vite-plugin-caddy-multiple-tls 1.6.1 → 1.7.1

package/README.md

@@ -112,6 +112,10 @@ export default config;
 
 This derives a host like `<repo>.<branch>.web-1.localhost`.
 
+The plugin now treats hostname ownership as explicit. If another live Vite server already owns the resolved domain, it will refuse takeover instead of deleting the other server's route. Use `instanceLabel`, `domain`, or stop the other server first.
+
+If a previous Vite process crashed and left stale ownership behind, the plugin will reclaim it automatically and clean up the stale Caddy route before continuing.
+
 For a zero-config experience, use `baseDomain: 'localhost'` (the default) so the derived domain works without editing `/etc/hosts`.
 
 `internalTls` defaults to `true` when you pass `baseDomain` or `domain`. You can override it if needed.
@@ -157,6 +161,14 @@ export default config;
 
 ## Troubleshooting
 
+### `Cannot claim ... another Vite server already owns this domain`
+
+This means another live dev server is already using the resolved hostname.
+
+- Stop the other server if you want this one to use the same host.
+- Add `instanceLabel` if both servers should run at the same time.
+- Pass an explicit `domain` if you want total control over the hostname.
+
 ### `client is not allowed to access from origin ''`
 
 This error comes from Caddy Admin API origin enforcement, not from Caddy being down.

package/dist/index.js

@@ -1,17 +1,23 @@
 // src/index.ts
 import { execSync as execSync2 } from "child_process";
-import { createHash as createHash2 } from "crypto";
+import { randomUUID } from "crypto";
 import path2 from "path";
 
 // src/utils.ts
 import { execSync } from "child_process";
 import { createHash } from "crypto";
-import { open, unlink } from "fs/promises";
+import { mkdir, open, readFile, readdir, rename, unlink, writeFile } from "fs/promises";
 import os from "os";
 import path from "path";
 var DEFAULT_SERVER_NAME = "srv0";
 var DEFAULT_CADDY_API_URL = "http://localhost:2019";
 var CADDY_ADMIN_ORIGIN_POLICY_ERROR_MESSAGE = "Caddy Admin API rejected request due to origin policy. Check caddyApiUrl and admin origin settings.";
+var ROUTE_ID_PREFIX = "vite-proxy-";
+var LOCK_TIMEOUT_MS = 5e3;
+var LOCK_RETRY_MS = 50;
+var ROUTE_OWNERSHIP_VERSION = 1;
+var ROUTE_OWNERSHIP_STALE_AFTER_MS = 3e4;
+var ROUTE_OWNERSHIP_HEARTBEAT_INTERVAL_MS = 1e4;
 var CONNECTIVITY_ERROR_CODES = /* @__PURE__ */ new Set([
   "ECONNREFUSED",
   "ECONNRESET",
@@ -26,6 +32,57 @@ var CONNECTIVITY_ERROR_CODES = /* @__PURE__ */ new Set([
 function isRecord(value) {
   return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
+function normalizeRouteOwnershipDomains(domains) {
+  return Array.from(new Set(domains)).sort();
+}
+function getRouteOwnershipDirectory() {
+  return path.join(os.tmpdir(), "vite-plugin-caddy-multiple-tls", "owners");
+}
+function getRouteOwnershipPaths(scope) {
+  const key = createHash("sha1").update(
+    JSON.stringify({
+      domains: normalizeRouteOwnershipDomains(scope.domains),
+      serverName: scope.serverName,
+      caddyApiUrl: scope.caddyApiUrl
+    })
+  ).digest("hex").slice(0, 20);
+  const scopeLockKey = createHash("sha1").update(
+    JSON.stringify({
+      serverName: scope.serverName,
+      caddyApiUrl: scope.caddyApiUrl
+    })
+  ).digest("hex").slice(0, 20);
+  const directory = getRouteOwnershipDirectory();
+  return {
+    directory,
+    recordPath: path.join(directory, `${key}.json`),
+    lockPath: path.join(directory, `scope-${scopeLockKey}.lock`)
+  };
+}
+function isRouteOwnershipRecord(value) {
+  if (!isRecord(value)) return false;
+  if (value.version !== ROUTE_OWNERSHIP_VERSION) return false;
+  if (typeof value.ownerId !== "string" || !value.ownerId) return false;
+  if (typeof value.pid !== "number" || !Number.isFinite(value.pid)) return false;
+  if (typeof value.cwd !== "string") return false;
+  if (value.configRoot !== null && typeof value.configRoot !== "string") return false;
+  if (!Array.isArray(value.domains) || value.domains.some((domain) => typeof domain !== "string")) {
+    return false;
+  }
+  if (typeof value.routeId !== "string" || !value.routeId) return false;
+  if (value.tlsPolicyId !== null && typeof value.tlsPolicyId !== "string") return false;
+  if (typeof value.serverName !== "string" || !value.serverName) return false;
+  if (typeof value.caddyApiUrl !== "string" || !value.caddyApiUrl) return false;
+  if (typeof value.startedAt !== "number" || !Number.isFinite(value.startedAt)) return false;
+  if (typeof value.lastSeenAt !== "number" || !Number.isFinite(value.lastSeenAt)) return false;
+  return true;
+}
+function normalizeRouteOwnershipRecord(record) {
+  return {
+    ...record,
+    domains: normalizeRouteOwnershipDomains(record.domains)
+  };
+}
 function parseConfig(text) {
   if (!text.trim()) return {};
   try {
@@ -59,6 +116,9 @@ function buildCaddyRequestError(message, status, text) {
   }
   return new Error(`${message}: ${normalizedText}`);
 }
+function isNodeError(error) {
+  return Boolean(error) && typeof error === "object" && "code" in error;
+}
 function getErrorCode(error) {
   if (!error || typeof error !== "object") return void 0;
   if ("code" in error && typeof error.code === "string") {
@@ -131,10 +191,9 @@ function getLockPath(apiUrl) {
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
-async function withApiLock(apiUrl, fn) {
-  const lockPath = getLockPath(apiUrl);
+async function withFileLock(lockPath, fn) {
+  await mkdir(path.dirname(lockPath), { recursive: true });
   const startedAt = Date.now();
-  const timeoutMs = 5e3;
   while (true) {
     try {
       const handle = await open(lockPath, "wx");
@@ -146,16 +205,159 @@ async function withApiLock(apiUrl, fn) {
       }
       return;
     } catch (e) {
-      if (e.code !== "EEXIST") {
+      if (!isNodeError(e) || e.code !== "EEXIST") {
         throw e;
       }
-      if (Date.now() - startedAt >= timeoutMs) {
+      if (Date.now() - startedAt >= LOCK_TIMEOUT_MS) {
         await fn();
         return;
       }
-      await sleep(50);
+      await sleep(LOCK_RETRY_MS);
+    }
+  }
+}
+async function withApiLock(apiUrl, fn) {
+  await withFileLock(getLockPath(apiUrl), fn);
+}
+async function readRouteOwnershipByPath(recordPath) {
+  try {
+    const text = await readFile(recordPath, "utf8");
+    const parsed = parseConfig(text);
+    if (!isRouteOwnershipRecord(parsed)) return null;
+    return normalizeRouteOwnershipRecord(parsed);
+  } catch (e) {
+    if (isNodeError(e) && e.code === "ENOENT") {
+      return null;
+    }
+    throw e;
+  }
+}
+async function writeRouteOwnership(record) {
+  const normalizedRecord = normalizeRouteOwnershipRecord(record);
+  const { directory, recordPath } = getRouteOwnershipPaths(normalizedRecord);
+  const tempPath = path.join(
+    directory,
+    `${path.basename(recordPath)}.${process.pid}.${Date.now()}.tmp`
+  );
+  await mkdir(directory, { recursive: true });
+  await writeFile(tempPath, JSON.stringify(normalizedRecord), "utf8");
+  await rename(tempPath, recordPath);
+}
+async function listRouteOwnershipRecords(scope) {
