MCPcopy
hub / github.com/caddyserver/caddy / TLS

Struct TLS

modules/caddytls/tls.go:53–151  ·  view source on GitHub ↗

TLS provides TLS facilities including certificate loading and management, client auth, and more.

Source from the content-addressed store, hash-verified

51// TLS provides TLS facilities including certificate
52// loading and management, client auth, and more.
53type TLS struct {
54 // Certificates to load into memory for quick recall during
55 // TLS handshakes. Each key is the name of a certificate
56 // loader module.
57 //
58 // The "automate" certificate loader module can be used to
59 // specify a list of subjects that need certificates to be
60 // managed automatically, including subdomains that may
61 // already be covered by a managed wildcard certificate.
62 // The first matching automation policy will be used
63 // to manage automated certificate(s).
64 //
65 // All loaded certificates get pooled
66 // into the same cache and may be used to complete TLS
67 // handshakes for the relevant server names (SNI).
68 // Certificates loaded manually (anything other than
69 // "automate") are not automatically managed and will
70 // have to be refreshed manually before they expire.
71 CertificatesRaw caddy.ModuleMap `json:"certificates,omitempty" caddy:"namespace=tls.certificates"`
72
73 // Configures certificate automation.
74 Automation *AutomationConfig `json:"automation,omitempty"`
75
76 // Configures session ticket ephemeral keys (STEKs).
77 SessionTickets *SessionTicketService `json:"session_tickets,omitempty"`
78
79 // Configures the in-memory certificate cache.
80 Cache *CertCacheOptions `json:"cache,omitempty"`
81
82 // Disables OCSP stapling for manually-managed certificates only.
83 // To configure OCSP stapling for automated certificates, use an
84 // automation policy instead.
85 //
86 // Disabling OCSP stapling puts clients at greater risk, reduces their
87 // privacy, and usually lowers client performance. It is NOT recommended
88 // to disable this unless you are able to justify the costs.
89 //
90 // EXPERIMENTAL. Subject to change.
91 DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"`
92
93 // Disables checks in certmagic that the configured storage is ready
94 // and able to handle writing new content to it. These checks are
95 // intended to prevent information loss (newly issued certificates), but
96 // can be expensive on the storage.
97 //
98 // Disabling these checks should only be done when the storage
99 // can be trusted to have enough capacity and no other problems.
100 //
101 // EXPERIMENTAL. Subject to change.
102 DisableStorageCheck bool `json:"disable_storage_check,omitempty"`
103
104 // Disables the automatic cleanup of the storage backend.
105 // This is useful when TLS is not being used to store certificates
106 // and the user wants run their server in a read-only mode.
107 //
108 // Storage cleaning creates two files: instance.uuid and last_clean.json.
109 // The instance.uuid file is used to identify the instance of Caddy
110 // in a cluster. The last_clean.json file is used to store the last

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected