From 77a77c0219d389717ba3b8f8e28bad3462fab655 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 22 Apr 2022 18:09:11 -0400 Subject: caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723) --- modules/caddytls/acmeissuer.go | 38 +++++++++++++++++++++++++++++++++----- modules/caddytls/automation.go | 8 +++++++- 2 files changed, 40 insertions(+), 6 deletions(-) (limited to 'modules/caddytls') diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index fd60cc8..09b31bf 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -142,6 +142,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { iss.Challenges.DNS.solver = &certmagic.DNS01Solver{ DNSProvider: val.(certmagic.ACMEDNSProvider), TTL: time.Duration(iss.Challenges.DNS.TTL), + PropagationDelay: time.Duration(iss.Challenges.DNS.PropagationDelay), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), Resolvers: iss.Challenges.DNS.Resolvers, OverrideDomain: iss.Challenges.DNS.OverrideDomain, @@ -262,10 +263,13 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // eab // trusted_roots // dns [] +// propagation_delay +// propagation_timeout // resolvers +// dns_challenge_override_domain // preferred_chains [smallest] { -// root_common_name -// any_common_name +// root_common_name +// any_common_name // } // } // @@ -389,14 +393,38 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return err } iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil) + + case "propagation_delay": + if !d.NextArg() { + return d.ArgErr() + } + delayStr := d.Val() + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + case "propagation_timeout": if !d.NextArg() { return d.ArgErr() } timeoutStr := d.Val() - timeout, err := caddy.ParseDuration(timeoutStr) - if err != nil { - return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } } if iss.Challenges == nil { iss.Challenges = new(ChallengesConfig) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 26884bc..197c409 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -363,7 +363,13 @@ type DNSChallengeConfig struct { // The TTL of the TXT record used for the DNS challenge. TTL caddy.Duration `json:"ttl,omitempty"` - // How long to wait for DNS record to propagate. + // How long to wait before starting propagation checks. + // Default: 0 (no wait). + PropagationDelay caddy.Duration `json:"propagation_delay,omitempty"` + + // Maximum time to wait for temporary DNS record to appear. + // Set to -1 to disable propagation checks. + // Default: 2 minutes. PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` // Custom DNS resolvers to prefer over system/built-in defaults. -- cgit v1.2.3