Comments (3)
I like that idea. But, naively implemented, this could use a lot of memory. We'd basically start a goroutine for each domain that is requested in order to "forget" the rejection after the designated amount of time. So clients enumerating domains rapidly could easily leak goroutines.
from caddy.
The Ask functionality was recently changed from being strictly HTTP-endpoint to be modular, i.e. fulfilled by plugins. I think it's best to have a 3rd party module implementing the caching, rate-limiting, etc., than bundling them into the current implementation. It becomes a conscious choice to add the overhead to your deployment and for the implementation to mature before bringing it into standard distro.
That said, it can be resolved without the development of extra modules. You can add another site managed by Caddy to respond to the ask
calls. The additional site listen internally, e.g. localhost:9000
, and uses the cache-handler, rate-limit handler, and reverse-proxy to your real ask endpoint that's shared across a fleet. Matt's rate-limit module can use distributed storage and use any part of the request as key, so it can be the remote address.
from caddy.
Hmm, yes yes, that is very wise. We can always start with a module and then if it turns out to be super useful and still very efficient we can move it into the standard distribution.
@Jimbolino A Caddy module in the tls.permission.*
namespace, one which implements a simple interface, CertificateAllowed(ctx context.Context, name string) error
, could do this. Instructions here: https://caddyserver.com/docs/extending-caddy
If it works well maybe we can consider it for everyone!
I'll close the issue now since I think that's a much better idea -- and anyone can implement it much more quickly than we'd be able to right now -- and feel free to continue discussion as needed. :)
PS. I'd be able to prioritize this development with a sufficient sponsorship 💯
from caddy.
Related Issues (20)
- What happens when multiple root directives with intersecting matchers are specified in a block? HOT 1
- Feature Request: remote_host request matcher HOT 3
- Caddy is not stopping HOT 4
- Tailscale certificate is not found when email is specified HOT 3
- logs.skip_hosts is ignored HOT 12
- Placeholders do not work as upstream address for reverse_proxy HOT 2
- How can Caddy Server automatically switch over the next upstream server when it encounters an unhealthy HTTP status code during load balancing? HOT 1
- Getting real ip on docker HOT 2
- lb_retries apparently not working HOT 32
- Caddyfile support for On-Demand TLS permission modules HOT 1
- Add Caddyfile wiring for proxy `dynamic srv`'s `grace_period` option HOT 1
- Transparent proxy for IP HOT 1
- caddy stream state handling issues HOT 4
- Custom conditions for retrying proxy requests
- reverse_proxy: how to prevent stripping of headers with underscores / _ ? HOT 8
- Is fallback on a reverse_proxy's lb_policy being parsed properly? HOT 4
- Missing byte in first websocket message HOT 7
- `reverse_proxy` leads to duplicate `Server` headers HOT 6
- Unable to configure to Host: agnostic and port agnostic. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy.