Commits on Dec 20, 2020

1. Adds ACME - auto cert management …

   This commit fixes #5177
   
   Initial implementation uses dir backend as a cache and is OK
   for small clusters, but will be a problem for many proxies.
   
   This implementation uses Go autocert that is quite limited
   compared to Caddy's certmagic or lego.
   
   Autocert has no OCSP stapling and no locking for cache for example.
   However, it is much simpler and has no dependencies.
   It will be easier to extend to use Teleport backend as a cert cache.
   
   ```yaml
   proxy_service:
     public_addr: ['example.com']
     # ACME - automatic certificate management environment.
     #
     # It provisions certificates for domains and
     # valid subdomains in public_addr section.
     #
     # The sudomains are valid if there is a registered application.
     # For example, app.example.com will get a cert if app is a regsitered
     # application access app. The sudomain cookie.example.com is not.
     #
     # Teleport acme is using TLS-ALPN-01 challenge:
     #
     # https://letsencrypt.org/docs/challenge-types/#tls-alpn-01
     #
     acme:
       # By default acme is disabled.
       enabled: true
       # Use a custom URI, for example staging is
       #
       # https://acme-staging-v02.api.letsencrypt.org/directory
       #
       # Default is letsencrypt.org production URL:
       #
       # https://acme-v02.api.letsencrypt.org/directory
       uri: ''
       # Set email to receive alerts and other correspondence
       # from your certificate authority.
       email: 'alice@example.com'
   ```

   

   klizhentas committed Dec 20, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 9aac1c1
   • Browse repository at this point

   Copy the full SHA

   9aac1c1 View commit details

   Browse the repository at this point in the history