		}
+		if action.Request.TLS != nil {
+			cookie.SameSite = http.SameSiteStrictMode
+			cookie.Secure = true
+		}
+		action.AddCookie(cookie)
+	}
+}
+
+// UnsetCookie 重置Cookie
+func UnsetCookie(action *actions.ActionObject) {
+	cookie := &http.Cookie{
+		Name:     teaconst.CookieSID,
+		Value:    action.Session().Sid,
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+	}
+	if action.Request.TLS != nil {
+		cookie.SameSite = http.SameSiteStrictMode
+		cookie.Secure = true
+	}
+	action.AddCookie(cookie)
+}
--- a/internal/web/actions/default/index/otp.go
+++ b/internal/web/actions/default/index/otp.go
@@ -0,0 +1,154 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package index
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/rpc"
+	"github.com/TeaOSLab/EdgeAdmin/internal/setup"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	stringutil "github.com/iwind/TeaGo/utils/string"
+	"github.com/xlzd/gotp"
+	"time"
+)
+
+type OtpAction struct {
+	actionutils.ParentAction
+}
+
+func (this *OtpAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *OtpAction) RunGet(params struct {
+	From     string
+	Sid      string
+	Remember bool
+}) {
+	// 检查系统是否已经配置过
+	if !setup.IsConfigured() {
+		this.RedirectURL("/setup")
+		return
+	}
+
+	//// 是否新安装
+	if setup.IsNewInstalled() {
+		this.RedirectURL("/setup/confirm")
+		return
+	}
+
+	this.Data["isUser"] = false
+	this.Data["menu"] = "signIn"
+
+	var timestamp = fmt.Sprintf("%d", time.Now().Unix())
+	this.Data["token"] = stringutil.Md5(TokenKey+timestamp) + timestamp
+	this.Data["from"] = params.From
+	this.Data["sid"] = params.Sid
+
+	uiConfig, err := configloaders.LoadAdminUIConfig()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["systemName"] = uiConfig.AdminSystemName
+	this.Data["showVersion"] = uiConfig.ShowVersion
+	if len(uiConfig.Version) > 0 {
+		this.Data["version"] = uiConfig.Version
+	} else {
+		this.Data["version"] = teaconst.Version
+	}
+	this.Data["faviconFileId"] = uiConfig.FaviconFileId
+	this.Data["remember"] = params.Remember
+
+	this.Show()
+}
+
+func (this *OtpAction) RunPost(params struct {
+	Sid      string
+	OtpCode  string
+	Remember bool
+
+	Must *actions.Must
+	Auth *helpers.UserShouldAuth
+}) {
+	if len(params.OtpCode) == 0 {
+		this.FailField("otpCode", "请输入正确的OTP动态密码")
+		return
+	}
+
+	var sid = params.Sid
+	if len(sid) == 0 || len(sid) > 64 {
+		this.Fail("参数错误，请重新登录（001）")
+		return
+	}
+	sid += "_otp"
+
+	// 获取SESSION
+	sessionResp, err := this.RPC().LoginSessionRPC().FindLoginSession(this.AdminContext(), &pb.FindLoginSessionRequest{Sid: sid})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var session = sessionResp.LoginSession
+	if session == nil || session.AdminId <= 0 {
+		this.Fail("参数错误，请重新登录（002）")
+		return
+	}
+	var adminId = session.AdminId
+
+	// 检查OTP
+	otpLoginResp, err := this.RPC().LoginRPC().FindEnabledLogin(this.AdminContext(), &pb.FindEnabledLoginRequest{
+		AdminId: adminId,
+		Type:    "otp",
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if otpLoginResp.Login != nil && otpLoginResp.Login.IsOn {
+		var loginParams = maps.Map{}
+		err = json.Unmarshal(otpLoginResp.Login.ParamsJSON, &loginParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var secret = loginParams.GetString("secret")
+		if gotp.NewDefaultTOTP(secret).Now() != params.OtpCode {
+			this.FailField("otpCode", "请输入正确的OTP动态密码")
+			return
+		}
+	}
+
+	// 写入SESSION
+	params.Auth.StoreAdmin(adminId, params.Remember)
+
+	// 删除OTP SESSION
+	_, err = this.RPC().LoginSessionRPC().DeleteLoginSession(this.AdminContext(), &pb.DeleteLoginSessionRequest{Sid: sid})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 记录日志
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	err = dao.SharedLogDAO.CreateAdminLog(rpcClient.Context(adminId), oplogs.LevelInfo, this.Request.URL.Path, "成功通过OTP验证登录系统", this.RequestRemoteIP())
+	if err != nil {
+		utils.PrintError(err)
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/log/exportExcel.go
+++ b/internal/web/actions/default/log/exportExcel.go
@@ -23,6 +23,7 @@ func (this *ExportExcelAction) RunGet(params struct {
 	DayTo    string
 	Keyword  string
 	UserType string
+	Level    string
 }) {
 	logsResp, err := this.RPC().LogRPC().ListLogs(this.AdminContext(), &pb.ListLogsRequest{
 		Offset:   0,
@@ -31,6 +32,7 @@ func (this *ExportExcelAction) RunGet(params struct {
 		DayTo:    params.DayTo,
 		Keyword:  params.Keyword,
 		UserType: params.UserType,
+		Level:    params.Level,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -56,6 +58,7 @@ func (this *ExportExcelAction) RunGet(params struct {
 		row.AddCell().SetString("区域")
 		row.AddCell().SetString("运营商")
 		row.AddCell().SetString("页面地址")
+		row.AddCell().SetString("级别")
 	}

 	// 数据
@@ -95,6 +98,17 @@ func (this *ExportExcelAction) RunGet(params struct {
 		row.AddCell().SetString(regionName)
 		row.AddCell().SetString(ispName)
 		row.AddCell().SetString(log.Action)
+
+		var levelName = ""
+		switch log.Level {
+		case "info":
+			levelName = "信息"
+		case "warn", "warning":
+			levelName = "警告"
+		case "error":
+			levelName = "错误"
+		}
+		row.AddCell().SetString(levelName)
 	}

 	this.AddHeader("Content-Type", "application/vnd.ms-excel")
--- a/internal/web/actions/default/log/index.go
+++ b/internal/web/actions/default/log/index.go
@@ -21,6 +21,7 @@ func (this *IndexAction) RunGet(params struct {
 	DayTo    string
 	Keyword  string
 	UserType string
+	Level    string
 }) {
 	// 读取配置
 	config, err := configloaders.LoadLogConfig()
@@ -35,18 +36,36 @@ func (this *IndexAction) RunGet(params struct {
 	this.Data["keyword"] = params.Keyword
 	this.Data["userType"] = params.UserType

