search

mholt / acmez

Premier ACME client library for Go
https://pkg.go.dev/github.com/mholt/acmez/v2
Apache License 2.0
272 stars 32 forks source link

Enable http keep-alive #26

Closed arontsang closed 4 months ago

arontsang commented 4 months ago

I am currently trying to use caddy with a corporate acme endpoint that is behind an AWS ELB.

Due to the round-robin nature of the ELB, I am unable to do a full http challenge going to the same backend server.

We need either https keep-alive or cookie support to allow caddy to connect to the same server at each stage of the request.

mholt commented 4 months ago

Thanks for opening an issue. Caddy is already capable of solving challenges behind a load balancer. This is the acmez repo, was that a mistake? 🤔 just want to make sure I understand what is being asked.

arontsang commented 4 months ago

Hi @mholt, Thanks for your prompt response. I noticed that caddy seems to be using this library for driving the ACME api (not the challenge).

The load balancer is in-front of the ACME endpoint (and not Letsencrypt nor ZeroSSL).

My issue is that caddy is creating a fresh TCP request for each API call (NewNonce, NewAccount etc). The AWS Load Balance is then forwarding the requests to different backend servers (and our vendor seems to not share state between them (or not quickly enough)). The result is that the received nonce is rejected by the NewAccount request by caddy.

mholt commented 4 months ago

Still not sure I totally understand the problem and requirement, but you can set your own http.Client that has Keep-Alive enabled in its Transport here: https://pkg.go.dev/github.com/mholt/acmez/v2@v2.0.0/acme#Client

arontsang commented 4 months ago

Thanks, I'll see if I can PR caddy

On Thu, 2 May 2024, 22:35 Matt Holt, @.***> wrote:

Still not sure I totally understand the problem and requirement, but you can set your own http.Client that has Keep-Alive enabled in its Transport here: @.***/acme#Client

— Reply to this email directly, view it on GitHub https://github.com/mholt/acmez/issues/26#issuecomment-2090650798, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA46MLJS7JOBXRLOJFUBPGDZAJFLPAVCNFSM6AAAAABHC7DPPCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJQGY2TANZZHA . You are receiving this because you authored the thread.Message ID: @.***>

mholt commented 4 months ago

Thanks; closing this issue, since the feature really has to go downstream.