1. The problem I’m having:
I have a working caddy config that gets a wildcard cert from LetsEncrypt. However, I now need this config to work in an environment that can’t talk to LetsEncrypt. So I’m changing it to load the wildcard cert.
Now caddy fails to load.
The only part I changed here was the tis load_files pare (at the very end of the caddy file).
What am I doing wrong?
2. Error messages and/or full log output:
{"level":"info","ts":1725031773.93382,"msg":"using config from file","file":"/config.yml"}
{"level":"info","ts":1725031773.9368916,"msg":"adapted config to JSON","adapter":"yaml"}
{"level":"info","ts":1725031773.9403188,"logger":"admin","msg":"admin endpoint started","address":"0.0.0.0:2019","enforce_origin":false,"origins":["//0.0.0.0:2019"]}
{"level":"warn","ts":1725031773.940331,"logger":"admin","msg":"admin endpoint on open interface; host checking disabled","address":"0.0.0.0:2019"}
{"level":"info","ts":1725031773.940989,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0015eed00"}
{"level":"info","ts":1725031773.9410005,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0015eed00"}
Error: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificate loader modules: module name 'load_files': decoding module config: tls.certificates.load_files: json: cannot unmarshal object into Go value of type caddytls.FileLoader
3. Caddy version:
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
xcaddy to add some plugin. Then my own Dockerfile to put in an image.
The container is launched with Kubernetes.
a. System environment:
Linux
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
apiVersion: v1
kind: Pod
metadata:
name: caddy
labels:
app: caddy
spec:
restartPolicy: Always
containers:
- name: caddy
image: ext-registry.tilia-inc.com/library/caddy:latest
ports:
- containerPort: 443
protocol: TCP
- containerPort: 2019
protocol: TCP
volumeMounts:
- name: certs
mountPath: "/certs"
- name: config-file
mountPath: "/config.yml"
- name: config-dir
mountPath: "/config"
- name: data-dir
mountPath: "/data"
- name: logs
mountPath: "/access_logs"
env:
- name: XDG_CONFIG_HOME
value: "/config"
- name: XDG_DATA_HOME
value: "/data"
- name: AWS_REGION
value: "us-west-2"
securityContext:
runAsUser: 1000
runAsGroup: 1000
command: ["caddy", "run", "--config", "/config.yml", "--adapter", "yaml"]
volumes:
- name: certs
hostPath:
path: /tmp/makeworld/certs/
type: Directory
- name: config-file
hostPath:
path: /workspaces/extraction-makeworld/configs/caddy/config.yml
type: File
- name: config-dir
hostPath:
path: /workspaces/extraction-makeworld/configs/caddy/caddy_data
type: Directory
- name: data-dir
hostPath:
path: /workspaces/extraction-makeworld/configs/caddy/caddy_data
type: Directory
- name: logs
hostPath:
path: /workspaces/extraction-makeworld/logs
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: caddy
spec:
selector:
app: caddy
ports:
- protocol: TCP
port: 443
targetPort: 443
d. My complete Caddy config:
# Run the command caddy_debug to set this config after caddy has already started up
# You can also change `configs/caddy/config.yml` after start-up and
# run `docker restart extractionmakeworld_nginx_1` to reload the configuration.
logging:
logs:
default:
level: INFO
exclude:
- http.log.access
access:
writer:
output: file
filename: /access_logs/caddy_access.log
include:
- http.log.access
admin:
listen: 0.0.0.0:2019
apps:
http:
http_port: 8080
https_port: 8443
servers:
srv0:
trusted_proxies:
source: "static"
ranges:
- 10.0.0.0/8
- 172.16.0.0/12
listen:
- :8443
logs: {}
strict_sni_host: false
routes:
- match:
- host:
- accounts-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-ops-api:80
terminal: true
- match:
- host:
- fraud-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fraud-ops-api:80
terminal: true
- match:
- host:
- invoicing-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: invoicing-ops-api:80
terminal: true
- match:
- host:
- payments-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: payments-ops-api:80
terminal: true
- match:
- host:
- personas-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: personas-ops-api:80
terminal: true
- match:
- host:
- pii-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: pii-ops-api:80
terminal: true
- match:
- host:
- registration-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: registration-ops-api:80
terminal: true
- match:
- host:
- wallets-ops-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: wallets-ops-api:80
terminal: true
- match:
- host:
- balances.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# Insert apigatway specific url elements
- handler: rewrite
uri: "/restapis/balancesid/test/_user_request_{http.request.uri}"
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: localstack:4566
terminal: true
- match:
- host:
- notes.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# Insert apigatway specific url elements
- handler: rewrite
uri: "/restapis/notesid/test/_user_request_{http.request.uri}"
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: localstack:4566
terminal: true
- match:
- host:
- settings-lambda.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# Insert apigatway specific url elements
- handler: rewrite
uri: "/restapis/settingslambdaid/test/_user_request_{http.request.uri}"
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: localstack:4566
terminal: true
- match:
- host:
- settlement.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# Insert apigatway specific url elements
- handler: rewrite
uri: "/restapis/settlementid/test/_user_request_{http.request.uri}"
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: localstack:4566
terminal: true
- match:
- host:
- accounts-customer-sl.dev.tilia-inc.com
- accounts-customer.secondlife.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-customer-sl:80
terminal: true
- match:
- host:
- kinesis-bouncelist-lambda.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: kinesis-bouncelist-lambda:80
terminal: true
- match:
- host:
- fake-promise-integrator.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fake-promise-integrator:80
terminal: true
- match:
- host:
- fake-integrator-web.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fake-integrator-web:80
terminal: true
- match:
- host:
- testsamlidp.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: testsamlidp:8080
"@id": testsaml
terminal: true
- match:
- host:
- accounts-customer.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: static_response
headers:
Location:
- /ui/
status_code: 301
match:
- path:
- /ui
terminal: true
- handle:
- handler: encode
encodings:
gzip: {}
zstd: {}
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-customer-web:3000
match:
- path:
- /ui/*
- /static/*
terminal: true
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-customer:80
terminal: true
terminal: true
- match:
- host:
- email-bouncelist.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: email-bouncelist:80
terminal: true
- match:
- host:
- fake-integrator2.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fake-integrator2:80
terminal: true
- match:
- host:
- registration-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: registration-api:80
terminal: true
- match:
- host:
- fake-integrator.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fake-integrator-web:3000
match:
- path:
- /static/*
- /ui/*
terminal: true
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fake-integrator:80
terminal: true
terminal: true
- match:
- host:
- kinesis-lambda.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: kinesis-lambda:80
terminal: true
- match:
- host:
- email-service.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: email-service:80
terminal: true
- match:
- host:
- invoicing-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: invoicing-api:80
terminal: true
- match:
- host:
- lambda-server.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: lambda-server:80
terminal: true
- match:
- host:
- proxy-service.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: proxy-service:80
terminal: true
- match:
- host:
- elasticsearch.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- flush_interval: -1
handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: elasticsearch:9200
