caddywkd

package module
v0.0.0-...-72566c8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2026 License: MIT Imports: 16 Imported by: 0

README

caddy-wkd

OpenPGP Web Key Directory plugin for Caddy

Usage

wkd is a Caddy v2 HTTP handler.

Caddyfile

Inline form (auto-detects whether path is a file or directory):

wkd * /etc/wkd/keyring.gpg
wkd * /etc/wkd/keys/

[!IMPORTANT] The * is required as caddy treats the first argument as a path matcher if it starts with /.

Block form:

wkd {
    path /etc/wkd/keys/
    extensions .gpg .asc .pub .key
}

If path is a file, it is loaded as a keyring (binary first, then armored). If path is a directory, all files matching extensions are loaded. Only files in the top-level of the directory are read — subdirectories are not scanned recursively. If extensions is omitted, defaults are: .gpg, .asc, .pub, .key.

Domain Filtering

By default, keys are filtered by the request Host header at request time. Only keys with matching email domains are served.

Modes:

  • Default: filter by domain of the request
  • domain: override host-based filtering with a fixed domain
  • dangerous_allow_any_host: disable domain filtering and serve all matches

If both domain and dangerous_allow_any_host are set, dangerous_allow_any_host takes precedence and domain is ignored.

Examples:

# Default: filters by Host header automatically
example.com {
    wkd * /etc/wkd/keys/
}

# Override domain
wkd {
    path /etc/wkd/keys/
    domain example.com
}

# No domain filtering (dangerous)
wkd {
    path /etc/wkd/keys/
    dangerous_allow_any_host
}
JSON
{
  "handler": "wkd",
  "path": "/etc/wkd/keys/",
  "extensions": [".gpg", ".asc"],
  "domain": "example.com",
  "dangerous_allow_any_host": true
}

License

MIT

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type WKD 

type WKD struct {
	Path       string   `json:"path"`
	Extensions []string `json:"extensions,omitempty"`

	// Override domain for key filtering. If set, keys are filtered
	// against this domain instead of the request Host header.
	Domain string `json:"domain,omitempty"`

	// Skip domain filtering entirely. Serves all keys regardless
	// of domain. Use with caution.
	DangerousAllowAnyHost bool `json:"dangerous_allow_any_host,omitempty"`
	// contains filtered or unexported fields
}

func (WKD) CaddyModule 

func (WKD) CaddyModule() caddy.ModuleInfo

func (*WKD) Discover 

func (w *WKD) Discover(hash, domain string) ([]*openpgp.Entity, error)

func (*WKD) Provision 

func (w *WKD) Provision(ctx caddy.Context) error

func (*WKD) ServeHTTP 

func (w *WKD) ServeHTTP(rw http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error

func (*WKD) UnmarshalCaddyfile 

func (w *WKD) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

func (*WKD) Validate 

func (w *WKD) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.