traefik/pkg/provider/acme/challenge_http.go

100 lines
2.8 KiB
Go
Raw Normal View History

2018-03-05 19:54:04 +00:00
package acme
import (
2018-11-14 09:18:03 +00:00
"context"
2018-07-03 10:44:04 +00:00
"net"
"net/http"
2018-03-05 19:54:04 +00:00
"time"
2020-02-26 09:36:05 +00:00
"github.com/cenkalti/backoff/v4"
2019-08-03 01:58:23 +00:00
"github.com/containous/traefik/v2/pkg/log"
"github.com/containous/traefik/v2/pkg/safe"
"github.com/go-acme/lego/v3/challenge"
"github.com/go-acme/lego/v3/challenge/http01"
"github.com/gorilla/mux"
2018-03-05 19:54:04 +00:00
)
2019-01-07 17:30:06 +00:00
var _ challenge.ProviderTimeout = (*challengeHTTP)(nil)
2018-07-03 10:44:04 +00:00
type challengeHTTP struct {
Store ChallengeStore
2018-07-03 10:44:04 +00:00
}
2018-11-14 09:18:03 +00:00
// Present presents a challenge to obtain new ACME certificate.
2018-07-03 10:44:04 +00:00
func (c *challengeHTTP) Present(domain, token, keyAuth string) error {
2018-07-09 23:24:14 +00:00
return c.Store.SetHTTPChallengeToken(token, domain, []byte(keyAuth))
2018-07-03 10:44:04 +00:00
}
2018-03-05 19:54:04 +00:00
2018-11-14 09:18:03 +00:00
// CleanUp cleans the challenges when certificate is obtained.
2018-07-03 10:44:04 +00:00
func (c *challengeHTTP) CleanUp(domain, token, keyAuth string) error {
2018-07-09 23:24:14 +00:00
return c.Store.RemoveHTTPChallengeToken(token, domain)
2018-03-05 19:54:04 +00:00
}
2018-11-14 09:18:03 +00:00
// Timeout calculates the maximum of time allowed to resolved an ACME challenge.
2018-07-03 10:44:04 +00:00
func (c *challengeHTTP) Timeout() (timeout, interval time.Duration) {
return 60 * time.Second, 5 * time.Second
}
// CreateHandler creates a HTTP handler to expose the token for the HTTP challenge.
func (p *Provider) CreateHandler(notFoundHandler http.Handler) http.Handler {
router := mux.NewRouter().SkipClean(true)
router.NotFoundHandler = notFoundHandler
2018-07-03 10:44:04 +00:00
router.Methods(http.MethodGet).
2019-01-07 17:30:06 +00:00
Path(http01.ChallengePath("{token}")).
2018-07-03 10:44:04 +00:00
Handler(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
2018-11-14 09:18:03 +00:00
2019-07-22 08:16:04 +00:00
ctx := log.With(context.Background(), log.Str(log.ProviderName, p.ResolverName+".acme"))
2018-11-14 09:18:03 +00:00
logger := log.FromContext(ctx)
2018-07-03 10:44:04 +00:00
if token, ok := vars["token"]; ok {
domain, _, err := net.SplitHostPort(req.Host)
if err != nil {
2018-11-14 09:18:03 +00:00
logger.Debugf("Unable to split host and port: %v. Fallback to request host.", err)
2018-07-03 10:44:04 +00:00
domain = req.Host
}
tokenValue := getTokenValue(ctx, token, domain, p.ChallengeStore)
2018-07-03 10:44:04 +00:00
if len(tokenValue) > 0 {
rw.WriteHeader(http.StatusOK)
_, err = rw.Write(tokenValue)
if err != nil {
2018-11-14 09:18:03 +00:00
logger.Errorf("Unable to write token: %v", err)
2018-07-03 10:44:04 +00:00
}
return
}
}
rw.WriteHeader(http.StatusNotFound)
}))
return router
2018-03-05 19:54:04 +00:00
}
2018-11-14 09:18:03 +00:00
func getTokenValue(ctx context.Context, token, domain string, store ChallengeStore) []byte {
2018-11-14 09:18:03 +00:00
logger := log.FromContext(ctx)
logger.Debugf("Retrieving the ACME challenge for token %v...", token)
var result []byte
operation := func() error {
var err error
result, err = store.GetHTTPChallengeToken(token, domain)
return err
}
notify := func(err error, time time.Duration) {
logger.Errorf("Error getting challenge for token retrying in %s", time)
}
ebo := backoff.NewExponentialBackOff()
ebo.MaxElapsedTime = 60 * time.Second
err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
if err != nil {
logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err)
return []byte{}
}
return result
}