terminal: true
- match:
- host:
- accounts-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd test: features/client/Client-UpdateSecretN.feature
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-api:80
terminal: true
- match:
- host:
- payments-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: payments-api:80
terminal: true
- match:
- host:
- personas-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: personas-api:80
terminal: true
- match:
- host:
- wallets-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed to fix bad bdd tests
- handler: rewrite
uri_substring:
- find: //
replace: /
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: wallets-api:80
terminal: true
- match:
- host:
- localstack.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: localstack:8080
terminal: true
- match:
- host:
- fraud-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: fraud-api:80
terminal: true
- match:
- host:
- pub.dev.tilia-inc.com
handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: publisher-hosting:3000
terminal: true
- match:
- host:
- soc.dev.tilia-inc.com
handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: socketio-server:8080
terminal: true
- match:
- host:
- tools.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- match:
- path:
- /*
handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: tools-web:3000
terminal: true
- match:
- host:
- tools-web.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: tools-web:80
terminal: true
- match:
- host:
- sl-login.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: sl-login:80
terminal: true
- match:
- host:
- pii-api.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: pii-api:80
terminal: true
- match:
- host:
- login.dev.tilia-inc.com
- login.sansar.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: login:80
terminal: true
- match:
- host:
- nonce.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: nonce:80
terminal: true
- match:
- host:
- auth.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
# The rewrite is needed because a bunch of bdds call https://{auth_service}//token
- handler: rewrite
path_regexp:
- find: /{2,}
replace: /
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: auth:80
terminal: true
- match:
- host:
- caddytest.dev.tilia-inc.com
handle:
- handler: static_response
status_code: 200
body: "Hello\nRequest Host: {http.request.host}\nTLS Server Name: {http.request.tls.server_name}\n"
terminal: true
- match:
- host:
- www.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: subroute
routes:
- handle:
- BrowseTemplate: ""
EnableBrowse: false
EnableDelete: false
EnablePut: false
Hide: null
bucket: dev.tilia-inc.com
handler: s3proxy
region: us-west-2
terminal: true
- match:
- host:
- web.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: widget:3000
match:
- path:
- /static/*
- /ui/*
terminal: true
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: accounts-customer:80
terminal: true
- match:
- host:
- widget.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: widget:3000
match:
- path:
- /static/*
- /ui/*
terminal: true
terminal: true
- match:
- host:
- playwright.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: file_server
root: /playwright/playwright-report/
terminal: true
- match:
- host:
- 'kibana.dev.tilia-inc.com'
handle:
- handler: static_response
status_code: 501
body: "Kibana not running - run \"launch_kibana\"\n"
"@id": kibana
terminal: true
- match:
- host:
- stats.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: stats:8000
terminal: true
- match:
- host:
- jpm-bin-lookup.dev.tilia-inc.com
handle:
- handler: subroute
routes:
- handle:
- handler: headers
response:
set:
X-Frame-Options:
- SAMEORIGIN
- handler: reverse_proxy
headers:
request:
set:
X-Real-Ip:
- '{http.request.remote}'
upstreams:
- dial: jpm-bin-lookup:80
terminal: true
- match:
- host:
- '*.dev.tilia-inc.com'
handle:
- handler: static_response
status_code: 501
body: "Not wired up in proxy. See `configs/caddy/config.yml{,.tmpl}`.\nRequest Host: {http.request.host}\nTLS Server Name: {http.request.tls.server_name}\n"
terminal: true
automatic_https:
disable: true
tls_connection_policies:
- match:
sni:
- discord-accounts-ops-api.dev.tilia-inc.com
- registration-ops-api.dev.tilia-inc.com
- invoicing-ops-api.dev.tilia-inc.com
- accounts-ops-api.dev.tilia-inc.com
- email-bouncelist.dev.tilia-inc.com
- payments-ops-api.dev.tilia-inc.com
- personas-ops-api.dev.tilia-inc.com
- registration-api.dev.tilia-inc.com
- graphql-ops-api.dev.tilia-inc.com
- wallets-ops-api.dev.tilia-inc.com
- email-service.dev.tilia-inc.com
- fraud-ops-api.dev.tilia-inc.com
- invoicing-api.dev.tilia-inc.com
- proxy-service.dev.tilia-inc.com
- accounts-api.dev.tilia-inc.com
- payments-api.dev.tilia-inc.com
- personas-api.dev.tilia-inc.com
- pii-ops-api.dev.tilia-inc.com
- wallets-api.dev.tilia-inc.com
- fraud-api.dev.tilia-inc.com
- tools-web.dev.tilia-inc.com
- pii-api.dev.tilia-inc.com
- nonce.dev.tilia-inc.com
- auth.dev.tilia-inc.com
- testsamlidp.dev.tilia-inc.com
client_authentication:
ca:
provider: "file"
pem_files:
- /certs/ca.crt
mode: verify_if_given
# mode: require_and_verify
- match:
sni:
- '*.dev.tilia-inc.com'
tls:
certificates:
load_files:
certificate: /certs/star.dev.tilia-inc.com.crt
key: /certs/star.dev.tilia-inc.com.crt.key