diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-10-21 12:03:51 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-10-21 12:03:51 -0600 |
commit | faf67b10670a14c24ce601be703dfb65f07ffa45 (patch) | |
tree | 6c6a677c073224460193dfeba8e0b7a15d33ebde /modules/caddytls/acmemanager.go | |
parent | 208f2ff93c1bd2c009e4b96f664c1808ede79f3a (diff) |
tls: Make the on-demand rate limiter actually work
This required a custom rate limiter implementation in CertMagic
Diffstat (limited to 'modules/caddytls/acmemanager.go')
-rw-r--r-- | modules/caddytls/acmemanager.go | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/modules/caddytls/acmemanager.go b/modules/caddytls/acmemanager.go index dbc8fc9..9f31215 100644 --- a/modules/caddytls/acmemanager.go +++ b/modules/caddytls/acmemanager.go @@ -138,14 +138,10 @@ func (m *ACMEManagerMaker) makeCertMagicConfig(ctx caddy.Context) certmagic.Conf return err } } - // check the rate limiter last, since - // even checking consumes a token; so - // don't even bother checking if the - // other regulations fail anyway - if onDemand.RateLimit != nil { - if !onDemandRateLimiter.Allow() { - return fmt.Errorf("on-demand rate limit exceeded") - } + // check the rate limiter last because + // doing so makes a reservation + if !onDemandRateLimiter.Allow() { + return fmt.Errorf("on-demand rate limit exceeded") } } return nil |