summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--modules/caddytls/acmemanager.go12
-rw-r--r--modules/caddytls/tls.go14
4 files changed, 13 insertions, 19 deletions
diff --git a/go.mod b/go.mod
index 0a66a78..be5f485 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
github.com/klauspost/compress v1.8.6
github.com/klauspost/cpuid v1.2.1
github.com/lucas-clemente/quic-go v0.12.1
- github.com/mholt/certmagic v0.8.0
+ github.com/mholt/certmagic v0.8.3
github.com/muhammadmuzzammil1998/jsonc v0.0.0-20190906142622-1265e9b150c6
github.com/rs/cors v1.7.0
github.com/russross/blackfriday/v2 v2.0.1
diff --git a/go.sum b/go.sum
index 3198595..4ecf483 100644
--- a/go.sum
+++ b/go.sum
@@ -172,8 +172,8 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mholt/certmagic v0.8.0 h1:WEQhZ4+ySd2cQz0Gf1iEk6xsUaEmmHe10SZiiKd7BdY=
-github.com/mholt/certmagic v0.8.0/go.mod h1:91uJzK5K8IWtYQqTi5R2tsxV1pCde+wdGfaRaOZi6aQ=
+github.com/mholt/certmagic v0.8.3 h1:JOUiX9IAZbbgyjNP2GY6v/6lorH+9GkZsc7ktMpGCSo=
+github.com/mholt/certmagic v0.8.3/go.mod h1:91uJzK5K8IWtYQqTi5R2tsxV1pCde+wdGfaRaOZi6aQ=
github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI=
github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
diff --git a/modules/caddytls/acmemanager.go b/modules/caddytls/acmemanager.go
index dbc8fc9..9f31215 100644
--- a/modules/caddytls/acmemanager.go
+++ b/modules/caddytls/acmemanager.go
@@ -138,14 +138,10 @@ func (m *ACMEManagerMaker) makeCertMagicConfig(ctx caddy.Context) certmagic.Conf
return err
}
}
- // check the rate limiter last, since
- // even checking consumes a token; so
- // don't even bother checking if the
- // other regulations fail anyway
- if onDemand.RateLimit != nil {
- if !onDemandRateLimiter.Allow() {
- return fmt.Errorf("on-demand rate limit exceeded")
- }
+ // check the rate limiter last because
+ // doing so makes a reservation
+ if !onDemandRateLimiter.Allow() {
+ return fmt.Errorf("on-demand rate limit exceeded")
}
}
return nil
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 7aa1856..5054081 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -26,7 +26,6 @@ import (
"github.com/caddyserver/caddy/v2"
"github.com/go-acme/lego/v3/challenge"
"github.com/mholt/certmagic"
- "golang.org/x/time/rate"
)
func init() {
@@ -104,13 +103,12 @@ func (t *TLS) Provision(ctx caddy.Context) error {
// on-demand rate limiting
if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.RateLimit != nil {
- limit := rate.Every(time.Duration(t.Automation.OnDemand.RateLimit.Interval))
- onDemandRateLimiter.SetLimit(limit)
- onDemandRateLimiter.SetBurst(t.Automation.OnDemand.RateLimit.Burst)
+ onDemandRateLimiter.SetMaxEvents(t.Automation.OnDemand.RateLimit.Burst)
+ onDemandRateLimiter.SetWindow(time.Duration(t.Automation.OnDemand.RateLimit.Interval))
} else {
- // if no rate limit is specified, be sure to remove any existing limit
- onDemandRateLimiter.SetLimit(0)
- onDemandRateLimiter.SetBurst(0)
+ // remove any existing rate limiter
+ onDemandRateLimiter.SetMaxEvents(0)
+ onDemandRateLimiter.SetWindow(0)
}
// load manual/static (unmanaged) certificates - we do this in
@@ -384,7 +382,7 @@ type ManagerMaker interface {
// These perpetual values are used for on-demand TLS.
var (
- onDemandRateLimiter = rate.NewLimiter(0, 1)
+ onDemandRateLimiter = certmagic.NewRateLimiter(0, 0)
onDemandAskClient = &http.Client{
Timeout: 10 * time.Second,
CheckRedirect: func(req *http.Request, via []*http.Request) error {