+  const directory = getRouteOwnershipDirectory();
+  let entries;
+  try {
+    entries = await readdir(directory);
+  } catch (e) {
+    if (isNodeError(e) && e.code === "ENOENT") {
+      return [];
+    }
+    throw e;
+  }
+  const records = await Promise.all(
+    entries.filter((entry) => entry.endsWith(".json")).map((entry) => readRouteOwnershipByPath(path.join(directory, entry)))
+  );
+  return records.filter((record) => {
+    return Boolean(
+      record && record.serverName === scope.serverName && record.caddyApiUrl === scope.caddyApiUrl
+    );
+  });
+}
+function isProcessAlive(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (e) {
+    return isNodeError(e) && e.code === "EPERM";
+  }
+}
+function isRouteOwnershipActive(record, now = Date.now()) {
+  if (isProcessAlive(record.pid)) {
+    return true;
+  }
+  return record.pid <= 0 && now - record.lastSeenAt <= ROUTE_OWNERSHIP_STALE_AFTER_MS;
+}
+async function claimRouteOwnership(record) {
+  const normalizedRecord = normalizeRouteOwnershipRecord(record);
+  const { lockPath, recordPath } = getRouteOwnershipPaths(normalizedRecord);
+  let claimResult = null;
+  await withFileLock(lockPath, async () => {
+    const existingRecord = await readRouteOwnershipByPath(recordPath);
+    if (existingRecord?.ownerId === normalizedRecord.ownerId) {
+      await writeRouteOwnership(normalizedRecord);
+      claimResult = {
+        status: "claimed",
+        currentRecord: normalizedRecord
+      };
+      return;
+    }
+    const overlappingRecords = (await listRouteOwnershipRecords(normalizedRecord)).filter(
+      (candidate) => {
+        return candidate.ownerId !== normalizedRecord.ownerId && intersectsDomains(candidate.domains, normalizedRecord.domains);
+      }
+    );
+    const activeConflict = overlappingRecords.find((candidate) => {
+      return isRouteOwnershipActive(candidate);
+    });
+    if (activeConflict) {
+      claimResult = {
+        status: "active-conflict",
+        currentRecord: normalizedRecord,
+        existingRecord: activeConflict
+      };
+      return;
     }
+    await writeRouteOwnership(normalizedRecord);
+    if (overlappingRecords.length > 0) {
+      claimResult = {
+        status: "reclaimed",
+        currentRecord: normalizedRecord,
+        previousRecords: overlappingRecords
+      };
+      return;
+    }
+    claimResult = {
+      status: "claimed",
+      currentRecord: normalizedRecord
+    };
+  });
+  if (!claimResult) {
+    throw new Error("Failed to claim route ownership.");
   }
+  return claimResult;
+}
+async function touchRouteOwnership(reference) {
+  const { lockPath, recordPath } = getRouteOwnershipPaths(reference);
+  let touched = false;
+  await withFileLock(lockPath, async () => {
+    const existingRecord = await readRouteOwnershipByPath(recordPath);
+    if (!existingRecord || existingRecord.ownerId !== reference.ownerId) {
+      return;
+    }
+    await writeRouteOwnership({
+      ...existingRecord,
+      lastSeenAt: Date.now()
+    });
+    touched = true;
+  });
+  return touched;
+}
+async function releaseRouteOwnership(reference) {
+  const { lockPath, recordPath } = getRouteOwnershipPaths(reference);
+  let released = false;
+  await withFileLock(lockPath, async () => {
+    const existingRecord = await readRouteOwnershipByPath(recordPath);
+    if (!existingRecord || existingRecord.ownerId !== reference.ownerId) {
+      return;
+    }
+    await unlink(recordPath).catch((error) => {
+      if (!isNodeError(error) || error.code !== "ENOENT") {
+        throw error;
+      }
+    });
