caddy-json-types

Version:

TypeScript typings for Caddy JSON configuration. This package provides comprehensive TypeScript definitions for Caddy's JSON configuration format, enabling type safety and enhanced developer experience when working with Caddy's configuration files in Type

github.com/CafuChino/caddy-json-types

CafuChino/caddy-json-types

1,561 lines (1,457 loc) • 382 kB

TypeScript

/** * Maximum time allowed for a complete connection and request. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ export type IDuration = number; export interface ITls { use_server_identity?: boolean; client_certificate_file?: string; client_certificate_key_file?: string; root_ca_pem_files?: Array<string>; [key: string]: any; } /** * HTTPLoader can load Caddy configs over HTTP(S). * If the response is not a JSON config, a config adapter must be specified * either in the loader config (`adapter`), or in the Content-Type HTTP header * returned in the HTTP response from the server. The Content-Type header is * read just like the admin API's `/load` endpoint. Uf you don't have control * over the HTTP server (but can still trust its response), you can override * the Content-Type header by setting the `adapter` property in this config. */ export interface ICaddyconfigHttpLoader { module: "http"; /** * The method for the request. Default: GET */ method?: string; /** * The URL of the request. */ url?: string; /** * A Header represents the key-value pairs in an HTTP header. * The keys should be in canonical form, as returned by * CanonicalHeaderKey. */ header?: Record<string, Array<string>>; /** * Maximum time allowed for a complete connection and request. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ timeout?: IDuration; /** * The name of the config adapter to use, if any. Only needed * if the HTTP response is not a JSON config and if the server's * Content-Type header is missing or incorrect. */ adapter?: string; tls?: ITls; [key: string]: any; } export interface IHeavyHorstCertmagicNatsNats { module: "nats"; hosts?: string; bucket?: string; creds?: string; inbox_prefix?: string; connection_name?: string; [key: string]: any; } /** * FileStorage is a certmagic.Storage wrapper for certmagic.FileStorage. */ export interface IModulesFilestorageFileStorage { module: "file_system"; /** * The base path to the folder used for storage. */ root?: string; [key: string]: any; } /** * RedisStorage contain Redis client, and plugin option */ export interface IGamalanCaddyTlsredisRedisStorage { module: "redis"; address?: string; host?: string; port?: string; db?: number; password?: string; timeout?: number; key_prefix?: string; value_prefix?: string; aes_key?: string; tls_enabled?: boolean; tls_insecure?: boolean; [key: string]: any; } /** * A highly available storage module that integrates with HashiCorp Vault. */ export interface IGerolfVentCaddyVaultStorageVaultStorage { module: "vault"; addresses?: Array<string>; /** * Local path to read the access token from. Updates on that file will be * detected and automatically read. (As fallback the the environment * variable "VAULT_TOKEN" will be used, but it will only be read once on * startup.) */ token_path?: string; /** * Path of the KVv2 mount to use. (Default is "kv".) */ secrets_mount_path?: string; /** * Path in the KVv2 mount to use. (Default is "caddy".) */ secrets_path_prefix?: string; /** * Limit of connection retries after which to fail a request. (Default is 3.) */ max_retries?: number; /** * Timeout for locks (in seconds). (Default is 60.) */ lock_timeout?: number; /** * Interval for checking lock status (in seconds). (Default is 5.) */ lock_check_interval?: number; [key: string]: any; } /** * CaddyStorageGCS implements a caddy storage backend for Google Cloud Storage. */ export interface IGrafanaCertmagicGcsCaddyStorageGcs { module: "gcs"; /** * BucketName is the name of the storage bucket. */ "bucket-name"?: string; /** * EncryptionKeySet is the path of a json tink encryption keyset */ "encryption-key-set"?: string; [key: string]: any; } /** * Age is a key type to be used with encryption provider. This key * type uses [age](age-encryption.org) key-pair for encryption/decryption. * See more: [https://github.com/getsops/sops#encrypting-using-age](https://github.com/getsops/sops#encrypting-using-age) */ export interface IMohammed90CaddyEncryptedStorageAge { type: "age"; /** * The public key generated by `age` */ recipient?: string; identities?: Array<string>; [key: string]: any; } /** * GCPKMS uses GCPKMS (Google Cloud Platform KMS) for the encryption/decryption. * See more: [https://github.com/getsops/sops#encrypting-using-gcp-kms](https://github.com/getsops/sops#encrypting-using-gcp-kms) */ export interface IMohammed90CaddyEncryptedStorageGcpkms { type: "gcp_kms"; /** * The subject resource ID as obtained from the GCP console. */ resource_id?: string; credentials?: Record<string, any>; [key: string]: any; } export type ICaddyStorageEncryptedKey = | IMohammed90CaddyEncryptedStorageAge | IMohammed90CaddyEncryptedStorageGcpkms; /** * Local encryption provider avails in-process encryption/decryption capabilities */ export interface IMohammed90CaddyEncryptedStorageLocal { provider: "local"; keys?: Array<ICaddyStorageEncryptedKey>; [key: string]: