2017-11-09 12:16:03 +01:00
|
|
|
package tls
|
|
|
|
|
2023-02-03 15:24:05 +01:00
|
|
|
import "github.com/traefik/traefik/v3/pkg/types"
|
2022-09-13 20:34:08 +02:00
|
|
|
|
2019-03-14 09:30:04 +01:00
|
|
|
const certificateHeader = "-----BEGIN CERTIFICATE-----\n"
|
2017-11-09 12:16:03 +01:00
|
|
|
|
2019-07-09 15:18:04 +02:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-07-12 17:50:04 +02:00
|
|
|
// ClientAuth defines the parameters of the client authentication part of the TLS connection, if any.
|
|
|
|
type ClientAuth struct {
|
2024-01-11 21:36:06 +05:30
|
|
|
CAFiles []types.FileOrContent `json:"caFiles,omitempty" toml:"caFiles,omitempty" yaml:"caFiles,omitempty"`
|
2019-07-12 17:50:04 +02:00
|
|
|
// ClientAuthType defines the client authentication type to apply.
|
|
|
|
// The available values are: "NoClientCert", "RequestClientCert", "VerifyClientCertIfGiven" and "RequireAndVerifyClientCert".
|
2020-12-03 15:52:05 +01:00
|
|
|
ClientAuthType string `json:"clientAuthType,omitempty" toml:"clientAuthType,omitempty" yaml:"clientAuthType,omitempty" export:"true"`
|
2017-11-10 10:30:04 +01:00
|
|
|
}
|
|
|
|
|
2019-07-09 15:18:04 +02:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2020-05-11 12:06:07 +02:00
|
|
|
// Options configures TLS for an entry point.
|
2019-06-27 23:58:03 +02:00
|
|
|
type Options struct {
|
2022-11-25 10:50:06 +01:00
|
|
|
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
|
|
|
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
|
|
|
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
|
|
|
|
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
|
|
|
|
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
|
|
|
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
|
|
|
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
2024-01-29 17:32:05 +01:00
|
|
|
|
|
|
|
// Deprecated: https://github.com/golang/go/issues/45430
|
|
|
|
PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"`
|
2021-08-20 18:20:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// SetDefaults sets the default values for an Options struct.
|
|
|
|
func (o *Options) SetDefaults() {
|
|
|
|
// ensure http2 enabled
|
|
|
|
o.ALPNProtocols = DefaultTLSOptions.ALPNProtocols
|
2019-03-14 09:30:04 +01:00
|
|
|
}
|
|
|
|
|
2019-07-09 15:18:04 +02:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2020-05-11 12:06:07 +02:00
|
|
|
// Store holds the options for a given Store.
|
2019-03-14 09:30:04 +01:00
|
|
|
type Store struct {
|
2022-09-13 20:34:08 +02:00
|
|
|
DefaultCertificate *Certificate `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty" export:"true"`
|
|
|
|
DefaultGeneratedCert *GeneratedCert `json:"defaultGeneratedCert,omitempty" toml:"defaultGeneratedCert,omitempty" yaml:"defaultGeneratedCert,omitempty" export:"true"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
|
|
|
// GeneratedCert defines the default generated certificate configuration.
|
|
|
|
type GeneratedCert struct {
|
|
|
|
// Resolver is the name of the resolver that will be used to issue the DefaultCertificate.
|
|
|
|
Resolver string `json:"resolver,omitempty" toml:"resolver,omitempty" yaml:"resolver,omitempty" export:"true"`
|
|
|
|
// Domain is the domain definition for the DefaultCertificate.
|
|
|
|
Domain *types.Domain `json:"domain,omitempty" toml:"domain,omitempty" yaml:"domain,omitempty" export:"true"`
|
2017-11-09 12:16:03 +01:00
|
|
|
}
|
|
|
|
|
2019-07-09 15:18:04 +02:00
|
|
|
// +k8s:deepcopy-gen=true
|
|
|
|
|
2019-06-27 23:58:03 +02:00
|
|
|
// CertAndStores allows mapping a TLS certificate to a list of entry points.
|
|
|
|
type CertAndStores struct {
|
2020-12-03 15:52:05 +01:00
|
|
|
Certificate `yaml:",inline" export:"true"`
|
|
|
|
Stores []string `json:"stores,omitempty" toml:"stores,omitempty" yaml:"stores,omitempty" export:"true"`
|
2017-11-09 12:16:03 +01:00
|
|
|
}
|