cybercyst/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-05-08 00:43:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add acme.profile and acme.emailAddresses options

Browse Source
This commit is contained in:
Ludovic Fernandez 2025-03-17 10:00:07 +01:00 committed by GitHub
parent ae4a00b4bc
commit 50b0d772e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 97 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
docs/content/https/acme.md
View File

@ -832,6 +832,66 @@ certificatesResolvers:
# ... # ...
``` ```
### `profile`
_Optional, Default=""_
Certificate profile to use.
For more information, please check out the [Let's Encrypt blog post](https://letsencrypt.org/2025/01/09/acme-profiles/) about certificate profile selection.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
profile: tlsserver
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
profile = "tlsserver"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.profile=tlsserver
# ...
```
### `emailAddresses`
_Optional, Default=""_
CSR email addresses to use.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
emailAddresses:
- foo@example.com
- bar@example.org
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
emailAddresses = ["foo@example.com", "bar@example.org"]
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.emailaddresses=foo@example.com,bar@example.org
# ...
```
### `keyType` ### `keyType`
_Optional, Default="RSA4096"_ _Optional, Default="RSA4096"_

6
docs/content/reference/static-configuration/cli-ref.md
View File

@ -168,6 +168,9 @@ Key identifier from External CA.
`--certificatesresolvers.<name>.acme.email`: `--certificatesresolvers.<name>.acme.email`:
Email address used for registration. Email address used for registration.
`--certificatesresolvers.<name>.acme.emailaddresses`:
CSR email addresses to use.
`--certificatesresolvers.<name>.acme.httpchallenge`: `--certificatesresolvers.<name>.acme.httpchallenge`:
Activate HTTP-01 Challenge. (Default: ```false```) Activate HTTP-01 Challenge. (Default: ```false```)
@ -180,6 +183,9 @@ KeyType used for generating certificate private key. Allow value 'EC256', 'EC384
`--certificatesresolvers.<name>.acme.preferredchain`: `--certificatesresolvers.<name>.acme.preferredchain`:
Preferred chain to use. Preferred chain to use.
`--certificatesresolvers.<name>.acme.profile`:
Certificate profile to use.
`--certificatesresolvers.<name>.acme.storage`: `--certificatesresolvers.<name>.acme.storage`:
Storage to use. (Default: ```acme.json```) Storage to use. (Default: ```acme.json```)

6
docs/content/reference/static-configuration/env-ref.md
View File

@ -168,6 +168,9 @@ Key identifier from External CA.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAIL`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAIL`:
Email address used for registration. Email address used for registration.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAILADDRESSES`:
CSR email addresses to use.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE`:
Activate HTTP-01 Challenge. (Default: ```false```) Activate HTTP-01 Challenge. (Default: ```false```)
@ -180,6 +183,9 @@ KeyType used for generating certificate private key. Allow value 'EC256', 'EC384
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_PREFERREDCHAIN`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_PREFERREDCHAIN`:
Preferred chain to use. Preferred chain to use.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_PROFILE`:
Certificate profile to use.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_STORAGE`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_STORAGE`:
Storage to use. (Default: ```acme.json```) Storage to use. (Default: ```acme.json```)

4
docs/content/reference/static-configuration/file.toml
View File

@ -505,6 +505,8 @@
email = "foobar" email = "foobar"
caServer = "foobar" caServer = "foobar"
preferredChain = "foobar" preferredChain = "foobar"
profile = "foobar"
emailAddresses = ["foobar", "foobar"]
storage = "foobar" storage = "foobar"
keyType = "foobar" keyType = "foobar"
certificatesDuration = 42 certificatesDuration = 42
@ -533,6 +535,8 @@
email = "foobar" email = "foobar"
caServer = "foobar" caServer = "foobar"
preferredChain = "foobar" preferredChain = "foobar"
profile = "foobar"
emailAddresses = ["foobar", "foobar"]
storage = "foobar" storage = "foobar"
keyType = "foobar" keyType = "foobar"
certificatesDuration = 42 certificatesDuration = 42

8
docs/content/reference/static-configuration/file.yaml
View File

@ -546,6 +546,10 @@ certificatesResolvers:
email: foobar email: foobar
caServer: foobar caServer: foobar
preferredChain: foobar preferredChain: foobar
profile: foobar
emailAddresses:
- foobar
- foobar
storage: foobar storage: foobar
keyType: foobar keyType: foobar
eab: eab:
@ -578,6 +582,10 @@ certificatesResolvers:
email: foobar email: foobar
caServer: foobar caServer: foobar
preferredChain: foobar preferredChain: foobar
profile: foobar
emailAddresses:
- foobar
- foobar
storage: foobar storage: foobar
keyType: foobar keyType: foobar
eab: eab:

20
pkg/provider/acme/provider.go
View File

@ -39,13 +39,15 @@ const resolverSuffix = ".acme"
// Configuration holds ACME configuration provided by users. // Configuration holds ACME configuration provided by users.
