instance-slave-caddy-input-schema.json 14.3 KB
Newer Older
1
{
2 3
  "$schema": "http://json-schema.org/draft-04/schema",
  "properties": {
4
    "custom_domain": {
5
      "description": "Custom Domain to use for the website. Shall contain only letters, numbers and -, and can look like example.com, first2.example.com special-site.example.com.",
6 7 8 9 10
      "pattern": "^([a-zA-Z0-9]([a-zA-Z0-9\\-]{0,61}[a-zA-Z0-9])?\\.)+[a-zA-Z]{2,6}$",
      "title": "Custom Domain",
      "type": "string"
    },
    "url": {
11
      "description": "URL of the backend",
12 13 14 15 16 17
      "pattern": "^(http|https|ftp)://",
      "title": "Backend URL",
      "type": "string"
    },
    "type": {
      "default": "",
18
      "description": "Type of slave. If redirect, the slave will redirect to the given URL. If zope, the rewrite rules will be compatible with Virtual Host Monster.",
19 20 21 22 23
      "enum": [
        "",
        "zope",
        "redirect",
        "notebook",
24
        "websocket"
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
      ],
      "title": "Backend Type",
      "type": "string"
    },
    "path": {
      "default": "",
      "description": "Path to proxy to in the backend",
      "title": "type:zope Backend Path",
      "type": "string"
    },
    "enable_cache": {
      "default": "false",
      "description": "If set to true, http caching server (Apache Traffic Server) will be used between frontend Caddy and backend",
      "enum": [
        "false",
        "true"
      ],
      "title": "Enable Cache",
      "type": "string"
    },
    "https-only": {
46
      "default": "true",
47 48 49 50 51 52 53 54
      "description": "If set to true, http requests will be redirected to https",
      "enum": [
        "false",
        "true"
      ],
      "title": "HTTPS Only",
      "type": "string"
    },
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
    "default-path": {
      "default": "",
      "description": "Provide default path to redirect user to when user access / (the site root)",
      "title": "type:zope Default Path",
      "type": "string"
    },
    "disable-no-cache-request": {
      "default": "false",
      "description": "If set to true, Cache-Control and Pragma requests headers will not be sent to cache and backend servers. This prevents clients from bypassing cache when enable_cache is true",
      "enum": [
        "false",
        "true"
      ],
      "title": "enable_cache: Disable 'no-cache' requests",
      "type": "string"
    },
    "disable-via-header": {
      "default": "false",
      "description": "If set to true, Via response headers will not be sent to client",
      "enum": [
        "false",
        "true"
      ],
      "title": "enable_cache: Disable 'Via' headers from cache",
      "type": "string"
    },
    "disabled-cookie-list": {
      "default": "",
83 84
      "description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
      "title": "Disabled Cookies",
85 86 87 88 89 90 91 92 93 94 95 96 97
      "type": "string"
    },
    "enable-http2": {
      "default": "true",
      "description": "Use HTTP2 Protocol for the site",
      "enum": [
        "true",
        "false"
      ],
      "title": "Enable HTTP2 Protocol",
      "type": "string"
    },
    "https-url": {
98
      "description": "HTTPS URL of the backend if it is different from url parameter",
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
      "pattern": "^(http|https|ftp)://",
      "title": "HTTPS Backend URL",
      "type": "string"
    },
    "monitor-ipv4-test": {
      "default": "",
      "description": "IPv4 Address for the frontend keep monitoring with ping",
      "title": "IPv4 Address to Monitor Packet Lost",
      "type": "string"
    },
    "monitor-ipv6-test": {
      "default": "",
      "description": "IPv6 Address for the frontend keep monitoring with ping6 (without brackets)",
      "title": "IPv6 Address to Monitor Packet Lost",
      "type": "string"
    },
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
    "websocket-path-list": {
      "default": "",
      "description": "Space separated list of path to the websocket application. If not set the whole slave will be websocket, if set then / will be HTTP, and /<websocket-path> will be WSS. In order to have ' ' in the space use '%20'",
      "title": "type:websocket Websocket Application Path List",
      "type": "string"
    },
    "websocket-transparent": {
      "default": "true",
      "description": "If set to false, websocket slave will be without Caddy's transparent proxy mode. Depending on the application the setting shall be false or true. Defaults to true for transparent proxying.",
      "enum": [
        "false",
        "true"
      ],
      "title": "type:websocket Transparent proxy",
      "type": "string"
    },
131 132
    "prefer-gzip-encoding-to-backend": {
      "default": "false",
133
      "description": "If set to true, frontend will rewrite Accept-Encoding request header to simply 'gzip' for all variants of Accept-Encoding containing 'gzip', in order to maximize cache hits for resources cached with Vary: Accept-Encoding when enable_cache is used",
