reverse_proxy: Add tls_trusted_ca_certs to Caddyfile (#2936)

Allows specifying ca certs with by filename in `reverse_proxy.transport`. Example ``` reverse_proxy /api api:443 { transport http { tls tls_trusted_ca_certs certs/rootCA.pem } } ```
author: Zaq? Wiedmann <zaquestion@gmail.com> 2020-01-07 11:07:42 -0800
committer: Matt Holt <mholt@users.noreply.github.com> 2020-01-07 12:07:42 -0700
commit: 21f1f95e7b4d37786c34eff8965a284340c2164a (patch)
tree: 747d3cc74208e747887804bb35c3dedc5aca5f6a /modules/caddyhttp/reverseproxy/caddyfile.go
parent: 78e98c40d35c0b3bc933886ce11cbf2d0cf44c99 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go
index c9afa2a..99b6bfe 100644
--- a/modules/caddyhttp/reverseproxy/caddyfile.go
+++ b/modules/caddyhttp/reverseproxy/caddyfile.go
@@ -425,6 +425,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 //         tls_client_auth <cert_file> <key_file>
 //         tls_insecure_skip_verify
 //         tls_timeout <duration>
+//         tls_trusted_ca_certs <cert_files...>
 //         keepalive [off|<duration>]
 //         keepalive_idle_conns <max_count>
 //     }
@@ -501,6 +502,17 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
 				}
 				h.TLS.HandshakeTimeout = caddy.Duration(dur)
 
+			case "tls_trusted_ca_certs":
+				args := d.RemainingArgs()
+				if len(args) == 0 {
+					return d.ArgErr()
+				}
+				if h.TLS == nil {
+					h.TLS = new(TLSConfig)
+				}
+
+				h.TLS.RootCAPemFiles = args
+
 			case "keepalive":
 				if !d.NextArg() {
 					return d.ArgErr()
author	Zaq? Wiedmann <zaquestion@gmail.com>	2020-01-07 11:07:42 -0800
committer	Matt Holt <mholt@users.noreply.github.com>	2020-01-07 12:07:42 -0700
commit	21f1f95e7b4d37786c34eff8965a284340c2164a (patch)
tree	747d3cc74208e747887804bb35c3dedc5aca5f6a /modules/caddyhttp/reverseproxy/caddyfile.go
parent	78e98c40d35c0b3bc933886ce11cbf2d0cf44c99 (diff)