MCPcopy
hub / github.com/caddyserver/caddy / fillInGlobalACMEDefaults

Function fillInGlobalACMEDefaults

caddyconfig/httpcaddyfile/tlsapp.go:516–613  ·  view source on GitHub ↗
(issuer certmagic.Issuer, options map[string]any)

Source from the content-addressed store, hash-verified

514type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer }
515
516func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]any) error {
517 acmeWrapper, ok := issuer.(acmeCapable)
518 if !ok {
519 return nil
520 }
521 acmeIssuer := acmeWrapper.GetACMEIssuer()
522 if acmeIssuer == nil {
523 return nil
524 }
525
526 globalEmail := options["email"]
527 globalACMECA := options["acme_ca"]
528 globalACMECARoot := options["acme_ca_root"]
529 globalACMEDNS, globalACMEDNSok := options["acme_dns"] // can be set to nil (to use globally-defined "dns" value instead), but it is still set
530 globalACMEEAB := options["acme_eab"]
531 globalPreferredChains := options["preferred_chains"]
532 globalCertLifetime := options["cert_lifetime"]
533 globalHTTPPort, globalHTTPSPort := options["http_port"], options["https_port"]
534 globalDefaultBind := options["default_bind"]
535
536 if globalEmail != nil && acmeIssuer.Email == "" {
537 acmeIssuer.Email = globalEmail.(string)
538 }
539 if globalACMECA != nil && acmeIssuer.CA == "" {
540 acmeIssuer.CA = globalACMECA.(string)
541 }
542 if globalACMECARoot != nil && !slices.Contains(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) {
543 acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string))
544 }
545 if globalACMEDNSok && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil || acmeIssuer.Challenges.DNS.ProviderRaw == nil) {
546 globalDNS := options["dns"]
547 if globalDNS == nil && globalACMEDNS == nil {
548 return fmt.Errorf("acme_dns specified without DNS provider config, but no provider specified with 'dns' global option")
549 }
550 if acmeIssuer.Challenges == nil {
551 acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
552 }
553 if acmeIssuer.Challenges.DNS == nil {
554 acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
555 }
556 if globalACMEDNS != nil && acmeIssuer.Challenges.DNS.ProviderRaw == nil {
557 // Set a global DNS provider if `acme_dns` is set
558 acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(globalACMEDNS, "name", globalACMEDNS.(caddy.Module).CaddyModule().ID.Name(), nil)
559 }
560 }
561 if globalACMEEAB != nil && acmeIssuer.ExternalAccount == nil {
562 acmeIssuer.ExternalAccount = globalACMEEAB.(*acme.EAB)
563 }
564 if globalPreferredChains != nil && acmeIssuer.PreferredChains == nil {
565 acmeIssuer.PreferredChains = globalPreferredChains.(*caddytls.ChainPreference)
566 }
567 // only configure alt HTTP and TLS-ALPN ports if the DNS challenge is not enabled (wouldn't hurt, but isn't necessary since the DNS challenge is exclusive of others)
568 if globalHTTPPort != nil && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil) && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.HTTP == nil || acmeIssuer.Challenges.HTTP.AlternatePort == 0) {
569 if acmeIssuer.Challenges == nil {
570 acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
571 }
572 if acmeIssuer.Challenges.HTTP == nil {
573 acmeIssuer.Challenges.HTTP = new(caddytls.HTTPChallengeConfig)

Callers 2

buildTLSAppMethod · 0.85
newBaseAutomationPolicyFunction · 0.85

Calls 4

JSONModuleObjectFunction · 0.92
GetACMEIssuerMethod · 0.65
CaddyModuleMethod · 0.65
NameMethod · 0.45

Tested by

no test coverage detected