manageIdentity sets up automated identity management for this server.
(ctx Context, cfg *Config)
| 459 | |
| 460 | // manageIdentity sets up automated identity management for this server. |
| 461 | func manageIdentity(ctx Context, cfg *Config) error { |
| 462 | if cfg == nil || cfg.Admin == nil || cfg.Admin.Identity == nil { |
| 463 | return nil |
| 464 | } |
| 465 | |
| 466 | // set default issuers; this is pretty hacky because we can't |
| 467 | // import the caddytls package -- but it works |
| 468 | if cfg.Admin.Identity.IssuersRaw == nil { |
| 469 | cfg.Admin.Identity.IssuersRaw = []json.RawMessage{ |
| 470 | json.RawMessage(`{"module": "acme"}`), |
| 471 | } |
| 472 | } |
| 473 | |
| 474 | // load and provision issuer modules |
| 475 | if cfg.Admin.Identity.IssuersRaw != nil { |
| 476 | val, err := ctx.LoadModule(cfg.Admin.Identity, "IssuersRaw") |
| 477 | if err != nil { |
| 478 | return fmt.Errorf("loading identity issuer modules: %s", err) |
| 479 | } |
| 480 | for _, issVal := range val.([]any) { |
| 481 | cfg.Admin.Identity.issuers = append(cfg.Admin.Identity.issuers, issVal.(certmagic.Issuer)) |
| 482 | } |
| 483 | } |
| 484 | |
| 485 | // we'll make a new cache when we make the CertMagic config, so stop any previous cache |
| 486 | if identityCertCache != nil { |
| 487 | identityCertCache.Stop() |
| 488 | } |
| 489 | |
| 490 | logger := Log().Named("admin.identity") |
| 491 | cmCfg := cfg.Admin.Identity.certmagicConfig(logger, true) |
| 492 | |
| 493 | // issuers have circular dependencies with the configs because, |
| 494 | // as explained in the caddytls package, they need access to the |
| 495 | // correct storage and cache to solve ACME challenges |
| 496 | for _, issuer := range cfg.Admin.Identity.issuers { |
| 497 | // avoid import cycle with caddytls package, so manually duplicate the interface here, yuck |
| 498 | if annoying, ok := issuer.(interface{ SetConfig(cfg *certmagic.Config) }); ok { |
| 499 | annoying.SetConfig(cmCfg) |
| 500 | } |
| 501 | } |
| 502 | |
| 503 | // obtain and renew server identity certificate(s) |
| 504 | return cmCfg.ManageAsync(ctx, cfg.Admin.Identity.Identifiers) |
| 505 | } |
| 506 | |
| 507 | // replaceRemoteAdminServer replaces the running remote admin server |
| 508 | // according to the relevant configuration in cfg. It stops any previous |