summaryrefslogtreecommitdiff
path: root/modules/caddytls
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2021-09-24 18:31:01 -0600
committerMatthew Holt <mholt@users.noreply.github.com>2021-09-24 18:31:01 -0600
commit501da21f209c9fad92c65c8ba02a969a03ec5379 (patch)
treec60876dc13b4277bb933feea19b4494a26f639ed /modules/caddytls
parent3336faf25466b1b2d9a007f5468d05a887e16775 (diff)
General minor improvements to docs
Diffstat (limited to 'modules/caddytls')
-rw-r--r--modules/caddytls/acmeissuer.go15
-rw-r--r--modules/caddytls/automation.go6
-rw-r--r--modules/caddytls/tls.go19
3 files changed, 18 insertions, 22 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index b60e560..9a7e73c 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -36,20 +36,16 @@ func init() {
caddy.RegisterModule(ACMEIssuer{})
}
-// ACMEIssuer makes an ACME manager
-// for managing certificates using ACME.
-//
-// TODO: support multiple ACME endpoints (probably
-// requires an array of these structs) - caddy would
-// also have to load certs from the backup CAs if the
-// first one is expired...
+// ACMEIssuer manages certificates using the ACME protocol (RFC 8555).
type ACMEIssuer struct {
- // The URL to the CA's ACME directory endpoint.
+ // The URL to the CA's ACME directory endpoint. Default:
+ // https://acme-v02.api.letsencrypt.org/directory
CA string `json:"ca,omitempty"`
// The URL to the test CA's ACME directory endpoint.
// This endpoint is only used during retries if there
- // is a failure using the primary CA.
+ // is a failure using the primary CA. Default:
+ // https://acme-staging-v02.api.letsencrypt.org/directory
TestCA string `json:"test_ca,omitempty"`
// Your email address, so the CA can contact you if necessary.
@@ -71,6 +67,7 @@ type ACMEIssuer struct {
ExternalAccount *acme.EAB `json:"external_account,omitempty"`
// Time to wait before timing out an ACME operation.
+ // Default: 0 (no timeout)
ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"`
// Configures the various ACME challenge types.
diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go
index c4a90a8..2a701bf 100644
--- a/modules/caddytls/automation.go
+++ b/modules/caddytls/automation.go
@@ -27,8 +27,8 @@ import (
// AutomationConfig governs the automated management of TLS certificates.
type AutomationConfig struct {
- // The list of automation policies. The first matching
- // policy will be applied for a given certificate/name.
+ // The list of automation policies. The first policy matching
+ // a certificate or subject name will be applied.
Policies []*AutomationPolicy `json:"policies,omitempty"`
// On-Demand TLS defers certificate operations to the
@@ -39,7 +39,7 @@ type AutomationConfig struct {
// In 2015, Caddy became the first web server to
// implement this experimental technology.
//
- // Note that this field does not enable on-demand TLS,
+ // Note that this field does not enable on-demand TLS;
// it only configures it for when it is used. To enable
// it, create an automation policy with `on_demand`.
OnDemand *OnDemandConfig `json:"on_demand,omitempty"`
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index a93183e..778ae02 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -47,7 +47,7 @@ type TLS struct {
// have to be refreshed manually before they expire.
CertificatesRaw caddy.ModuleMap `json:"certificates,omitempty" caddy:"namespace=tls.certificates"`
- // Configures the automation of certificate management.
+ // Configures certificate automation.
Automation *AutomationConfig `json:"automation,omitempty"`
// Configures session ticket ephemeral keys (STEKs).
@@ -527,14 +527,14 @@ type Certificate struct {
Tags []string
}
-// AutomateLoader will automatically manage certificates for the names
-// in the list, including obtaining and renewing certificates. Automated
-// certificates are managed according to their matching automation policy,
-// configured elsewhere in this app.
+// AutomateLoader will automatically manage certificates for the names in the
+// list, including obtaining and renewing certificates. Automated certificates
+// are managed according to their matching automation policy, configured
+// elsewhere in this app.
//
-// This is a no-op certificate loader module that is treated as a special
-// case: it uses this app's automation features to load certificates for the
-// list of hostnames, rather than loading certificates manually.
+// Technically, this is a no-op certificate loader module that is treated as
+// a special case: it uses this app's automation features to load certificates
+// for the list of hostnames, rather than loading certificates manually.
type AutomateLoader []string
// CaddyModule returns the Caddy module information.
@@ -549,8 +549,7 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo {
type CertCacheOptions struct {
// Maximum number of certificates to allow in the
// cache. If reached, certificates will be randomly
- // evicted to make room for new ones. Default: 0
- // (no limit).
+ // evicted to make room for new ones. Default: 10,000
Capacity int `json:"capacity,omitempty"`
}