1. 普罗米修斯支持基本认证和TLS。这是实验性的,将来可能会改变。<br />要指定要加载的web配置文件,请使用`--web.config.file`标志。<br />该文件以YAML格式编写,由下面描述的方案定义。括号表示参数是可选的。对于非列表参数,该值设置为指定的默认值。<br />每次http请求(如配置中的任何更改)时都会读取该文件,并立即获取证书。<br />通用占位符定义如下:
    • <boolean>:可以接受trueflase的布尔值。
    • <filename>:当前工作目录的有效值。
    • <secret>:作为密钥的常规字符串,例如一个密码。
    • <string>:一个字符串。

    这里是一个有效的示例文件:

    1. tls_server_config:
    2.   # Certificate and key files for server to use to authenticate to client.
    3.   cert_file: <filename>
    4.   key_file: <filename>
    6.   # Server policy for client authentication. Maps to ClientAuth Policies.
    7.   # For more detail on clientAuth options:
    8.   # https://golang.org/pkg/crypto/tls/#ClientAuthType
    9.   [ client_auth_type: <string> | default = "NoClientCert" ]
    11.   # CA certificate for client certificate authentication to the server.
    12.   [ client_ca_file: <filename> ]
    14.   # Minimum TLS version that is acceptable.
    15.   [ min_version: <string> | default = "TLS12" ]
    17.   # Maximum TLS version that is acceptable.
    18.   [ max_version: <string> | default = "TLS13" ]
    20.   # List of supported cipher suites for TLS versions up to TLS 1.2. If empty,
    21.   # Go default cipher suites are used. Available cipher suites are documented
    22.   # in the go documentation:
    23.   # https://golang.org/pkg/crypto/tls/#pkg-constants
    24.   [ cipher_suites:
    25.     [ - <string> ] ]
    27.   # prefer_server_cipher_suites controls whether the server selects the
    28.   # client's most preferred ciphersuite, or the server's most preferred
    29.   # ciphersuite. If true then the server's preference, as expressed in
    30.   # the order of elements in cipher_suites, is used.
    31.   [ prefer_server_cipher_suites: <bool> | default = true ]
    33.   # Elliptic curves that will be used in an ECDHE handshake, in preference
    34.   # order. Available curves are documented in the go documentation:
    35.   # https://golang.org/pkg/crypto/tls/#CurveID
    36.   [ curve_preferences:
    37.     [ - <string> ] ]
    39. http_server_config:
    40.   # Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.
    41.   # This can not be changed on the fly.
    42.   [ http2: <boolean> | default = true ]
    44. # Usernames and hashed passwords that have full access to the web
    45. # server via basic authentication. If empty, no basic authentication is
    46. # required. Passwords are hashed with bcrypt.
    47. basic_auth_users:
    48.   [ <string>: <secret> ... ]