+    released = true;
+  });
+  return released;
 }
 function validateCaddyIsInstalled() {
   try {
@@ -403,33 +605,68 @@ function extractMatchedHosts(route) {
   }
   return hosts;
 }
+function extractMatchedSubjects(policy) {
+  if (!isRecord(policy) || !Array.isArray(policy.subjects)) return [];
+  const subjects = [];
+  for (const subject of policy.subjects) {
+    if (typeof subject === "string") {
+      subjects.push(subject);
+    }
+  }
+  return subjects;
+}
 function intersectsDomains(targetDomains, routeDomains) {
   if (targetDomains.length === 0 || routeDomains.length === 0) return false;
   const targetSet = new Set(targetDomains);
   return routeDomains.some((domain) => targetSet.has(domain));
 }
-async function cleanupStaleRoutesForDomains(domains, currentRouteId, serverName = DEFAULT_SERVER_NAME, apiUrl, adminOrigin) {
-  if (domains.length === 0) return;
+async function findManagedRoutesForDomains(domains, serverName = DEFAULT_SERVER_NAME, apiUrl, adminOrigin) {
+  if (domains.length === 0) return [];
   const res = await caddyFetch(
     `${getApiUrl(apiUrl)}/config/apps/http/servers/${serverName}/routes`,
     void 0,
     apiUrl,
     adminOrigin
   );
-  if (!res.ok) return;
+  if (!res.ok) return [];
   const text = await res.text();
   const parsed = parseConfig(text);
-  if (!Array.isArray(parsed)) return;
+  if (!Array.isArray(parsed)) return [];
+  const routeIds = [];
   for (const route of parsed) {
     if (!isRecord(route)) continue;
     const id = route["@id"];
     if (typeof id !== "string") continue;
-    if (!id.startsWith("vite-proxy-")) continue;
-    if (id === currentRouteId) continue;
+    if (!id.startsWith(ROUTE_ID_PREFIX)) continue;
     const routeDomains = extractMatchedHosts(route);
     if (!intersectsDomains(domains, routeDomains)) continue;
-    await removeRoute(id, apiUrl, adminOrigin);
+    routeIds.push(id);
   }
+  return routeIds;
+}
+async function findManagedTlsPoliciesForDomains(domains, apiUrl, adminOrigin) {
+  if (domains.length === 0) return [];
+  const res = await caddyFetch(
+    `${getApiUrl(apiUrl)}/config/apps/tls/automation/policies`,
+    void 0,
+    apiUrl,
+    adminOrigin
+  );
+  if (!res.ok) return [];
+  const text = await res.text();
+  const parsed = parseConfig(text);
+  if (!Array.isArray(parsed)) return [];
+  const policyIds = [];
+  for (const policy of parsed) {
+    if (!isRecord(policy)) continue;
+    const id = policy["@id"];
+    if (typeof id !== "string") continue;
+    if (!id.startsWith(ROUTE_ID_PREFIX)) continue;
+    const policyDomains = extractMatchedSubjects(policy);
+    if (!intersectsDomains(domains, policyDomains)) continue;
+    policyIds.push(id);
+  }
+  return policyIds;
 }
 async function addRoute(id, domains, port, cors, serverName = DEFAULT_SERVER_NAME, upstreamHost = "127.0.0.1", upstreamHostHeader, apiUrl, adminOrigin) {
   const handlers = [];
@@ -718,13 +955,82 @@ function viteCaddyTlsPlugin({
       `caddyAdminOrigin is invalid. Falling back to ${pluginCaddyApiUrl}.`
     );
   }
-  function getInstanceKey(domains, configRoot) {
-    const keyMaterial = JSON.stringify({
-      domains: [...domains].sort(),
+  function createOwnerId() {
+    return `${process.pid}-${Date.now().toString(36)}-${randomUUID().slice(0, 8)}`;
+  }
+  function createRouteOwnershipRecord(ownerId, domains, configRoot) {
+    const routeId = `vite-proxy-${ownerId}`;
+    const shouldUseInternalTls = internalTls ?? (baseDomain !== void 0 || loopbackDomain !== void 0 || domain !== void 0);
+    const now = Date.now();
+    return {
