mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-05-07 04:07:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fine-tune tls docs formatting

Browse source
This commit is contained in:
Matthew Holt 2020-06-11 11:46:50 -06:00
parent 932b1912ff
commit dc950812ec
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
2 changed files with 20 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

39
src/docs/markdown/caddyfile/directives/tls.md
View file

@ -69,37 +69,26 @@ tls [internal|<email>] | [<cert_file> <key_file>] {
- **ca_root** specifies a PEM file that contains a trusted root certificate for the ACME CA endpoint, if not in the system trust store. - **ca_root** specifies a PEM file that contains a trusted root certificate for the ACME CA endpoint, if not in the system trust store.
- **dns** enables the [DNS challenge](/docs/automatic-https#dns-challenge) using the specified provider plugin, which must be plugged in from one of the [caddy-dns](https://github.com/caddy-dns) repositories. Each provider plugin may have their own syntax following their name; refer to their docs for details. Maintaining support for each DNS provider is a community effort. [Learn how to enable the DNS challenge for your provider at our wiki.](https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148) - **dns** enables the [DNS challenge](/docs/automatic-https#dns-challenge) using the specified provider plugin, which must be plugged in from one of the [caddy-dns](https://github.com/caddy-dns) repositories. Each provider plugin may have their own syntax following their name; refer to their docs for details. Maintaining support for each DNS provider is a community effort. [Learn how to enable the DNS challenge for your provider at our wiki.](https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148)
- **on_demand** enables [on-demand TLS](/docs/automatic-https#on-demand-tls) for the hostnames given in the site block's address(es). - **on_demand** enables [on-demand TLS](/docs/automatic-https#on-demand-tls) for the hostnames given in the site block's address(es).
- **client_auth** enables and configures TLS client authentication. - **client_auth** enables and configures TLS client authentication:
- **mode** is the mode for authenticating the client. Allowed values are:
| Mode | Description |
|--------------------|------------------------------------------------------------------------------------------|
| request | Ask clients for a certificate, but allow even if there isn't one; do not verify it |
| require | Require clients to present a certificate, but do not verify it |
| verify_if_given | Ask clients for a certificate; allow even if there isn't one, but verify it if there is |
| require_and_verify | Require clients to present a valid certificate that is verified |
The `client_auth` block can look like this: Default: `require_and_verify` if any `trusted_ca_cert` or `trusted_leaf_cert` are provided; otherwise, `require`.
```caddy-d - **trusted_ca_cert** is a base64 DER-encoded CA certificate against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
client_auth { - **trusted_ca_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
mode [request|require|verify_if_given|require_and_verify] - **trusted_leaf_cert** is a base64 DER-encoded client leaf certificate to accept. Client certificates which are not signed by any of these CAs will be rejected.
trusted_ca_cert <base64_der> - **trusted_leaf_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
trusted_ca_cert_file <filename>
trusted_leaf_cert <base64_der>
trusted_leaf_cert_file <filename>
}
```
- **trusted_ca_cert** is a base64 DER-encoded CA certificate against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
- **trusted_ca_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
- **trusted_leaf_cert** is a base64 DER-encoded client leaf certificate to accept. Client certificates which are not signed by any of these CAs will be rejected.
- **trusted_leaf_cert_file** is a base64 DER-encoded CA certificate file against which to validate client certificates. Client certificates which are not signed by any of these CAs will be rejected.
Multiple `trusted_*` directives may be specified as a way to chain multiple CA or leaf certificates. Multiple `trusted_*` directives may be specified as a way to chain multiple CA or leaf certificates.
- **mode** is the mode for authenticating the client. Allowed values are:
| Mode | Description |
|--------------------|------------------------------------------------------------------------------------------|
| request | Ask clients for a certificate, but allow even if there isn't one; do not verify it |
| require | Require clients to present a certificate, but do not verify it |
| verify_if_given | Ask clients for a certificate; allow even if there isn't one, but verify it if there is |
| require_and_verify | Require clients to present a valid certificate that is verified |
The default mode is `require_and_verify` if any `trusted_ca_cert` or `trusted_leaf_cert` are provided; otherwise, the default mode is `require`
## Examples ## Examples

6
src/resources/css/docs.css
View file

@ -275,6 +275,12 @@ article li {
line-height: 1.5em; line-height: 1.5em;
} }
article li p,
article li ul,
article li ol {
margin-bottom: .5em;
}
h1, h1,
h2, h2,
h3, h3,