1. The problem I’m having:
Hello, I attempted to use the trust_pool directive to validate client certificates with my CA pem file. However, I’m encountering an error indicating that there is no directive named trust_pool.
2. Error messages and/or full log output:
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': unknown subdirective for client_auth: trust_pool, at /etc/caddy/Caddyfile:9
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
a. System environment:
| Distributor ID: | Ubuntu |
|---|---|
| Description: | Ubuntu 24.04 LTS |
| Release: | 24.04 |
| Codename: | noble |
b. Command:
caddy start
caddy reload --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
d. My complete Caddy config:
{
debug
}
example.com {
tls internal {
client_auth {
mode require_and_verify
trust_pool file {
pem_file /var/www/certificates/example.com/ca2024.crt
}
}
insecure_secrets_log /var/log/caddy/example.com.log
}
handle /api/* {
reverse_proxy http://localhost:8000 {
header_up Connection ""
header_up X-SSL-Client-Cert {http.request.tls.client.certificate_pem}
header_up X-SSL-Client-Serial {http.request.tls.client.certificate.serial_number}
header_up X-SSL-Client-Verify {http.request.tls.client.verified}
header_up X-SSL-Client-S-DN {http.request.tls.client.subject}
header_up X-Real-IP {http.request.remote}
header_up X-Forwarded-Proto {http.request.scheme}
header_up X-Forwarded-For {http.request.remote}
header_up User-Agent {http.request.header.User-Agent}
header_up Accept-Encoding {http.request.header.Accept-Encoding}
flush_interval -1
transport http {
versions h1
read_buffer 0
write_buffer 0
dial_timeout 600s
read_timeout 600s
write_timeout 600s
}
}
}
log {
output file /var/log/caddy/example.log
level DEBUG
}
}