caddy-revocation-validator icon indicating copy to clipboard operation
caddy-revocation-validator copied to clipboard

Published 20 hours ago verified publisher icon Gr33nbl00d

Support for Caddyfile

Open non092 opened this issue 2 years ago • 7 comments

Hi there, First thanks for the great work there ! I'm looking at implementing revocation check but I'm having some issues as I'm using https://github.com/lucaslorentz/caddy-docker-proxy which generate the Caddy config automatically from docker labels. This is done by generating a temp Caddyfile and reloading the config when containers are changed.

Without support for Caddyfile in this module I unfortunately cannot use it in my environnement.

Is there any chance Caddyfile support could be added ? This looks quite straight forward : https://caddyserver.com/docs/extending-caddy/caddyfile

I also noticed the documentation should probably be updated, if I'm not wrong the sample config file should look like this according to latest JSON definition (validator(s) changed to verifier(s)) :

          "client_authentication": {
            "trusted_ca_certs_pem_files": [
              "./certificates/ca.pem",
            ],
            "mode": "require_and_verify",
			"verifiers": [
				{
					"verifier" : "revocation",
					"mode" : "prefer_ocsp",
					"crl_config": {
					  "work_dir": "./crlworkdir"
					},
					"ocsp_config": {
						"default_cache_duration" : "10m",
					}
				}
			]
          }

Happy to raise a PR to update it

non092 avatar Aug 25 '22 21:08 non092

Hi i am just back from vacation so answer is a little late :) Yes you are right already merged your request to update the documentation.

I did not really check yet if i can somehow also support the caddy file format. When i have some spare time i will check if i can add support.

Gr33nbl00d avatar Sep 22 '22 09:09 Gr33nbl00d

An update to this. I just checked it recently and also startet development. Unfortunatly a change in caddy is also needed. I am not sure if the caddyfile is considered a future solution or if the json config will be the way to go. I will anyway prepare a pull request to caddy but this might could take some time till it will be available

Gr33nbl00d avatar Oct 24 '22 07:10 Gr33nbl00d

@Gr33nbl00d did the caddyfile updates ever make it into a PR?

ameyer8 avatar Jun 09 '23 04:06 ameyer8

Not yet. I found some other problems implementing this which increases the effort a bit. Because of this i currently parked this as enhancement. At the moment i will focus on getting the outstanding work done for hardening the code. Test coverage and so on. When this is finished i can come back to this topic.

Gr33nbl00d avatar Dec 05 '23 12:12 Gr33nbl00d

@Gr33nbl00d would the attached PR work for this? I worked on getting the client_auth verifiers to work in Caddy, and that PR works great once you include that change (PR 6022)

zachgalvin avatar Jan 12 '24 19:01 zachgalvin

Cool many thanks for your efforts, i will test this next week

Gr33nbl00d avatar Jan 13 '24 21:01 Gr33nbl00d

Short update i currently wait for caddy 2.8 to be released to merge the feature branch back to master. After that caddyfile support should work

Gr33nbl00d avatar Apr 30 '24 08:04 Gr33nbl00d

Caddy 2.8 has been released, possibly unblocking this issue 🎉

andoks avatar May 29 '24 22:05 andoks

Caddy 2.8 has been released, possibly unblocking this issue 🎉

Thanks for the hint. I will do some final testing and will merge it next week if no problem occurs

Gr33nbl00d avatar May 29 '24 22:05 Gr33nbl00d

Merged back to master should be resolved

Gr33nbl00d avatar Jun 05 '24 13:06 Gr33nbl00d