mirror of
https://github.com/containous/traefik.git
synced 2024-12-22 13:34:03 +03:00
Fix TLS challenge timeout and validation error
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
This commit is contained in:
parent
502c88ee3f
commit
5597d7633d
@ -186,7 +186,9 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
||||
|
||||
tlsManager := traefiktls.NewManager()
|
||||
httpChallengeProvider := acme.NewChallengeHTTP()
|
||||
tlsChallengeProvider := acme.NewChallengeTLSALPN(time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration))
|
||||
|
||||
// we need to wait at least 2 times the ProvidersThrottleDuration to be sure to handle the challenge.
|
||||
tlsChallengeProvider := acme.NewChallengeTLSALPN(time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration) * 2)
|
||||
err = providerAggregator.AddProvider(tlsChallengeProvider)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -39,8 +39,8 @@ func NewChallengeTLSALPN(timeout time.Duration) *ChallengeTLSALPN {
|
||||
|
||||
// Present presents a challenge to obtain new ACME certificate.
|
||||
func (c *ChallengeTLSALPN) Present(domain, _, keyAuth string) error {
|
||||
log.WithoutContext().WithField(log.ProviderName, providerNameALPN).
|
||||
Debugf("TLS Challenge Present temp certificate for %s", domain)
|
||||
logger := log.WithoutContext().WithField(log.ProviderName, providerNameALPN)
|
||||
logger.Debugf("TLS Challenge Present temp certificate for %s", domain)
|
||||
|
||||
certPEMBlock, keyPEMBlock, err := tlsalpn01.ChallengeBlocks(domain, keyAuth)
|
||||
if err != nil {
|
||||
@ -68,6 +68,12 @@ func (c *ChallengeTLSALPN) Present(domain, _, keyAuth string) error {
|
||||
case t := <-timer.C:
|
||||
timer.Stop()
|
||||
close(c.chans[string(certPEMBlock)])
|
||||
|
||||
err = c.CleanUp(domain, "", keyAuth)
|
||||
if err != nil {
|
||||
logger.Errorf("Failed to clean up TLS challenge: %v", err)
|
||||
}
|
||||
|
||||
errC = fmt.Errorf("timeout %s", t)
|
||||
case <-ch:
|
||||
// noop
|
||||
|
@ -421,6 +421,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
|
||||
if route.TLS == nil || route.TLS.CertResolver != p.ResolverName {
|
||||
continue
|
||||
}
|
||||
|
||||
ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule))
|
||||
|
||||
tlsStore := "default"
|
||||
@ -462,6 +463,7 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
|
||||
if len(uncheckedDomains) == 0 {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
defer p.removeResolvingDomains(uncheckedDomains)
|
||||
|
||||
logger := log.FromContext(ctx)
|
||||
|
Loading…
Reference in New Issue
Block a user