+	// 级别
+	this.Data["level"] = params.Level
+	this.Data["levelOptions"] = []maps.Map{
+		{
+			"code": "info",
+			"name": "信息",
+		},
+		{
+			"code": "warn",
+			"name": "警告",
+		},
+		{
+			"code": "error",
+			"name": "错误",
+		},
+	}
+
 	countResp, err := this.RPC().LogRPC().CountLogs(this.AdminContext(), &pb.CountLogRequest{
 		DayFrom:  params.DayFrom,
 		DayTo:    params.DayTo,
 		Keyword:  params.Keyword,
 		UserType: params.UserType,
+		Level:    params.Level,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	count := countResp.Count
-	page := this.NewPage(count)
+	var count = countResp.Count
+	var page = this.NewPage(count)
 	this.Data["page"] = page.AsHTML()

 	logsResp, err := this.RPC().LogRPC().ListLogs(this.AdminContext(), &pb.ListLogsRequest{
@@ -56,12 +75,13 @@ func (this *IndexAction) RunGet(params struct {
 		DayTo:    params.DayTo,
 		Keyword:  params.Keyword,
 		UserType: params.UserType,
+		Level:    params.Level,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	logMaps := []maps.Map{}
+	var logMaps = []maps.Map{}
 	for _, log := range logsResp.Logs {
 		regionName := ""
 		regionResp, err := this.RPC().IPLibraryRPC().LookupIPRegion(this.AdminContext(), &pb.LookupIPRegionRequest{Ip: log.Ip})
--- a/internal/web/actions/default/nodes/ipAddresses/createPopup.go
+++ b/internal/web/actions/default/nodes/ipAddresses/createPopup.go
@@ -5,6 +5,7 @@ import (
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/ipAddresses/ipaddressutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
@@ -20,8 +21,18 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct {
+	NodeId            int64
 	SupportThresholds bool
 }) {
+	// 专属集群
+	clusterMaps, err := ipaddressutils.FindNodeClusterMapsWithNodeId(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["clusters"] = clusterMaps
+
+	// 阈值
 	this.Data["supportThresholds"] = params.SupportThresholds

 	this.Show()
@@ -33,6 +44,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 	Name           string
 	IsUp           bool
 	ThresholdsJSON []byte
+	ClusterIds     []int64

 	Must *actions.Must
 }) {
@@ -57,6 +69,14 @@ func (this *CreatePopupAction) RunPost(params struct {
 		_ = json.Unmarshal(params.ThresholdsJSON, &thresholds)
 	}

+	// 专属集群
+	// 目前只考虑CDN边缘集群
+	clusterMaps, err := ipaddressutils.FindNodeClusterMaps(this.Parent(), params.ClusterIds)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
 	this.Data["ipAddress"] = maps.Map{
 		"name":       params.Name,
 		"canAccess":  params.CanAccess,
@@ -65,6 +85,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 		"isOn":       true,
 		"isUp":       params.IsUp,
 		"thresholds": thresholds,
+		"clusters":   clusterMaps,
 	}
 	this.Success()
 }
--- a/internal/web/actions/default/nodes/ipAddresses/ipaddressutils/utils.go
+++ b/internal/web/actions/default/nodes/ipAddresses/ipaddressutils/utils.go
@@ -11,14 +11,28 @@ import (

 // UpdateNodeIPAddresses 保存一组IP地址
 func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64, role nodeconfigs.NodeRole, ipAddressesJSON []byte) error {
-	addresses := []maps.Map{}
+	var addresses = []maps.Map{}
 	err := json.Unmarshal(ipAddressesJSON, &addresses)
 	if err != nil {
 		return err
 	}
 	for _, addr := range addresses {
 		var resultAddrIds = []int64{}
-		addrId := addr.GetInt64("id")
+		var addrId = addr.GetInt64("id")
+
+		// 专属集群
+		var addrClusterIds = []int64{}
+		var addrClusters = addr.GetSlice("clusters")
+		if len(addrClusters) > 0 {
+			for _, addrCluster := range addrClusters {
+				var m = maps.NewMap(addrCluster)
+				var clusterId = m.GetInt64("id")
+				if clusterId > 0 {
+					addrClusterIds = append(addrClusterIds, clusterId)
+				}
+			}
+		}
+
 		if addrId > 0 {
 			resultAddrIds = append(resultAddrIds, addrId)

@@ -36,6 +50,7 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 				CanAccess:       addr.GetBool("canAccess"),
 				IsOn:            isOn,
 				IsUp:            addr.GetBool("isUp"),
+				ClusterIds:      addrClusterIds,
 			})
 			if err != nil {
 				return err
@@ -47,12 +62,13 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 			if len(result) == 1 {
 				// 单个创建
 				createResp, err := parentAction.RPC().NodeIPAddressRPC().CreateNodeIPAddress(parentAction.AdminContext(), &pb.CreateNodeIPAddressRequest{
-					NodeId:    nodeId,
-					Role:      role,
-					Name:      addr.GetString("name"),
-					Ip:        result[0],
-					CanAccess: addr.GetBool("canAccess"),
-					IsUp:      addr.GetBool("isUp"),
+					NodeId:         nodeId,
+					Role:           role,
+					Name:           addr.GetString("name"),
+					Ip:             result[0],
+					CanAccess:      addr.GetBool("canAccess"),
+					IsUp:           addr.GetBool("isUp"),
+					NodeClusterIds: addrClusterIds,
 				})
 				if err != nil {
 					return err
@@ -62,13 +78,14 @@ func UpdateNodeIPAddresses(parentAction *actionutils.ParentAction, nodeId int64,
 			} else if len(result) > 1 {
 				// 批量创建
 				createResp, err := parentAction.RPC().NodeIPAddressRPC().CreateNodeIPAddresses(parentAction.AdminContext(), &pb.CreateNodeIPAddressesRequest{
-					NodeId:     nodeId,
-					Role:       role,
-					Name:       addr.GetString("name"),
-					IpList:     result,
-					CanAccess:  addr.GetBool("canAccess"),
-					IsUp:       addr.GetBool("isUp"),
-					GroupValue: ipStrings,
+					NodeId:         nodeId,
+					Role:           role,
+					Name:           addr.GetString("name"),
+					IpList:         result,
+					CanAccess:      addr.GetBool("canAccess"),
+					IsUp:           addr.GetBool("isUp"),
+					GroupValue:     ipStrings,
+					NodeClusterIds: addrClusterIds,
 				})
 				if err != nil {
 					return err
@@ -140,3 +157,53 @@ func InitNodeIPAddressThresholds(parentAction *actionutils.ParentAction, addrId
 	}
 	return thresholds, nil
 }
+
+// FindNodeClusterMapsWithNodeId 根据节点读取集群信息
+func FindNodeClusterMapsWithNodeId(parentAction *actionutils.ParentAction, nodeId int64) ([]maps.Map, error) {
+	var clusterMaps = []maps.Map{}
+	if nodeId > 0 { // CDN边缘节点
+		nodeResp, err := parentAction.RPC().NodeRPC().FindEnabledNode(parentAction.AdminContext(), &pb.FindEnabledNodeRequest{NodeId: nodeId})
+		if err != nil {
+			return nil, err
+		}
+		var node = nodeResp.Node
+		if node != nil {
+			var clusters = []*pb.NodeCluster{}
+			if node.NodeCluster != nil {
+				clusters = append(clusters, nodeResp.Node.NodeCluster)
+			}
+			if len(node.SecondaryNodeClusters) > 0 {
+				clusters = append(clusters, node.SecondaryNodeClusters...)
+			}
+			for _, cluster := range clusters {
+				clusterMaps = append(clusterMaps, maps.Map{
+					"id":        cluster.Id,
+					"name":      cluster.Name,
+					"isChecked": false,
+				})
+			}
+		}
+	}
+	return clusterMaps, nil
+}
+
+// FindNodeClusterMaps 根据一组集群ID读取集群信息
+func FindNodeClusterMaps(parentAction *actionutils.ParentAction, clusterIds []int64) ([]maps.Map, error) {
+	var clusterMaps = []maps.Map{}
+	if len(clusterIds) > 0 {
+		for _, clusterId := range clusterIds {
+			clusterResp, err := parentAction.RPC().NodeClusterRPC().FindEnabledNodeCluster(parentAction.AdminContext(), &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+			if err != nil {
+				return nil, err
+			}
+			var cluster = clusterResp.NodeCluster
+			if cluster != nil {
+				clusterMaps = append(clusterMaps, maps.Map{
+					"id":   cluster.Id,
+					"name": cluster.Name,
+				})
+			}
+		}
+	}
+	return clusterMaps, nil
+}
--- a/internal/web/actions/default/nodes/ipAddresses/updatePopup.go
+++ b/internal/web/actions/default/nodes/ipAddresses/updatePopup.go
@@ -5,6 +5,7 @@ import (
 	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/ipAddresses/ipaddressutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
@@ -21,9 +22,18 @@ func (this *UpdatePopupAction) Init() {
 }

