Module: Otto::CaddyTLS
- Defined in:
- lib/otto/caddy_tls/core.rb,
lib/otto/caddy_tls/server.rb,
lib/otto/caddy_tls/localhost_guard.rb
Overview
Otto::CaddyTLS is a modular, opt-in integration for Caddy’s on-demand TLS
permission endpoint — the HTTP question Caddy asks a backend before it
obtains or loads a certificate on demand: “may I serve TLS for this host?”.
The contract is a single GET endpoint with +?domain=
on_demand_tls { permission http { endpoint http://127.0.0.1:PORT/_caddy/tls-permission } } # legacy / deprecated, same endpoint: on_demand_tls { ask http://127.0.0.1:PORT/_caddy/tls-permission }
Otto owns all the HTTP ceremony (routing, localhost-only guard, blank-domain handling, fail-closed decision, response semantics). The app owns exactly one thing — the domain decision — supplied as a block to +enable_caddy_tls!+.
It is structured like Otto::MCP: a self-contained, top-level namespace loaded eagerly but inert until +enable_caddy_tls!+ is called, rather than an always-on concern like Otto::Security / Otto::Privacy. Each such integration gets its own feature-named home (cf. Otto::MCP, Otto::Security::CSP) — Otto deliberately has no generic “services” bucket; genuinely shared mechanism (e.g. the +:outermost+ middleware position) lives in Otto::Core instead.
Defined Under Namespace
Modules: Core Classes: LocalhostGuard, PermissionHandler, Server