Hey folks, just shipped a new version of the plugin that focuses on giving a better experience for development enviroments using python.
This release adds a built-in permission module:
tls.permission.python_dir
Certificates are issued only if:
-
The hostname matches
{slug}.{domain_suffix} -
A directory exists at
{root}/{slug} -
The slug passes validation and safe path checks (no traversal or unsafe symlinks)
This means TLS is granted only for apps that exist on disk.
Example
{
email ops@yourcompany.com
on_demand_tls {
permission python_dir {
root /srv/apps
domain_suffix branches.example.com
}
}
}
https://*.branches.example.com {
tls {
on_demand
}
route /* {
python {
module_asgi "{http.request.host.labels.2}:app"
working_dir "/srv/apps/{http.request.host.labels.2}/"
}
}
}