ACME config cleanups (#4525)

* Handle listening for ACME requests on IPv6 addresses the weird url-but-not-actually-a-url-string doesn't handle IPv6 addresses without extra quoting. Building a string which you are about to parse again seems like a weird choice. Let's just use listenTCP, which is consistent with what we do elsewhere. * Clean up the default ACME config make it look a bit more consistent with everything else, and tweak the defaults to listen on port 80. * newsfile
2025-08-03 18:14:12 -04:00 · 2019-01-30 14:17:55 +00:00 · 2019-01-30 14:17:55 +00:00 · 7615a8ced1
commit 7615a8ced1
parent 43c6fca960
5 changed files with 115 additions and 60 deletions
--- a/synapse/handlers/acme.py
+++ b/synapse/handlers/acme.py
@ -18,13 +18,16 @@ import logging
 import attr
 from zope.interface import implementer

+import twisted
+import twisted.internet.error
 from twisted.internet import defer
-from twisted.internet.endpoints import serverFromString
 from twisted.python.filepath import FilePath
 from twisted.python.url import URL
 from twisted.web import server, static
 from twisted.web.resource import Resource

+from synapse.app import check_bind_error
+
 logger = logging.getLogger(__name__)

 try:
@ -96,16 +99,19 @@ class AcmeHandler(object):

        srv = server.Site(responder_resource)

-        listeners = []
-
-        for host in self.hs.config.acme_bind_addresses:
+        bind_addresses = self.hs.config.acme_bind_addresses
+        for host in bind_addresses:
            logger.info(
-                "Listening for ACME requests on %s:%s", host, self.hs.config.acme_port
+                "Listening for ACME requests on %s:%i", host, self.hs.config.acme_port,
            )
-            endpoint = serverFromString(
-                self.reactor, "tcp:%s:interface=%s" % (self.hs.config.acme_port, host)
-            )
-            listeners.append(endpoint.listen(srv))
+            try:
+                self.reactor.listenTCP(
+                    self.hs.config.acme_port,
+                    srv,
+                    interface=host,
+                )
+            except twisted.internet.error.CannotListenError as e:
+                check_bind_error(e, host, bind_addresses)

        # Make sure we are registered to the ACME server. There's no public API
        # for this, it is usually triggered by startService, but since we don't
@ -114,9 +120,6 @@ class AcmeHandler(object):
        self._issuer._registered = False
        yield self._issuer._ensure_registered()

-        # Return a Deferred that will fire when all the servers have started up.
-        yield defer.DeferredList(listeners, fireOnOneErrback=True, consumeErrors=True)
-
    @defer.inlineCallbacks
    def provision_certificate(self):