 func (this *UpdatePopupAction) RunGet(params struct {
+	NodeId            int64
 	AddressId         int64
 	SupportThresholds bool
 }) {
+	// 专属集群
+	clusterMaps, err := ipaddressutils.FindNodeClusterMapsWithNodeId(this.Parent(), params.NodeId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["clusters"] = clusterMaps
+
 	this.Data["supportThresholds"] = params.SupportThresholds

 	this.Show()
@@ -37,6 +47,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	IsOn           bool
 	IsUp           bool
 	ThresholdsJSON []byte
+	ClusterIds     []int64

 	Must *actions.Must
 }) {
@@ -81,6 +92,14 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		_ = json.Unmarshal(params.ThresholdsJSON, &thresholds)
 	}

+	// 专属集群
+	// 目前只考虑CDN边缘集群
+	clusterMaps, err := ipaddressutils.FindNodeClusterMaps(this.Parent(), params.ClusterIds)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
 	this.Data["ipAddress"] = maps.Map{
 		"name":       params.Name,
 		"ip":         params.IP,
@@ -89,6 +108,7 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		"isOn":       params.IsOn,
 		"isUp":       isUp,
 		"thresholds": thresholds,
+		"clusters":    clusterMaps,
 	}

 	this.Success()
--- a/internal/web/actions/default/servers/addOriginPopup.go
+++ b/internal/web/actions/default/servers/addOriginPopup.go
@@ -8,6 +8,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/types"
 	"net/url"
 	"regexp"
@@ -27,6 +28,8 @@ func (this *AddOriginPopupAction) RunGet(params struct {
 }) {
 	this.Data["serverType"] = params.ServerType

+	this.getOSSHook()
+
 	this.Show()
 }

@@ -40,50 +43,93 @@ func (this *AddOriginPopupAction) RunPost(params struct {

 	Must *actions.Must
 }) {
-	params.Must.
-		Field("addr", params.Addr).
-		Require("请输入源站地址")
-
-	var addr = params.Addr
-
-	// 是否是完整的地址
-	if (params.Protocol == "http" || params.Protocol == "https") && regexp.MustCompile(`^(http|https)://`).MatchString(addr) {
-		u, err := url.Parse(addr)
-		if err == nil {
-			addr = u.Host
-		}
+	ossConfig, goNext, err := this.postOSSHook(params.Protocol)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if !goNext {
+		return
 	}

-	addr = regexp.MustCompile(`\s+`).ReplaceAllString(addr, "")
-	var portIndex = strings.LastIndex(addr, ":")
-	if portIndex < 0 {
-		if params.Protocol == "http" {
-			addr += ":80"
-		} else if params.Protocol == "https" {
-			addr += ":443"
-		} else {
-			this.Fail("地址中需要带有端口")
-		}
-		portIndex = strings.LastIndex(addr, ":")
+	// 初始化
+	var pbAddr = &pb.NetworkAddress{
+		Protocol: params.Protocol,
 	}
-	var host = addr[:portIndex]
-	var port = addr[portIndex+1:]
+	var addrConfig = &serverconfigs.NetworkAddressConfig{
+		Protocol: serverconfigs.Protocol(params.Protocol),
+	}
+	var ossJSON []byte

-	// 检查端口号
-	if port == "0" {
-		this.Fail("端口号不能为0")
-	}
-	if !configutils.HasVariables(port) {
-		// 必须是整数
-		if !regexp.MustCompile(`^\d+$`).MatchString(port) {
-			this.Fail("端口号只能为整数")
+	if ossConfig != nil { // OSS
+		ossJSON, err = json.Marshal(ossConfig)
+		if err != nil {
+			this.ErrorPage(err)
+			return
 		}
-		var portInt = types.Int(port)
-		if portInt == 0 {
+		err = ossConfig.Init()
+		if err != nil {
+			this.Fail("校验OSS配置时出错：" + err.Error())
+			return
+		}
+	} else { // 普通源站
+		params.Must.
+			Field("addr", params.Addr).
+			Require("请输入源站地址")
+
+		var addr = params.Addr
+
+		// 是否是完整的地址
+		if (params.Protocol == "http" || params.Protocol == "https") && regexp.MustCompile(`^(http|https)://`).MatchString(addr) {
+			u, err := url.Parse(addr)
+			if err == nil {
+				addr = u.Host
+			}
+		}
+
+		addr = regexp.MustCompile(`\s+`).ReplaceAllString(addr, "")
+		var portIndex = strings.LastIndex(addr, ":")
+		if portIndex < 0 {
+			if params.Protocol == "http" {
+				addr += ":80"
+			} else if params.Protocol == "https" {
+				addr += ":443"
+			} else {
+				this.Fail("地址中需要带有端口")
+			}
+			portIndex = strings.LastIndex(addr, ":")
+		}
+		var host = addr[:portIndex]
+		var port = addr[portIndex+1:]
+
+		// 检查端口号
+		if port == "0" {
 			this.Fail("端口号不能为0")
 		}
-		if portInt > 65535 {
-			this.Fail("端口号不能大于65535")
+		if !configutils.HasVariables(port) {
+			// 必须是整数
+			if !regexp.MustCompile(`^\d+$`).MatchString(port) {
+				this.Fail("端口号只能为整数")
+			}
+			var portInt = types.Int(port)
+			if portInt == 0 {
+				this.Fail("端口号不能为0")
+			}
+			if portInt > 65535 {
+				this.Fail("端口号不能大于65535")
+			}
+		}
+
+		pbAddr = &pb.NetworkAddress{
+			Protocol:  params.Protocol,
+			Host:      host,
+			PortRange: port,
+		}
+
+		addrConfig = &serverconfigs.NetworkAddressConfig{
+			Protocol:  serverconfigs.Protocol(params.Protocol),
+			Host:      host,
+			PortRange: port,
 		}
 	}

