diff options
author | Francis Lavoie <lavofr@gmail.com> | 2022-06-06 14:37:09 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-06 12:37:09 -0600 |
commit | 7f9b1f43c9f8c7d0f4ca9271090cae92103232c7 (patch) | |
tree | 780f23195233a7707f5a7839b93e88857595dbe6 /modules | |
parent | 5e729c1e85f8ac9eac1e136ec0261c6e7b1c865e (diff) |
reverseproxy: Correct the `tls_server_name` docs (#4827)
* reverseproxy: Correct the `tls_server_name` docs
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/reverseproxy/httptransport.go | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 264bd2a..54cdb70 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -315,7 +315,14 @@ type TLSConfig struct { // The duration to allow a TLS handshake to a server. Default: No timeout. HandshakeTimeout caddy.Duration `json:"handshake_timeout,omitempty"` - // The server name (SNI) to use in TLS handshakes. + // The server name used when verifying the certificate received in the TLS + // handshake. By default, this will use the upstream address' host part. + // You only need to override this if your upstream address does not match the + // certificate the upstream is likely to use. For example if the upstream + // address is an IP address, then you would need to configure this to the + // hostname being served by the upstream server. Currently, this does not + // support placeholders because the TLS config is not provisioned on each + // connection, so a static value must be used. ServerName string `json:"server_name,omitempty"` } @@ -386,7 +393,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { cfg.RootCAs = rootPool } - // custom SNI + // override for the server name used verify the TLS handshake cfg.ServerName = t.ServerName // throw all security out the window @@ -402,16 +409,16 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { // KeepAlive holds configuration pertaining to HTTP Keep-Alive. type KeepAlive struct { - // Whether HTTP Keep-Alive is enabled. Default: true + // Whether HTTP Keep-Alive is enabled. Default: `true` Enabled *bool `json:"enabled,omitempty"` // How often to probe for liveness. Default: `30s`. ProbeInterval caddy.Duration `json:"probe_interval,omitempty"` - // Maximum number of idle connections. Default: 0, which means no limit. + // Maximum number of idle connections. Default: `0`, which means no limit. MaxIdleConns int `json:"max_idle_conns,omitempty"` - // Maximum number of idle connections per host. Default: 32. + // Maximum number of idle connections per host. Default: `32`. MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` // How long connections should be kept alive when idle. Default: `2m`. |