* caddytls: Make on-demand 'ask' permission modular This makes the 'ask' endpoint a module, which means that developers can write custom plugins for granting permission for on-demand certificates. Kicking myself that we didn't do it this way at the beginning, but who coulda known... * Lint * Error on conflicting config * Fix bad merge --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com>
1.7 KiB
{ debug http_port 8080 https_port 8443 default_sni localhost order root first storage file_system { root /data } acme_ca https://example.com acme_eab { key_id 4K2scIVbBpNd-78scadB2g mac_key abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh } acme_ca_root /path/to/ca.crt email test@example.com admin off on_demand_tls { ask https://example.com interval 30s burst 20 } storage_clean_interval 7d renew_interval 1d ocsp_interval 2d
key_type ed25519
}
:80
{ "admin": { "disabled": true }, "logging": { "logs": { "default": { "level": "DEBUG" } } }, "storage": { "module": "file_system", "root": "/data" }, "apps": { "http": { "http_port": 8080, "https_port": 8443, "servers": { "srv0": { "listen": [ ":80" ] } } }, "tls": { "automation": { "policies": [ { "issuers": [ { "ca": "https://example.com", "email": "test@example.com", "external_account": { "key_id": "4K2scIVbBpNd-78scadB2g", "mac_key": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" }, "module": "acme", "trusted_roots_pem_files": [ "/path/to/ca.crt" ] } ], "key_type": "ed25519" } ], "on_demand": { "permission": { "endpoint": "https://example.com", "module": "http" }, "rate_limit": { "interval": 30000000000, "burst": 20 } }, "ocsp_interval": 172800000000000, "renew_interval": 86400000000000, "storage_clean_interval": 604800000000000 } } } }