mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
d3a7ee38be
* refactor config loading * wip * move autocert to its own config source * refactor options updaters * fix stuttering * fix autocert validate check
26 lines
1.2 KiB
Go
26 lines
1.2 KiB
Go
package config
|
|
|
|
// AutocertOptions contains the options to control the behavior of autocert.
|
|
type AutocertOptions struct {
|
|
// Enable enables fully automated certificate management including issuance
|
|
// and renewal from LetsEncrypt. Must be used in conjunction with Folder.
|
|
Enable bool `mapstructure:"autocert" yaml:"autocert,omitempty"`
|
|
|
|
// UseStaging tells autocert to use Let's Encrypt's staging CA which
|
|
// has less strict usage limits then the (default) production CA.
|
|
//
|
|
// https://letsencrypt.org/docs/staging-environment/
|
|
UseStaging bool `mapstructure:"autocert_use_staging" yaml:"autocert_use_staging,omitempty"`
|
|
|
|
// MustStaple will cause autocert to request a certificate with
|
|
// status_request extension. This will allow the TLS client (the browser)
|
|
// to fail immediately if Pomerium failed to get an OCSP staple.
|
|
// See also https://tools.ietf.org/html/rfc7633
|
|
// Only used when Enable is true.
|
|
MustStaple bool `mapstructure:"autocert_must_staple" yaml:"autocert_must_staple,omitempty"`
|
|
|
|
// Folder specifies the location to store, and load autocert managed
|
|
// TLS certificates.
|
|
// defaults to $XDG_DATA_HOME/pomerium
|
|
Folder string `mapstructure:"autocert_dir" yaml:"autocert_dir,omitempty"`
|
|
}
|