mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-30 22:34:15 -05:00
caddytls: Configurable cache size limit
This commit is contained in:
parent
9dafa63933
commit
11a132d48b
2 changed files with 22 additions and 4 deletions
|
@ -49,15 +49,13 @@ type AutomationConfig struct {
|
||||||
// Caddy staples OCSP (and caches the response) for all
|
// Caddy staples OCSP (and caches the response) for all
|
||||||
// qualifying certificates by default. This setting
|
// qualifying certificates by default. This setting
|
||||||
// changes how often it scans responses for freshness,
|
// changes how often it scans responses for freshness,
|
||||||
// and updates them if they are getting stale.
|
// and updates them if they are getting stale. Default: 1h
|
||||||
OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"`
|
OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"`
|
||||||
|
|
||||||
// Every so often, Caddy will scan all loaded, managed
|
// Every so often, Caddy will scan all loaded, managed
|
||||||
// certificates for expiration. This setting changes how
|
// certificates for expiration. This setting changes how
|
||||||
// frequently the scan for expiring certificates is
|
// frequently the scan for expiring certificates is
|
||||||
// performed. If your certificate lifetimes are very
|
// performed. Default: 10m
|
||||||
// short (less than ~24 hours), you should set this to
|
|
||||||
// a low value.
|
|
||||||
RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
|
RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"`
|
||||||
|
|
||||||
defaultPublicAutomationPolicy *AutomationPolicy
|
defaultPublicAutomationPolicy *AutomationPolicy
|
||||||
|
|
|
@ -57,6 +57,9 @@ type TLS struct {
|
||||||
// Configures session ticket ephemeral keys (STEKs).
|
// Configures session ticket ephemeral keys (STEKs).
|
||||||
SessionTickets *SessionTicketService `json:"session_tickets,omitempty"`
|
SessionTickets *SessionTicketService `json:"session_tickets,omitempty"`
|
||||||
|
|
||||||
|
// Configures the in-memory certificate cache.
|
||||||
|
Cache *CertCacheOptions `json:"cache,omitempty"`
|
||||||
|
|
||||||
certificateLoaders []CertificateLoader
|
certificateLoaders []CertificateLoader
|
||||||
automateNames []string
|
automateNames []string
|
||||||
certCache *certmagic.Cache
|
certCache *certmagic.Cache
|
||||||
|
@ -89,6 +92,9 @@ func (t *TLS) Provision(ctx caddy.Context) error {
|
||||||
cacheOpts.OCSPCheckInterval = time.Duration(t.Automation.OCSPCheckInterval)
|
cacheOpts.OCSPCheckInterval = time.Duration(t.Automation.OCSPCheckInterval)
|
||||||
cacheOpts.RenewCheckInterval = time.Duration(t.Automation.RenewCheckInterval)
|
cacheOpts.RenewCheckInterval = time.Duration(t.Automation.RenewCheckInterval)
|
||||||
}
|
}
|
||||||
|
if t.Cache != nil {
|
||||||
|
cacheOpts.Capacity = t.Cache.Capacity
|
||||||
|
}
|
||||||
t.certCache = certmagic.NewCache(cacheOpts)
|
t.certCache = certmagic.NewCache(cacheOpts)
|
||||||
|
|
||||||
// certificate loaders
|
// certificate loaders
|
||||||
|
@ -215,6 +221,11 @@ func (t *TLS) Validate() error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if t.Cache != nil {
|
||||||
|
if t.Cache.Capacity < 0 {
|
||||||
|
return fmt.Errorf("cache capacity must be >= 0")
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -445,6 +456,15 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CertCacheOptions configures the certificate cache.
|
||||||
|
type CertCacheOptions struct {
|
||||||
|
// Maximum number of certificates to allow in the
|
||||||
|
// cache. If reached, certificates will be randomly
|
||||||
|
// evicted to make room for new ones. Default: 0
|
||||||
|
// (no limit).
|
||||||
|
Capacity int `json:"capacity,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// Variables related to storage cleaning.
|
// Variables related to storage cleaning.
|
||||||
var (
|
var (
|
||||||
storageCleanInterval = 12 * time.Hour
|
storageCleanInterval = 12 * time.Hour
|
||||||
|
|
Loading…
Reference in a new issue