+      version: 1,
+      ownerId,
+      pid: process.pid,
       cwd: process.cwd(),
-      root: configRoot ?? null
-    });
-    return createHash2("sha1").update(keyMaterial).digest("hex").slice(0, 12);
+      configRoot: configRoot ?? null,
+      domains: [...domains],
+      routeId,
+      tlsPolicyId: shouldUseInternalTls ? `${routeId}-tls` : null,
+      serverName: serverName ?? "srv0",
+      caddyApiUrl: pluginCaddyApiUrl,
+      startedAt: now,
+      lastSeenAt: now
+    };
+  }
+  function buildOwnershipConflictMessage(domains, existingRecord) {
+    const ownerLocation = existingRecord.configRoot ?? existingRecord.cwd;
+    const domainLabel = domains.join(", ");
+    return [
+      `Cannot claim ${domainLabel}: another Vite server already owns ${domains.length > 1 ? "these domains" : "this domain"}.`,
+      `Existing owner pid ${existingRecord.pid} from ${ownerLocation}.`,
+      "Stop the other server first, or use `instanceLabel` or `domain` to make the hostname unique."
+    ].join(" ");
+  }
+  async function releaseOwnershipRecord(record) {
+    if (!record) return;
+    await releaseRouteOwnership(record);
+  }
+  async function releaseOwnershipRecords(records) {
+    await Promise.all(records.map((record) => releaseOwnershipRecord(record)));
+  }
+  async function cleanupClaimedResources(record, removeWithRetry) {
+    let cleaned = true;
+    if (record.tlsPolicyId) {
+      const tlsPolicyId = record.tlsPolicyId;
+      cleaned = await removeWithRetry(
+        () => removeTlsPolicy(
+          tlsPolicyId,
+          pluginCaddyApiUrl,
+          pluginCaddyAdminOrigin
+        ),
+        "TLS policy"
+      ) && cleaned;
+    }
+    cleaned = await removeWithRetry(
+      () => removeRoute(record.routeId, pluginCaddyApiUrl, pluginCaddyAdminOrigin),
+      "route"
+    ) && cleaned;
+    return cleaned;
+  }
+  async function cleanupManagedResources(routeIds, tlsPolicyIds, removeWithRetry) {
+    let cleaned = true;
+    for (const managedTlsPolicyId of tlsPolicyIds) {
+      cleaned = await removeWithRetry(
+        () => removeTlsPolicy(
+          managedTlsPolicyId,
+          pluginCaddyApiUrl,
+          pluginCaddyAdminOrigin
+        ),
+        `managed TLS policy ${managedTlsPolicyId}`
+      ) && cleaned;
+    }
+    for (const managedRouteId of routeIds) {
+      cleaned = await removeWithRetry(
+        () => removeRoute(managedRouteId, pluginCaddyApiUrl, pluginCaddyAdminOrigin),
+        `managed route ${managedRouteId}`
+      ) && cleaned;
+    }
+    return cleaned;
   }
   function isPreviewServer(server) {
     return server.config.isProduction;
@@ -757,13 +1063,16 @@ function viteCaddyTlsPlugin({
       instanceLabel
     });
     const domainArray = resolvedDomains ?? [];
-    const routeId = `vite-proxy-${getInstanceKey(domainArray, config.root)}`;
-    const shouldUseInternalTls = internalTls ?? (baseDomain !== void 0 || loopbackDomain !== void 0 || domain !== void 0);
-    const tlsPolicyId = shouldUseInternalTls ? `${routeId}-tls` : null;
+    const ownerId = createOwnerId();
+    const ownershipRecord = createRouteOwnershipRecord(ownerId, domainArray, config.root);
+    const routeId = ownershipRecord.routeId;
+    const tlsPolicyId = ownershipRecord.tlsPolicyId;
     let cleanupStarted = false;
     let resolvedPort = null;
     let resolvedHost = null;
     let setupStarted = false;
+    let activeOwnershipRecord = null;
+    let ownershipHeartbeat = null;
     function buildDomainResolutionMessage() {
       const issues = [];
