diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-04-22 18:09:11 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-22 16:09:11 -0600 |
commit | 77a77c0219d389717ba3b8f8e28bad3462fab655 (patch) | |
tree | 75f13fbe5bf044962396449989a02d3451b4b1c3 | |
parent | db62942d634a22cee5e598a3062bc1405895a0c2 (diff) |
caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723)
-rw-r--r-- | caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt | 19 | ||||
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | go.sum | 4 | ||||
-rw-r--r-- | modules/caddytls/acmeissuer.go | 38 | ||||
-rw-r--r-- | modules/caddytls/automation.go | 8 |
5 files changed, 60 insertions, 11 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt index 5d2b643..032f928 100644 --- a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt +++ b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt @@ -3,7 +3,12 @@ localhost respond "hello from localhost" tls { issuer acme { - propagation_timeout "10m0s" + propagation_delay 5m10s + propagation_timeout 10m20s + } + issuer zerossl { + propagation_delay 5m30s + propagation_timeout -1 } } ---------- @@ -56,10 +61,20 @@ tls { { "challenges": { "dns": { - "propagation_timeout": 600000000000 + "propagation_delay": 310000000000, + "propagation_timeout": 620000000000 } }, "module": "acme" + }, + { + "challenges": { + "dns": { + "propagation_delay": 330000000000, + "propagation_timeout": -1 + } + }, + "module": "zerossl" } ] } @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.16.0 + github.com/caddyserver/certmagic v0.16.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 @@ -199,8 +199,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.16.0 h1:nM6Fm+OSnTpx/uRWmN++I2fYq006uhi6m6m3rD1Jjtg= -github.com/caddyserver/certmagic v0.16.0/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= +github.com/caddyserver/certmagic v0.16.1 h1:rdSnjcUVJojmL4M0efJ+yHXErrrijS4YYg3FuwRdJkI= +github.com/caddyserver/certmagic v0.16.1/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index fd60cc8..09b31bf 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -142,6 +142,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { iss.Challenges.DNS.solver = &certmagic.DNS01Solver{ DNSProvider: val.(certmagic.ACMEDNSProvider), TTL: time.Duration(iss.Challenges.DNS.TTL), + PropagationDelay: time.Duration(iss.Challenges.DNS.PropagationDelay), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), Resolvers: iss.Challenges.DNS.Resolvers, OverrideDomain: iss.Challenges.DNS.OverrideDomain, @@ -262,10 +263,13 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // eab <key_id> <mac_key> // trusted_roots <pem_files...> // dns <provider_name> [<options>] +// propagation_delay <duration> +// propagation_timeout <duration> // resolvers <dns_servers...> +// dns_challenge_override_domain <domain> // preferred_chains [smallest] { -// root_common_name <common_names...> -// any_common_name <common_names...> +// root_common_name <common_names...> +// any_common_name <common_names...> // } // } // @@ -389,14 +393,38 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return err } iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil) + + case "propagation_delay": + if !d.NextArg() { + return d.ArgErr() + } + delayStr := d.Val() + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + case "propagation_timeout": if !d.NextArg() { return d.ArgErr() } timeoutStr := d.Val() - timeout, err := caddy.ParseDuration(timeoutStr) - if err != nil { - return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } } if iss.Challenges == nil { iss.Challenges = new(ChallengesConfig) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 26884bc..197c409 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -363,7 +363,13 @@ type DNSChallengeConfig struct { // The TTL of the TXT record used for the DNS challenge. TTL caddy.Duration `json:"ttl,omitempty"` - // How long to wait for DNS record to propagate. + // How long to wait before starting propagation checks. + // Default: 0 (no wait). + PropagationDelay caddy.Duration `json:"propagation_delay,omitempty"` + + // Maximum time to wait for temporary DNS record to appear. + // Set to -1 to disable propagation checks. + // Default: 2 minutes. PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` // Custom DNS resolvers to prefer over system/built-in defaults. |