commit 1f8be86a01bcd322ee89c1d1b749406d4b03273c Author: David Fifield david@bamsoftware.com Date: Sat Jan 21 14:10:10 2017 -0800
Add a DirCache for certificates under TOR_PT_STATE_LOCATION.
This way, we don't lose state of certificates every time the process is restarted. There's a possibility, otherwise, that if you have to restart the server rapidly, you might run into Let's Encrypt rate limits and be unable to create a cert for a while. https://godoc.org/rsc.io/letsencrypt#hdr-Persistent_Storage --- server/server.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/server/server.go b/server/server.go index 62f166d..aec9b51 100644 --- a/server/server.go +++ b/server/server.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "os/signal" + "path/filepath" "strings" "sync" "syscall" @@ -216,6 +217,14 @@ func startServer(ln net.Listener) (net.Listener, error) { return ln, nil }
+func getCertificateCacheDir() (string, error) { + stateDir, err := pt.MakeStateDir() + if err != nil { + return "", err + } + return filepath.Join(stateDir, "snowflake-certificate-cache"), nil +} + func main() { var acmeEmail string var acmeHostnamesCommas string @@ -253,10 +262,21 @@ func main() { var certManager *autocert.Manager if !disableTLS { log.Printf("ACME hostnames: %q", acmeHostnames) + + var cache autocert.Cache + cacheDir, err := getCertificateCacheDir() + if err == nil { + log.Printf("caching ACME certificates in directory %q", cacheDir) + cache = autocert.DirCache(cacheDir) + } else { + log.Printf("disabling ACME certificate cache: %s", err) + } + certManager = &autocert.Manager{ Prompt: autocert.AcceptTOS, HostPolicy: autocert.HostWhitelist(acmeHostnames...), Email: acmeEmail, + Cache: cache, } }