homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge current v2.5 into master

Browse source
This commit is contained in:
Tom Moulard 2021-12-06 17:19:29 +01:00
commit 89cd9e8ddd
No known key found for this signature in database
GPG key ID: 521ABE0C1A0DEAF6
102 changed files with 2402 additions and 1429 deletions
Download patch file Download diff file Expand all files Collapse all files

38
docs/content/middlewares/http/forwardauth.md
View file

@ -349,12 +349,16 @@ http:
### `tls`
The `tls` option is the TLS configuration from Traefik to the authentication server.
_Optional_
#### `tls.ca`
Defines the TLS configuration used for the secure connection to the authentication server.
Certificate Authority used for the secured connection to the authentication server,
defaults to the system bundle.
#### `ca`
_Optional_
`ca` is the path to the certificate authority used for the secured connection to the authentication server,
it defaults to the system bundle.
```yaml tab="Docker"
labels:
@ -417,13 +421,15 @@ http:
ca = "path/to/local.crt"
```
#### `tls.caOptional`
#### `caOptional`
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
_Optional_
The value of `caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
!!! warning ""
If `tls.ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
If `ca` is undefined, this option will be ignored, and no client certificate will be requested during the handshake. Any provided certificate will thus never be verified.
When this option is set to `true`, a client certificate is requested during the handshake but is not required. If a certificate is sent, it is required to be valid.
@ -479,9 +485,12 @@ http:
caOptional = true
```
#### `tls.cert`
#### `cert`
The public certificate used for the secure connection to the authentication server.
_Optional_
`cert` is the path to the public certificate used for the secure connection to the authentication server.
When using this option, setting the `key` option is required.
```yaml tab="Docker"
labels:
@ -554,9 +563,12 @@ http:
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
#### `tls.key`
#### `key`
The private certificate used for the secure connection to the authentication server.
_Optional_
`key` is the path to the private key used for the secure connection to the authentication server.
When using this option, setting the `cert` option is required.
```yaml tab="Docker"
labels:
@ -629,7 +641,9 @@ http:
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
#### `tls.insecureSkipVerify`
#### `insecureSkipVerify`
_Optional, Default=false_
If `insecureSkipVerify` is `true`, the TLS connection to the authentication server accepts any certificate presented by the server regardless of the hostnames it covers.