any; } export type ICaddyStorageEncryptedProvider = IMohammed90CaddyEncryptedStorageLocal; /** * Storage is the impelementation of certmagic.Storage interface for Caddy with encryption/decryption layer * using [SOPS](https://github.com/getsops/sops). The module accepts any Caddy storage module as the backend. */ export interface IMohammed90CaddyEncryptedStorageStorage { module: "encrypted"; backend?: ICaddyStorage; encryption?: Array<ICaddyStorageEncryptedProvider>; [key: string]: any; } /** * ConsulStorage allows to store certificates and other TLS resources * in a shared cluster environment using Consul's key/value-store. * It uses distributed locks to ensure consistency. */ export interface IPteichCaddyTlsconsulConsulStorage { module: "consul"; address?: string; token?: string; timeout?: number; prefix?: string; value_prefix?: string; aes_key?: Array<number>; tls_enabled?: boolean; tls_insecure?: boolean; [key: string]: any; } /** * Storage implements certmagic.Storage to facilitate * storage of certificates in DynamoDB for a clustered environment. * Also implements certmagic.Locker to facilitate locking * and unlocking of cert data during storage */ export interface ISilinternationalCertmagicStorageDynamodbV3Storage { module: "dynamodb"; /** * Table - [required] DynamoDB table name */ table?: string; /** * AwsEndpoint - [optional] provide an override for DynamoDB service. * By default it'll use the standard production DynamoDB endpoints. * Useful for testing with a local DynamoDB instance. */ aws_endpoint?: string; /** * AwsRegion - [optional] region using DynamoDB in. * Useful for testing with a local DynamoDB instance. */ aws_region?: string; /** * AwsDisableSSL - [optional] disable SSL for DynamoDB connections. Default: false * Only useful for local testing, do not use outside of local testing. */ aws_disable_ssl?: boolean; /** * LockTimeout - [optional] how long to wait for a lock to be created. Default: 5 minutes * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ lock_timeout?: IDuration; /** * LockPollingInterval - [optional] how often to check for lock released. Default: 5 seconds * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ lock_polling_interval?: IDuration; [key: string]: any; } export interface ISs098CertmagicS3S3 { module: "s3"; host?: string; bucket?: string; access_id?: string; secret_key?: string; prefix?: string; [key: string]: any; } export type IEnvRedis = Record<string, any>; /** * A Duration represents the elapsed time between two instants * as an int64 nanosecond count. The representation limits the * largest representable duration to approximately 290 years. */ export type ITimeDuration = number; export interface IYroc92PostgresStoragePostgresStorage { module: "postgres"; /** * A Duration represents the elapsed time between two instants * as an int64 nanosecond count. The representation limits the * largest representable duration to approximately 290 years. */ query_timeout?: ITimeDuration; /** * A Duration represents the elapsed time between two instants * as an int64 nanosecond count. The representation limits the * largest representable duration to approximately 290 years. */ lock_timeout?: ITimeDuration; host?: string; port?: string; user?: string; password?: string; dbname?: string; sslmode?: string; connection_string?: string; [key: string]: any; } export interface IZhangjiayinCaddyMysqlStorageMysqlStorage { module: "mysql"; /** * A Duration represents the elapsed time between two instants * as an int64 nanosecond count. The representation limits the * largest representable duration to approximately 290 years. */ query_timeout?: ITimeDuration; /** * A Duration represents the elapsed time between two instants * as an int64 nanosecond count. The representation limits the * largest representable duration to approximately 290 years. */ lock_timeout?: ITimeDuration; dsn?: string; [key: string]: any; } export type ICaddyStorage = | IHeavyHorstCertmagicNatsNats | IModulesFilestorageFileStorage | IGamalanCaddyTlsredisRedisStorage | IGerolfVentCaddyVaultStorageVaultStorage | IGrafanaCertmagicGcsCaddyStorageGcs | IMohammed90CaddyEncryptedStorageStorage | IPteichCaddyTlsconsulConsulStorage | ISilinternationalCertmagicStorageDynamodbV3Storage | ISs098CertmagicS3S3 | IEnvRedis | IYroc92PostgresStoragePostgresStorage | IZhangjiayinCaddyMysqlStorageMysqlStorage; /** * StorageLoader is a dynamic configuration loader that reads the configuration from a Caddy storage. If * the storage is not configured, the default storage is used, which may be the file-system if none is configured * If the `key` is not configured, the default key is `config/caddy.json`. */ export interface IMohammed90CaddyStorageLoaderStorageLoader { module: "storage"; /** * StorageRaw is a storage module that defines how/where Caddy * stores assets (such as TLS certificates). The default storage * module is `caddy.storage.file_system` (the local file system), * and the default path * [depends on the OS and environment](/docs/conventions#data-directory). */ storage?: ICaddyStorage; /** * The storage key at which the configuration is to be found */ key?: string; /** * The adapter to use to convert the storage's contents to Caddy JSON. */ adapter?: string; [key: string]: any; } export type ICaddyConfigLoaders = | ICaddyconfigHttpLoader | IMohammed90CaddyStorageLoaderStorageLoader; /** * Options pertaining to configuration management. * ConfigSettings configures the management of configuration. */ export interface IConfigSettings { /** * Whether to keep a copy of the active config on disk. Default is true. * Note that "pulled" dynamic configs (using the neighboring "load" module) * are not persisted; only configs that are pushed to Caddy get persisted. */ persist?: boolean; /** * Loads a configuration to use. This is helpful if your configs are * managed elsewhere, and you want Caddy to pull its config dynamically * when it starts. The pulled config completely replaces the current * one, just like any other config load. It is an error if a pulled * config is configured to pull another config. * EXPERIMENTAL: Subject to change. */ load?: ICaddyConfigLoaders; [key: string]: any; } /** * If using an ACME CA that requires an external account * binding, specify the CA-provided credentials here. * EAB (External Account Binding) contains information * necessary to bind or map an ACME account to some * other account known by the CA. * External account bindings are "used to associate an * ACME account with an existing account in a non-ACME * system, such as a CA customer database." * "To enable ACME account binding, the CA operating the * ACME server needs to provide the ACME client with a * MAC key and a key identifier, using some mechanism * outside of ACME." §7.3.4 */ export interface IMholtAcmezV2AcmeEab { /** * "The key identifier MUST be an ASCII string." §7.3.4 */ key_id?: string; /** * "The MAC key SHOULD be provided in base64url-encoded * form, to maximize compatibility between non-ACME * provisioning systems and ACME clients." §7.3.4 */ mac_key?: string; [key: string]: any; } /** * HTTP configures the ACME HTTP challenge. This * challenge is enabled and used automatically * and by default. * HTTPChallengeConfig configures the ACME HTTP challenge. */ export interface IModulesCaddytlsHttpChallengeConfig { /** * If true, the HTTP challenge will be disabled. */ disabled?: boolean; /** * An alternate port on which to service this * challenge. Note that the HTTP challenge port is * hard-coded into the spec and cannot be changed, * so you would have to forward packets from the * standard HTTP challenge port to this one. */ alternate_port?: number; [key: string]: any; } /** * TLSALPN configures the ACME TLS-ALPN challenge. * This challenge is enabled and used automatically * and by default. * TLSALPNChallengeConfig configures the ACME TLS-ALPN challenge. */ export interface IModulesCaddytlsTlsalpnChallengeConfig { /** * If true, the TLS-ALPN challenge will be disabled. */ disabled?: boolean; /** * An alternate port on which to service this * challenge. Note that the TLS-ALPN challenge port * is hard-coded into the spec and cannot be changed, * so you would have to forward packets from the * standard TLS-ALPN challenge port to this one. */ alternate_port?: number; [key: string]: any; } export type ICloudns = Record<string, any>; /** * Provider.Configs defines a map from domain string to * DomainConfig. It uses the same structure as ACME-DNS client * JSON storage file (https://github.com/acme-dns/acme-dns-client). */ export interface ILibdnsAcmednsDomainConfig { username?: string; password?: string; subdomain?: string; fulldomain?: string; server_url?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsAcmednsProvider { name: "acmedns"; config?: Record<string, ILibdnsAcmednsDomainConfig>; /** * ACME-DNS account username as returned by ACME-DNS API /register endpoint. */ username?: string; /** * ACME-DNS account password as returned by ACME-DNS API /register endpoint. */ password?: string; /** * ACME-DNS account subdomain as returned by ACME-DNS API /register endpoint. */ subdomain?: string; /** * ACME-DNS API base URL. For example, https://auth.acme-dns.io */ server_url?: string; config_file_path?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsAcmeproxyProvider { name: "acmeproxy"; username?: string; password?: string; /** * Endpoint is the URL of the ACMEProxy server. */ endpoint?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsAlidnsProvider { name: "alidns"; /** * The API Key ID Required by Aliyun's for accessing the Aliyun's API */ access_key_id?: string; /** * The API Key Secret Required by Aliyun's for accessing the Aliyun's API */ access_key_secret?: string; /** * Optional for identifing the region of the Aliyun's Service,The default is zh-hangzhou */ region_id?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsAzureProvider { name: "azure"; /** * Subscription ID is the ID of the subscription in which the DNS zone is located. Required. */ subscription_id?: string; /** * Resource Group Name is the name of the resource group in which the DNS zone is located. Required. */ resource_group_name?: string; /** * (Optional) * Tenant ID is the ID of the tenant of the Microsoft Entra ID in which the application is located. * Required only when authenticating using a service principal with a secret. * Do not set any value to authenticate using a managed identity. */ tenant_id?: string; /** * (Optional) * Client ID is the ID of the application. * Required only when authenticating using a service principal with a secret. * Do not set any value to authenticate using a managed identity. */ client_id?: string; /** * (Optional) * Client Secret is the client secret of the application. * Required only when authenticating using a service principal with a secret. * Do not set any value to authenticate using a managed identity. */ client_secret?