@@ -103,12 +149,9 @@ func (this *AddOriginPopupAction) RunPost(params struct {
 	}

 	resp, err := this.RPC().OriginRPC().CreateOrigin(this.AdminContext(), &pb.CreateOriginRequest{
-		Name: "",
-		Addr: &pb.NetworkAddress{
-			Protocol:  params.Protocol,
-			Host:      host,
-			PortRange: port,
-		},
+		Name:        "",
+		Addr:        pbAddr,
+		OssJSON:     ossJSON,
 		Description: "",
 		Weight:      10,
 		IsOn:        true,
@@ -124,14 +167,16 @@ func (this *AddOriginPopupAction) RunPost(params struct {
 	var origin = &serverconfigs.OriginConfig{
 		Id:   resp.OriginId,
 		IsOn: true,
-		Addr: &serverconfigs.NetworkAddressConfig{
-			Protocol:  serverconfigs.Protocol(params.Protocol),
-			Host:      host,
-			PortRange: port,
-		},
+		Addr: addrConfig,
+		OSS:  ossConfig,
 	}

-	this.Data["origin"] = origin
+	this.Data["origin"] = maps.Map{
+		"id":          resp.OriginId,
+		"isOn":        true,
+		"addr":        addrConfig,
+		"addrSummary": origin.AddrSummary(),
+	}

 	// 创建日志
 	defer this.CreateLog(oplogs.LevelInfo, "创建源站 %d", resp.OriginId)
--- a/internal/web/actions/default/servers/addOriginPopup_ext.go
+++ b/internal/web/actions/default/servers/addOriginPopup_ext.go
@@ -0,0 +1,20 @@
+// Copyright 2023 GoEdge CDN goedge.cdn@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package servers
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/ossconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+func (this *AddOriginPopupAction) getOSSHook() {
+	this.Data["ossTypes"] = []maps.Map{}
+	this.Data["ossBucketParams"] = []maps.Map{}
+	this.Data["ossForm"] = ""
+}
+
+func (this *AddOriginPopupAction) postOSSHook(protocol string) (config *ossconfigs.OSSConfig, goNext bool, err error) {
+	goNext = true
+	return
+}
--- a/internal/web/actions/default/servers/certs/acme/create.go
+++ b/internal/web/actions/default/servers/certs/acme/create.go
@@ -18,31 +18,6 @@ func (this *CreateAction) Init() {
 }

 func (this *CreateAction) RunGet(params struct{}) {
-	// 获取所有可用的用户
-	usersResp, err := this.RPC().ACMEUserRPC().FindAllACMEUsers(this.AdminContext(), &pb.FindAllACMEUsersRequest{
-		AdminId: this.AdminId(),
-		UserId:  0,
-	})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	userMaps := []maps.Map{}
-	for _, user := range usersResp.AcmeUsers {
-		description := user.Description
-		if len(description) > 0 {
-			description = "（" + description + "）"
-		}
-
-		userMaps = append(userMaps, maps.Map{
-			"id":           user.Id,
-			"description":  description,
-			"email":        user.Email,
-			"providerCode": user.AcmeProviderCode,
-		})
-	}
-	this.Data["users"] = userMaps
-
 	// 证书服务商
 	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
 	if err != nil {
@@ -81,14 +56,15 @@ func (this *CreateAction) RunGet(params struct{}) {
 }

 func (this *CreateAction) RunPost(params struct {
-	TaskId        int64
-	AuthType      string
-	AcmeUserId    int64
-	DnsProviderId int64
-	DnsDomain     string
-	Domains       []string
-	AutoRenew     bool
-	AuthURL       string
+	PlatformUserId int64
+	TaskId         int64
+	AuthType       string
+	AcmeUserId     int64
+	DnsProviderId  int64
+	DnsDomain      string
+	Domains        []string
+	AutoRenew      bool
+	AuthURL        string

 	Must *actions.Must
 }) {
@@ -117,7 +93,7 @@ func (this *CreateAction) RunPost(params struct {
 	if len(params.Domains) == 0 {
 		this.Fail("请输入证书域名列表")
 	}
-	realDomains := []string{}
+	var realDomains = []string{}
 	for _, domain := range params.Domains {
 		domain = strings.ToLower(domain)
 		if params.AuthType == "dns" { // DNS认证
@@ -134,6 +110,7 @@ func (this *CreateAction) RunPost(params struct {

 	if params.TaskId == 0 {
 		createResp, err := this.RPC().ACMETaskRPC().CreateACMETask(this.AdminContext(), &pb.CreateACMETaskRequest{
+			UserId:        params.PlatformUserId,
 			AuthType:      params.AuthType,
 			AcmeUserId:    params.AcmeUserId,
 			DnsProviderId: params.DnsProviderId,
--- a/internal/web/actions/default/servers/certs/acme/index.go
+++ b/internal/web/actions/default/servers/certs/acme/index.go
@@ -17,22 +17,48 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct {
+	UserId  int64
 	Type    string
 	Keyword string
 }) {
 	this.Data["type"] = params.Type
 	this.Data["keyword"] = params.Keyword

