Documentation
¶
Index ¶
Constants ¶
View Source
const ( // DefaultShutdownTimeout is the default ShutdownTimeout (see Config). DefaultShutdownTimeout = time.Second * 10 )
Variables ¶
This section is empty.
Functions ¶
func BaseTLSConfig ¶
BaseTLSConfig returns a tls.Config with some good default settings for security.
Types ¶
type CertMagicOnDemandDecisionFunc ¶
CertMagicOnDemandDecisionFunc is a concrete type for OnDemandConfig.DecisionFunc in the certmagic package.
type Config ¶
type Config struct {
// Name is the name of the server. It is only used for logging. It can
// be empty.
Name string
// Address is the address to bind the server to. It must be set.
Address string
// AddressTLS is the address to bind the https server to. It must be set, but is not used if TLS is not configured.
AddressTLS string
// ProxyAddressTLS is the address to which the https server that handles PROXY protocol requests is bound.
// It is optional and is not used if TLS is not configured.
ProxyAddressTLS string
// Whether requests and responses are logged or not. Sometimes you might provide your own logging middleware instead.
TrafficLogging bool
// TLSConfig is the TLS configuration for the server. It is optional.
TLSConfig *TLSConfig
// ShutdownTimeout controls how long to wait for requests to finish before
// returning from Run() after the context is canceled. It defaults to
// 10 seconds if unset. If set to a negative value, the server will be
// closed immediately.
ShutdownTimeout time.Duration
// StartupCheckConfig configures a startup check that must pass in order for
// servers to start listening.
StartupCheckConfig StartupCheckConfig
}
Config holds the HTTP server configuration.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the HTTP server.
architecture: Endpoint
func New ¶
func New(log *zap.Logger, handler http.Handler, decisionFunc CertMagicOnDemandDecisionFunc, config Config) (*Server, error)
New creates a new URL Service Server.
func (*Server) ProxyAddrTLS ¶ added in v1.72.0
ProxyAddrTLS returns the TLS address for PROXY protocol requests.
type StartupCheckConfig ¶
StartupCheckConfig provides startup check configuration.
type TLSConfig ¶
type TLSConfig struct {
// CertMagic obtains and renews TLS certificates and staples OCSP responses
// Setting this to true will mean the server obtains certificate through Certmagic
// and no other config such as CertDir, or CertFile will be considered.
CertMagic bool
// CertMagicKeyFile is a path to a file containing the CertMagic service account key.
CertMagicKeyFile string
// CertMagicDNSChallengeWithGCloudDNS is whether to disable HTTP and TLS
// ALPN challenges and perform the DNS challenge with Google Cloud DNS (no
// other providers are supported at the moment).
CertMagicDNSChallengeWithGCloudDNS bool
// CertMagicDNSChallengeWithGCloudDNSProject is the project where the Google
// Cloud DNS zone exists.
CertMagicDNSChallengeWithGCloudDNSProject string
// Domain to set the TXT record on, to delegate the challenge to a different
// domain.
CertMagicDNSChallengeOverrideDomain string
// CertMagicEmail is the email address to use when creating an ACME account
CertMagicEmail string
// CertMagicTestIssuer is optional configuration to set a testing ACME issuer.
// If configured, this will be the only issuer used.
CertMagicTestIssuer *TestIssuerConfig
// CertMagicStaging use staging CA endpoints
CertMagicStaging bool
// CertMagicBucket bucket to use for certstorage
CertMagicBucket string
// TierServiceIdentity is the tier querying service identity config
TierServiceIdentity identity.Config
// TierCacheExpiration is the expiration time for the tier querying service cache
TierCacheExpiration time.Duration
// TierCacheCapacity is the tier querying service cache size
TierCacheCapacity int
// SkipPaidTierAllowlist is a list of domain names to which bypass paid tier queries.
// If any one value is set to "*" then the paid tier checking is disabled entirely.
SkipPaidTierAllowlist []string
// CertMagicPublicURLs is a list of URLs to always issue certificates for.
//
// Typically, these are URLs that the service will be mainly reached
// through, like link.storjshare.io or *.gateway.storjshare.io, etc.
CertMagicPublicURLs []string
// CertMagicAsyncPublicURLs is a list of URLs to always issue certificates for.
//
// the same as CertMagicPublicURLS, except that ACME operations are performed
// asynchronously (in the background) and cert errors are not fatal.
CertMagicAsyncPublicURLs []string
// ConfigDir is a path for storing certificate cache data for Let's Encrypt.
ConfigDir string
// CertDir provides a path containing one or more certificates that should
// be loaded. Certs and key files must have the same filename so they can be
// paired, e.g. mycert.key, and mycert.crt. This config setting is mutually
// exclusive from CertFile and KeyFile.
CertDir string
// CertFile is a path to a file containing a corresponding cert for KeyFile.
CertFile string
// KeyFile is a path to a file containing a corresponding key for CertFile.
KeyFile string
// Ctx context for the oauth2 package which gcslock and gcsops use.
// oauth2 stores the context passed into its constructors.
Ctx context.Context
}
TLSConfig is a struct to handle the preferred/configured TLS options.
type TestIssuerConfig ¶
type TestIssuerConfig struct {
// CA is the address to the test ACME issuer.
CA string
// CertificatePath is a filesystem path to the CA issuer certificate.
CertificatePath string
// Resolver is an address to a preferred DNS resolver. If not given, it
// defaults to the system resolver.
Resolver string
}
TestIssuerConfig is configuration to a test ACME server, which if defined will issue certs from that instead of any other issuers.
Source Files
Click to show internal directories.
Click to hide internal directories.