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsBunnyProvider { name: "bunny"; /** * AccessKey is the Bunny.net API key - see https://docs.bunny.net/reference/bunnynet-api-overview */ access_key?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsCivoProvider { name: "civo"; api_token?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsCloudflareProvider { name: "cloudflare"; /** * API token is used for authentication. Make sure to use a * scoped API **token**, NOT a global API **key**. It will * need two permissions: Zone-Zone-Read and Zone-DNS-Edit, * unless you are only using `GetRecords()`, in which case * the second can be changed to Read. */ api_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDdnssProvider { name: "ddnss"; api_token?: string; username?: string; password?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDesecProvider { name: "desec"; /** * Token is a token created on https://desec.io/tokens. A basic token without the permission * to manage tokens is sufficient. */ token?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsDigitaloceanProvider { name: "digitalocean"; /** * auth_token is the DigitalOcean API token - see https://www.digitalocean.com/docs/apis-clis/api/create-personal-access-token/ */ auth_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDinahostingProvider { name: "dinahosting"; username?: string; password?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDirectadminProvider { name: "directadmin"; /** * ServerURL should be the hostname (with port if necessary) of the DirectAdmin instance * you are trying to use */ host?: string; /** * User should be the DirectAdmin username that the Login Key is created under */ user?: string; /** * LoginKey is used for authentication * The key will need two permissions: * `CMD_API_SHOW_DOMAINS` * `CMD_API_DNS_CONTROL` * Unless you are only using `GetRecords()`, in which case `CMD_API_DNS_CONTROL` * can be omitted */ login_key?: string; /** * InsecureRequests is an optional parameter used to ignore SSL related errors on the * DirectAdmin host */ insecure_requests?: boolean; /** * Debug - can set this to stdout or stderr to dump * debugging information about the API interaction with * powerdns. This will dump your auth token in plain text * so be careful. */ debug?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsDnsmadeeasyProvider { name: "dnsmadeeasy"; api_key?: string; secret_key?: string; api_endpoint?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsDnspodProvider { name: "dnspod"; /** * auth_token is the DNSPOD API token - see https://www.dnspod.cn/docs/info.html#common-parameters */ auth_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDreamhostProvider { name: "dreamhost"; api_key?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsDuckdnsProvider { name: "duckdns"; api_token?: string; override_domain?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsDynuProvider { name: "dynu"; /** * config fields (with snake_case json struct tags on exported fields) */ api_token?: string; own_domain?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsEasydnsProvider { name: "easydns"; /** * EasyDNS API Token (required) */ api_token?: string; /** * EasyDNS API Key (required) */ api_key?: string; /** * EasyDNS API URL (defaults to https://rest.easydns.net) */ api_url?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsGandiProvider { name: "gandi"; bearer_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsGlesysProvider { name: "glesys"; project?: string; api_key?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsGodaddyProvider { name: "godaddy"; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsGoogleDomainsProvider { name: "google_domains"; access_token?: string; keep_expired_records?: boolean; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsGoogleclouddnsProvider { name: "googleclouddns"; gcp_project?: string; gcp_application_default?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by Hurricane Electric. */ export interface ICaddyDnsHeProvider { name: "he"; /** * Hurricane Electric DDNS key to use for authentication when modifying DNS records. */ api_key?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsHetznerProvider { name: "hetzner"; /** * auth_api_token is the Hetzner Auth API token - see https://dns.hetzner.com/api-docs#section/Authentication/Auth-API-Token */ auth_api_token?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsHexonetProvider { name: "hexonet"; username?: string; password?: string; /** * Debug - can set this to stdout or stderr to dump * debugging information about the API interaction with * hexonet. This will dump your auth token in plain text * so be careful. */ debug?