Placeholders get values from a request. TLS doesn’t know about HTTP, let alone requests. It doesn’t make much sense to add placeholders to the TLS directive.
The Caddyfile, though, does support the use of environment variables. (Edit: I see now that’s not quite what you’re looking for.)
Okay, so after looking at this again, you want a placeholder for use not in the tls directive but getting information from the TLS connection.
So yes, follow Matthew’s advice. That would be the place to add placeholder values.
Thanks, Matthew and Matt.
I saw that replacer function , but didn’t pay attention it gets all the info about request. Nice.
I’ll dig deeper how to use cert’s info here.
P. S. : Matthew , in the end I’ll do pull request (if anybody needs this feature at all). It’ll take some time as it is my “Hello World” in Go
Hi SDen, have you finished and submitted the feature? It’s really a common feature in nginx to extract client certificate DN/CN and pass it to the upstream via http header.
No, not yet … At the current research phase I’m dealing with certs on low level (from http request). I’m not using Caddy (and Nginx) for SSL termination, it is done on the application level. And there is just proxy in front with dynamic service discovery (experiment with Traefik) as I have my API in several containers.
My researches went far beyond just SSL termination and auth on proxy side (initial motivation). So I postponed this idea for now.
Some new commits to Caddy use Go 1.8 and together that should make this more of a possibility; in fact, a placeholder was just implemented (on master branch) that pulls data directly from the TLS handshake. So that’s a start.