FR: (b)lock options from changing #727
Description
Hi a feature idea,
Caddy at final want a whole caddyfile and this plugin delivers greatly and automatic the complete caddy file, thanks for the great addon. This is super in a docker environment that is consolidated, but when i want to share the docker environment with more people, they could overwrite parameters with the caddy labels. Fine for apps or services, but for global/admin options it would not be helpful
For example i can have one container with:
{email: [email protected]}
and another with:
{email: [email protected]}
It would be handy to harden this a bit, not for security, but also for ease of use.
Would another of my companion copy something from the internet with the label: "caddy_email: [email protected]" then it should be ignored, if desired by the admin.
So could there be an implementation feature to lock the global admin options. This way they would not be overwrite-able.
This could be implemented on distinct manners,
- by a lock file, having a json/caddyfile of params not writable except the main caddyfile..
- A environment variable that disables a set of parameters like email/logging from being defined in labels but only by caddyfile.
- Load orders, the caddy-controller container its labels and/or caddy file is loaded last(overwriting the labels if the would exists in other containers with the same labelname), could also be set with a variable
I hope its a small implementation.
Continue the great work. I enjoy the plugin.
Kind regards,