-	countAll := int64(0)
-	countAvailable := int64(0)
-	countExpired := int64(0)
-	count7Days := int64(0)
-	count30Days := int64(0)
+	// 当前用户
+	this.Data["searchingUserId"] = params.UserId
+	var userMap = maps.Map{
+		"id":       0,
+		"username": "",
+		"fullname": "",
+	}
+	if params.UserId > 0 {
+		userResp, err := this.RPC().UserRPC().FindEnabledUser(this.AdminContext(), &pb.FindEnabledUserRequest{UserId: params.UserId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var user = userResp.User
+		if user != nil {
+			userMap = maps.Map{
+				"id":       user.Id,
+				"username": user.Username,
+				"fullname": user.Fullname,
+			}
+		}
+	}
+	this.Data["user"] = userMap
+
+	var countAll int64
+	var countAvailable int64
+	var countExpired int64
+	var count7Days int64
+	var count30Days int64

 	// 计算数量
 	{
 		// all
 		resp, err := this.RPC().ACMETaskRPC().CountAllEnabledACMETasks(this.AdminContext(), &pb.CountAllEnabledACMETasksRequest{
+			UserId:  params.UserId,
 			Keyword: params.Keyword,
 		})
 		if err != nil {
@@ -43,6 +69,7 @@ func (this *IndexAction) RunGet(params struct {

 		// available
 		resp, err = this.RPC().ACMETaskRPC().CountAllEnabledACMETasks(this.AdminContext(), &pb.CountAllEnabledACMETasksRequest{
+			UserId:      params.UserId,
 			IsAvailable: true,
 			Keyword:     params.Keyword,
 		})
@@ -54,6 +81,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expired
 		resp, err = this.RPC().ACMETaskRPC().CountAllEnabledACMETasks(this.AdminContext(), &pb.CountAllEnabledACMETasksRequest{
+			UserId:    params.UserId,
 			IsExpired: true,
 			Keyword:   params.Keyword,
 		})
@@ -65,6 +93,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expire in 7 days
 		resp, err = this.RPC().ACMETaskRPC().CountAllEnabledACMETasks(this.AdminContext(), &pb.CountAllEnabledACMETasksRequest{
+			UserId:       params.UserId,
 			ExpiringDays: 7,
 			Keyword:      params.Keyword,
 		})
@@ -76,6 +105,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expire in 30 days
 		resp, err = this.RPC().ACMETaskRPC().CountAllEnabledACMETasks(this.AdminContext(), &pb.CountAllEnabledACMETasksRequest{
+			UserId:       params.UserId,
 			ExpiringDays: 30,
 			Keyword:      params.Keyword,
 		})
@@ -100,25 +130,51 @@ func (this *IndexAction) RunGet(params struct {
 	case "":
 		page = this.NewPage(countAll)
 		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:  params.UserId,
 			Offset:  page.Offset,
 			Size:    page.Size,
 			Keyword: params.Keyword,
 		})
 	case "available":
 		page = this.NewPage(countAvailable)
-		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{IsAvailable: true, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:      params.UserId,
+			IsAvailable: true,
+			Offset:      page.Offset,
+			Size:        page.Size,
+			Keyword:     params.Keyword,
+		})
 	case "expired":
 		page = this.NewPage(countExpired)
-		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{IsExpired: true, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:    params.UserId,
+			IsExpired: true,
+			Offset:    page.Offset,
+			Size:      page.Size,
+			Keyword:   params.Keyword,
+		})
 	case "7days":
 		page = this.NewPage(count7Days)
-		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{ExpiringDays: 7, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:       params.UserId,
+			ExpiringDays: 7,
+			Offset:       page.Offset,
+			Size:         page.Size,
+			Keyword:      params.Keyword,
+		})
 	case "30days":
 		page = this.NewPage(count30Days)
-		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{ExpiringDays: 30, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:       params.UserId,
+			ExpiringDays: 30,
+			Offset:       page.Offset,
+			Size:         page.Size,
+			Keyword:      params.Keyword,
+		})
 	default:
 		page = this.NewPage(countAll)
 		tasksResp, err = this.RPC().ACMETaskRPC().ListEnabledACMETasks(this.AdminContext(), &pb.ListEnabledACMETasksRequest{
+			UserId:  params.UserId,
 			Keyword: params.Keyword,
 			Offset:  page.Offset,
 			Size:    page.Size,
@@ -131,7 +187,7 @@ func (this *IndexAction) RunGet(params struct {

 	this.Data["page"] = page.AsHTML()

-	taskMaps := []maps.Map{}
+	var taskMaps = []maps.Map{}
 	for _, task := range tasksResp.AcmeTasks {
 		if task.AcmeUser == nil {
 			continue
--- a/internal/web/actions/default/servers/certs/acme/run.go
+++ b/internal/web/actions/default/servers/certs/acme/run.go
@@ -12,6 +12,8 @@ type RunAction struct {
 func (this *RunAction) RunPost(params struct {
 	TaskId int64
 }) {
+	defer this.CreateLogInfo("执行ACME任务 %d", params.TaskId)
+
 	runResp, err := this.RPC().ACMETaskRPC().RunACMETask(this.AdminContext(), &pb.RunACMETaskRequest{AcmeTaskId: params.TaskId})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/certs/acme/userOptions.go
+++ b/internal/web/actions/default/servers/certs/acme/userOptions.go
@@ -0,0 +1,44 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package acme
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UserOptionsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UserOptionsAction) RunPost(params struct {
+	PlatformUserId int64
+}) {
+	// 获取所有可用的用户
+	usersResp, err := this.RPC().ACMEUserRPC().FindAllACMEUsers(this.AdminContext(), &pb.FindAllACMEUsersRequest{
+		AdminId: 0,
+		UserId:  params.PlatformUserId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var userMaps = []maps.Map{}
+	for _, user := range usersResp.AcmeUsers {
+		description := user.Description
+		if len(description) > 0 {
+			description = "（" + description + "）"
+		}
+
+		userMaps = append(userMaps, maps.Map{
+			"id":           user.Id,
+			"description":  description,
+			"email":        user.Email,
+			"providerCode": user.AcmeProviderCode,
+		})
+	}
+	this.Data["users"] = userMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/users/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/createPopup.go
@@ -16,10 +16,30 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct {
-	ProviderCode string
+	PlatformUserId int64
+	ProviderCode   string
 }) {
+	this.Data["platformUserId"] = params.PlatformUserId
 	this.Data["providerCode"] = params.ProviderCode

