mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-16 21:56:40 -05:00
caddytls: Configurable cache size limit
This commit is contained in:
Matthew Holt
parent
9dafa63933
commit
11a132d48b
2 changed files with 22 additions and 4 deletions
|
|
@ -49,15 +49,13 @@ type AutomationConfig struct {
|
|||
// Caddy staples OCSP (and caches the response) for all
|
||||
// qualifying certificates by default. This setting
|
||||
// changes how often it scans responses for freshness,
|
||||
// and updates them if they are getting stale.
|
||||
// and updates them if they are getting stale. Default: 1h
|
||||
OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"`
|
||||
|
||||
// Every so often, Caddy will scan all loaded, managed
|
||||
// certificates for expiration. This setting changes how
|
||||
// frequently the scan for expiring certificates is
|
||||
// performed. If your certificate lifetimes are very
|
||||
// short (less than ~24 hours), you should set this to
|
||||
// a low value.
|
||||
// performed. Default: 10m
|
||||
RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
|
||||
|
||||
defaultPublicAutomationPolicy *AutomationPolicy
|
||||
|
|
|
|||
|
|
@ -57,6 +57,9 @@ type TLS struct {
|
|||
// Configures session ticket ephemeral keys (STEKs).
|
||||
SessionTickets *SessionTicketService `json:"session_tickets,omitempty"`
|
||||
|
||||
// Configures the in-memory certificate cache.
|
||||
Cache *CertCacheOptions `json:"cache,omitempty"`
|
||||
|
||||
certificateLoaders []CertificateLoader
|
||||
automateNames []string
|
||||
certCache *certmagic.Cache
|
||||
|
|
@ -89,6 +92,9 @@ func (t *TLS) Provision(ctx caddy.Context) error {
|
|||
cacheOpts.OCSPCheckInterval = time.Duration(t.Automation.OCSPCheckInterval)
|
||||
cacheOpts.RenewCheckInterval = time.Duration(t.Automation.RenewCheckInterval)
|
||||
}
|
||||
if t.Cache != nil {
|
||||
cacheOpts.Capacity = t.Cache.Capacity
|
||||
}
|
||||
t.certCache = certmagic.NewCache(cacheOpts)
|
||||
|
||||
// certificate loaders
|
||||
|
|
@ -215,6 +221,11 @@ func (t *TLS) Validate() error {
|
|||
}
|
||||
}
|
||||
}
|
||||
if t.Cache != nil {
|
||||
if t.Cache.Capacity < 0 {
|
||||
return fmt.Errorf("cache capacity must be >= 0")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -445,6 +456,15 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo {
|
|||
}
|
||||
}
|
||||
|
||||
// CertCacheOptions configures the certificate cache.
|
||||
type CertCacheOptions struct {
|
||||
// Maximum number of certificates to allow in the
|
||||
// cache. If reached, certificates will be randomly
|
||||
// evicted to make room for new ones. Default: 0
|
||||
// (no limit).
|
||||
Capacity int `json:"capacity,omitempty"`
|
||||
}
|
||||
|
||||
// Variables related to storage cleaning.
|
||||
var (
|
||||
storageCleanInterval = 12 * time.Hour
|
||||
|
|
|
|||
Loading…
Reference in a new issue