Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // MinVersion Map of allowed TLS minimum versions MinVersion = map[string]uint16{ "VersionTLS10": tls.VersionTLS10, "VersionTLS11": tls.VersionTLS11, "VersionTLS12": tls.VersionTLS12, "VersionTLS13": tls.VersionTLS13, } // CipherSuites Map of TLS CipherSuites from crypto/tls // Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants CipherSuites = map[string]uint16{ "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, "TLS_FALLBACK_SCSV": tls.TLS_FALLBACK_SCSV, } )
Functions ¶
func MatchDomain ¶
MatchDomain return true if a domain match the cert domain
func SortTLSPerEntryPoints ¶
func SortTLSPerEntryPoints(configurations []*Configuration, epConfiguration map[string]map[string]*tls.Certificate, defaultEntryPoints []string)
SortTLSPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints
Types ¶
type Certificate ¶
type Certificate struct {
CertFile FileOrContent
KeyFile FileOrContent
}
Certificate holds a SSL cert/key pair Certs and Key could be either a file path, or the file content itself
func (*Certificate) AppendCertificate ¶
func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certificate, ep string) error
AppendCertificate appends a Certificate to a certificates map keyed by entrypoint.
type CertificateStore ¶
type CertificateStore struct {
DynamicCerts *safe.Safe
StaticCerts *safe.Safe
DefaultCertificate *tls.Certificate
CertCache *cache.Cache
SniStrict bool
}
CertificateStore store for dynamic and static certificates
func NewCertificateStore ¶
func NewCertificateStore() *CertificateStore
NewCertificateStore create a store for dynamic and static certificates
func (CertificateStore) ContainsCertificates ¶
func (c CertificateStore) ContainsCertificates() bool
ContainsCertificates checks if there are any certs in the store
func (CertificateStore) GetAllDomains ¶
func (c CertificateStore) GetAllDomains() []string
GetAllDomains return a slice with all the certificate domain
func (CertificateStore) GetBestCertificate ¶
func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *tls.Certificate
GetBestCertificate returns the best match certificate, and caches the response
func (CertificateStore) ResetCache ¶
func (c CertificateStore) ResetCache()
ResetCache clears the cache in the store
type Certificates ¶
type Certificates []Certificate
Certificates defines traefik certificates type Certs and Keys could be either a file path, or the file content itself
func (*Certificates) CreateTLSConfig ¶
func (c *Certificates) CreateTLSConfig(entryPointName string) (*tls.Config, error)
CreateTLSConfig creates a TLS config from Certificate structures
func (*Certificates) Set ¶
func (c *Certificates) Set(value string) error
Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.
func (*Certificates) String ¶
func (c *Certificates) String() string
String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.
type ClientCA ¶
type ClientCA struct {
Files FilesOrContents
Optional bool
}
ClientCA defines traefik CA files for a entryPoint and it indicates if they are mandatory or have just to be analyzed if provided
type Configuration ¶
type Configuration struct {
EntryPoints []string
Certificate *Certificate
}
Configuration allows mapping a TLS certificate to a list of entrypoints
type FileOrContent ¶
type FileOrContent string
FileOrContent hold a file path or content
func (FileOrContent) IsPath ¶
func (f FileOrContent) IsPath() bool
IsPath returns true if the FileOrContent is a file path, otherwise returns false
func (FileOrContent) Read ¶
func (f FileOrContent) Read() ([]byte, error)
func (FileOrContent) String ¶
func (f FileOrContent) String() string
type FilesOrContents ¶
type FilesOrContents []FileOrContent
FilesOrContents hold the CA we want to have in root
func (*FilesOrContents) Get ¶
func (r *FilesOrContents) Get() interface{}
Get return the FilesOrContents list
func (*FilesOrContents) Set ¶
func (r *FilesOrContents) Set(value string) error
Set is the method to set the flag value, part of the flag.Value interface. Set's argument is a string to be parsed to set the flag. It's a comma-separated list, so we split it.
func (*FilesOrContents) SetValue ¶
func (r *FilesOrContents) SetValue(val interface{})
SetValue sets the FilesOrContents with val
func (*FilesOrContents) String ¶
func (r *FilesOrContents) String() string
String is the method to format the flag's value, part of the flag.Value interface. The String method's output will be used in diagnostics.
type TLS ¶
type TLS struct {
MinVersion string `export:"true"`
CipherSuites []string
Certificates Certificates
ClientCAFiles FilesOrContents // Deprecated
ClientCA ClientCA
DefaultCertificate *Certificate
SniStrict bool `export:"true"`
}
TLS configures TLS for an entry point
Source Files
Directories