How to use Env for trusted_ca_certs in caddy json and tls block of caddy json

Suman_Chandel1 · September 21, 2020, 10:30am

1. Caddy version (`caddy version`):

caddy 2.1.1

2. How I run Caddy:

/usr/bin/caddy run --environ --config caddy.json

a. System environment:

Docker

b. Command:

c. Service/unit/compose file:

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "run", "-config", "/etc/caddy/caddy.json"]

d. My complete Caddyfile or JSON config:

     "tls_connection_policies": [
                        {
                            "match": {
                                "sni": [
                                    "*.edjx.test"
                                ]
                            },
                            "certificate_selection": {
                                "all_tags": [
                                    "validate"
                                ]
                            },
                            "client_authentication": {
                                "trusted_ca_certs":["{env.TRUSTED_CAS}"],
                                "mode": "verify_if_given"
                            }
                        }
                    ]

3. The problem I’m having:

4. Error messages and/or full log output:

env var is present.
but seems like it is not configured to use env for this trusted_ca_certs field.
Error Logs:

run: loading initial config: loading new config: loading http app module: provision http: server domainserver: setting up TLS connection policies: connection policy 0: building standard TLS config: configuring TLS client authentication: parsing certificate: illegal base64 data at input byte 0

5. What I already tried:

6. Links to relevant resources:

matt · September 21, 2020, 7:14pm

Caddy might not be programmed to support placeholders there; if that’s the case, should be easy to add support for it. I’m in the middle of switching my dev workspace over to a different machine so I can’t check easily right now. But I assume a simple PR would fix this.

Note that the value of the env var needs to be a base64 string.

system · October 21, 2020, 10:30am

This topic was automatically closed after 30 days. New replies are no longer allowed.