ipn/localapi: move cert fetching code to localapi, cache, add cert subcommand

Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-10-25 10:09:17 +00:00 · 2021-08-17 15:03:28 -07:00
parent 4c8b5fdec4
commit 57b794c338
9 changed files with 526 additions and 259 deletions
--- a/ipn/localapi/localapi.go
+++ b/ipn/localapi/localapi.go
@@ -57,6 +57,12 @@ type Handler struct {
 	b            *ipnlocal.LocalBackend
 	logf         logger.Logf
 	backendLogID string
+
+	// certMu guards all cert/ACME operations, so concurrent
+	// requests for certs don't slam ACME. The first will go
+	// through and populate the on-disk cache and the rest should
+	// use that.
+	certMu sync.Mutex
 }

 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -83,6 +89,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.serveFilePut(w, r)
 		return
 	}
+	if strings.HasPrefix(r.URL.Path, "/localapi/v0/cert/") {
+		h.serveCert(w, r)
+		return
+	}
 	switch r.URL.Path {
 	case "/localapi/v0/whois":
 		h.serveWhoIs(w, r)