serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-28 04:45:56 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

caddytls: Clarify some JSON config docs

Browse source
This commit is contained in:
Matthew Holt 2023-06-04 22:15:50 -06:00
parent 078f130a51
commit 4ba03c9d38
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
2 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
modules/caddytls/automation.go
View file

@ -85,6 +85,13 @@ type AutomationConfig struct {
// TLS app to properly provision a new policy. // TLS app to properly provision a new policy.
type AutomationPolicy struct { type AutomationPolicy struct {
// Which subjects (hostnames or IP addresses) this policy applies to. // Which subjects (hostnames or IP addresses) this policy applies to.
//
// This list is a filter, not a command. In other words, it is used
// only to filter whether this policy should apply to a subject that
// needs a certificate; it does NOT command the TLS app to manage a
// certificate for that subject. To have Caddy automate a certificate
// or specific subjects, use the "automate" certificate loader module
// of the TLS app.
SubjectsRaw []string `json:"subjects,omitempty"` SubjectsRaw []string `json:"subjects,omitempty"`
// The modules that may issue certificates. Default: internal if all // The modules that may issue certificates. Default: internal if all

15
modules/caddytls/tls.go
View file

@ -39,9 +39,16 @@ func init() {
// TLS provides TLS facilities including certificate // TLS provides TLS facilities including certificate
// loading and management, client auth, and more. // loading and management, client auth, and more.
type TLS struct { type TLS struct {
// Caches certificates in memory for quick use during // Certificates to load into memory for quick recall during
// TLS handshakes. Each key is the name of a certificate // TLS handshakes. Each key is the name of a certificate
// loader module. All loaded certificates get pooled // loader module.
//
// The "automate" certificate loader module can be used to
// specify a list of subjects that need certificates to be
// managed automatically. The first matching automation
// policy will be applied to manage the certificate(s).
//
// All loaded certificates get pooled
// into the same cache and may be used to complete TLS // into the same cache and may be used to complete TLS
// handshakes for the relevant server names (SNI). // handshakes for the relevant server names (SNI).
// Certificates loaded manually (anything other than // Certificates loaded manually (anything other than
@ -557,7 +564,9 @@ type Certificate struct {
// //
// Technically, this is a no-op certificate loader module that is treated as // Technically, this is a no-op certificate loader module that is treated as
// a special case: it uses this app's automation features to load certificates // a special case: it uses this app's automation features to load certificates
// for the list of hostnames, rather than loading certificates manually. // for the list of hostnames, rather than loading certificates manually. But
// the end result is the same: certificates for these subject names will be
// loaded into the in-memory cache and may then be used.
type AutomateLoader []string type AutomateLoader []string
// CaddyModule returns the Caddy module information. // CaddyModule returns the Caddy module information.