Hi, I was wondering to use something like caddytlss Storage interface for use in CoreDNS. One question though how does this suppose to work when your storage itself (think etcd) needs TLS parameters?
I’m not familiar with etcd…
The Storage interface is designed to make it possible to swap out Caddy storing TLS certificates on disk and instead be able to use other infrastructure. The original reason it was created was so that certificates could be shared among a cluster of Caddy running in Kubernetes I think.
I haven’t gotten around to making TLS storage a first-class plugin yet as far as the build server goes, but you can already use it by calling caddytls.RegisterStorageProvider.
However, the interface will probably be expanding soon as I want to get it to support more kinds of storage, basically anything inside the .caddy folder, rather than just TLS certificates. For example, the ability to share OCSP staples, etc. So just be aware of that likely upcoming change.
my storage needs to be authenticated, meaning I need to get to the certs somehow, implying I can’t use this?
I’m not sure I understand what you mean then. The Storage interface is an interface: you can implement it however you want/need: with or without authentication. Just as long as you have those methods…
Fair enough.
The type (presumably a struct) that implements it will have fields, perhaps, to store credentials. Then the methods that implement the interface will use those credentials to do whatever they have to do, like set BasicAuth on an http.Request for web requests, or something. Hope that is helpful!
(again, I expect the interface to change soon – at least added methods, but I might revise existing methods too.)
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.