+	// 平台用户信息
+	this.Data["platformUser"] = nil
+	if params.PlatformUserId > 0 {
+		platformUserResp, err := this.RPC().UserRPC().FindEnabledUser(this.AdminContext(), &pb.FindEnabledUserRequest{UserId: params.PlatformUserId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var platformUser = platformUserResp.User
+		if platformUser != nil {
+			this.Data["platformUser"] = maps.Map{
+				"id":       platformUser.Id,
+				"username": platformUser.Username,
+				"fullname": platformUser.Fullname,
+			}
+		}
+	}
+
 	// 服务商
 	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
 	if err != nil {
@@ -40,10 +60,11 @@ func (this *CreatePopupAction) RunGet(params struct {
 }

 func (this *CreatePopupAction) RunPost(params struct {
-	Email        string
-	ProviderCode string
-	AccountId    int64
-	Description  string
+	PlatformUserId int64
+	Email          string
+	ProviderCode   string
+	AccountId      int64
+	Description    string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -85,6 +106,7 @@ func (this *CreatePopupAction) RunPost(params struct {
 	}

 	createResp, err := this.RPC().ACMEUserRPC().CreateACMEUser(this.AdminContext(), &pb.CreateACMEUserRequest{
+		UserId:                params.PlatformUserId,
 		Email:                 params.Email,
 		Description:           params.Description,
 		AcmeProviderCode:      params.ProviderCode,
--- a/internal/web/actions/default/servers/certs/index.go
+++ b/internal/web/actions/default/servers/certs/index.go
@@ -19,12 +19,37 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct {
+	UserId  int64
 	Type    string
 	Keyword string
 }) {
 	this.Data["type"] = params.Type
 	this.Data["keyword"] = params.Keyword

+	// 当前用户
+	this.Data["searchingUserId"] = params.UserId
+	var userMap = maps.Map{
+		"id":       0,
+		"username": "",
+		"fullname": "",
+	}
+	if params.UserId > 0 {
+		userResp, err := this.RPC().UserRPC().FindEnabledUser(this.AdminContext(), &pb.FindEnabledUserRequest{UserId: params.UserId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var user = userResp.User
+		if user != nil {
+			userMap = maps.Map{
+				"id":       user.Id,
+				"username": user.Username,
+				"fullname": user.Fullname,
+			}
+		}
+	}
+	this.Data["user"] = userMap
+
 	var countAll = int64(0)
 	var countCA = int64(0)
 	var countAvailable = int64(0)
@@ -36,6 +61,7 @@ func (this *IndexAction) RunGet(params struct {
 	{
 		// all
 		resp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:  params.UserId,
 			Keyword: params.Keyword,
 		})
 		if err != nil {
@@ -46,6 +72,7 @@ func (this *IndexAction) RunGet(params struct {

 		// CA
 		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:  params.UserId,
 			IsCA:    true,
 			Keyword: params.Keyword,
 		})
@@ -57,6 +84,7 @@ func (this *IndexAction) RunGet(params struct {

 		// available
 		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:      params.UserId,
 			IsAvailable: true,
 			Keyword:     params.Keyword,
 		})
@@ -68,6 +96,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expired
 		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:    params.UserId,
 			IsExpired: true,
 			Keyword:   params.Keyword,
 		})
@@ -79,6 +108,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expire in 7 days
 		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:       params.UserId,
 			ExpiringDays: 7,
 			Keyword:      params.Keyword,
 		})
@@ -90,6 +120,7 @@ func (this *IndexAction) RunGet(params struct {

 		// expire in 30 days
 		resp, err = this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:       params.UserId,
 			ExpiringDays: 30,
 			Keyword:      params.Keyword,
 		})
@@ -115,28 +146,60 @@ func (this *IndexAction) RunGet(params struct {
 	case "":
 		page = this.NewPage(countAll)
 		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:  params.UserId,
 			Offset:  page.Offset,
 			Size:    page.Size,
 			Keyword: params.Keyword,
 		})
 	case "ca":
 		page = this.NewPage(countCA)
-		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsCA: true, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:  params.UserId,
+			IsCA:    true,
+			Offset:  page.Offset,
+			Size:    page.Size,
+			Keyword: params.Keyword,
+		})
 	case "available":
 		page = this.NewPage(countAvailable)
-		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsAvailable: true, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:      params.UserId,
+			IsAvailable: true,
+			Offset:      page.Offset,
+			Size:        page.Size,
+			Keyword:     params.Keyword,
+		})
 	case "expired":
 		page = this.NewPage(countExpired)
-		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{IsExpired: true, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:    params.UserId,
+			IsExpired: true,
+			Offset:    page.Offset,
+			Size:      page.Size,
+			Keyword:   params.Keyword,
+		})
 	case "7days":
 		page = this.NewPage(count7Days)
-		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{ExpiringDays: 7, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:       params.UserId,
+			ExpiringDays: 7,
+			Offset:       page.Offset,
+			Size:         page.Size,
+			Keyword:      params.Keyword,
+		})
 	case "30days":
 		page = this.NewPage(count30Days)
-		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{ExpiringDays: 30, Offset: page.Offset, Size: page.Size, Keyword: params.Keyword})
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:       params.UserId,
+			ExpiringDays: 30,
+			Offset:       page.Offset,
+			Size:         page.Size,
+			Keyword:      params.Keyword,
+		})
 	default:
 		page = this.NewPage(countAll)
 		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:  params.UserId,
 			Keyword: params.Keyword,
 			Offset:  page.Offset,
 			Size:    page.Size,
@@ -158,7 +221,9 @@ func (this *IndexAction) RunGet(params struct {
 	var certMaps = []maps.Map{}
 	var nowTime = time.Now().Unix()
 	for _, certConfig := range certConfigs {
-		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithSSLCertId(this.AdminContext(), &pb.CountAllEnabledServersWithSSLCertIdRequest{SslCertId: certConfig.Id})
+		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithSSLCertId(this.AdminContext(), &pb.CountAllEnabledServersWithSSLCertIdRequest{
+			SslCertId: certConfig.Id,
+		})
 		if err != nil {
 			this.ErrorPage(err)
 			return
--- a/internal/web/actions/default/servers/certs/init.go
+++ b/internal/web/actions/default/servers/certs/init.go
@@ -21,6 +21,7 @@ func init() {
 			Data("leftMenuItem", "cert").
 			Get("", new(IndexAction)).
 			GetPost("/uploadPopup", new(UploadPopupAction)).
+			GetPost("/uploadBatchPopup", new(UploadBatchPopupAction)).
 			Post("/delete", new(DeleteAction)).
 			GetPost("/updatePopup", new(UpdatePopupAction)).
 			Get("/certPopup", new(CertPopupAction)).
@@ -40,6 +41,7 @@ func init() {
 			Post("/run", new(acme.RunAction)).
 			GetPost("/updateTaskPopup", new(acme.UpdateTaskPopupAction)).
 			Post("/deleteTask", new(acme.DeleteTaskAction)).
+			Post("/userOptions", new(acme.UserOptionsAction)).

