From f3bb002d6eef8ca10e95c53f24a9124b9805c7e6 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 11 Oct 2024 16:53:34 +0300 Subject: [PATCH] review points Signed-off-by: Mohammed Al Sahaf --- src/docs/markdown/caddyfile/options.md | 33 +++++++++++++++++--------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/src/docs/markdown/caddyfile/options.md b/src/docs/markdown/caddyfile/options.md index 8a6d687..96e8a5c 100644 --- a/src/docs/markdown/caddyfile/options.md +++ b/src/docs/markdown/caddyfile/options.md @@ -793,7 +793,18 @@ The `tls` listener wrapper is a no-op listener wrapper that marks where the TLS ###### `http_redirect` -The [`http_redirect`](/docs/json/apps/http/servers/listener_wrappers/http_redirect/) provides HTTP->HTTPS redirects for connections that come on the TLS port as an HTTP request, by detecting using the first few bytes that it's not a TLS handshake, but instead an HTTP request. This is most useful when serving HTTPS on a non-standard port (other than `443`), since browsers will try HTTP unless the scheme is specified. It must be placed _before_ the `tls` listener wrapper. +The [`http_redirect`](/docs/json/apps/http/servers/listener_wrappers/http_redirect/) provides HTTP->HTTPS redirects for connections that come on the TLS port as an HTTP request, by detecting using the first few bytes that it's not a TLS handshake, but instead an HTTP request. This is most useful when serving HTTPS on a non-standard port (other than `443`), since browsers will try HTTP unless the scheme is specified. It must be placed _before_ the `tls` listener wrapper. Here's an example: + +``` +{ + servers { + listener_wrappers { + http_redirect + tls + } + } +} +``` ###### `proxy_protocol` @@ -804,10 +815,10 @@ The [`proxy_protocol`](/docs/json/apps/http/servers/listener_wrappers/proxy_prot servers { listener_wrappers { proxy_protocol { - timeout 2s - allow 192.168.86.1/24 192.168.86.1/24 - deny 10.0.0.0/8 - fallback_policy reject + timeout + allow + deny + fallback_policy } tls } @@ -821,12 +832,12 @@ The [`proxy_protocol`](/docs/json/apps/http/servers/listener_wrappers/proxy_prot - **deny** is a list of CIDR ranges of trusted sources to reject PROXY headers from. -- **fallback_policy** is the action to take if the PROXY header comes from an address that not in either list of allow/deny. The default fallback policy is `IGNORE`. Accepted values of `fallback_policy` are: - - `IGNORE`: address from PROXY header, but accept connection - - `USE`: address from PROXY header - - `REJECT`: connection when PROXY header is sent - - `REQUIRE`: connection to send PROXY header, reject if not present - - `SKIP`: accepts a connection without requiring the PROXY header. +- **fallback_policy** is the action to take if the PROXY header comes from an address that not in either list of allow/deny. The default fallback policy is `ignore`. Accepted values of `fallback_policy` are: + - `ignore`: address from PROXY header, but accept connection + - `use`: address from PROXY header + - `reject`: connection when PROXY header is sent + - `require`: connection to send PROXY header, reject if not present + - `skip`: accepts a connection without requiring the PROXY header.