このページは、まだ日本語ではご利用いただけません。翻訳中です。
構成
このプラグインはDBレスモードに対応しています。
互換性のあるプロトコル
ACMEプラグインは以下のプロトコルに対応しています:
grpc
, grpcs
, http
, https
パラメータ
このプラグインの設定で使用できるすべてのパラメータのリストは次のとおりです。
-
string required
プラグイン名。この場合は
acme
。- Kong Admin API、Kong Konnect API、宣言型構成、または decK ファイルを使用する場合、フィールドは
name
です。 - Kubernetes で KongPlugin オブジェクトを使用する場合、フィールドは
plugin
です。
- Kong Admin API、Kong Konnect API、宣言型構成、または decK ファイルを使用する場合、フィールドは
-
string
プラグインのインスタンスを識別するための任意のカスタム名 (例:
acme_my-service
。インスタンス名はKong ManagerとKonnectに表示されるので、 例えば複数のサービスで同じプラグインを複数のコンテキストで実行する場合に便利です。また、Kong Admin API経由で特定のプラグインインスタンスに アクセスするためにも使用できます。
インスタンス名は、次のコンテキスト内で一意である必要があります。
- Kong Gateway Enterpriseのワークスペース内
- Konnectのコントロールプレーン(CP)またはコントロールプレーン(CP)グループ内
- Kong Gateway (OSS)の全世界
-
boolean default:
true
このプラグインが適用されるかどうか。
-
record required
-
string required referenceable encrypted matches:
%w*%p*@+%w*%.?%w*
The account identifier. Can be reused in a different plugin instance.
-
record
-
string default:
https://acme-v02.api.letsencrypt.org/directory
A string representing a URL, such as https://example.com/path/to/resource?q=search.
-
boolean default:
false
If you are using Let’s Encrypt, you must set this to
true
to agree the terms of service.
-
string referenceable encrypted
External account binding (EAB) key id. You usually don’t need to set this unless it is explicitly required by the CA.
-
string referenceable encrypted
External account binding (EAB) base64-encoded URL string of the HMAC key. You usually don’t need to set this unless it is explicitly required by the CA.
-
string default:
rsa
Must be one of:rsa
,ecc
The certificate type to create. The possible values are
rsa
for RSA certificate orecc
for EC certificate.
-
number default:
4096
Must be one of:2048
,3072
,4096
RSA private key size for the certificate. The possible values are 2048, 3072, or 4096.
-
number default:
14
Days remaining to renew the certificate before it expires.
-
array of type
string
An array of strings representing hosts. A valid host is a string containing one or more labels separated by periods, with at most one wildcard label (‘*’)
-
boolean default:
false
If set to
true
, the plugin allows all domains and ignores any values in thedomains
list.
-
number default:
5
Minutes to wait for each domain that fails to create a certificate. This applies to both a new certificate and a renewal certificate.
-
string default:
shm
Must be one of:kong
,shm
,redis
,consul
,vault
The backend storage type to use. In DB-less mode and Konnect,
kong
storage is unavailable. In hybrid mode and Konnect,shm
storage is unavailable.shm
storage does not persist during Kong restarts and does not work for Kong running on different machines, so consider using one ofkong
,redis
,consul
, orvault
in production.
-
record required
-
record required
-
record required
-
record required
-
string
A string representing a host name, such as example.com.
-
integer default:
6379
between:0
65535
An integer representing a port number between 0 and 65535, inclusive.
-
integer default:
2000
between:0
2147483646
An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
-
string referenceable
Username to use for Redis connections. If undefined, ACL authentication won’t be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default
.
-
string referenceable encrypted len_min:
0
Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
-
integer default:
0
Database to use for the Redis connection when using the
redis
strategy
-
boolean default:
false
If set to true, uses SSL to connect to Redis.
-
boolean default:
false
If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificate
inkong.conf
to specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depth
accordingly.
-
string
A string representing an SNI (server name indication) value for TLS.
-
record required
-
-
record required
-
boolean default:
false
Boolean representation of https.
-
string
A string representing a host name, such as example.com.
-
integer between:
0
65535
An integer representing a port number between 0 and 65535, inclusive.
-
string
KV prefix path.
-
number
Timeout in milliseconds.
-
string referenceable
Consul ACL token.
-
-
record required
-
boolean default:
false
Boolean representation of https.
-
string
A string representing a host name, such as example.com.
-
integer between:
0
65535
An integer representing a port number between 0 and 65535, inclusive.
-
string
KV prefix path.
-
number
Timeout in milliseconds.
-
string referenceable
Consul ACL token.
-
boolean default:
true
Turn on TLS verification.
-
string
SNI used in request, default to host if omitted.
-
string default:
token
Must be one of:token
,kubernetes
Auth Method, default to token, can be ‘token’ or ‘kubernetes’.
-
string
Vault’s authentication path to use.
-
string
The role to try and assign.
-
string
The path to the JWT.
-
-
-
string
A string value that specifies the preferred certificate chain to use when generating certificates.
-
boolean default:
true
A boolean value that controls whether to include the IPv4 address in the common name field of generated certificates.
-