 			// ACME用户
 			Prefix("/servers/certs/acme/users").
--- a/internal/web/actions/default/servers/certs/selectPopup.go
+++ b/internal/web/actions/default/servers/certs/selectPopup.go
@@ -2,9 +2,11 @@ package certs

 import (
 	"encoding/json"
+	"errors"
 	"github.com/TeaOSLab/EdgeAdmin/internal/utils/numberutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
@@ -23,15 +25,86 @@ func (this *SelectPopupAction) Init() {
 }

 func (this *SelectPopupAction) RunGet(params struct {
+	ServerId         int64  // 搜索的服务
+	UserId           int64  // 搜索的用户名
+	SearchingDomains string // 搜索的域名
+	SearchingType    string // 搜索类型：match|all
+
 	ViewSize        string
 	SelectedCertIds string
 	Keyword         string
 }) {
-	// TODO 列出常用和最新的证书供用户选择
+	this.Data["searchingServerId"] = params.ServerId
+
+	// 服务相关
+	if params.ServerId > 0 {
+		serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var server = serverResp.Server
+		if server != nil {
+			if server.UserId > 0 {
+				params.UserId = server.UserId
+			}
+
+			// 读取所有ServerNames
+			serverNamesResp, err := this.RPC().ServerRPC().FindServerNames(this.AdminContext(), &pb.FindServerNamesRequest{ServerId: params.ServerId})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			if len(serverNamesResp.ServerNamesJSON) > 0 {
+				var serverNames = []*serverconfigs.ServerNameConfig{}
+				err = json.Unmarshal(serverNamesResp.ServerNamesJSON, &serverNames)
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				params.SearchingDomains = strings.Join(serverconfigs.PlainServerNames(serverNames), ",")
+			}
+		}
+	}
+
+	// 用户相关
+	this.Data["userId"] = params.UserId // 可变
+	this.Data["searchingUserId"] = params.UserId
+
+	// 域名搜索相关
+	var url = this.Request.URL.Path
+	var query = this.Request.URL.Query()
+	query.Del("searchingType")
+	this.Data["baseURL"] = url + "?" + query.Encode()
+
+	var searchingDomains = []string{}
+	if len(params.SearchingDomains) > 0 {
+		searchingDomains = strings.Split(params.SearchingDomains, ",")
+	}
+	const maxDomains = 2_000 // 限制搜索的域名数量
+	if len(searchingDomains) > maxDomains {
+		searchingDomains = searchingDomains[:maxDomains]
+	}
+	this.Data["allSearchingDomains"] = params.SearchingDomains
+	this.Data["searchingDomains"] = searchingDomains

 	this.Data["keyword"] = params.Keyword
 	this.Data["selectedCertIds"] = params.SelectedCertIds

+	var searchingType = params.SearchingType
+	if len(searchingType) == 0 {
+		if len(params.SearchingDomains) == 0 {
+			searchingType = "all"
+		} else {
+			searchingType = "match"
+		}
+	}
+	if searchingType != "all" && searchingType != "match" {
+		this.ErrorPage(errors.New("invalid searching type '" + searchingType + "'"))
+		return
+	}
+	this.Data["searchingType"] = searchingType
+
 	// 已经选择的证书
 	var selectedCertIds = []string{}
 	if len(params.SelectedCertIds) > 0 {
@@ -43,24 +116,68 @@ func (this *SelectPopupAction) RunGet(params struct {
 	}
 	this.Data["viewSize"] = params.ViewSize

-	countResp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+	// 全部证书数量
+	countAllResp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+		UserId:  params.UserId,
 		Keyword: params.Keyword,
 	})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
+	var totalAll = countAllResp.Count
+	this.Data["totalAll"] = totalAll

-	page := this.NewPage(countResp.Count)
+	// 已匹配证书数量
+	var totalMatch int64 = 0
+	if len(searchingDomains) > 0 {
+		countMatchResp, err := this.RPC().SSLCertRPC().CountSSLCerts(this.AdminContext(), &pb.CountSSLCertRequest{
+			UserId:  params.UserId,
+			Keyword: params.Keyword,
+			Domains: searchingDomains,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		totalMatch = countMatchResp.Count
+	}
+	this.Data["totalMatch"] = totalMatch
+
+	var totalCerts int64
+	if searchingType == "all" {
+		totalCerts = totalAll
+	} else if searchingType == "match" {
+		totalCerts = totalMatch
+	}
+
+	var page = this.NewPage(totalCerts)
 	this.Data["page"] = page.AsHTML()

-	listResp, err := this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
-		Keyword: params.Keyword,
-		Offset:  page.Offset,
-		Size:    page.Size,
-	})
+	var listResp *pb.ListSSLCertsResponse
+	if searchingType == "all" {
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:  params.UserId,
+			Keyword: params.Keyword,
+			Offset:  page.Offset,
+			Size:    page.Size,
+		})
+	} else if searchingType == "match" {
+		listResp, err = this.RPC().SSLCertRPC().ListSSLCerts(this.AdminContext(), &pb.ListSSLCertsRequest{
+			UserId:  params.UserId,
+			Keyword: params.Keyword,
+			Domains: searchingDomains,
+			Offset:  page.Offset,
+			Size:    page.Size,
+		})
+	}

-	certConfigs := []*sslconfigs.SSLCertConfig{}
+	if listResp == nil {
+		this.ErrorPage(errors.New("'listResp' should not be nil"))
+		return
+	}
+
+	var certConfigs = []*sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(listResp.SslCertsJSON, &certConfigs)
 	if err != nil {
 		this.ErrorPage(err)
@@ -68,8 +185,8 @@ func (this *SelectPopupAction) RunGet(params struct {
 	}
 	this.Data["certs"] = certConfigs

-	certMaps := []maps.Map{}
-	nowTime := time.Now().Unix()
+	var certMaps = []maps.Map{}
+	var nowTime = time.Now().Unix()
 	for _, certConfig := range certConfigs {
 		countServersResp, err := this.RPC().ServerRPC().CountAllEnabledServersWithSSLCertId(this.AdminContext(), &pb.CountAllEnabledServersWithSSLCertIdRequest{SslCertId: certConfig.Id})
 		if err != nil {
--- a/internal/web/actions/default/servers/certs/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/updatePopup.go
@@ -26,18 +26,20 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	certConfigJSON := certConfigResp.SslCertJSON
+	var certConfigJSON = certConfigResp.SslCertJSON
 	if len(certConfigJSON) == 0 {
 		this.NotFound("cert", params.CertId)
 		return
 	}

-	certConfig := &sslconfigs.SSLCertConfig{}
+	var certConfig = &sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(certConfigJSON, certConfig)
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
+	certConfig.CertData = nil // cert & key 不需要在界面上显示
+	certConfig.KeyData = nil
 	this.Data["certConfig"] = certConfig

 	this.Show()
@@ -118,7 +120,7 @@ func (this *UpdatePopupAction) RunPost(params struct {