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsHosttechProvider { name: "hosttech"; api_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsInfomaniakProvider { name: "infomaniak"; /** * infomaniak API token */ api_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by INWX. */ export interface ICaddyDnsInwxProvider { name: "inwx"; /** * Username of your INWX account. */ username?: string; /** * Password of your INWX account. */ password?: string; /** * The shared secret is used to generate a TAN if you have activated "Mobile TAN" for your INWX account. */ shared_secret?: string; /** * URL of the JSON-RPC API endpoint. It defaults to the production endpoint. */ endpoint_url?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsIonosProvider { name: "ionos"; /** * AuthAPIToken is the IONOS Auth API token - * see https://dns.ionos.com/api-docs#section/Authentication/Auth-API-Token */ auth_api_token?: string; [key: string]: any; } export type ILeaseweb = Record<string, any>; /** * LegoDeprecated is a shim module that allows any and all of the * DNS providers in go-acme/lego to be used with Caddy. They must * be configured via environment variables, they do not support * cancellation in the case of frequent config changes. * Even though this module is in the dns.providers namespace, it * is only a special case for solving ACME challenges, intended to * replace the modules that used to be in the now-defunct tls.dns * namespace. Using it in other places of the Caddy config will * result in errors. * This module will eventually go away in favor of the modules that * make use of the libdns APIs: https://github.com/libdns */ export interface ICaddyDnsLegoDeprecatedLegoDeprecated { name: "lego_deprecated"; provider_name?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsLinodeProvider { name: "linode"; /** * APIToken is the Linode Personal Access Token, see https://cloud.linode.com/profile/tokens. */ api_token?: string; /** * APIURL is the Linode API hostname, i.e. "api.linode.com". */ api_url?: string; /** * APIVersion is the Linode API version, i.e. "v4". */ api_version?: string; [key: string]: any; } export interface ICaddyDnsLoopiaProvider { name: "loopia"; username?: string; password?: string; customer?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsMailinaboxProvider { name: "mailinabox"; /** * APIURL is the URL provided by the mailinabox admin interface, found * on your box here: https://box.[your-domain.com]/admin#custom_dns * https://box.[your-domain.com]/admin/dns/custom */ api_url?: string; /** * EmailAddress of an admin account. * It's recommended that a dedicated account * be created especially for managing DNS. */ email_address?: string; /** * Password of the admin account that corresponds to the email. */ password?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsMetanameProvider { name: "metaname"; api_key?: string; account_reference?: string; endpoint?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsNamecheapProvider { name: "namecheap"; /** * APIKey is your namecheap API key. * See: https://www.namecheap.com/support/api/intro/ * for more details. */ api_key?: string; /** * User is your namecheap API user. This can be the same as your username. */ user?: string; /** * APIEndpoint to use. If testing, you can use the "sandbox" endpoint * instead of the production one. */ api_endpoint?: string; /** * ClientIP is the IP address of the requesting client. * If this is not set, a discovery service will be * used to determine the public ip of the machine. * You must first whitelist your IP in the namecheap console * before using the API. */ client_ip?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsNamedotcomProvider { name: "namedotcom"; api_token?: string; user?: string; server?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsNamesiloProvider { name: "namesilo"; api_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsNetcupProvider { name: "netcup"; customer_number?: string; api_key?: string; api_password?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsNetlifyProvider { name: "netlify"; /** * Personal Access Token is required to Authenticate * yourself to Netlify's API */ personal_access_token?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsNjallaProvider { name: "njalla"; api_token?: string; [key: string]: any; } /** * AuthOpenStack contains credentials for OpenStack Designate. */ export interface ILibdnsOpenstackDesignateAuthOpenStack { region_name?: string; tenant_id?: string; identity_api_version?: string; password?: string; auth_url?: string; username?: string; tenant_name?: string; endpoint_type?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsOpenstackDesignateProvider { name: "openstack-designate"; auth_open_stack?: ILibdnsOpenstackDesignateAuthOpenStack; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsOvhProvider { name: "ovh"; endpoint?: string; application_key?: string; application_secret?: string; consumer_key?: string; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsPorkbunProvider { name: "porkbun"; api_key?: string; api_secret_key?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsPowerdnsProvider { name: "powerdns"; /** * ServerURL is the location of the pdns server. */ server_url?: string; /** * ServerID is the id of the server. localhost will be used * if this is omitted. */ server_id?: string; /** * APIToken is the auth token. */ api_token?: string; /** * Debug - can set this to stdout or stderr to dump * debugging information about the API interaction with * powerdns. This will dump your auth token in plain text * so be careful. */ debug?: string; [key: string]: any; } export interface ICaddyDnsRfc2136Provider { name: "rfc2136"; key_name?: string; key_alg?: string; key?: string; server?