Are no global tls configurations possible?

Hello again,

i just saw that my tls options are not applied.
I did it like this for all hosts:

*.domain1 *.domain2 *.domain3 {
        tls email {
                key_type rsa4096

But it seems like the email is left blank on the hosts below and the keysize is still 2048. :confused:

The TLS docs don’t seem to be very specific on combining different uses of the directive.

I haven’t actually had to specify any TLS options myself, but I imagined you would have to call it twice, once to set your email, and once to open a block within which to specify your subdirectives.

You can set your email globally by changing the command you call Caddy with (as per the CLI docs) to use -email

I see - i may try the commandchange the next time.
As i have seen, the headersettings are also affected. :disappointed:

You can certainly use the -email command line option as Matthew pointed out; that will apply the email to all certificates. However, Caddy doesn’t share server blocks: no inheritance, no mix-mashing of server block contents. For each connection, only one server block (the most specific, matching one) is applied. Sorry. But it keeps things simple – even if you do have to duplicate some content. If the amount of duplicated content is high, you can save yourself some line count by using import.

Hmm, I never thought of using import inside a server block to hold repetitious configurations. Currently I use it as the only line in my Caddyfile to get *.caddy from my vhosts directory. That might prove useful.

While you’re here, are you able to confirm for us whether the tls command is intended to be called twice as per my comment?

You can use the tls directive twice or more, but I don’t think you would need to in most cases. You can specify an email and open a block too.

1 Like

Thanks for all your answers - looks like i just misinterpreted the wildcards section under The Caddyfile — Caddy Documentation.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.