mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-22 13:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
caddy-website/src/docs/markdown/caddyfile/options.md
Matthew Holt 8e7b3b81d0
docs: Update for rc2
2020-04-09 17:32:50 -06:00

61 lines
3.5 KiB
Markdown
Raw Blame History

---
title: Global options (Caddyfile)
---
# Global options
The Caddyfile has a way for you to specify options that apply globally. Some options act as default values, while others customize the behavior of the Caddyfile [adapter](/docs/config-adapters).
The very top of your Caddyfile can be a **global options block**. This is a block that has no keys:
```
{
...
}
```
There can only be one at most, and it must be the first block of the Caddyfile.
Possible options are:
```
{
debug
http_port <port>
https_port <port>
default_sni <name>
order <dir1> first|last|[before|after <dir2>]
experimental_http3
storage <module_name> {
<options...>
}
acme_ca <directory_url>
acme_ca_root <pem_file>
email <yours>
admin off|<addr>
on_demand_tls {
ask <endpoint>
interval <duration>
burst <n>
}
local_certs
key_type ed25519|p256|p384|rsa2048|rsa4096
}
```
- **debug** enables debug mode, which sets all log levels to debug (unless otherwise specified).
- **http_port** is the port for the server to use for HTTP. For internal use only; does not change the HTTP port for clients. Default: 80
- **https_port** is the port for the server to use for HTTPS. For internal use only; does not change the HTTPS port for clients. Default: 443
- **default_sni** sets a default TLS ServerName for when clients do not use SNI in their ClientHello.
- **order** sets or changes the standard order of HTTP handler directive(s). Can set directives to be `first` or `last`, or `before` or `after` another directive.
- **experimental_http3** enables experimental draft HTTP/3 support. Note that HTTP/3 is not a finished spec and client support is extremely limited. This option will go away in the future. _This option is not subject to compatibility promises._
- **storage** configures Caddy's storage mechanism. Default: `file_system`
- **acme_ca** specifies the URL to the ACME CA's directory. It is strongly recommended to set this to Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/) for testing or development. Default: Let's Encrypt's production endpoint.
- **acme_ca_root** specifies a PEM file that contains a trusted root certificate for ACME CA endpoints, if not in the system trust store.
- **email** is your email address. Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates.
- **admin** customizes the [admin API endpoint](/docs/api). If `off`, then the admin endpoint will be disabled. If disabled, config changes will be impossible without stopping and starting the server.
- **on_demand_tls** configures [On-Demand TLS](/docs/automatic-https#on-demand-tls) where it is enabled, but does not enable it (to enable it, use the [on_demand `tls` subdirective](/docs/caddyfile/directives/tls#syntax)). Highly recommended if using in production environments, to prevent abuse.
- **ask** will cause Caddy to make an HTTP request to the given URL with a query string of `?domain=` containing the value of the domain name. If the endpoint returns 200 OK, Caddy will be authorized to obtain a certificate for that name.
- **interval** and **burst** allows `<n>` certificate operations within `<duration>` interval.
- **local_certs** causes all certificates to be issued internally by default, rather than through a (public) ACME CA such as Let's Encrypt. This is useful in development environments.
- **key_type** specifies the type of key to generate for TLS certificates; only change this if you have a specific need to customize it.
Reference in a new issue View git blame Copy permalink