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsRoute53Provider { name: "route53"; max_retries?: number; [key: string]: any; } /** * Provider lets Caddy read and manipulate DNS records hosted by this DNS provider. */ export interface ICaddyDnsScalewayProvider { name: "scaleway"; secret_key?: string; organization_id?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsTencentcloudProvider { name: "tencentcloud"; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsVercelProvider { name: "vercel"; /** * AuthAPIToken is the Vercel Authentication Token - see https://vercel.com/docs/api#api-basics/authentication */ auth_api_token?: string; [key: string]: any; } /** * Provider wraps the provider implementation as a Caddy module. */ export interface ICaddyDnsVultrProvider { name: "vultr"; /** * auth_token is the Vultr API token * see https://my.vultr.com/settings/#settingsapi */ auth_token?: string; [key: string]: any; } export type IDnsProviders = | ICloudns | ICaddyDnsAcmednsProvider | ICaddyDnsAcmeproxyProvider | ICaddyDnsAlidnsProvider | ICaddyDnsAzureProvider | ICaddyDnsBunnyProvider | ICaddyDnsCivoProvider | ICaddyDnsCloudflareProvider | ICaddyDnsDdnssProvider | ICaddyDnsDesecProvider | ICaddyDnsDigitaloceanProvider | ICaddyDnsDinahostingProvider | ICaddyDnsDirectadminProvider | ICaddyDnsDnsmadeeasyProvider | ICaddyDnsDnspodProvider | ICaddyDnsDreamhostProvider | ICaddyDnsDuckdnsProvider | ICaddyDnsDynuProvider | ICaddyDnsEasydnsProvider | ICaddyDnsGandiProvider | ICaddyDnsGlesysProvider | ICaddyDnsGodaddyProvider | ICaddyDnsGoogleDomainsProvider | ICaddyDnsGoogleclouddnsProvider | ICaddyDnsHeProvider | ICaddyDnsHetznerProvider | ICaddyDnsHexonetProvider | ICaddyDnsHosttechProvider | ICaddyDnsInfomaniakProvider | ICaddyDnsInwxProvider | ICaddyDnsIonosProvider | ILeaseweb | ICaddyDnsLegoDeprecatedLegoDeprecated | ICaddyDnsLinodeProvider | ICaddyDnsLoopiaProvider | ICaddyDnsMailinaboxProvider | ICaddyDnsMetanameProvider | ICaddyDnsNamecheapProvider | ICaddyDnsNamedotcomProvider | ICaddyDnsNamesiloProvider | ICaddyDnsNetcupProvider | ICaddyDnsNetlifyProvider | ICaddyDnsNjallaProvider | ICaddyDnsOpenstackDesignateProvider | ICaddyDnsOvhProvider | ICaddyDnsPorkbunProvider | ICaddyDnsPowerdnsProvider | ICaddyDnsRfc2136Provider | ICaddyDnsRoute53Provider | ICaddyDnsScalewayProvider | ICaddyDnsTencentcloudProvider | ICaddyDnsVercelProvider | ICaddyDnsVultrProvider; /** * Configures the ACME DNS challenge. Because this * challenge typically requires credentials for * interfacing with a DNS provider, this challenge is * not enabled by default. This is the only challenge * type which does not require a direct connection * to Caddy from an external server. * NOTE: DNS providers are currently being upgraded, * and this API is subject to change, but should be * stabilized soon. * DNSChallengeConfig configures the ACME DNS challenge. * NOTE: This API is still experimental and is subject to change. */ export interface IModulesCaddytlsDnsChallengeConfig { /** * The DNS provider module to use which will manage * the DNS records relevant to the ACME challenge. * Required. */ provider?: IDnsProviders; /** * The TTL of the TXT record used for the DNS challenge. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ ttl?: IDuration; /** * How long to wait before starting propagation checks. * Default: 0 (no wait). * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ propagation_delay?: IDuration; /** * Maximum time to wait for temporary DNS record to appear. * Set to -1 to disable propagation checks. * Default: 2 minutes. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ propagation_timeout?: IDuration; resolvers?: Array<string>; /** * Override the domain to use for the DNS challenge. This * is to delegate the challenge to a different domain, * e.g. one that updates faster or one with a provider API. */ override_domain?: string; [key: string]: any; } /** * Configures the various ACME challenge types. * ChallengesConfig configures the ACME challenges. */ export interface IModulesCaddytlsChallengesConfig { http?: IModulesCaddytlsHttpChallengeConfig; "tls-alpn"?: IModulesCaddytlsTlsalpnChallengeConfig; dns?: IModulesCaddytlsDnsChallengeConfig; /** * Optionally customize the host to which a listener * is bound if required for solving a challenge. */ bind_host?: string; [key: string]: any; } /** * Preferences for selecting alternate certificate chains, if offered * by the CA. By default, the first offered chain will be selected. * If configured, the chains may be sorted and the first matching chain * will be selected. * ChainPreference describes the client's preferred certificate chain, * useful if the CA offers alternate chains. The first matching chain * will be selected. */ export interface IModulesCaddytlsChainPreference { /** * Prefer chains with the fewest number of bytes. */ smallest?: boolean; root_common_name?: Array<string>; any_common_name?: Array<string>; [key: