tls: Make the on-demand rate limiter actually work

This required a custom rate limiter implementation in CertMagic
author: Matthew Holt <mholt@users.noreply.github.com> 2019-10-21 12:03:51 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2019-10-21 12:03:51 -0600
commit: faf67b10670a14c24ce601be703dfb65f07ffa45 (patch)
tree: 6c6a677c073224460193dfeba8e0b7a15d33ebde /modules/caddytls/acmemanager.go
parent: 208f2ff93c1bd2c009e4b96f664c1808ede79f3a (diff)
1 files changed, 4 insertions, 8 deletions
diff --git a/modules/caddytls/acmemanager.go b/modules/caddytls/acmemanager.go
index dbc8fc9..9f31215 100644
--- a/modules/caddytls/acmemanager.go
+++ b/modules/caddytls/acmemanager.go
@@ -138,14 +138,10 @@ func (m *ACMEManagerMaker) makeCertMagicConfig(ctx caddy.Context) certmagic.Conf
 							return err
 						}
 					}
-					// check the rate limiter last, since
-					// even checking consumes a token; so
-					// don't even bother checking if the
-					// other regulations fail anyway
-					if onDemand.RateLimit != nil {
-						if !onDemandRateLimiter.Allow() {
-							return fmt.Errorf("on-demand rate limit exceeded")
-						}
+					// check the rate limiter last because
+					// doing so makes a reservation
+					if !onDemandRateLimiter.Allow() {
+						return fmt.Errorf("on-demand rate limit exceeded")
 					}
 				}
 				return nil
author	Matthew Holt <mholt@users.noreply.github.com>	2019-10-21 12:03:51 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2019-10-21 12:03:51 -0600
commit	faf67b10670a14c24ce601be703dfb65f07ffa45 (patch)
tree	6c6a677c073224460193dfeba8e0b7a15d33ebde /modules/caddytls/acmemanager.go
parent	208f2ff93c1bd2c009e4b96f664c1808ede79f3a (diff)