tlsclouddatastore

package module

v0.0.0-...-6ab82fc Latest Latest Go to latest Published: Jul 9, 2019 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/j0hnsmith/caddy-tlsclouddatastore

Links

Open Source Insights

README ¶

caddy-tlsclouddatastore

Google Cloud Datastore storage for Caddy TLS data.

Caddy usually uses a local filesystem to store TLS data when it auto-generates certificates from a CA like Lets Encrypt. With this plugin it is possible to use multiple Caddy instances with the same HTTPS domain, for instance with DNS round-robin or behind a load balancer, with centralized storage (Google Cloud Datastore) for auto-generated certificates. Using a caddy DNS challenge plugin is required.

It works with recent versions of Caddy 0.10.x All data that is stored is encrypted using AES.

Installation

You need to compile Caddy by yourself to use this plugin.

Set up a working Go installation, see https://golang.org/doc/install
Checkout Caddy source code from https://github.com/caddyserver/caddy
Get latest caddy-tlsclouddatastore with go get -u github.com/j0hnsmith/caddy-tlsclouddatastore
Add this line to caddy/caddymain/run.go in the import region:

import (
  ...
  _ "github.com/j0hnsmith/caddy-tlsclouddatastore"
)

Change dir into caddy/caddymain and compile Caddy with go run build.go

Configuration

In order to use Cloud Datastore you have to change the storage provider in your Caddyfile like so:

    tls my@email.com {
        storage cloud-datastore
        dns ... # dns challenge provider
    }

Env Vars

DATASTORE_PROJECT_ID GCP project id (not name), required.
CADDY_CLOUDDATASTORETLS_SERVICE_ACCOUNT_FILE the full path to service account json key file (create service account with Datastore -> Cloud Datastore User role), required.
CADDY_CLOUDDATASTORETLS_B64_AESKEY defines your personal AES key to use when encrypting data, generate with openssl rand -base64 32 or similar (don't use a string), defaults to an insecure key.
CADDY_CLOUDDATASTORETLS_PREFIX defines the prefix for the keys, default is caddytls.

Credits

caddy-tlsconsul provided inspiration, thanks also to Matt Holt for Caddy.

Documentation ¶

Index ¶

Constants
func NewCloudDatastoreStorage(caURL *url.URL) (caddytls.Storage, error)
type CloudDsStorage

Constants ¶

View Source

const (
	// DefaultPrefix defines the default prefix in KV store
	DefaultPrefix = "caddytls"

	// DefaultAESKeyB64 32 bytes when decoded
	DefaultAESKeyB64 = "Y29uc3VsdGxzLTEyMzQ1Njc4OTAtY2FkZHl0bHMtMzI="

	// EnvNameAESKey defines the env variable name to override AES key, create with `openssl rand -base64 32` or similar
	EnvNameAESKey = "CADDY_CLOUDDATASTORETLS_B64_AESKEY"

	// EnvNamePrefix defines the env variable name to override key prefix
	EnvNamePrefix = "CADDY_CLOUDDATASTORETLS_PREFIX"

	EnvNameProjectId = "DATASTORE_PROJECT_ID" // id, not name

	// Create a service account at https://console.developers.google.com/permissions/serviceaccounts
	// with a Datastore -> Cloud Datastore User role, then create and download a json key for the service account.
	// This env var is the full path to the json key file
	EnvNameServiceAccountPath = "CADDY_CLOUDDATASTORETLS_SERVICE_ACCOUNT_FILE"

	SITE_RECORD             = "caddytlsSiteRecord"
	USER_RECORD             = "caddytlsUserRecord"
	MOST_RECENT_USER_RECORD = "caddytlsMostRecentUserRecord"
)

Variables ¶

This section is empty.

Functions ¶

func NewCloudDatastoreStorage ¶

func NewCloudDatastoreStorage(caURL *url.URL) (caddytls.Storage, error)

NewCloudDatastoreStorage connects to cloud datastore and returns a caddytls.Storage for the specific caURL

Types ¶

type CloudDsStorage ¶

type CloudDsStorage struct {
	// contains filtered or unexported fields
}

CloudDsStorage holds all parameters for the Cloud Datastore connection

func (*CloudDsStorage) DeleteSite ¶

func (cds *CloudDsStorage) DeleteSite(domain string) error

DeleteSite deletes site data for a given domain

func (*CloudDsStorage) LoadSite ¶

func (cds *CloudDsStorage) LoadSite(domain string) (*caddytls.SiteData, error)

LoadSite loads the site data for a domain from Cloud Datastore

func (*CloudDsStorage) LoadUser ¶

func (cds *CloudDsStorage) LoadUser(email string) (*caddytls.UserData, error)

LoadUser loads user data for a given email address

func (*CloudDsStorage) MostRecentUserEmail ¶

func (cds *CloudDsStorage) MostRecentUserEmail() string

MostRecentUserEmail returns the last modified Email address from cloud datastore.

func (*CloudDsStorage) SiteExists ¶

func (cds *CloudDsStorage) SiteExists(domain string) (bool, error)

SiteExists checks if a cert for a specific domain already exists

func (*CloudDsStorage) StoreSite ¶

func (cds *CloudDsStorage) StoreSite(domain string, data *caddytls.SiteData) error

StoreSite stores the site data for a given domain in Cloud Datastore

func (*CloudDsStorage) StoreUser ¶

func (cds *CloudDsStorage) StoreUser(email string, data *caddytls.UserData) error

StoreUser stores user data for a given email address in KV store

func (*CloudDsStorage) TryLock ¶

func (cds *CloudDsStorage) TryLock(domain string) (caddytls.Waiter, error)

TryLock attempts to set a global lock for a given domain. If a lock is already set it will return a `caddytls.Waiter` that will resolve when the lock is free.

func (*CloudDsStorage) Unlock ¶

func (cds *CloudDsStorage) Unlock(domain string) error

Unlock releases an existing lock

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL