From bd84b7c29c5a62f7dcbdc2c958089b3a88a593b4 Mon Sep 17 00:00:00 2001
From: Maxim Ivanov <ivanov.maxim@gmail.com>
Date: Mon, 9 Apr 2018 17:46:29 +0100
Subject: [PATCH] Make acme client transport to be closer to DefaultTransport

Helps with things such as HTTP_PROXY env var handling
---
 pkg/issuer/acme/acme.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkg/issuer/acme/acme.go b/pkg/issuer/acme/acme.go
index 8d324ea80..60b6b16bb 100644
--- a/pkg/issuer/acme/acme.go
+++ b/pkg/issuer/acme/acme.go
@@ -127,8 +127,13 @@ func dialTimeout(ctx context.Context, network, addr string) (net.Conn, error) {
 
 func (a *Acme) acmeClientWithKey(accountPrivKey *rsa.PrivateKey) client.Interface {
 	tr := &nethttp.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: a.issuer.GetSpec().ACME.SkipTLSVerify},
-		DialContext:     dialTimeout,
+		Proxy:                 nethttp.ProxyFromEnvironment,
+		DialContext:           dialTimeout,
+		TLSClientConfig:       &tls.Config{InsecureSkipVerify: a.issuer.GetSpec().ACME.SkipTLSVerify},
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
 	}
 	client := &nethttp.Client{
 		// Stopgap user-agent roundtripper until the upstream 'crypto/acme'