www/caddy: add propagation_timeout and propagation_delay, cleanup macro definition, bump version and add changelog (#4557)

www/caddy/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		caddy
-PLUGIN_VERSION=		1.8.2
+PLUGIN_VERSION=		1.8.3
 PLUGIN_DEPENDS=		caddy-custom
 PLUGIN_COMMENT=		Modern Reverse Proxy with Automatic HTTPS, Dynamic DNS and Layer4 Routing
 PLUGIN_MAINTAINER=	cedrik@pischem.com

www/caddy/pkg-descr

@@ -13,6 +13,11 @@ DOC: https://docs.opnsense.org/manual/how-tos/caddy.html
 Plugin Changelog
 ================
 
+1.8.3
+
+* Add: Update DNS Providers with new optional choices (opnsense/plugins/issues/4543)
+* Add: propagation_timeout and propagation_delay (opnsense/plugins/issues/4544)
+
 1.8.2
 
 * Add: client_ip_headers (opnsense/plugins/issues/4517)

www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml

@@ -164,7 +164,21 @@
             <id>caddy.general.TlsDnsPropagationTimeout</id>
             <label>Disable Propagation Timeout</label>
             <type>checkbox</type>
-            <help><![CDATA[Propagation Timeout is a duration value that sets the maximum time to wait for the DNS TXT records to appear when using the DNS challenge. The default is 2 minutes. Disabling this will set propagation_timeout to -1 (checking propagation infinitely) and additionally set a propagation_delay of 30s (wait time before starting propagation checks). This can help when the DNS Challenge continues to fail because the local DNS Server does not know the new DNS TXT records yet in the default timeframe of 2 minutes.]]></help>
+            <help><![CDATA[This will disable propagation_timeout.]]></help>
+        </field>
+        <field>
+            <id>caddy.general.TlsDnsPropagationTimeoutPeriod</id>
+            <label>Propagation Timeout</label>
+            <type>text</type>
+            <hint>120</hint>
+            <help><![CDATA[propagation_timeout is a duration value in seconds that sets the maximum time to wait for the DNS TXT records to appear when using the DNS challenge.]]></help>
+        </field>
+        <field>
+            <id>caddy.general.TlsDnsPropagationDelay</id>
+            <label>Propagation Delay</label>
+            <type>text</type>
+            <hint>0</hint>
+            <help><![CDATA[propagation_delay is a duration value in seconds that sets how long to wait before starting DNS TXT records propagation checks when using the DNS challenge.]]></help>
         </field>
     </tab>
     <tab id="general-dynamicdns" description="Dynamic DNS">

www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml

@@ -71,6 +71,14 @@
             <TlsDnsOptionalField3 type="TextField"/>
             <TlsDnsOptionalField4 type="TextField"/>
             <TlsDnsPropagationTimeout type="BooleanField"/>
+            <TlsDnsPropagationTimeoutPeriod type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+                <ValidationMessage>Please enter a minimum number of 1 or leave empty for default.</ValidationMessage>
+            </TlsDnsPropagationTimeoutPeriod>
+            <TlsDnsPropagationDelay type="IntegerField">
+                <MinimumValue>1</MinimumValue>
+                <ValidationMessage>Please enter a minimum number of 1 or leave empty for default.</ValidationMessage>
+            </TlsDnsPropagationDelay>
             <TlsDnsPropagationResolvers type="NetworkField">
                 <NetMaskAllowed>N</NetMaskAllowed>
             </TlsDnsPropagationResolvers>

www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile

@@ -305,15 +305,6 @@ http://{{ domain }} {
 #   Purpose: Configures TLS settings based on the DNS provider, API keys, and optional fields.
 #            Sets up the Caddyfile to update TXT Records with the chosen DNS Provider and receive
 #            certificates with the DNS-01 challenge. Refer to Dynamic DNS section for more details.
-#   Parameters:
-#   - @param dnsProvider (string): The DNS provider used for the DNS challenge.
-#   - @param dnsApiKey (string): API key for the DNS provider, essential for authentication.
-#   - @param customCert (string, optional): The config extracted name of a certificate.
-#   - @param dnsChallenge (boolean): Indicates if a DNS challenge is used for certificate authentication.
-#   - @param dnsSecretApiKey (string, optional): A secret API key or token for additional security, depending on the provider.
-#   - @param TlsDnsOptionalField1 to 4 (string, optional): Additional fields for specific DNS provider configurations.
-#   - @param TlsDnsPropagationTimeout (boolean, optional): Disables Propagation Timeout for DNS Challenge.
-#   - @param TlsDnsPropagationResolvers (string, optional): Set custom nameserver for DNS Challenge.
 #}
 {% macro tls_configuration(
     customCert,
@@ -326,6 +317,8 @@ http://{{ domain }} {
     tlsDnsOptionalField3,
     tlsDnsOptionalField4,
     tlsDnsPropagationTimeout,
+    tlsDnsPropagationTimeoutPeriod,
+    tlsDnsPropagationDelay,
     tlsDnsPropagationResolvers
 ) %}
     {% if customCert or (dnsChallenge == "1" and dnsProvider) %}
@@ -340,8 +333,12 @@ http://{{ domain }} {
                 resolvers {{ tlsDnsPropagationResolvers }}
                 {% endif %}
                 {% if tlsDnsPropagationTimeout|default("0") == "1" %}
-                propagation_delay 30s
                 propagation_timeout -1
+                {% elif tlsDnsPropagationTimeoutPeriod %}
+                propagation_timeout {{ tlsDnsPropagationTimeoutPeriod }}s
+                {% endif %}
+                {% if tlsDnsPropagationDelay %}
+                propagation_delay {{ tlsDnsPropagationDelay }}s
                 {% endif %}
             }
         }{% endif %}
@@ -597,19 +594,19 @@ http://{{ domain }} {
                     }
                 {% endif %}
             {% endif %}
-            {% set customCert = reverse.CustomCertificate|default("") %}
-            {% set dnsChallenge = reverse.DnsChallenge|default("0") %}
             {{ tls_configuration(
-                customCert,
-                dnsChallenge,
-                dnsProvider,
-                dnsApiKey,
-                dnsSecretApiKey,
-                tlsDnsOptionalField1,
-                tlsDnsOptionalField2,
-                tlsDnsOptionalField3,
-                tlsDnsOptionalField4,
+                reverse.CustomCertificate|default(""),
+                reverse.DnsChallenge|default("0"),
+                generalSettings.TlsDnsProvider,
+                generalSettings.TlsDnsApiKey,
+                generalSettings.TlsDnsSecretApiKey,
+                generalSettings.TlsDnsOptionalField1,
+                generalSettings.TlsDnsOptionalField2,
+                generalSettings.TlsDnsOptionalField3,
+                generalSettings.TlsDnsOptionalField4,
                 generalSettings.TlsDnsPropagationTimeout,
+                generalSettings.TlsDnsPropagationTimeoutPeriod,
+                generalSettings.TlsDnsPropagationDelay,
                 generalSettings.TlsDnsPropagationResolvers
             ) }}