mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 10:13:21 +00:00
c0bb732545
This commit fixes #5177 Initial implementation uses dir backend as a cache and is OK for small clusters, but will be a problem for many proxies. This implementation uses Go autocert that is quite limited compared to Caddy's certmagic or lego. Autocert has no OCSP stapling and no locking for cache for example. However, it is much simpler and has no dependencies. It will be easier to extend to use Teleport backend as a cert cache. ```yaml proxy_service: public_addr: ['example.com'] # ACME - automatic certificate management environment. # # It provisions certificates for domains and # valid subdomains in public_addr section. # # The sudomains are valid if there is a registered application. # For example, app.example.com will get a cert if app is a regsitered # application access app. The sudomain cookie.example.com is not. # # Teleport acme is using TLS-ALPN-01 challenge: # # https://letsencrypt.org/docs/challenge-types/#tls-alpn-01 # acme: # By default acme is disabled. enabled: true # Use a custom URI, for example staging is # # https://acme-staging-v02.api.letsencrypt.org/directory # # Default is letsencrypt.org production URL: # # https://acme-v02.api.letsencrypt.org/directory uri: '' # Set email to receive alerts and other correspondence # from your certificate authority. email: 'alice@example.com' ``` |
||
---|---|---|
.. | ||
asciitable | ||
auth | ||
backend | ||
benchmark | ||
bpf | ||
cache | ||
cgroup | ||
client | ||
config | ||
defaults | ||
events | ||
fixtures | ||
fuzz | ||
httplib | ||
jwt | ||
kube | ||
labels | ||
limiter | ||
modules | ||
multiplexer | ||
pam | ||
reversetunnel | ||
secret | ||
service | ||
services | ||
session | ||
shell | ||
srv | ||
sshca | ||
sshutils | ||
system | ||
teleagent | ||
tlsca | ||
utils | ||
web | ||
wrappers | ||
runtimeflags.go |