Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issues/324: When an acme challenge request is malformed, fail the request #326

Merged
merged 10 commits into from
Jul 15, 2023
Merged

issues/324: When an acme challenge request is malformed, fail the request #326

merged 10 commits into from
Jul 15, 2023

Conversation

komuw
Copy link
Owner

@komuw komuw commented Jul 15, 2023

@codecov-commenter
Copy link

codecov-commenter commented Jul 15, 2023
edited
Loading

Codecov Report

Patch coverage: 8.00% and project coverage change: -0.22 ⚠️

Comparison is base (850e1da) 74.41% compared to head (5fa4e7b) 74.19%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #326      +/-   ##
==========================================
- Coverage   74.41%   74.19%   -0.22%     
==========================================
  Files          43       43              
  Lines        4878     4891      +13     
==========================================
- Hits         3630     3629       -1     
- Misses       1002     1016      +14     
  Partials      246      246
Impacted Files Coverage Δ
internal/acme/acme.go 64.13% <8.00%> (-2.96%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@komuw komuw marked this pull request as ready for review July 15, 2023 18:44
@komuw komuw merged commit d55b36b into main Jul 15, 2023
@komuw komuw deleted the issues/324-b branch July 15, 2023 19:28
komuw added a commit that referenced this pull request Jul 15, 2023
@komuw
issues/324: When an acme challenge request is malformed, fail the req…
0398c3e 
…uest (#326)

- Most of the time in the acme challenge handler is spent on reading file from disk.
  Out of a total of 23 seconds, 5seconds is spent reading from disk. That is over `b.N * 10` iterations.
  So for one http request, the time is negligible.
   So this should not really cause the handler to be loadshedded.

go test -run=XXXX -bench=BenchmarkHandler -count=10 github.com/komuw/ong/internal/acme -cpuprofile=cpu.out -memprofile=mem.out
go tool pprof acme.test cpu.out

(pprof) list acme.Handler
Total: 23.23s
ROUTINE ======================== github.com/komuw/ong/internal/acme.Handler.func1 in /home/komuw/mystuff/ong/internal/acme/acme.go
10ms      7.30s (flat, cum) 31.42% of Total
    .          .    154:   return func(w http.ResponseWriter, r *http.Request) {
    .          .    159:                   { // error cases
    .       10ms    160:                           isTls := strings.EqualFold(r.URL.Scheme, "https") || r.TLS != nil
    .          .    161:                           if isTls {
    .       10ms    187:                           if strings.Contains(domain, ":") {
    .          .    201:
    .      310ms    202:                   certPath := filepath.Join(diskCacheDir, domain, tokenFileName)
    .      5.67s    203:                   tok, errE := os.ReadFile(certPath)
    .          .    212:
10ms      1.30s    213:                   _, _ = w.Write(tok)
(pprof) exit

- We have however made a change so that bad requests to the acme challenge handler are failed promptly instead of falling through to the application handler.
  This should help in minimizing the time taken in the acme handler.

- Updates: #324
komuw added a commit that referenced this pull request Jul 16, 2023
@komuw
issues/324: When an acme challenge request is malformed, fail the req…
38d7414 
…uest (#326)

- Most of the time in the acme challenge handler is spent on reading file from disk.
  Out of a total of 23 seconds, 5seconds is spent reading from disk. That is over `b.N * 10` iterations.
  So for one http request, the time is negligible.
   So this should not really cause the handler to be loadshedded.

go test -run=XXXX -bench=BenchmarkHandler -count=10 github.com/komuw/ong/internal/acme -cpuprofile=cpu.out -memprofile=mem.out
go tool pprof acme.test cpu.out

(pprof) list acme.Handler
Total: 23.23s
ROUTINE ======================== github.com/komuw/ong/internal/acme.Handler.func1 in /home/komuw/mystuff/ong/internal/acme/acme.go
10ms      7.30s (flat, cum) 31.42% of Total
    .          .    154:   return func(w http.ResponseWriter, r *http.Request) {
    .          .    159:                   { // error cases
    .       10ms    160:                           isTls := strings.EqualFold(r.URL.Scheme, "https") || r.TLS != nil
    .          .    161:                           if isTls {
    .       10ms    187:                           if strings.Contains(domain, ":") {
    .          .    201:
    .      310ms    202:                   certPath := filepath.Join(diskCacheDir, domain, tokenFileName)
    .      5.67s    203:                   tok, errE := os.ReadFile(certPath)
    .          .    212:
10ms      1.30s    213:                   _, _ = w.Write(tok)
(pprof) exit

- We have however made a change so that bad requests to the acme challenge handler are failed promptly instead of falling through to the application handler.
  This should help in minimizing the time taken in the acme handler.

- Updates: #324
@komuw komuw mentioned this pull request Jul 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@komuw @codecov-commenter