caddy
caddy copied to clipboard
acmeserver: add policy field to define allow/deny rules
TODO:
- [ ] Tests
- [ ] Docs
- [x] Caddyfile support
To be merged after #5794
Cool, this looks great so far. Again, no real strong feedback yet -- it's similar to how I'd probably do it if I had need of this.
@mohammed90 you could drop the URI domains from this. They're only used for when there are URIs in a certificate (request), and those are not a valid ACME identifier type.
Let me know if you hit issues with the policy configuration / evaluation. We kept it fairly simple intentionally, and sometimes it can be too limiting (e.g. strict equality check of the common name), so happy to hear feedback about it.
@mohammed90 you could drop the URI domains from this. They're only used for when there are URIs in a certificate (request), and those are not a valid ACME identifier type.
Thanks for the tip! I'll make the change when I circle back to this PR. Currently the progress on this PR is blocked #5794 since both touch the same file. I'm stuck on testing the ACME server due to my knowledge gap of how to use github.com/mholt/acmez 😶