baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Fix triggering multiple concurrent requests to ACME

Browse source
This commit is contained in:
Douglas De Toni Machado 2020-07-08 07:54:04 -03:00 committed by GitHub
parent 2b35397169
commit d73c7ccf50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
pkg/provider/acme/provider.go
View file

@ -426,13 +426,11 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
return nil, err return nil, err
} }
// Check provided certificates // Check if provided certificates are not already in progress and lock them if needed
uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore) uncheckedDomains := p.getUncheckedDomains(ctx, domains, tlsStore)
if len(uncheckedDomains) == 0 { if len(uncheckedDomains) == 0 {
return nil, nil return nil, nil
} }
p.addResolvingDomains(uncheckedDomains)
defer p.removeResolvingDomains(uncheckedDomains) defer p.removeResolvingDomains(uncheckedDomains)
logger := log.FromContext(ctx) logger := log.FromContext(ctx)
@ -481,15 +479,6 @@ func (p *Provider) removeResolvingDomains(resolvingDomains []string) {
} }
} }
func (p *Provider) addResolvingDomains(resolvingDomains []string) {
p.resolvingDomainsMutex.Lock()
defer p.resolvingDomainsMutex.Unlock()
for _, domain := range resolvingDomains {
p.resolvingDomains[domain] = struct{}{}
}
}
func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) { func (p *Provider) addCertificateForDomain(domain types.Domain, certificate, key []byte, tlsStore string) {
p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore} p.certsChan <- &CertAndStore{Certificate: Certificate{Certificate: certificate, Key: key, Domain: domain}, Store: tlsStore}
} }
@ -656,8 +645,8 @@ func (p *Provider) renewCertificates(ctx context.Context) {
// Get provided certificate which check a domains list (Main and SANs) // Get provided certificate which check a domains list (Main and SANs)
// from static and dynamic provided certificates. // from static and dynamic provided certificates.
func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string { func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []string, tlsStore string) []string {
p.resolvingDomainsMutex.RLock() p.resolvingDomainsMutex.Lock()
defer p.resolvingDomainsMutex.RUnlock() defer p.resolvingDomainsMutex.Unlock()
log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck) log.FromContext(ctx).Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
@ -673,7 +662,14 @@ func (p *Provider) getUncheckedDomains(ctx context.Context, domainsToCheck []str
allDomains = append(allDomains, domain) allDomains = append(allDomains, domain)
} }
return searchUncheckedDomains(ctx, domainsToCheck, allDomains) uncheckedDomains := searchUncheckedDomains(ctx, domainsToCheck, allDomains)
// Lock domains that will be resolved by this routine
for _, domain := range uncheckedDomains {
p.resolvingDomains[domain] = struct{}{}
}
return uncheckedDomains
} }
func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string { func searchUncheckedDomains(ctx context.Context, domainsToCheck, existentDomains []string) []string {