       if (domain !== void 0 && !normalizeDomains(domain)) {
@@ -869,25 +1178,30 @@ function viteCaddyTlsPlugin({
     async function cleanupRoute() {
       if (cleanupStarted) return;
       cleanupStarted = true;
-      if (tlsPolicyId) {
-        await removeWithRetry(
-          () => removeTlsPolicy(tlsPolicyId, pluginCaddyApiUrl, pluginCaddyAdminOrigin),
-          "TLS policy"
-        );
+      if (ownershipHeartbeat) {
+        clearInterval(ownershipHeartbeat);
+        ownershipHeartbeat = null;
+      }
+      if (!activeOwnershipRecord) return;
+      const cleaned = await cleanupClaimedResources(activeOwnershipRecord, removeWithRetry);
+      if (cleaned) {
+        await releaseOwnershipRecord(activeOwnershipRecord);
+        activeOwnershipRecord = null;
       }
-      await removeWithRetry(
-        () => removeRoute(routeId, pluginCaddyApiUrl, pluginCaddyAdminOrigin),
-        "route"
-      );
     }
     function onServerClose() {
       void cleanupRoute();
     }
+    function getSignalExitCode(signal) {
+      if (signal === "SIGINT") return 130;
+      if (signal === "SIGTERM") return 143;
+      return 1;
+    }
     function handleSignal(signal) {
       process.off("SIGINT", onSigint);
       process.off("SIGTERM", onSigterm);
       void cleanupRoute().finally(() => {
-        process.kill(process.pid, signal);
+        process.exit(getSignalExitCode(signal));
       });
     }
     function onSigint() {
@@ -918,6 +1232,25 @@ function viteCaddyTlsPlugin({
       console.error(`Failed to remove ${label} after ${maxAttempts} attempts.`);
       return false;
     }
+    function startOwnershipHeartbeat(record) {
+      ownershipHeartbeat = setInterval(() => {
+        void touchRouteOwnership(record).then((touched) => {
+          if (touched || !ownershipHeartbeat) {
+            return;
+          }
+          console.error(
+            `Lost route ownership for ${domainArray.join(", ")}. Cleaning up managed Caddy resources.`
+          );
+          void cleanupRoute();
+        }).catch((error) => {
+          console.error(
+            `Failed to refresh route ownership for ${domainArray.join(", ")}.`,
+            error
+          );
+        });
+      }, ROUTE_OWNERSHIP_HEARTBEAT_INTERVAL_MS);
+      ownershipHeartbeat.unref?.();
+    }
     async function setupRoute() {
       if (!validateCaddyIsInstalled()) {
         return;
@@ -933,16 +1266,70 @@ function viteCaddyTlsPlugin({
       }
       const port = getServerPort();
       const upstreamHost = getUpstreamHost();
-      await cleanupStaleRoutesForDomains(
+      let claimResult;
+      try {
+        claimResult = await claimRouteOwnership(ownershipRecord);
+      } catch (e) {
+        console.error("Failed to claim route ownership for the resolved domains.", e);
+        return;
+      }
+      if (claimResult.status === "active-conflict") {
+        console.error(
+          buildOwnershipConflictMessage(domainArray, claimResult.existingRecord)
+        );
+        return;
+      }
+      activeOwnershipRecord = claimResult.currentRecord;
+      if (claimResult.status === "reclaimed") {
+        let reclaimed = true;
+        for (const previousRecord of claimResult.previousRecords) {
+          reclaimed = await cleanupClaimedResources(previousRecord, removeWithRetry) && reclaimed;
+        }
+        if (!reclaimed) {
+          console.error(
+            `Failed to reclaim stale ownership for ${domainArray.join(", ")}. Try stopping the other server or removing stale Caddy state manually.`
+          );
+          await releaseOwnershipRecord(activeOwnershipRecord);
