Make acme client transport to be closer to DefaultTransport

Helps with things such as HTTP_PROXY env var handling
2018-04-09 17:46:29 +01:00 · 2018-04-09 17:46:29 +01:00 · bd84b7c29c
commit bd84b7c29c
parent 774956fe71
1 changed files with 7 additions and 2 deletions
--- a/pkg/issuer/acme/acme.go
+++ b/pkg/issuer/acme/acme.go
@ -127,8 +127,13 @@ func dialTimeout(ctx context.Context, network, addr string) (net.Conn, error) {

 func (a *Acme) acmeClientWithKey(accountPrivKey *rsa.PrivateKey) client.Interface {
 	tr := &nethttp.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: a.issuer.GetSpec().ACME.SkipTLSVerify},
-		DialContext:     dialTimeout,
+		Proxy:                 nethttp.ProxyFromEnvironment,
+		DialContext:           dialTimeout,
+		TLSClientConfig:       &tls.Config{InsecureSkipVerify: a.issuer.GetSpec().ACME.SkipTLSVerify},
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
 	}
 	client := &nethttp.Client{
 		// Stopgap user-agent roundtripper until the upstream 'crypto/acme'