Documentation
¶
Index ¶
- type AdminHandler
- type App
- func (App) CaddyModule() caddy.ModuleInfo
- func (a *App) Handle(ctx context.Context, event caddy.Event) error
- func (a *App) Provision(ctx caddy.Context) error
- func (a *App) Start() error
- func (a *App) Stop() error
- func (a *App) UnmarshalCaddyfile(d *caddyfile.Dispenser) error
- func (a *App) WebhookDispatcherInstance() webhook.Dispatcher
- type AskHandler
- type PortalHandler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AdminHandler ¶
type AdminHandler struct {
// contains filtered or unexported fields
}
AdminHandler is the Caddy HTTP handler that exposes Certmatic's admin API. It is intended to be mounted on a protected route (behind authentication and/or a private listener) and depends on the top-level "certmatic" app for shared state.
func (AdminHandler) CaddyModule ¶
func (AdminHandler) CaddyModule() caddy.ModuleInfo
func (*AdminHandler) Provision ¶
func (h *AdminHandler) Provision(ctx caddy.Context) error
Provision implements caddy.Provisioner.
func (*AdminHandler) ServeHTTP ¶
func (h *AdminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
ServeHTTP implements caddyhttp.MiddlewareHandler.
type App ¶
type App struct {
// DomainStore configures persistence for tenant domain records.
// Supported types are "memory" (default), "sqlite", and "rqlite".
// The "config" sub-object holds type-specific settings (e.g.
// "file_path" for sqlite, "http_addr" for rqlite).
DomainStore config.Store `json:"domain_store"`
// SessionStore configures persistence for portal authenticated sessions.
// Accepts the same store types as DomainStore.
SessionStore config.Store `json:"session_store"`
// ChallengeType selects the ACME challenge used when issuing
// certificates. One of "http-01" or "dns-01". When set to
// "dns-01", DNSDelegationDomain and CNameTarget control the
// CNAME-delegation flow so tenants don't need to grant DNS
// credentials.
ChallengeType dns.ChallengeType `json:"challenge_type,omitempty"`
// DNSDelegationDomain is the parent zone Certmatic controls and
// writes _acme-challenge records into when using DNS-01
// delegation (e.g. "acme.example-saas.com"). Tenants CNAME their own
// _acme-challenge.<domain> records to a subdomain of this zone.
DNSDelegationDomain string `json:"dns_delegation_domain,omitempty"`
// CNameTarget is the hostname tenants are instructed to CNAME
// their domains to so traffic reaches this Caddy instance
// (e.g. "edge.example-saas.com"). Surfaced in the portal UI.
CNameTarget string `json:"cname_target,omitempty"`
// PortalSigningKey is the secret used to sign portal session
// tokens. Must be a stable, sufficiently random string; rotating
// it invalidates all existing portal sessions. Supports Caddy
// replacer placeholders (e.g. "{env.CERTMATIC_PORTAL_KEY}").
PortalSigningKey string `json:"portal_signing_key,omitempty"`
// PortalBaseURL is the externally reachable base URL of the
// portal (e.g. "https://certmatic.example-saas.com"). Used to build
// absolute links in emails and redirects.
PortalBaseURL string `json:"portal_base_url,omitempty"`
// PortalAssetsDir, if set, serves the portal UI from this
// filesystem directory instead of the binary's embedded assets.
PortalAssetsDir string `json:"portal_assets_dir,omitempty"`
// WebhookDispatcher configures outbound webhooks fired on
// lifecycle events (domain added, certificate issued/renewed,
// etc.). See [webhook.DispatcherConfig] for endpoint settings.
WebhookDispatcher webhook.DispatcherConfig `json:"webhook_dispatcher"`
// DNSNameserver overrides the resolver used for DNS lookups
// performed during domain validation (e.g. "1.1.1.1:53"). When
// empty, the system resolver is used.
DNSNameserver string `json:"dns_nameserver,omitempty"`
// contains filtered or unexported fields
}
Certmatic Caddy app. It provides a managed experience for SaaS platforms to provide custom domain support. It also includes a end-user portal that guides them through the process of configuring their DNS and obtaining TLS certificates for their domains.
It is configured under the top-level "certmatic" app key in JSON, or via the `certmatic { ... }` global option in the Caddyfile. The HTTP handlers in this module (AdminHandler, AskHandler, PortalHandler) all read shared state from this app.
func (App) CaddyModule ¶
func (App) CaddyModule() caddy.ModuleInfo
func (*App) WebhookDispatcherInstance ¶
func (a *App) WebhookDispatcherInstance() webhook.Dispatcher
type AskHandler ¶
type AskHandler struct {
// contains filtered or unexported fields
}
AskHandler implements the endpoint queried by Caddy's on-demand TLS "ask" mechanism. You can use this endpoint or write your own. (If you write your own, domain verification status can be queried or notified via the webhook)
func (AskHandler) CaddyModule ¶
func (AskHandler) CaddyModule() caddy.ModuleInfo
func (*AskHandler) Provision ¶
func (h *AskHandler) Provision(ctx caddy.Context) error
Provision implements caddy.Provisioner.
func (*AskHandler) ServeHTTP ¶
func (h *AskHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
ServeHTTP implements caddyhttp.MiddlewareHandler.
type PortalHandler ¶
type PortalHandler struct {
// contains filtered or unexported fields
}
PortalHandler serves Certmatic's end-user portal: the web UI and JSON API where end users get authenticated, walk trough step-by-step guides for configuring their DNS and obtaining TLS certificates.
func (PortalHandler) CaddyModule ¶
func (PortalHandler) CaddyModule() caddy.ModuleInfo
func (*PortalHandler) Provision ¶
func (h *PortalHandler) Provision(ctx caddy.Context) error
Provision implements caddy.Provisioner.
func (*PortalHandler) ServeHTTP ¶
func (h *PortalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
ServeHTTP implements caddyhttp.MiddlewareHandler.
Source Files