diff options
Diffstat (limited to 'modules/caddytls')
-rw-r--r-- | modules/caddytls/acmeissuer.go | 15 | ||||
-rw-r--r-- | modules/caddytls/automation.go | 6 | ||||
-rw-r--r-- | modules/caddytls/tls.go | 19 |
3 files changed, 18 insertions, 22 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index b60e560..9a7e73c 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -36,20 +36,16 @@ func init() { caddy.RegisterModule(ACMEIssuer{}) } -// ACMEIssuer makes an ACME manager -// for managing certificates using ACME. -// -// TODO: support multiple ACME endpoints (probably -// requires an array of these structs) - caddy would -// also have to load certs from the backup CAs if the -// first one is expired... +// ACMEIssuer manages certificates using the ACME protocol (RFC 8555). type ACMEIssuer struct { - // The URL to the CA's ACME directory endpoint. + // The URL to the CA's ACME directory endpoint. Default: + // https://acme-v02.api.letsencrypt.org/directory CA string `json:"ca,omitempty"` // The URL to the test CA's ACME directory endpoint. // This endpoint is only used during retries if there - // is a failure using the primary CA. + // is a failure using the primary CA. Default: + // https://acme-staging-v02.api.letsencrypt.org/directory TestCA string `json:"test_ca,omitempty"` // Your email address, so the CA can contact you if necessary. @@ -71,6 +67,7 @@ type ACMEIssuer struct { ExternalAccount *acme.EAB `json:"external_account,omitempty"` // Time to wait before timing out an ACME operation. + // Default: 0 (no timeout) ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"` // Configures the various ACME challenge types. diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index c4a90a8..2a701bf 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -27,8 +27,8 @@ import ( // AutomationConfig governs the automated management of TLS certificates. type AutomationConfig struct { - // The list of automation policies. The first matching - // policy will be applied for a given certificate/name. + // The list of automation policies. The first policy matching + // a certificate or subject name will be applied. Policies []*AutomationPolicy `json:"policies,omitempty"` // On-Demand TLS defers certificate operations to the @@ -39,7 +39,7 @@ type AutomationConfig struct { // In 2015, Caddy became the first web server to // implement this experimental technology. // - // Note that this field does not enable on-demand TLS, + // Note that this field does not enable on-demand TLS; // it only configures it for when it is used. To enable // it, create an automation policy with `on_demand`. OnDemand *OnDemandConfig `json:"on_demand,omitempty"` diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index a93183e..778ae02 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -47,7 +47,7 @@ type TLS struct { // have to be refreshed manually before they expire. CertificatesRaw caddy.ModuleMap `json:"certificates,omitempty" caddy:"namespace=tls.certificates"` - // Configures the automation of certificate management. + // Configures certificate automation. Automation *AutomationConfig `json:"automation,omitempty"` // Configures session ticket ephemeral keys (STEKs). @@ -527,14 +527,14 @@ type Certificate struct { Tags []string } -// AutomateLoader will automatically manage certificates for the names -// in the list, including obtaining and renewing certificates. Automated -// certificates are managed according to their matching automation policy, -// configured elsewhere in this app. +// AutomateLoader will automatically manage certificates for the names in the +// list, including obtaining and renewing certificates. Automated certificates +// are managed according to their matching automation policy, configured +// elsewhere in this app. // -// This is a no-op certificate loader module that is treated as a special -// case: it uses this app's automation features to load certificates for the -// list of hostnames, rather than loading certificates manually. +// Technically, this is a no-op certificate loader module that is treated as +// a special case: it uses this app's automation features to load certificates +// for the list of hostnames, rather than loading certificates manually. type AutomateLoader []string // CaddyModule returns the Caddy module information. @@ -549,8 +549,7 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo { type CertCacheOptions struct { // Maximum number of certificates to allow in the // cache. If reached, certificates will be randomly - // evicted to make room for new ones. Default: 0 - // (no limit). + // evicted to make room for new ones. Default: 10,000 Capacity int `json:"capacity,omitempty"` } |