Module: Otto::CaddyTLS::Core

Included in:
Otto
Defined in:
lib/otto/caddy_tls/core.rb

Overview

Public API mixin included into the Otto class. Mirrors Otto::MCP::Core.

Instance Method Summary collapse

Instance Method Details

#caddy_tls_enabled?Boolean

Returns whether the Caddy on-demand TLS endpoint is enabled.

Returns:

  • (Boolean)

    whether the Caddy on-demand TLS endpoint is enabled



69
70
71
# File 'lib/otto/caddy_tls/core.rb', line 69

def caddy_tls_enabled?
  @caddy_tls_server&.enabled? || false
end

#enable_caddy_tls!(endpoint: '/_caddy/tls-permission', localhost_only: true) {|domain| ... } ⇒ self

Enable the Caddy on-demand TLS permission endpoint.

Registers a GET endpoint that answers Caddy’s on-demand certificate question. The block you pass is the ONLY application coupling point: it receives the requested domain and returns truthy to allow a certificate (HTTP 200) or falsy to deny (HTTP 403). Any exception raised inside the block is caught and treated as a denial (fail-closed).

Examples:

otto = Otto.new('routes.txt')
otto.enable_caddy_tls! do |domain|
  MyApp::CustomDomain.verified?(domain)
end

Parameters:

  • endpoint (String) (defaults to: '/_caddy/tls-permission')

    path to serve (default ‘/_caddy/tls-permission’)

  • localhost_only (Boolean) (defaults to: true)

    install the loopback-only guard (default true). Passing false removes the only built-in access control — do so only when the endpoint is isolated at the network layer; a warning is logged when disabled.

Yield Parameters:

  • domain (String)

    the domain Caddy is asking about

Yield Returns:

  • (Boolean)

    truthy to allow (200), falsy to deny (403)

Returns:

  • (self)

Raises:

  • (ArgumentError)

    if no permission block is given (no allow-all default)

  • (FrozenError)

    if called after configuration is frozen



57
58
59
60
61
62
63
64
65
66
# File 'lib/otto/caddy_tls/core.rb', line 57

def enable_caddy_tls!(endpoint: '/_caddy/tls-permission', localhost_only: true, &permission)
  ensure_not_frozen!
  raise ArgumentError, 'enable_caddy_tls! requires a permission block' unless block_given?

  @caddy_tls_server ||= Otto::CaddyTLS::Server.new(self)
  @caddy_tls_server.enable!(endpoint: endpoint, localhost_only: localhost_only, permission: permission)
  Otto.logger.info '[CaddyTLS] Enabled Caddy on-demand TLS permission endpoint' if Otto.debug

  self
end