string]: any; } /** * ACMEIssuer manages certificates using the ACME protocol (RFC 8555). */ export interface IModulesCaddytlsAcmeIssuer { module: "acme"; /** * The URL to the CA's ACME directory endpoint. Default: * https://acme-v02.api.letsencrypt.org/directory */ ca?: string; /** * The URL to the test CA's ACME directory endpoint. * This endpoint is only used during retries if there * is a failure using the primary CA. Default: * https://acme-staging-v02.api.letsencrypt.org/directory */ test_ca?: string; /** * Your email address, so the CA can contact you if necessary. * Not required, but strongly recommended to provide one so * you can be reached if there is a problem. Your email is * not sent to any Caddy mothership or used for any purpose * other than ACME transactions. */ email?: string; /** * If you have an existing account with the ACME server, put * the private key here in PEM format. The ACME client will * look up your account information with this key first before * trying to create a new one. You can use placeholders here, * for example if you have it in an environment variable. */ account_key?: string; external_account?: IMholtAcmezV2AcmeEab; /** * Time to wait before timing out an ACME operation. * Default: 0 (no timeout) * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ acme_timeout?: IDuration; challenges?: IModulesCaddytlsChallengesConfig; trusted_roots_pem_files?: Array<string>; preferred_chains?: IModulesCaddytlsChainPreference; /** * The validity period to ask the CA to issue a certificate for. * Default: 0 (CA chooses lifetime). * This value is used to compute the "notAfter" field of the ACME order; * therefore the system must have a reasonably synchronized clock. * NOTE: Not all CAs support this. Check with your CA's ACME * documentation to see if this is allowed and what values may * be used. EXPERIMENTAL: Subject to change. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ certificate_lifetime?: IDuration; [key: string]: any; } /** * InternalIssuer is a certificate issuer that generates * certificates internally using a locally-configured * CA which can be customized using the `pki` app. */ export interface IModulesCaddytlsInternalIssuer { module: "internal"; /** * The ID of the CA to use for signing. The default * CA ID is "local". The CA can be configured with the * `pki` app. */ ca?: string; /** * The validity period of certificates. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ lifetime?: IDuration; /** * If true, the root will be the issuer instead of * the intermediate. This is NOT recommended and should * only be used when devices/clients do not properly * validate certificate chains. */ sign_with_root?: boolean; [key: string]: any; } /** * ZeroSSLIssuer uses the ZeroSSL API to get certificates. * Note that this is distinct from ZeroSSL's ACME endpoint. * To use ZeroSSL's ACME endpoint, use the ACMEIssuer * configured with ZeroSSL's ACME directory endpoint. */ export interface IModulesCaddytlsZeroSslIssuer { module: "zerossl"; /** * The API key (or "access key") for using the ZeroSSL API. * REQUIRED. */ api_key?: string; /** * How many days the certificate should be valid for. * Only certain values are accepted; see ZeroSSL docs. */ validity_days?: number; /** * The host to bind to when opening a listener for * verifying domain names (or IPs). */ listen_host?: string; /** * If HTTP is forwarded from port 80, specify the * forwarded port here. */ alternate_http_port?: number; cname_validation?: IModulesCaddytlsDnsChallengeConfig; [key: string]: any; } /** * CertSrvIssuer can request certificates from a * Microsoft Active Directory Certificate Services instance */ export interface IDavidventuraCaddyCertsrvCertSrvIssuer { module: "certsrv"; certsrv_url?: string; realm?: string; username?: string; password?: string; keytab_path?: string; [key: string]: any; } export type ITlsIssuance = | IModulesCaddytlsAcmeIssuer | IModulesCaddytlsInternalIssuer | IModulesCaddytlsZeroSslIssuer | IDavidventuraCaddyCertsrvCertSrvIssuer; /** * Options that establish this server's identity. Identity refers to * credentials which can be used to uniquely identify and authenticate * this server instance. This is required if remote administration is * enabled (but does not require remote administration to be enabled). * Default: no identity management. * IdentityConfig configures management of this server's identity. An identity * consists of credentials that uniquely verify this instance; for example, * TLS certificates (public + private key pairs). */ export interface IIdentityConfig { identifiers?: Array<string>; issuers?: Array<ITlsIssuance>; [key: string]: any; } /** * Limits what the associated identities are allowed to do. * If unspecified, all permissions are granted. * AdminPermissions specifies what kinds of requests are allowed * to be made to the admin endpoint. */ export interface IAdminPermissions { paths?: Array<string>; methods?: Array<string>; [key: string]: any; } /** * List of access controls for this secure admin endpoint. * This configures TLS mutual authentication (i.e. authorized * client certificates), but also application-layer permissions * like which paths and methods each identity is authorized for. * AdminAccess specifies