Allow SRV deadline to be configured at runtime

config.go

@@ -25,6 +25,7 @@ type Config struct {
 	UsernameHeader  string
 	GroupsHeader    string
 	Timeout         time.Duration
+	SRVAbandonAfter time.Duration
 	LogRequests     bool
 }
 
@@ -47,6 +48,9 @@ func ParseConfig() (*Config, error) {
 	if *rc.SSOSecret == "" {
 		return nil, missing("sso-secret")
 	}
+	if *rc.Timeout < 1 {
+		return nil, fmt.Errorf("timeout must be 1 (second) or longer")
+	}
 
 	c := &Config{}
 	{
@@ -86,6 +90,11 @@ func ParseConfig() (*Config, error) {
 	c.UsernameHeader = *rc.UsernameHeader
 	c.GroupsHeader = *rc.GroupsHeader
 	c.Timeout = time.Duration(*rc.Timeout) * time.Second
+	if *rc.SRVAbandonAfter < 1 {
+		c.SRVAbandonAfter = 0
+	} else {
+		c.SRVAbandonAfter = time.Duration(*rc.SRVAbandonAfter) * time.Second
+	}
 	c.LogRequests = *rc.LogRequests
 
 	c.CookieSecret = uuid.New()
@@ -105,23 +114,25 @@ type rawConfig struct {
 	UsernameHeader  *string
 	GroupsHeader    *string
 	Timeout         *int
+	SRVAbandonAfter *int
 	LogRequests     *bool
 }
 
 func parseRawConfig() *rawConfig {
 	c := &rawConfig{
-		OriginURL:      flag.String("origin-url", "", "origin to proxy eg: http://localhost:2002"),
-		ProxyURL:       flag.String("proxy-url", "", "outer url of this host eg: http://secrets.example.com"),
-		ListenURL:      flag.String("listen-url", "", "url to listen on eg: localhost:2001. leave blank to set equal to proxy-url"),
-		SSOURL:         flag.String("sso-url", "", "SSO endpoint eg: http://discourse.forum.com"),
+		OriginURL:       flag.String("origin-url", "", "Origin to proxy.  e.g.: http://localhost:2002"),
+		ProxyURL:        flag.String("proxy-url", "", "Outer URL of this host.  e.g.: http://secrets.example.com"),
+		ListenURL:       flag.String("listen-url", "", "Address on which to listen.  Leave blank to derive a value from proxy-url.  e.g.: localhost:2001"),
+		SSOURL:          flag.String("sso-url", "", "SSO endpoint.  e.g.: http://discourse.forum.com"),
 		SSOSecret:       flag.String("sso-secret", "", "SSO secret for origin"),
-		AllowAll:       flag.Bool("allow-all", false, "allow all discourse users (default: admin users only)"),
+		AllowAll:        flag.Bool("allow-all", false, "Allow all discourse users (default: admin users only)"),
 		BasicAuth:       flag.String("basic-auth", "", "HTTP Basic authentication credentials to let through directly"),
 		Whitelist:       flag.String("whitelist", "", "Path which does not require authorization"),
 		UsernameHeader:  flag.String("username-header", "Discourse-User-Name", "Request header to pass authenticated username into"),
 		GroupsHeader:    flag.String("groups-header", "Discourse-User-Groups", "Request header to pass authenticated groups into"),
-		Timeout:        flag.Int("timeout", 10, "Read/write timeout"),
-		LogRequests:    flag.Bool("log-requests", false, "log all requests to standard error"),
+		Timeout:         flag.Int("timeout", 10, "Read/write timeout (seconds)"),
+		SRVAbandonAfter: flag.Int("dns-srv-abandon-after", 600, "Abandon DNS SRV discovery if origin RRs do not appear within this time (seconds).  When negative, attempt SRV lookups indefinitely."),
+		LogRequests:     flag.Bool("log-requests", false, "Log all requests to standard error"),
 	}
 	flag.Parse()
 	return c

main.go

@@ -38,7 +38,7 @@ func main() {
 	}
 
 	dnssrv := httpproxy.NewDNSSRVBackend(config.OriginURL)
-	go dnssrv.Lookup(context.Background(), 50*time.Second, 10*time.Second, 5*time.Minute)
+	go dnssrv.Lookup(context.Background(), 50*time.Second, 10*time.Second, config.SRVAbandonAfter)
 	proxy := &httputil.ReverseProxy{Director: dnssrv.Director}
 
 	handler := authProxyHandler(proxy, config)