caddy icon indicating copy to clipboard operation
caddy copied to clipboard

Published 20 hours ago verified publisher icon caddyserver

acmeserver: add policy field to define allow/deny rules

Open mohammed90 opened this issue 11 months ago • 3 comments

TODO:

  • [ ] Tests
  • [ ] Docs
  • [x] Caddyfile support

To be merged after #5794

mohammed90 avatar Sep 03 '23 08:09 mohammed90

Cool, this looks great so far. Again, no real strong feedback yet -- it's similar to how I'd probably do it if I had need of this.

mholt avatar Sep 07 '23 22:09 mholt

@mohammed90 you could drop the URI domains from this. They're only used for when there are URIs in a certificate (request), and those are not a valid ACME identifier type.

Let me know if you hit issues with the policy configuration / evaluation. We kept it fairly simple intentionally, and sometimes it can be too limiting (e.g. strict equality check of the common name), so happy to hear feedback about it.

hslatman avatar Jan 29 '24 11:01 hslatman

@mohammed90 you could drop the URI domains from this. They're only used for when there are URIs in a certificate (request), and those are not a valid ACME identifier type.

Thanks for the tip! I'll make the change when I circle back to this PR. Currently the progress on this PR is blocked #5794 since both touch the same file. I'm stuck on testing the ACME server due to my knowledge gap of how to use github.com/mholt/acmez 😶

mohammed90 avatar Jan 29 '24 12:01 mohammed90