-
Notifications
You must be signed in to change notification settings - Fork 0
TLS
User65k edited this page Oct 10, 2021
·
3 revisions
It is planned to support rustls as well as SChannel, OpenSSL and Secure Transport via native-tls.
For now, its just rustls.
the default.
Features:
- Cert per vHost / SNI
- Cert per Keytype (EC, ED, RSA)
- ACME-TLS
- Supported versions
1.2,1.3 - rustls features
Specify the key tls in a virtual host.
tls subkey |
meaning |
|---|---|
| host.Files | List of tables, containing key and cert of a single Key/Certificate |
| ciphersuites | Optional List of ciphers to offer. |
| versions | Optional List of versions to offer |
| host.ACME | ACME config. See below |
Note: Only host.Files OR host.ACME can be used!
ACME subkey |
meaning |
|---|---|
| uri | URI of ACME Provider |
| cache_dir | Directory to store credentials in. The obtained Certificate and its key is stored in it. |
| contact | List of contact information to send to the ACME provider |
| dns_names | Optional List of DNS names to request. If ommited the vHost name is used |
[internal_server]
ip = "0.0.0.0:8443"
tls.host.Files = [{key = "./4kRsa.pem", cert = "./localhost.crt"}]
["example.com"]
ip = "0.0.0.0:443"
validate_server_name = true
tls.host.ACME = {uri="https://acme-staging-v02.api.letsencrypt.org/directory",cache_dir="/tmp",contact=["mailto:admin@example.com"]}blocker:
- Home
- systemd
-
Server Config
- logging
-
virtual host
- TLS
-
mount path
- authentication
- type: FCGI
- type: Redirect
- type: Reverse Proxy
- type: static files
- type: webdav
- type: websocket