Infrastructure/caddy
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-13 22:51:08 -05:00
Code Issues Activity

https: Only create ACMEClient if it's actually going to be used

Browse source 
Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
This commit is contained in:
Matthew Holt 2016-02-11 16:20:59 -07:00
parent 7bd2adf0dc
commit 04c7c442c5
3 changed files with 13 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
caddy/caddy_test.go
View file

@ -4,20 +4,9 @@ import (
"net/http" "net/http"
"testing" "testing"
"time" "time"
"github.com/mholt/caddy/caddy/https"
"github.com/xenolf/lego/acme"
) )
func TestCaddyStartStop(t *testing.T) { func TestCaddyStartStop(t *testing.T) {
// Use fake ACME clients for testing
https.NewACMEClient = func(email string, allowPrompts bool) (*https.ACMEClient, error) {
return &https.ACMEClient{
Client: new(acme.Client),
AllowPrompts: allowPrompts,
}, nil
}
caddyfile := "localhost:1984" caddyfile := "localhost:1984"
for i := 0; i < 2; i++ { for i := 0; i < 2; i++ {

7
caddy/https/https.go
View file

@ -68,12 +68,7 @@ func Activate(configs []server.Config) ([]server.Config, error) {
// the renewal ticker is reset, so if restarts happen more often than // the renewal ticker is reset, so if restarts happen more often than
// the ticker interval, renewals would never happen. but doing // the ticker interval, renewals would never happen. but doing
// it right away at start guarantees that renewals aren't missed. // it right away at start guarantees that renewals aren't missed.
client, err := NewACMEClient("", true) // renewals don't use email err = renewManagedCertificates(true)
if err != nil {
return configs, err
}
client.Configure("")
err = renewManagedCertificates(client)
if err != nil { if err != nil {
return configs, err return configs, err
} }

20
caddy/https/maintain.go
View file

@ -24,13 +24,7 @@ func maintainAssets(stopChan chan struct{}) {
select { select {
case <-renewalTicker.C: case <-renewalTicker.C:
log.Println("[INFO] Scanning for expiring certificates") log.Println("[INFO] Scanning for expiring certificates")
client, err := NewACMEClient("", false) // renewals don't use email renewManagedCertificates(false)
if err != nil {
log.Printf("[ERROR] Creating client for renewals: %v", err)
continue
}
client.Configure("") // TODO: Bind address of relevant listener, yuck
renewManagedCertificates(client)
log.Println("[INFO] Done checking certificates") log.Println("[INFO] Done checking certificates")
case <-ocspTicker.C: case <-ocspTicker.C:
log.Println("[INFO] Scanning for stale OCSP staples") log.Println("[INFO] Scanning for stale OCSP staples")
@ -45,8 +39,9 @@ func maintainAssets(stopChan chan struct{}) {
} }
} }
func renewManagedCertificates(client *ACMEClient) error { func renewManagedCertificates(allowPrompts bool) (err error) {
var renewed, deleted []Certificate var renewed, deleted []Certificate
var client *ACMEClient
visitedNames := make(map[string]struct{}) visitedNames := make(map[string]struct{})
certCacheMu.RLock() certCacheMu.RLock()
@ -73,6 +68,15 @@ func renewManagedCertificates(client *ACMEClient) error {
timeLeft := cert.NotAfter.Sub(time.Now().UTC()) timeLeft := cert.NotAfter.Sub(time.Now().UTC())
if timeLeft < renewDurationBefore { if timeLeft < renewDurationBefore {
log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft) log.Printf("[INFO] Certificate for %v expires in %v; attempting renewal", cert.Names, timeLeft)
if client == nil {
client, err = NewACMEClient("", allowPrompts) // renewals don't use email
if err != nil {
return err
}
client.Configure("") // TODO: Bind address of relevant listener, yuck
}
err := client.Renew(cert.Names[0]) // managed certs better have only one name err := client.Renew(cert.Names[0]) // managed certs better have only one name
if err != nil { if err != nil {
if client.AllowPrompts { if client.AllowPrompts {