mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-06-18 04:04:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update for beta 17

Browse source
This commit is contained in:
Matthew Holt 2020-03-14 10:38:42 -06:00
parent a0d5e5097c
commit 5cf7dc8c93
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
14 changed files with 154 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/docs/markdown/caddyfile/concepts.md
View file

@ -121,7 +121,7 @@ An address always appears at the top of the site block, and is usually the first
These are examples of valid addresses:
<aside class="tip">
<a href="/docs/automatic-https">Automatic HTTPS</a> is enabled if your site's address contains a real-looking domain name. This behavior is purely implicit, however, so it never overrides any explicit configuration. For example, if the site's address is <code>http://example.com</code>, auto-HTTPS will not activate because the scheme is http.
<a href="/docs/automatic-https">Automatic HTTPS</a> is enabled if your site's address contains a hostname or IP address. This behavior is purely implicit, however, so it never overrides any explicit configuration. For example, if the site's address is <code>http://example.com</code>, auto-HTTPS will not activate because the scheme is explicitly <code>http://</code>.
</aside>
- `localhost`
@ -133,7 +133,7 @@ These are examples of valid addresses:
- `[::1]:2015`
- `example.com/foo/*`
From the address, Caddy can potentially infer the scheme, host, port, and path of your site. The default port is 2015 unless [automatic HTTPS](/docs/automatic-https#activation) is activated, which changes it to the HTTPS port.
From the address, Caddy can potentially infer the scheme, host, port, and path of your site.
If you specify a hostname, only requests with a matching Host header will be honored. In other words, if the site address is `localhost`, then Caddy will not match requests to `127.0.0.1`.
@ -275,7 +275,12 @@ You can use any [Caddy placeholders](/docs/conventions#placeholders) in the Cadd
| `{remote_port}` | `{http.request.remote.port}` |
| `{scheme}` | `{http.request.scheme}` |
| `{uri}` | `{http.request.uri}` |
| `{tls_cipher}` | `{http.request.tls.cipher_suite}` |
| `{tls_version}` | `{http.request.tls.version}` |
| `{tls_client_fingerprint}` | `{http.request.tls.client.fingerprint}` |
| `{tls_client_issuer}` | `{http.request.tls.client.issuer}` |
| `{tls_client_serial}` | `{http.request.tls.client.serial}` |
| `{tls_client_subject}` | `{http.request.tls.client.subject}` |
## Snippets

3
src/docs/markdown/caddyfile/directives/tls.md
View file

@ -14,7 +14,7 @@ Compatibility note: Due to its sensitive nature as a security protocol, delibera
## Syntax
```
tls <email>|[<cert_file> <key_file>] {
tls [internal|<email>] | [<cert_file> <key_file>] {
protocols <min> [<max>]
ciphers <cipher_suites...>
curves <curves...>
@ -25,6 +25,7 @@ tls <email>|[<cert_file> <key_file>] {
}
```
- **internal** means to use Caddy's internal, locally-trusted CA to produce certificates for this site.
- **&lt;email&gt;** is the email address to use for the ACME account managing the site's certificates.
- **&lt;cert_file&gt;** and **&lt;key_file&gt;** are the paths to the certificate and private key PEM files. Specifying just one is invalid; specifying both will disable automatic HTTPS.
- **protocols** specifies the minimum and maximum protocol versions. Default min: `tls1.2`. Default max: `tls1.3`

2
src/docs/markdown/caddyfile/options.md
View file

@ -27,6 +27,7 @@ Possible options are:
<options...>
}
experimental_http3
default_sni <name>
acme_ca <directory_url>
acme_ca_root <pem_file>
email <yours>
@ -39,6 +40,7 @@ Possible options are:
- **https_port** is the port for the server to use for HTTPS. For internal use only; does not change the HTTPS port for clients. Default: 443
- **order** sets or changes the standard order of HTTP handler directive(s). Can set directives to be `first` or `last`, or `before` or `after` another directive.
- **storage** configures Caddy's storage mechanism. Default: `file_system`
- **default_sni** sets a default TLS ServerName for when clients do not use SNI in their ClientHello.
- **experimental_http3** enables experimental draft HTTP/3 support. Note that HTTP/3 is not a finished spec and client support is extremely limited. This option will go away in the future. _This option is not subject to compatibility promises._
- **acme_ca** specifies the URL to the ACME CA's directory. It is strongly recommended to set this to Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/) for testing or development. Default: Let's Encrypt's production endpoint.
- **acme_ca_root** specifies a PEM file that contains a trusted root certificate for ACME CA endpoints, if not in the system trust store.