homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tls Manager: do not build a default certificate for ACME challenges store

Browse source 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
This commit is contained in:
Richard Kojedzinszky 2021-06-14 10:06:05 +02:00 committed by GitHub
parent fc9f41b955
commit f15d05b22f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 86 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pkg/provider/acme/provider.go
View file

@ -383,7 +383,6 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule))
logger := log.FromContext(ctxRouter)
tlsStore := "default"
if len(route.TLS.Domains) > 0 {
for _, domain := range route.TLS.Domains {
if domain.Main != dns01.UnFqdn(domain.Main) {
@ -400,7 +399,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
for i := 0; i < len(domains); i++ {
domain := domains[i]
safe.Go(func() {
if _, err := p.resolveCertificate(ctx, domain, tlsStore); err != nil {
if _, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName); err != nil {
log.WithoutContext().WithField(log.ProviderName, p.ResolverName+".acme").
Errorf("Unable to obtain ACME certificate for domains %q : %v", strings.Join(domain.ToStrArray(), ","), err)
}
@ -412,7 +411,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
logger.Errorf("Error parsing domains in provider ACME: %v", err)
continue
}
p.resolveDomains(ctxRouter, domains, tlsStore)
p.resolveDomains(ctxRouter, domains, traefiktls.DefaultTLSStoreName)
}
}
}
@ -424,13 +423,12 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
ctxRouter := log.With(ctx, log.Str(log.RouterName, routerName), log.Str(log.Rule, route.Rule))
tlsStore := "default"
if len(route.TLS.Domains) > 0 {
domains := deleteUnnecessaryDomains(ctxRouter, route.TLS.Domains)
for i := 0; i < len(domains); i++ {
domain := domains[i]
safe.Go(func() {
if _, err := p.resolveCertificate(ctx, domain, tlsStore); err != nil {
if _, err := p.resolveCertificate(ctx, domain, traefiktls.DefaultTLSStoreName); err != nil {
log.WithoutContext().WithField(log.ProviderName, p.ResolverName+".acme").
Errorf("Unable to obtain ACME certificate for domains %q : %v", strings.Join(domain.ToStrArray(), ","), err)
}
@ -442,7 +440,7 @@ func (p *Provider) watchNewDomains(ctx context.Context) {
log.FromContext(ctxRouter).Errorf("Error parsing domains in provider ACME: %v", err)
continue
}
p.resolveDomains(ctxRouter, domains, tlsStore)
p.resolveDomains(ctxRouter, domains, traefiktls.DefaultTLSStoreName)
}
}
case <-ctxPool.Done():