diff options
author | Zaq? Wiedmann <zaquestion@gmail.com> | 2020-01-07 11:07:42 -0800 |
---|---|---|
committer | Matt Holt <mholt@users.noreply.github.com> | 2020-01-07 12:07:42 -0700 |
commit | 21f1f95e7b4d37786c34eff8965a284340c2164a (patch) | |
tree | 747d3cc74208e747887804bb35c3dedc5aca5f6a /modules/caddyhttp/reverseproxy/caddyfile.go | |
parent | 78e98c40d35c0b3bc933886ce11cbf2d0cf44c99 (diff) |
reverse_proxy: Add tls_trusted_ca_certs to Caddyfile (#2936)
Allows specifying ca certs with by filename in
`reverse_proxy.transport`.
Example
```
reverse_proxy /api api:443 {
transport http {
tls
tls_trusted_ca_certs certs/rootCA.pem
}
}
```
Diffstat (limited to 'modules/caddyhttp/reverseproxy/caddyfile.go')
-rw-r--r-- | modules/caddyhttp/reverseproxy/caddyfile.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index c9afa2a..99b6bfe 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -425,6 +425,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // tls_client_auth <cert_file> <key_file> // tls_insecure_skip_verify // tls_timeout <duration> +// tls_trusted_ca_certs <cert_files...> // keepalive [off|<duration>] // keepalive_idle_conns <max_count> // } @@ -501,6 +502,17 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.TLS.HandshakeTimeout = caddy.Duration(dur) + case "tls_trusted_ca_certs": + args := d.RemainingArgs() + if len(args) == 0 { + return d.ArgErr() + } + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + + h.TLS.RootCAPemFiles = args + case "keepalive": if !d.NextArg() { return d.ArgErr() |