134 135 136 137
      "enum": [
        "false",
        "true"
      ],
138
      "title": "Prefer gzip Encoding for Backend",
139 140 141 142 143 144 145 146 147 148
      "type": "string"
    },
    "server-alias": {
      "default": "",
      "description": "Server Alias List separated by space",
      "title": "Server Alias",
      "type": "string"
    },
    "ssl-proxy-verify": {
      "default": "false",
149
      "description": "If set to true, Backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
150 151 152 153
      "enum": [
        "false",
        "true"
      ],
154
      "title": "Verify Backend Certificates",
155 156
      "type": "string"
    },
157 158 159 160 161 162 163 164 165 166 167 168 169
    "ssl_crt": {
      "default": "",
      "description": "Content of the SSL Certificate file. Deprecated, please use key-upload-url.",
      "textarea": true,
      "title": "[DEPRECATED] SSL Certificate",
      "type": "string"
    },
    "ssl_key": {
      "default": "",
      "description": "Content of the SSL Key file. Deprecated, please use key-upload-url.",
      "textarea": true,
      "title": "[DEPRECATED] SSL Key",
      "type": "string"
170
    },
171 172 173 174 175 176
    "ssl_ca_crt": {
      "default": "",
      "description": "Content of the CA certificate file. Deprecated, please use key-upload-url.",
      "textarea": true,
      "title": "[DEPRECATED] SSL Certificate Authority's Certificate",
      "type": "string"
177
    },
178 179
    "ssl_proxy_ca_crt": {
      "default": "",
180
      "description": "Content of the SSL Certificate Authority file of the backend (to be used with ssl-proxy-verify)",
181
      "textarea": true,
182
      "title": "SSL Backend Authority's Certificate",
183 184 185 186 187 188 189 190 191 192 193 194 195
      "type": "string"
    },
    "virtualhostroot-http-port": {
      "default": 80,
      "description": "Port where http requests to frontend will be redirected.",
      "title": "type:zope virtualhostroot-http-port",
      "type": "integer"
    },
    "virtualhostroot-https-port": {
      "default": 443,
      "description": "Port where https requests to frontend will be redirected.",
      "title": "type:zope virtualhostroot-https-port",
      "type": "integer"
196
    },
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
    "backend-connect-timeout": {
      "description": "Time in seconds for establishing connection to the backend.",
      "title": "Timeout for backend connection (seconds)",
      "type": "integer"
    },
    "backend-connect-retries": {
      "description": "Amount of retries to connect to the backend. The amount of backend-connect-timeout*backend-connect-retries seconds will be spent to connect to the backend.",
      "title": "Amount of retries to connect to the backend.",
      "type": "integer"
    },
    "request-timeout": {
      "description": "Timeout for HTTP requests.",
      "title": "HTTP Request timeout in seconds",
      "type": "integer"
    },
212 213 214 215
    "ciphers": {
      "description": "List of ciphers. Empty defaults to cluster list of ciphers, which by default are Caddy list of ciphers. See https://caddyserver.com/docs/tls for more information.",
      "title": "Ordered space separated list of ciphers",
      "type": "string"
216 217 218 219 220 221 222 223 224
    },
    "authenticate-to-backend": {
      "description": "If set to true the frontend certificate will be used as authentication certificate to the backend. Note: backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
      "enum": [
        "false",
        "true"
      ],
      "title": "Authenticate to backend",
      "type": "string"
225
    },
226 227
    "health-check": {
      "title": "Health Check",
228 229 230 231 232 233 234 235
      "description": "Enables active checks of the backend. For HTTP level checks the HTTP code shall be 2xx or 3xx, otherwise backend will be considered down.",
      "enum": [
        "false",
        "true"
      ],
      "default": "false",
      "type": "string"
    },
236 237
    "health-check-http-method": {
      "title": "Health Check HTTP Metod",
238 239 240 241 242 243 244 245 246 247
      "description": "Selects method to do the active check. CONNECT means that connection will be enough for the check, otherwise it's HTTP method.",
      "enum": [
        "GET",
        "OPTIONS",
        "POST",
        "CONNECT"
      ],
      "default": "GET",
      "type": "string"
    },
248 249
    "health-check-http-path": {
      "title": "Health Check HTTP Path",
250 251 252 253
      "description": "A path on which do the active check, unused in case of CONNECT.",
      "default": "/",
      "type": "string"
    },
254 255
    "health-check-http-version": {
      "title": "Health Check HTTP Version",
256 257 258 259 260 261 262 263
      "description": "A HTTP version to use to check the backend, unused in case of CONNECT.",
      "enum": [
        "HTTP/1.1",
        "HTTP/1.0"
      ],
      "default": "HTTP/1.1",
      "type": "string"
    },
264 265
    "health-check-timeout": {
      "title": "Health Check Timeout (seconds)",
