From faf67b10670a14c24ce601be703dfb65f07ffa45 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 21 Oct 2019 12:03:51 -0600 Subject: tls: Make the on-demand rate limiter actually work This required a custom rate limiter implementation in CertMagic --- modules/caddytls/tls.go | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'modules/caddytls/tls.go') diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 7aa1856..5054081 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -26,7 +26,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/go-acme/lego/v3/challenge" "github.com/mholt/certmagic" - "golang.org/x/time/rate" ) func init() { @@ -104,13 +103,12 @@ func (t *TLS) Provision(ctx caddy.Context) error { // on-demand rate limiting if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.RateLimit != nil { - limit := rate.Every(time.Duration(t.Automation.OnDemand.RateLimit.Interval)) - onDemandRateLimiter.SetLimit(limit) - onDemandRateLimiter.SetBurst(t.Automation.OnDemand.RateLimit.Burst) + onDemandRateLimiter.SetMaxEvents(t.Automation.OnDemand.RateLimit.Burst) + onDemandRateLimiter.SetWindow(time.Duration(t.Automation.OnDemand.RateLimit.Interval)) } else { - // if no rate limit is specified, be sure to remove any existing limit - onDemandRateLimiter.SetLimit(0) - onDemandRateLimiter.SetBurst(0) + // remove any existing rate limiter + onDemandRateLimiter.SetMaxEvents(0) + onDemandRateLimiter.SetWindow(0) } // load manual/static (unmanaged) certificates - we do this in @@ -384,7 +382,7 @@ type ManagerMaker interface { // These perpetual values are used for on-demand TLS. var ( - onDemandRateLimiter = rate.NewLimiter(0, 1) + onDemandRateLimiter = certmagic.NewRateLimiter(0, 0) onDemandAskClient = &http.Client{ Timeout: 10 * time.Second, CheckRedirect: func(req *http.Request, via []*http.Request) error { -- cgit v1.2.3