Sync docs

src/docs/markdown/caddyfile/directives/tls.md

@@ -266,6 +266,42 @@ The `http` module obtains the trusted certificates from HTTP endpoints. The `end
   - `once` allows a remote server to request renegotiation once per connection.
   - `freely` allows a remote server to repeatedly request renegotiation.
 
+### Verifiers
+
+Client certificate verifier modules are executed after validating they are issued from a trusted certificate authority, if the `trust_pool` is configured. The one verifier, currently, shipped in standard Caddy is `leaf`.
+
+#### Leaf
+
+The `leaf` verifier checks if the client certificate is one of a defined set of permitted certificates. The certificate set is loaded using [loader](https://caddyserver.com/docs/modules/tls.client_auth.verifier.leaf#leaf_certs_loaders) modules.
+
+##### Loaders
+
+Standard Caddy distribution bundles 4 loaders, 3 of them are available in Caddyfile.
+
+###### File
+
+The `file` loader loads the set of certificates from specified PEM files.
+
+```caddy-d
+... file <pem_files...>
+```
+
+###### Folder
+
+The `folder` loader recursively traverses the named directories searching for PEM files to be loaded as accepted client certificates.
+
+```caddy-d
+... folder <folders...>
+```
+
+###### PEM
+
+The `pem` loader accepts certificates inlined in the Caddyfile in PEM format.
+
+```caddy-d
+... pem <pem_strings...>
+```
+
 ### Issuers
 
 These issuers come standard with the `tls` directive:

src/docs/markdown/command-line.md

@@ -119,7 +119,7 @@ The `--flags` may have a single-letter shortcut like `-f`.
 
 Adapts a configuration to Caddy's native JSON config structure and writes the output to stdout, along with any warnings to stderr, then exits.
 
-`--config` is the path to the config file. If omitted, assumes `Caddyfile` in current directory if it exists; otherwise, this flag is required.
+`--config` is the path to the config file. If omitted, assumes `Caddyfile` in current directory if it exists; otherwise, this flag is required. If you wish to use stdin instead of a regular file, use - as the path.
 
 `--adapter` specifies the config adapter to use; default is `caddyfile`.
 
@@ -248,14 +248,15 @@ Formats or prettifies a Caddyfile, then exits. The result is printed to stdout u
 <pre><code class="cmd bash">caddy hash-password
 	[-p, --plaintext &lt;password&gt;]
 	[-a, --algorithm &lt;name&gt;]</code></pre>
+	[--bcrypt-cost &lt;cost&gt;]</code></pre>
 
 Convenient way to hash a plaintext password. The resulting hash is written to stdout as a format usable directly in your Caddy config.
 
 `--plaintext` is the plaintext form of the password. If omitted, interactive mode will be assumed and the user will be shown a prompt to enter the password manually.
 
 `--algorithm` may be `bcrypt` or any installed hash algorithm. Default is `bcrypt`.
 
-
+`--bcrypt-cost` is the hashing cost for bcrypt algorithm. Default is `14`.
 
 
 ### `caddy help`

src/docs/markdown/conventions.md

@@ -90,7 +90,7 @@ Placeholders are a similar idea to variables in other software. For example, [ng
 
 Placeholders are bounded on either side by curly braces `{ }` and contain the identifier inside, for example: `{foo.bar}`. The opening placeholder brace can be escaped `\{like.this}` to prevent replacement. Placeholder identifiers are typically namespaced with dots to avoid collisions across modules.
 
-Which placeholders are available depends on the context. Not all placeholders are available in all parts of the config. For example, [the HTTP app sets placeholders](/docs/json/apps/http/#docs) that are only available in areas of the config related to handling HTTP requests.
+Which placeholders are available depends on the context. Not all placeholders are available in all parts of the config. For example, [the HTTP app sets placeholders](/docs/json/apps/http/#docs) that are only available in areas of the config related to handling HTTP requests. When a request passes through the [`reverse_proxy` handler](/docs/json/apps/http/servers/routes/handle/reverse_proxy/#docs), the handler sets several proxy-specific placeholders. These placeholders may be referenced during proxying as well as afterwards (in `handle_response`), for example when setting response headers or enriching access logs.
 
 The following placeholders are always available (global):