266 267 268 269
      "description": "A timeout to for the request to be fulfilled, after connection happen.",
      "default": "2",
      "type": "integer"
    },
270 271 272
    "health-check-interval": {
      "title": "Health Check Interval (seconds)",
      "description": "An interval of health check.",
273 274 275
      "default": "5",
      "type": "integer"
    },
276 277
    "health-check-rise": {
      "title": "Health Check Rise",
278 279 280 281
      "description": "Amount of correct responses from the backend to consider it up.",
      "default": "1",
      "type": "integer"
    },
282 283
    "health-check-fall": {
      "title": "Health Check Fall",
284 285 286
      "description": "Amount of bad responses from the backend to consider it down.",
      "default": "1",
      "type": "integer"
287
    },
288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325
    "health-check-failover-url": {
      "description": "URL of the failover backend",
      "pattern": "^(http|https|ftp)://",
      "title": "Failover backend URL",
      "type": "string"
    },
    "health-check-failover-https-url": {
      "description": "HTTPS URL of the failover backend if it is different from health-check-failover-url parameter. Note: It requires https-url to be configured, as otherwise the differentiation does not make sense..",
      "pattern": "^(http|https|ftp)://",
      "title": "Failover HTTPS Backend URL",
      "type": "string"
    },
    "health-check-authenticate-to-failover-backend": {
      "description": "If set to true the frontend certificate will be used as authentication certificate to the failover backend. Note: failover backend might have to know the frontend CA, available with 'backend-client-caucase-url'.",
      "enum": [
        "false",
        "true"
      ],
      "title": "Authenticate to failover backend",
      "type": "string"
    },
    "health-check-failover-ssl-proxy-verify": {
      "default": "false",
      "description": "If set to true, failover backend SSL Certificates will be checked and frontend will refuse to proxy if certificate is invalid",
      "enum": [
        "false",
        "true"
      ],
      "title": "Verify failover backend certificates",
      "type": "string"
    },
    "health-check-failover-ssl-proxy-ca-crt": {
      "default": "",
      "description": "Content of the SSL Certificate Authority file of the failover backend (to be used with health-check-failover-ssl-proxy-verify)",
      "textarea": true,
      "title": "SSL failover backend Authority's Certificate",
      "type": "string"
    },
326 327
    "strict-transport-security": {
      "title": "Strict Transport Security",
328
      "description": "Enables Strict Transport Security (HSTS) on the slave, the default 0 results with option disabled. Setting the value enables HSTS and sets the value of max-age. More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security",
329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350
      "default": "0",
      "type": "integer"
    },
    "strict-transport-security-sub-domains": {
      "title": "Strict Transport Security Sub Domains",
      "description": "Configures Strict Transport Security for sub domains.",
      "enum": [
        "false",
        "true"
      ],
      "type": "string",
      "default": "false"
    },
    "strict-transport-security-preload": {
      "title": "Strict Transport Security Preload",
      "description": "Configures Strict Transport Security preload mechanism.",
      "enum": [
        "false",
        "true"
      ],
      "type": "string",
      "default": "false"
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370
    },
    "url-netloc-list": {
      "type": "string",
      "title": "[EXPERT] List of netlocs for \"Backend URL\"",
      "description": "Space separated list of netlocs (ip and port) of backend to connect to. They will share the scheme and path of the original URL and additional backend parameters (like \"SSL Backend Authority's Certificate\"). Each of them will be used, and at least one is enough for the connectivity to work, and the best results are with \"Health Check\" feature enabled. Port is mandatory, so hostnames shall be provided as hostname:port (eg. example.com:80), IPv4 - as ipv4:port (eg. 127.0.0.1:80), IPv6 - as ipv6:port (eg. ::1:80). Simply this parameters only overrides netloc (network location) of the original URL."
    },
    "https-url-netloc-list": {
      "type": "string",
      "title": "[EXPERT] List of netlocs for \"HTTPS Backend URL\"",
      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
    },
    "health-check-failover-url-netloc-list": {
      "type": "string",
      "title": "[EXPERT] List of netlocs for \"Failover backend URL\"",
      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
    },
    "health-check-failover-https-url-netloc-list": {
      "type": "string",
      "title": "[EXPERT] List of netlocs for \"Failover HTTPS Backend URL\"",
      "description": "See \"[EXPERT] List of netlocs for \"Backend URL\"\" description."
371 372 373 374
    }
  },
  "title": "Input Parameters",
  "type": "object"
375
}