what permissions an identity or group * of identities are granted. */ export interface IAdminAccess { public_keys?: Array<string>; permissions?: Array<IAdminPermissions>; [key: string]: any; } /** * Options pertaining to remote administration. By default, remote * administration is disabled. If enabled, identity management must * also be configured, as that is how the endpoint is secured. * See the neighboring "identity" object. * EXPERIMENTAL: This feature is subject to change. * RemoteAdmin enables and configures remote administration. If enabled, * a secure listener enforcing mutual TLS authentication will be started * on a different port from the standard plaintext admin server. * This endpoint is secured using identity management, which must be * configured separately (because identity management does not depend * on remote administration). See the admin/identity config struct. * EXPERIMENTAL: Subject to change. */ export interface IRemoteAdmin { /** * The address on which to start the secure listener. * Default: :2021 */ listen?: string; access_control?: Array<IAdminAccess>; [key: string]: any; } /** * AdminConfig configures Caddy's API endpoint, which is used * to manage Caddy while it is running. */ export interface IAdminConfig { /** * If true, the admin endpoint will be completely disabled. * Note that this makes any runtime changes to the config * impossible, since the interface to do so is through the * admin endpoint. */ disabled?: boolean; /** * The address to which the admin endpoint's listener should * bind itself. Can be any single network address that can be * parsed by Caddy. Default: localhost:2019 */ listen?: string; /** * If true, CORS headers will be emitted, and requests to the * API will be rejected if their `Host` and `Origin` headers * do not match the expected value(s). Use `origins` to * customize which origins/hosts are allowed. If `origins` is * not set, the listen address is the only value allowed by * default. Enforced only on local (plaintext) endpoint. */ enforce_origin?: boolean; origins?: Array<string>; config?: IConfigSettings; identity?: IIdentityConfig; remote?: IRemoteAdmin; [key: string]: any; } /** * DiscardWriter discards all writes. */ export interface IDiscardWriter { output: "discard"; [key: string]: any; } /** * StderrWriter writes logs to standard error. */ export interface IStderrWriter { output: "stderr"; [key: string]: any; } /** * StdoutWriter writes logs to standard out. */ export interface IStdoutWriter { output: "stdout"; [key: string]: any; } /** * FileWriter can write logs to files. By default, log files * are rotated ("rolled") when they get large, and old log * files get deleted, to ensure that the process does not * exhaust disk space. */ export interface IModulesLoggingFileWriter { output: "file"; /** * Filename is the name of the file to write. */ filename?: string; /** * Roll toggles log rolling or rotation, which is * enabled by default. */ roll?: boolean; /** * When a log file reaches approximately this size, * it will be rotated. */ roll_size_mb?: number; /** * Whether to compress rolled files. Default: true */ roll_gzip?: boolean; /** * Whether to use local timestamps in rolled filenames. * Default: false */ roll_local_time?: boolean; /** * The maximum number of rolled log files to keep. * Default: 10 */ roll_keep?: number; /** * How many days to keep rolled log files. Default: 90 */ roll_keep_days?: number; [key: string]: any; } /** * NetWriter implements a log writer that outputs to a network socket. If * the socket goes down, it will dump logs to stderr while it attempts to * reconnect. */ export interface IModulesLoggingNetWriter { output: "net"; /** * The address of the network socket to which to connect. */ address?: string; /** * The timeout to wait while connecting to the socket. * Duration can be an integer or a string. An integer is * interpreted as nanoseconds. If a string, it is a Go * time.Duration value such as `300ms`, `1.5h`, or `2h45m`; * valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. */ dial_timeout?: IDuration; /** * If enabled, allow connections errors when first opening the * writer. The error and subsequent log entries will be reported * to stderr instead until a connection can be re-established. */ soft_start?: boolean; [key: string]: any; } export interface INeodymeLabsInfluxLogInfluxLog { output: "influx_log"; host?: string; token?: string; org?: string; bucket?: string; measurement?: string; tags?: Record<string, string>; [key: string]: any; } /** * Writer is a influxdb client to write time series data */ export interface ISillygodCdpCacheExtendsInfluxlogWriter { output: "influxlog"; [key: string]: any; } /** * GraphiteLog is a Caddy logger used to send server activity to a Graphite * database. * Templating is available as follow : * .Level * .Date * .Logger * .Msg * .Request * .RemoteIP * .RemotePort * .ClientIP * .Proto * .Method * .Host * .URI * .Headers * .BytesRead * .UserID * .Duration * .Size * .Status * .RespHeaders map[string][]string * .DirName * .FileName */ export interface IYbizeulCaddyLoggerGraphiteGraphiteLog { output: "graphite"; /** * IP address or host name of the graphite server */ server?: string; /** * Port number to be used (usually 2003) */ port?: number