type Configuration struct { type Configuration struct {
Email string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"` Email string `description:"Email address used for registration." json:"email,omitempty" toml:"email,omitempty" yaml:"email,omitempty"`
CAServer string `description:"CA server to use." json:"caServer,omitempty" toml:"caServer,omitempty" yaml:"caServer,omitempty"` CAServer string `description:"CA server to use." json:"caServer,omitempty" toml:"caServer,omitempty" yaml:"caServer,omitempty"`
PreferredChain string `description:"Preferred chain to use." json:"preferredChain,omitempty" toml:"preferredChain,omitempty" yaml:"preferredChain,omitempty" export:"true"` PreferredChain string `description:"Preferred chain to use." json:"preferredChain,omitempty" toml:"preferredChain,omitempty" yaml:"preferredChain,omitempty" export:"true"`
Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty" export:"true"` Profile string `description:"Certificate profile to use." json:"profile,omitempty" toml:"profile,omitempty" yaml:"profile,omitempty" export:"true"`
KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty" export:"true"` EmailAddresses []string `description:"CSR email addresses to use." json:"emailAddresses,omitempty" toml:"emailAddresses,omitempty" yaml:"emailAddresses,omitempty"`
EAB *EAB `description:"External Account Binding to use." json:"eab,omitempty" toml:"eab,omitempty" yaml:"eab,omitempty"` Storage string `description:"Storage to use." json:"storage,omitempty" toml:"storage,omitempty" yaml:"storage,omitempty" export:"true"`
CertificatesDuration int `description:"Certificates' duration in hours." json:"certificatesDuration,omitempty" toml:"certificatesDuration,omitempty" yaml:"certificatesDuration,omitempty" export:"true"` KeyType string `description:"KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'." json:"keyType,omitempty" toml:"keyType,omitempty" yaml:"keyType,omitempty" export:"true"`
EAB *EAB `description:"External Account Binding to use." json:"eab,omitempty" toml:"eab,omitempty" yaml:"eab,omitempty"`
CertificatesDuration int `description:"Certificates' duration in hours." json:"certificatesDuration,omitempty" toml:"certificatesDuration,omitempty" yaml:"certificatesDuration,omitempty" export:"true"`
CACertificates []string `description:"Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list." json:"caCertificates,omitempty" toml:"caCertificates,omitempty" yaml:"caCertificates,omitempty"` CACertificates []string `description:"Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list." json:"caCertificates,omitempty" toml:"caCertificates,omitempty" yaml:"caCertificates,omitempty"`
CASystemCertPool bool `description:"Define if the certificates pool must use a copy of the system cert pool." json:"caSystemCertPool,omitempty" toml:"caSystemCertPool,omitempty" yaml:"caSystemCertPool,omitempty" export:"true"` CASystemCertPool bool `description:"Define if the certificates pool must use a copy of the system cert pool." json:"caSystemCertPool,omitempty" toml:"caSystemCertPool,omitempty" yaml:"caSystemCertPool,omitempty" export:"true"`
@ -669,6 +671,8 @@ func (p *Provider) resolveDefaultCertificate(ctx context.Context, domains []stri
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: domains, Domains: domains,
Bundle: true, Bundle: true,
EmailAddresses: p.EmailAddresses,
Profile: p.Profile,
PreferredChain: p.PreferredChain, PreferredChain: p.PreferredChain,
} }
@ -713,6 +717,8 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain,
request := certificate.ObtainRequest{ request := certificate.ObtainRequest{
Domains: domains, Domains: domains,
Bundle: true, Bundle: true,
EmailAddresses: p.EmailAddresses,
Profile: p.Profile,
PreferredChain: p.PreferredChain, PreferredChain: p.PreferredChain,
} }