mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-16 21:56:40 -05:00
caddytls: Debug log for ask endpoint
This commit is contained in:
parent
d73660f7c3
commit
0a3efd1641
2 changed files with 9 additions and 4 deletions
|
@ -495,7 +495,7 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
// to see if a certificate can be obtained for name.
|
||||
// The certificate request should be denied if this
|
||||
// returns an error.
|
||||
func onDemandAskRequest(ask string, name string) error {
|
||||
func onDemandAskRequest(logger *zap.Logger, ask string, name string) error {
|
||||
askURL, err := url.Parse(ask)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing ask URL: %v", err)
|
||||
|
@ -504,13 +504,19 @@ func onDemandAskRequest(ask string, name string) error {
|
|||
qs.Set("domain", name)
|
||||
askURL.RawQuery = qs.Encode()
|
||||
|
||||
resp, err := onDemandAskClient.Get(askURL.String())
|
||||
askURLString := askURL.String()
|
||||
resp, err := onDemandAskClient.Get(askURLString)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error checking %v to determine if certificate for hostname '%s' should be allowed: %v",
|
||||
ask, name, err)
|
||||
}
|
||||
resp.Body.Close()
|
||||
|
||||
logger.Debug("response from ask endpoint",
|
||||
zap.String("domain", name),
|
||||
zap.String("url", askURLString),
|
||||
zap.Int("status", resp.StatusCode))
|
||||
|
||||
if resp.StatusCode < 200 || resp.StatusCode > 299 {
|
||||
return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, errAskDenied, ask, resp.StatusCode)
|
||||
}
|
||||
|
|
|
@ -174,8 +174,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
|
|||
if tlsApp.Automation != nil &&
|
||||
tlsApp.Automation.OnDemand != nil &&
|
||||
tlsApp.Automation.OnDemand.Ask != "" {
|
||||
err := onDemandAskRequest(tlsApp.Automation.OnDemand.Ask, name)
|
||||
if err != nil {
|
||||
if err := onDemandAskRequest(tlsApp.logger, tlsApp.Automation.OnDemand.Ask, name); err != nil {
|
||||
// distinguish true errors from denials, because it's important to log actual errors
|
||||
if !errors.Is(err, errAskDenied) {
|
||||
tlsApp.logger.Error("request to 'ask' endpoint failed",
|
||||
|
|
Loading…
Reference in a new issue