[tor-commits] [snowflake/master] Add a DirCache for certificates under TOR_PT_STATE_LOCATION.
dcf at torproject.org
dcf at torproject.org
Fri Mar 31 02:16:53 UTC 2017
commit 1f8be86a01bcd322ee89c1d1b749406d4b03273c
Author: David Fifield <david at bamsoftware.com>
Date: Sat Jan 21 14:10:10 2017 -0800
Add a DirCache for certificates under TOR_PT_STATE_LOCATION.
This way, we don't lose state of certificates every time the process is
restarted. There's a possibility, otherwise, that if you have to restart
the server rapidly, you might run into Let's Encrypt rate limits and be
unable to create a cert for a while.
https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage
---
server/server.go | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/server/server.go b/server/server.go
index 62f166d..aec9b51 100644
--- a/server/server.go
+++ b/server/server.go
@@ -19,6 +19,7 @@ import (
"net/http"
"os"
"os/signal"
+ "path/filepath"
"strings"
"sync"
"syscall"
@@ -216,6 +217,14 @@ func startServer(ln net.Listener) (net.Listener, error) {
return ln, nil
}
+func getCertificateCacheDir() (string, error) {
+ stateDir, err := pt.MakeStateDir()
+ if err != nil {
+ return "", err
+ }
+ return filepath.Join(stateDir, "snowflake-certificate-cache"), nil
+}
+
func main() {
var acmeEmail string
var acmeHostnamesCommas string
@@ -253,10 +262,21 @@ func main() {
var certManager *autocert.Manager
if !disableTLS {
log.Printf("ACME hostnames: %q", acmeHostnames)
+
+ var cache autocert.Cache
+ cacheDir, err := getCertificateCacheDir()
+ if err == nil {
+ log.Printf("caching ACME certificates in directory %q", cacheDir)
+ cache = autocert.DirCache(cacheDir)
+ } else {
+ log.Printf("disabling ACME certificate cache: %s", err)
+ }
+
certManager = &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(acmeHostnames...),
Email: acmeEmail,
+ Cache: cache,
}
}
More information about the tor-commits
mailing list