summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancis Lavoie <lavofr@gmail.com>2022-04-22 18:09:11 -0400
committerGitHub <noreply@github.com>2022-04-22 16:09:11 -0600
commit77a77c0219d389717ba3b8f8e28bad3462fab655 (patch)
tree75f13fbe5bf044962396449989a02d3451b4b1c3
parentdb62942d634a22cee5e598a3062bc1405895a0c2 (diff)
caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723)
-rw-r--r--caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt19
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--modules/caddytls/acmeissuer.go38
-rw-r--r--modules/caddytls/automation.go8
5 files changed, 60 insertions, 11 deletions
diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt
index 5d2b643..032f928 100644
--- a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt
+++ b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt
@@ -3,7 +3,12 @@ localhost
respond "hello from localhost"
tls {
issuer acme {
- propagation_timeout "10m0s"
+ propagation_delay 5m10s
+ propagation_timeout 10m20s
+ }
+ issuer zerossl {
+ propagation_delay 5m30s
+ propagation_timeout -1
}
}
----------
@@ -56,10 +61,20 @@ tls {
{
"challenges": {
"dns": {
- "propagation_timeout": 600000000000
+ "propagation_delay": 310000000000,
+ "propagation_timeout": 620000000000
}
},
"module": "acme"
+ },
+ {
+ "challenges": {
+ "dns": {
+ "propagation_delay": 330000000000,
+ "propagation_timeout": -1
+ }
+ },
+ "module": "zerossl"
}
]
}
diff --git a/go.mod b/go.mod
index 3a1227d..0dd5977 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
github.com/Masterminds/sprig/v3 v3.2.2
github.com/alecthomas/chroma v0.10.0
github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b
- github.com/caddyserver/certmagic v0.16.0
+ github.com/caddyserver/certmagic v0.16.1
github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac
github.com/go-chi/chi v4.1.2+incompatible
github.com/google/cel-go v0.7.3
diff --git a/go.sum b/go.sum
index ffe9fc0..dde9bbc 100644
--- a/go.sum
+++ b/go.sum
@@ -199,8 +199,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw=
-github.com/caddyserver/certmagic v0.16.0 h1:nM6Fm+OSnTpx/uRWmN++I2fYq006uhi6m6m3rD1Jjtg=
-github.com/caddyserver/certmagic v0.16.0/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ=
+github.com/caddyserver/certmagic v0.16.1 h1:rdSnjcUVJojmL4M0efJ+yHXErrrijS4YYg3FuwRdJkI=
+github.com/caddyserver/certmagic v0.16.1/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ=
github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A=
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index fd60cc8..09b31bf 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -142,6 +142,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error {
iss.Challenges.DNS.solver = &certmagic.DNS01Solver{
DNSProvider: val.(certmagic.ACMEDNSProvider),
TTL: time.Duration(iss.Challenges.DNS.TTL),
+ PropagationDelay: time.Duration(iss.Challenges.DNS.PropagationDelay),
PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout),
Resolvers: iss.Challenges.DNS.Resolvers,
OverrideDomain: iss.Challenges.DNS.OverrideDomain,
@@ -262,10 +263,13 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss }
// eab <key_id> <mac_key>
// trusted_roots <pem_files...>
// dns <provider_name> [<options>]
+// propagation_delay <duration>
+// propagation_timeout <duration>
// resolvers <dns_servers...>
+// dns_challenge_override_domain <domain>
// preferred_chains [smallest] {
-// root_common_name <common_names...>
-// any_common_name <common_names...>
+// root_common_name <common_names...>
+// any_common_name <common_names...>
// }
// }
//
@@ -389,14 +393,38 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
return err
}
iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil)
+
+ case "propagation_delay":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ delayStr := d.Val()
+ delay, err := caddy.ParseDuration(delayStr)
+ if err != nil {
+ return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay)
+
case "propagation_timeout":
if !d.NextArg() {
return d.ArgErr()
}
timeoutStr := d.Val()
- timeout, err := caddy.ParseDuration(timeoutStr)
- if err != nil {
- return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err)
+ var timeout time.Duration
+ if timeoutStr == "-1" {
+ timeout = time.Duration(-1)
+ } else {
+ var err error
+ timeout, err = caddy.ParseDuration(timeoutStr)
+ if err != nil {
+ return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err)
+ }
}
if iss.Challenges == nil {
iss.Challenges = new(ChallengesConfig)
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index 26884bc..197c409 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -363,7 +363,13 @@ type DNSChallengeConfig struct {
// The TTL of the TXT record used for the DNS challenge.
TTL caddy.Duration `json:"ttl,omitempty"`
- // How long to wait for DNS record to propagate.
+ // How long to wait before starting propagation checks.
+ // Default: 0 (no wait).
+ PropagationDelay caddy.Duration `json:"propagation_delay,omitempty"`
+
+ // Maximum time to wait for temporary DNS record to appear.
+ // Set to -1 to disable propagation checks.
+ // Default: 2 minutes.
PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"`
// Custom DNS resolvers to prefer over system/built-in defaults.