Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// MinVersion Map of allowed TLS minimum versions
	MinVersion = map[string]uint16{
		"VersionTLS10": tls.VersionTLS10,
		"VersionTLS11": tls.VersionTLS11,
		"VersionTLS12": tls.VersionTLS12,
		"VersionTLS13": tls.VersionTLS13,
	}

	// CipherSuites Map of TLS CipherSuites from crypto/tls
	// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
	CipherSuites = map[string]uint16{
		"TLS_RSA_WITH_RC4_128_SHA":                      tls.TLS_RSA_WITH_RC4_128_SHA,
		"TLS_RSA_WITH_3DES_EDE_CBC_SHA":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
		"TLS_RSA_WITH_AES_128_CBC_SHA":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
		"TLS_RSA_WITH_AES_256_CBC_SHA":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
		"TLS_RSA_WITH_AES_128_CBC_SHA256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
		"TLS_RSA_WITH_AES_128_GCM_SHA256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
		"TLS_RSA_WITH_AES_256_GCM_SHA384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_RC4_128_SHA":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
		"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305":          tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305":        tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
		"TLS_AES_128_GCM_SHA256":                        tls.TLS_AES_128_GCM_SHA256,
		"TLS_AES_256_GCM_SHA384":                        tls.TLS_AES_256_GCM_SHA384,
		"TLS_CHACHA20_POLY1305_SHA256":                  tls.TLS_CHACHA20_POLY1305_SHA256,
		"TLS_FALLBACK_SCSV":                             tls.TLS_FALLBACK_SCSV,
	}
)

Functions

func MatchDomain

func MatchDomain(domain string, certDomain string) bool

    MatchDomain return true if a domain match the cert domain

    func SortTLSPerEntryPoints

    func SortTLSPerEntryPoints(configurations []*Configuration, epConfiguration map[string]map[string]*tls.Certificate, defaultEntryPoints []string)

      SortTLSPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints

      Types

      type Certificate

      type Certificate struct {
      	CertFile FileOrContent
      	KeyFile  FileOrContent
      }

        Certificate holds a SSL cert/key pair Certs and Key could be either a file path, or the file content itself

        func (*Certificate) AppendCertificate

        func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certificate, ep string) error

          AppendCertificate appends a Certificate to a certificates map keyed by entrypoint.

          type CertificateStore

          type CertificateStore struct {
          	DynamicCerts       *safe.Safe
          	StaticCerts        *safe.Safe
          	DefaultCertificate *tls.Certificate
          	CertCache          *cache.Cache
          	SniStrict          bool
          }

            CertificateStore store for dynamic and static certificates

            func NewCertificateStore

            func NewCertificateStore() *CertificateStore

              NewCertificateStore create a store for dynamic and static certificates

              func (CertificateStore) ContainsCertificates

              func (c CertificateStore) ContainsCertificates() bool

                ContainsCertificates checks if there are any certs in the store

                func (CertificateStore) GetAllDomains

                func (c CertificateStore) GetAllDomains() []string

                  GetAllDomains return a slice with all the certificate domain

                  func (CertificateStore) GetBestCertificate

                  func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *tls.Certificate

                    GetBestCertificate returns the best match certificate, and caches the response

                    func (CertificateStore) ResetCache

                    func (c CertificateStore) ResetCache()

                      ResetCache clears the cache in the store

                      type Certificates

                      type Certificates []Certificate

                        Certificates defines traefik certificates type Certs and Keys could be either a file path, or the file content itself

                        func (*Certificates) CreateTLSConfig

                        func (c *Certificates) CreateTLSConfig(entryPointName string) (*tls.Config, error)

                          CreateTLSConfig creates a TLS config from Certificate structures

                          func (*Certificates) Set

                          func (c *Certificates) Set(value string) error

                            Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.

                            func (*Certificates) String

                            func (c *Certificates) String() string

                              String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.

                              func (*Certificates) Type

                              func (c *Certificates) Type() string

                                Type is type of the struct

                                type ClientCA

                                type ClientCA struct {
                                	Files    FilesOrContents
                                	Optional bool
                                }

                                  ClientCA defines traefik CA files for a entryPoint and it indicates if they are mandatory or have just to be analyzed if provided

                                  type Configuration

                                  type Configuration struct {
                                  	EntryPoints []string
                                  	Certificate *Certificate
                                  }

                                    Configuration allows mapping a TLS certificate to a list of entrypoints

                                    type FileOrContent

                                    type FileOrContent string

                                      FileOrContent hold a file path or content

                                      func (FileOrContent) IsPath

                                      func (f FileOrContent) IsPath() bool

                                        IsPath returns true if the FileOrContent is a file path, otherwise returns false

                                        func (FileOrContent) Read

                                        func (f FileOrContent) Read() ([]byte, error)

                                        func (FileOrContent) String

                                        func (f FileOrContent) String() string

                                        type FilesOrContents

                                        type FilesOrContents []FileOrContent

                                          FilesOrContents hold the CA we want to have in root

                                          func (*FilesOrContents) Get

                                          func (r *FilesOrContents) Get() interface{}

                                            Get return the FilesOrContents list

                                            func (*FilesOrContents) Set

                                            func (r *FilesOrContents) Set(value string) error

                                              Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.

                                              func (*FilesOrContents) SetValue

                                              func (r *FilesOrContents) SetValue(val interface{})

                                                SetValue sets the FilesOrContents with val

                                                func (*FilesOrContents) String

                                                func (r *FilesOrContents) String() string

                                                  String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.

                                                  func (*FilesOrContents) Type

                                                  func (r *FilesOrContents) Type() string

                                                    Type is type of the struct

                                                    type TLS

                                                    type TLS struct {
                                                    	MinVersion         string `export:"true"`
                                                    	CipherSuites       []string
                                                    	Certificates       Certificates
                                                    	ClientCAFiles      FilesOrContents // Deprecated
                                                    	ClientCA           ClientCA
                                                    	DefaultCertificate *Certificate
                                                    	SniStrict          bool `export:"true"`
                                                    }

                                                      TLS configures TLS for an entry point

                                                      Directories

                                                      Path Synopsis