+          activeOwnershipRecord = null;
+          return;
+        }
+        await releaseOwnershipRecords(claimResult.previousRecords);
+      }
+      const conflictingRouteIds = (await findManagedRoutesForDomains(
         domainArray,
-        routeId,
         serverName,
         pluginCaddyApiUrl,
         pluginCaddyAdminOrigin
-      );
-      await removeRoute(routeId, pluginCaddyApiUrl, pluginCaddyAdminOrigin);
+      )).filter((existingRouteId) => {
+        return existingRouteId !== routeId;
+      });
+      const conflictingTlsPolicyIds = (await findManagedTlsPoliciesForDomains(
+        domainArray,
+        pluginCaddyApiUrl,
+        pluginCaddyAdminOrigin
+      )).filter((existingTlsPolicyId) => {
+        return existingTlsPolicyId !== tlsPolicyId;
+      });
+      if (conflictingRouteIds.length > 0 || conflictingTlsPolicyIds.length > 0) {
+        const reclaimedOrphans = await cleanupManagedResources(
+          conflictingRouteIds,
+          conflictingTlsPolicyIds,
+          removeWithRetry
+        );
+        if (reclaimedOrphans) {
+          console.warn(
+            `Reclaimed orphaned managed Caddy resources for ${domainArray.join(", ")}.`
+          );
+        } else {
+          console.error(
+            `Cannot claim ${domainArray.join(", ")} because Caddy still has orphaned managed resources. Remove the stale Caddy state or use \`instanceLabel\` or \`domain\` to make the hostname unique.`
+          );
+          await releaseOwnershipRecord(activeOwnershipRecord);
+          activeOwnershipRecord = null;
+          return;
+        }
+      }
       if (tlsPolicyId) {
-        await removeTlsPolicy(tlsPolicyId, pluginCaddyApiUrl, pluginCaddyAdminOrigin);
         try {
           await addTlsPolicy(
             tlsPolicyId,
@@ -956,6 +1343,8 @@ function viteCaddyTlsPlugin({
             `Failed to add TLS policy to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
             e
           );
+          await releaseOwnershipRecord(activeOwnershipRecord);
+          activeOwnershipRecord = null;
           return;
         }
       }
@@ -975,12 +1364,17 @@ function viteCaddyTlsPlugin({
         if (tlsPolicyAdded && tlsPolicyId) {
           await removeTlsPolicy(tlsPolicyId, pluginCaddyApiUrl, pluginCaddyAdminOrigin);
         }
+        await releaseOwnershipRecord(activeOwnershipRecord);
+        activeOwnershipRecord = null;
         console.error(
           `Failed to add route to Caddy. Is the Caddy Admin API reachable at ${pluginCaddyApiUrl}?`,
           e
         );
         return;
       }
+      if (activeOwnershipRecord) {
+        startOwnershipHeartbeat(activeOwnershipRecord);
+      }
       console.log("\n\u{1F512} Caddy is proxying your traffic on https");
       console.log(`
 \u27A1\uFE0F Upstream target: http://${formatUpstreamTarget(upstreamHost, port)}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite-plugin-caddy-multiple-tls",
-  "version": "1.6.1",
+  "version": "1.7.1",
   "description": "Vite plugin that uses Caddy to provide local HTTPS with derived domains.",
   "keywords": [
     "vite",
@@ -47,14 +47,14 @@
   },
   "homepage": "https://github.com/vampaz/vite-plugin-caddy-multiple-tls/#readme",
   "peerDependencies": {
-    "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0"
+    "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",
     "@types/node": "^25.0.3",
     "fs-extra": "^11.3.3",
     "tsup": "^8.5.1",
-    "vite": "^7.3.0",
+    "vite": "^8.0.0",
     "vitest": "^4.0.16"
   }
 }