TLS provides TLS facilities including certificate loading and management, client auth, and more.
| 51 | // TLS provides TLS facilities including certificate |
| 52 | // loading and management, client auth, and more. |
| 53 | type TLS struct { |
| 54 | // Certificates to load into memory for quick recall during |
| 55 | // TLS handshakes. Each key is the name of a certificate |
| 56 | // loader module. |
| 57 | // |
| 58 | // The "automate" certificate loader module can be used to |
| 59 | // specify a list of subjects that need certificates to be |
| 60 | // managed automatically, including subdomains that may |
| 61 | // already be covered by a managed wildcard certificate. |
| 62 | // The first matching automation policy will be used |
| 63 | // to manage automated certificate(s). |
| 64 | // |
| 65 | // All loaded certificates get pooled |
| 66 | // into the same cache and may be used to complete TLS |
| 67 | // handshakes for the relevant server names (SNI). |
| 68 | // Certificates loaded manually (anything other than |
| 69 | // "automate") are not automatically managed and will |
| 70 | // have to be refreshed manually before they expire. |
| 71 | CertificatesRaw caddy.ModuleMap `json:"certificates,omitempty" caddy:"namespace=tls.certificates"` |
| 72 | |
| 73 | // Configures certificate automation. |
| 74 | Automation *AutomationConfig `json:"automation,omitempty"` |
| 75 | |
| 76 | // Configures session ticket ephemeral keys (STEKs). |
| 77 | SessionTickets *SessionTicketService `json:"session_tickets,omitempty"` |
| 78 | |
| 79 | // Configures the in-memory certificate cache. |
| 80 | Cache *CertCacheOptions `json:"cache,omitempty"` |
| 81 | |
| 82 | // Disables OCSP stapling for manually-managed certificates only. |
| 83 | // To configure OCSP stapling for automated certificates, use an |
| 84 | // automation policy instead. |
| 85 | // |
| 86 | // Disabling OCSP stapling puts clients at greater risk, reduces their |
| 87 | // privacy, and usually lowers client performance. It is NOT recommended |
| 88 | // to disable this unless you are able to justify the costs. |
| 89 | // |
| 90 | // EXPERIMENTAL. Subject to change. |
| 91 | DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"` |
| 92 | |
| 93 | // Disables checks in certmagic that the configured storage is ready |
| 94 | // and able to handle writing new content to it. These checks are |
| 95 | // intended to prevent information loss (newly issued certificates), but |
| 96 | // can be expensive on the storage. |
| 97 | // |
| 98 | // Disabling these checks should only be done when the storage |
| 99 | // can be trusted to have enough capacity and no other problems. |
| 100 | // |
| 101 | // EXPERIMENTAL. Subject to change. |
| 102 | DisableStorageCheck bool `json:"disable_storage_check,omitempty"` |
| 103 | |
| 104 | // Disables the automatic cleanup of the storage backend. |
| 105 | // This is useful when TLS is not being used to store certificates |
| 106 | // and the user wants run their server in a read-only mode. |
| 107 | // |
| 108 | // Storage cleaning creates two files: instance.uuid and last_clean.json. |
| 109 | // The instance.uuid file is used to identify the instance of Caddy |
| 110 | // in a cluster. The last_clean.json file is used to store the last |
nothing calls this directly
no outgoing calls
no test coverage detected