MCPcopy
hub / github.com/caddyserver/caddy / Start

Method Start

modules/caddytls/tls.go:401–463  ·  view source on GitHub ↗

Start activates the TLS module.

()

Source from the content-addressed store, hash-verified

399
400// Start activates the TLS module.
401func (t *TLS) Start() error {
402 // warn if on-demand TLS is enabled but no restrictions are in place
403 if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.permission == nil) {
404 for _, ap := range t.Automation.Policies {
405 if ap.OnDemand && ap.isWildcardOrDefault() {
406 if c := t.logger.Check(zapcore.WarnLevel, "YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place"); c != nil {
407 c.Write(zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls"))
408 }
409 break
410 }
411 }
412 }
413
414 // now that we are running, and all manual certificates have
415 // been loaded, time to load the automated/managed certificates
416 err := t.Manage(t.automateNames)
417 if err != nil {
418 return fmt.Errorf("automate: managing %v: %v", t.automateNames, err)
419 }
420
421 if t.EncryptedClientHello != nil {
422 echLogger := t.logger.Named("ech")
423
424 // publish ECH configs in the background; does not need to block
425 // server startup, as it could take a while; then keep keys rotated
426 go func() {
427 // publish immediately first
428 if err := t.publishECHConfigs(echLogger); err != nil {
429 echLogger.Error("publication(s) failed", zap.Error(err))
430 }
431
432 // then every so often, rotate and publish if needed
433 // (both of these functions only do something if needed)
434 for {
435 select {
436 case <-time.After(1 * time.Hour):
437 // ensure old keys are rotated out
438 t.EncryptedClientHello.configsMu.Lock()
439 err = t.EncryptedClientHello.rotateECHKeys(t.ctx, echLogger, false)
440 t.EncryptedClientHello.configsMu.Unlock()
441 if err != nil {
442 echLogger.Error("rotating ECH configs failed", zap.Error(err))
443 continue
444 }
445 err := t.publishECHConfigs(echLogger)
446 if err != nil {
447 echLogger.Error("publication(s) failed", zap.Error(err))
448 }
449 case <-t.ctx.Done():
450 return
451 }
452 }
453 }()
454 }
455
456 if !t.DisableStorageClean {
457 // start the storage cleaner goroutine and ticker,
458 // which cleans out expired certificates and more

Callers

nothing calls this directly

Calls 9

ManageMethod · 0.95
publishECHConfigsMethod · 0.95
keepStorageCleanMethod · 0.95
isWildcardOrDefaultMethod · 0.80
rotateECHKeysMethod · 0.80
CheckMethod · 0.45
WriteMethod · 0.45
StringMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected