From c136674136ad65487ea3295ab06759df2f6545f0 Mon Sep 17 00:00:00 2001
From: Ming Di Leom <2809763-curben@users.noreply.gitlab.com>
Date: Tue, 16 Feb 2021 00:55:12 +0000
Subject: [PATCH] post(caddy-v2): tls client auth

---
 source/_posts/caddy-upgrade-v2-proxy.md | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/source/_posts/caddy-upgrade-v2-proxy.md b/source/_posts/caddy-upgrade-v2-proxy.md
index 76e687b..9d355b2 100644
--- a/source/_posts/caddy-upgrade-v2-proxy.md
+++ b/source/_posts/caddy-upgrade-v2-proxy.md
@@ -1,8 +1,8 @@
 ---
 title: Upgrading Caddy reverse proxy from v1 to v2 syntax
-excerpt: route, strip_prefix, rewrite
+excerpt: route, strip_prefix, rewrite, reverse_proxy
 date: 2020-05-23
-updated: 2020-06-21
+updated: 2021-02-16
 tags:
 - server
 - caddy
@@ -10,6 +10,8 @@ tags:
 
 Caddy v2 brought many major changes, particularly to the Caddyfile syntax. This [site](https://mdleom.com/) is powered by the reverse proxy feature of Caddy, so I need to make sure everything works before I finally upgrade. While v2 has been released for more than 2 weeks by now (after months of beta testing), I only managed get my feet wet last weekend, even though I should've done it during the beta releases. After testing v2 on a local server (plus some forum posts), I would say it is _mostly_ working. While v2.0 has reached feature parity with v1, Caddyfile has not; there are two TLS/HTTPS options that are not yet supported in Caddyfile (see [#3219](https://github.com/caddyserver/caddy/issues/3219), [#3334](https://github.com/caddyserver/caddy/issues/3334); planned to be released in v2.1). So, if you don't need HTTPS--like my {% post_link tor-hidden-onion-nixos 'Tor' %} and {% post_link i2p-eepsite-nixos 'I2P' %} proxies--it should be safe to upgrade.
 
+Edit (16 Feb 2021): v2.1 implemented #3219 and #3334, I've updated this post accordingly.
+
 ## proxy to reverse_proxy
 
 `proxy` directive is updated to `reverse_proxy`.
@@ -222,7 +224,7 @@ In v2, Caddy automatically listens on HTTP (port 80) and redirects to HTTPS, whe
 
 In v2.0, this can only be disabled in [JSON](https://caddyserver.com/docs/json/apps/http/servers/#automatic_https/disable_redirects).
 
-v2.1 supports configuring Automatic HTTPS in Caddyfile using `auto https` global option:
+v2.1 supports configuring Automatic HTTPS in Caddyfile using [`auto_https`](https://caddyserver.com/docs/caddyfile/options#auto-https) global option:
 
 ``` plain Caddyfile
 {
@@ -236,9 +238,17 @@ Client authentication adds another step to TLS connection process whereby a clie
 
 In v2.0, this can only be disabled in [JSON](https://caddyserver.com/docs/json/apps/http/servers/tls_connection_policies/#client_authentication).
 
-v2.1 supports configuring client authentication in Caddyfile using `clients` directive in tls option:
+v2.1 supports configuring client authentication in Caddyfile using `client_auth` option in [`tls`](https://caddyserver.com/docs/caddyfile/directives/tls) directive:
 
-``` plain Caddyfile
+``` plain v1.0
+example.com {
+  tls cert.pem cert.key {
+    clients origin-pull-ca.pem
+  }
+}
+```
+
+``` plain v2.1
 example.com {
   tls cert.pem cert.key {
     client_auth {