homelab/traefik
1
0
Fork 0
Code Activity

Allow configuration of ACME provider http timeout

Browse source
This commit is contained in:
Tom Wiesing 2025-04-28 14:30:06 +02:00 committed by GitHub
parent 8f37c8f0c5
commit dddb68cd5f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 140 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

65
docs/content/https/acme.md
View file

@ -835,6 +835,71 @@ certificatesResolvers:
# ...
```
### `clientTimeout`
_Optional, Default=2m_
`clientTimeout` is the total timeout for a complete HTTP transaction (including TCP connection, sending request and receiving response) with the ACME server.
It defaults to 2 minutes.
!!! warning "This timeout encompasses the entire request-response cycle, including the response headers timeout. It must be at least `clientResponseHeaderTimeout`, otherwise the certificate resolver will fail to start."
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
clientTimeout: 1m
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
clientTimeout=1m
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.clientTimeout=1m
# ...
```
!!! warning
This should not be confused with any timeouts used for validating challenges.
### `clientResponseHeaderTimeout`
_Optional, Default=30s_
`clientResponseHeaderTimeout` defines how long the HTTP client waits for response headers when communicating with the `caServer`.
It defaults to 30 seconds.
!!! warning "It must be lower than `clientTimeout`, otherwise the certificate resolver will fail to start."
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
clientResponseHeaderTimeout: 1m
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
clientResponseHeaderTimeout=1m
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=1m
# ...
```
### `preferredChain`
_Optional, Default=""_

14
docs/content/https/ref-acme.toml
View file

@ -30,6 +30,20 @@
#
# certificatesDuration=2160
# Timeout for a complete HTTP transaction with the ACME server.
#
# Optional
# Default: 2m
#
# clientTimeout="2m"
# Timeout for receiving the response headers when communicating with the ACME server.
#
# Optional
# Default: 30s
#
# clientResponseHeaderTimeout="30s"
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

14
docs/content/https/ref-acme.txt
View file

@ -29,6 +29,20 @@
#
--certificatesresolvers.myresolver.acme.certificatesDuration=2160
# Timeout for a complete HTTP transaction with the ACME server.
#
# Optional
# Default: 2m
#
--certificatesresolvers.myresolver.acme.clientTimeout=2m
# Timeout for receiving the response headers when communicating with the ACME server.
#
# Optional
# Default: 30s
#
--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=30s
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

14
docs/content/https/ref-acme.yaml
View file

@ -32,6 +32,20 @@ certificatesResolvers:
#
# certificatesDuration: 2160
# Timeout for a complete HTTP transaction with the ACME server.
#
# Optional
# Default: 2m
#
# clientTimeout: "2m"
# Timeout for receiving the response headers when communicating with the ACME server.
#
# Optional
# Default: 30s
#
# clientResponseHeaderTimeout: "30s"
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

2
docs/content/reference/install-configuration/tls/certificate-resolvers/acme.md
View file

@ -83,6 +83,8 @@ ACME certificate resolvers have the following configuration options:
| `acme.eab.kid` | Key identifier from External CA. | "" | No |
| `acme.eab.hmacEncoded` | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
| `acme.certificatesDuration` | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
| `acme.clientTimeout` | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
| `acme.clientResponseHeaderTimeout` | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
| `acme.dnsChallenge` | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
| `acme.dnsChallenge.provider` | DNS provider to use. | "" | No |
| `acme.dnsChallenge.resolvers` | DNS servers to resolve the FQDN authority. | [] | No |

6
docs/content/reference/static-configuration/cli-ref.md
View file

@ -129,6 +129,12 @@ Define if the certificates pool must use a copy of the system cert pool. (Defaul
`--certificatesresolvers.<name>.acme.certificatesduration`:
Certificates' duration in hours. (Default: ```2160```)
`--certificatesresolvers.<name>.acme.clientresponseheadertimeout`:
Timeout for receiving the response headers when communicating with the ACME server. (Default: ```30```)
`--certificatesresolvers.<name>.acme.clienttimeout`:
Timeout for a complete HTTP transaction with the ACME server. (Default: ```120```)
`--certificatesresolvers.<name>.acme.dnschallenge`:
Activate DNS-01 Challenge. (Default: ```false```)

6
docs/content/reference/static-configuration/env-ref.md
View file

@ -129,6 +129,12 @@ Define if the certificates pool must use a copy of the system cert pool. (Defaul
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CERTIFICATESDURATION`:
Certificates' duration in hours. (Default: ```2160```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CLIENTRESPONSEHEADERTIMEOUT`:
Timeout for receiving the response headers when communicating with the ACME server. (Default: ```30```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CLIENTTIMEOUT`:
Timeout for a complete HTTP transaction with the ACME server. (Default: ```120```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE`:
Activate DNS-01 Challenge. (Default: ```false```)

4
docs/content/reference/static-configuration/file.toml
View file

@ -511,6 +511,8 @@
storage = "foobar"
keyType = "foobar"
certificatesDuration = 42
clientTimeout = "42s"
clientResponseHeaderTimeout = "42s"
caCertificates = ["foobar", "foobar"]
caSystemCertPool = true
caServerName = "foobar"
@ -542,6 +544,8 @@
storage = "foobar"
keyType = "foobar"
certificatesDuration = 42
clientTimeout = "42s"
clientResponseHeaderTimeout = "42s"
caCertificates = ["foobar", "foobar"]
caSystemCertPool = true
caServerName = "foobar"

4
docs/content/reference/static-configuration/file.yaml
View file

@ -557,6 +557,8 @@ certificatesResolvers:
kid: foobar
hmacEncoded: foobar
certificatesDuration: 42
clientTimeout: 42s
clientResponseHeaderTimeout: 42s
caCertificates:
- foobar
- foobar
@ -594,6 +596,8 @@ certificatesResolvers:
kid: foobar
hmacEncoded: foobar
certificatesDuration: 42
clientTimeout: 42s
clientResponseHeaderTimeout: 42s
caCertificates:
- foobar
- foobar