 	// 校验
 	certConfig.IsCA = params.IsCA
-	err = certConfig.Init()
+	err = certConfig.Init(nil)
 	if err != nil {
 		if params.IsCA {
 			this.Fail("证书校验错误：" + err.Error())
--- a/internal/web/actions/default/servers/certs/uploadBatchPopup.go
+++ b/internal/web/actions/default/servers/certs/uploadBatchPopup.go
@@ -0,0 +1,225 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package certs
+
+import (
+	"bytes"
+	"crypto/tls"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+	"io"
+	"mime/multipart"
+	"strings"
+)
+
+// UploadBatchPopupAction 批量上传证书
+type UploadBatchPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UploadBatchPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UploadBatchPopupAction) RunGet(params struct {
+	ServerId int64
+	UserId   int64
+}) {
+	// 读取服务用户
+	if params.ServerId > 0 {
+		serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		var server = serverResp.Server
+		if server != nil {
+			params.UserId = server.UserId
+		}
+	}
+
+	this.Data["userId"] = params.UserId
+	this.Data["maxFiles"] = this.maxFiles()
+
+	this.Show()
+}
+
+func (this *UploadBatchPopupAction) RunPost(params struct {
+	UserId int64
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("批量上传证书")
+
+	var files = this.Request.MultipartForm.File["certFiles"]
+	if len(files) == 0 {
+		this.Fail("请选择要上传的证书和私钥文件")
+		return
+	}
+
+	// 限制每次上传的文件数量
+	var maxFiles = this.maxFiles()
+	if len(files) > maxFiles {
+		this.Fail("每次上传最多不能超过" + types.String(maxFiles) + "个文件")
+		return
+	}
+
+	type certInfo struct {
+		filename string
+		data     []byte
+	}
+
+	var certDataList = []*certInfo{}
+	var keyDataList = [][]byte{}
+
+	var failMessages = []string{}
+	for _, file := range files {
+		func(file *multipart.FileHeader) {
+			fp, err := file.Open()
+			if err != nil {
+				failMessages = append(failMessages, "文件"+file.Filename+"读取失败："+err.Error())
+				return
+			}
+
+			defer func() {
+				_ = fp.Close()
+			}()
+
+			data, err := io.ReadAll(fp)
+			if err != nil {
+				failMessages = append(failMessages, "文件"+file.Filename+"读取失败："+err.Error())
+				return
+			}
+
+			if bytes.Contains(data, []byte("CERTIFICATE-")) {
+				certDataList = append(certDataList, &certInfo{
+					filename: file.Filename,
+					data:     data,
+				})
+			} else if bytes.Contains(data, []byte("PRIVATE KEY-")) {
+				keyDataList = append(keyDataList, data)
+			} else {
+				failMessages = append(failMessages, "文件"+file.Filename+"读取失败：文件格式错误，无法识别是证书还是私钥")
+				return
+			}
+		}(file)
+	}
+
+	if len(failMessages) > 0 {
+		this.Fail("发生了错误：" + strings.Join(failMessages, "；"))
+		return
+	}
+
+	// 对比证书和私钥数量是否一致
+	if len(certDataList) != len(keyDataList) {
+		this.Fail("证书文件数量（" + types.String(len(certDataList)) + "）和私钥文件数量（" + types.String(len(keyDataList)) + "）不一致")
+		return
+	}
+
+	// 自动匹配
+	var pairs = [][2][]byte{}        // [] { cert, key }
+	var keyIndexMap = map[int]bool{} // 方便下面跳过已匹配的Key
+	for _, cert := range certDataList {
+		var found = false
+		for keyIndex, keyData := range keyDataList {
+			if keyIndexMap[keyIndex] {
+				continue
+			}
+
+			_, err := tls.X509KeyPair(cert.data, keyData)
+			if err == nil {
+				found = true
+				pairs = append(pairs, [2][]byte{cert.data, keyData})
+				keyIndexMap[keyIndex] = true
+				break
+			}
+		}
+		if !found {
+			this.Fail("找不到" + cert.filename + "对应的私钥")
+			return
+		}
+	}
+
+	// 组织 CertConfig
+	var pbCerts = []*pb.CreateSSLCertsRequestCert{}
+	var certConfigs = []*sslconfigs.SSLCertConfig{}
+	for _, pair := range pairs {
+		certData, keyData := pair[0], pair[1]
+
+		var certConfig = &sslconfigs.SSLCertConfig{
+			IsCA:     false,
+			CertData: certData,
+			KeyData:  keyData,
+		}
+		err := certConfig.Init(nil)
+		if err != nil {
+			this.Fail("证书验证失败：" + err.Error())
+			return
+		}
+
+		certConfigs = append(certConfigs, certConfig)
+
+		var certName = ""
+		if len(certConfig.DNSNames) > 0 {
+			certName = certConfig.DNSNames[0]
+			if len(certConfig.DNSNames) > 1 {
+				certName += "等" + types.String(len(certConfig.DNSNames)) + "个域名"
+			}
+		}
+		certConfig.Name = certName
+
+		pbCerts = append(pbCerts, &pb.CreateSSLCertsRequestCert{
+			IsOn:        true,
+			Name:        certName,
+			Description: "",
+			ServerName:  "",
+			IsCA:        false,
+			CertData:    certData,
+			KeyData:     keyData,
+			TimeBeginAt: certConfig.TimeBeginAt,
+			TimeEndAt:   certConfig.TimeEndAt,
+			DnsNames:    certConfig.DNSNames,
+			CommonNames: certConfig.CommonNames,
+		})
+	}
+
+	createResp, err := this.RPC().SSLCertRPC().CreateSSLCerts(this.AdminContext(), &pb.CreateSSLCertsRequest{
+		UserId:   params.UserId,
+		SSLCerts: pbCerts,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var certIds = createResp.SslCertIds
+	if len(certIds) != len(certConfigs) {
+		this.Fail("上传成功但API返回的证书ID数量错误，请反馈给开发者")
+		return
+	}
+
+	// 返回数据
+	this.Data["count"] = len(pbCerts)
+
+	var certRefs = []*sslconfigs.SSLCertRef{}
+	for index, cert := range certConfigs {
+		// ID
+		cert.Id = certIds[index]
+
+		// 减少不必要的数据
+		cert.CertData = nil
+		cert.KeyData = nil
+
+		certRefs = append(certRefs, &sslconfigs.SSLCertRef{
+			IsOn:   true,
+			CertId: cert.Id,
+		})
+	}
+	this.Data["certs"] = certConfigs
+	this.Data["certRefs"] = certRefs
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/uploadBatchPopup_ext.go
+++ b/internal/web/actions/default/servers/certs/uploadBatchPopup_ext.go
@@ -0,0 +1,8 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+//go:build !plus
+
+package certs
+
+func (this *UploadBatchPopupAction) maxFiles() int {
+	return 20
+}
--- a/Show More
+++ b/Show More