admin: Require identity for remote (fix #4478)

author: Matthew Holt <[email protected]> 2022-01-05 17:55:09 -0700
committer: Matthew Holt <[email protected]> 2022-01-05 17:55:09 -0700
commit: b4bfa29be2191ffacfa4ed747bd5cdce8da8917f (patch)
tree: 92da66d08a6edc0a4155b8cbe5cf0ffac549daae /admin.go
parent: 6cadb60fa2308f24a20a32c3f8d5e3a521c277ff (diff)
download: caddy-b4bfa29be2191ffacfa4ed747bd5cdce8da8917f.tar.gz
caddy-b4bfa29be2191ffacfa4ed747bd5cdce8da8917f.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/admin.go b/admin.go
index 6960de52a..0a7b93307 100644
--- a/admin.go
+++ b/admin.go
@@ -466,6 +466,9 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
 	}
 
 	// create TLS config that will enforce mutual authentication
+	if identityCertCache == nil {
+		return fmt.Errorf("cannot enable remote admin without a certificate cache; configure identity management to initialize a certificate cache")
+	}
 	cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false)
 	tlsConfig := cmCfg.TLSConfig()
 	tlsConfig.NextProtos = nil // this server does not solve ACME challenges
author	Matthew Holt <[email protected]>	2022-01-05 17:55:09 -0700
committer	Matthew Holt <[email protected]>	2022-01-05 17:55:09 -0700
commit	b4bfa29be2191ffacfa4ed747bd5cdce8da8917f (patch)
tree	92da66d08a6edc0a4155b8cbe5cf0ffac549daae /admin.go
parent	6cadb60fa2308f24a20a32c3f8d5e3a521c277ff (diff)
download	caddy-b4bfa29be2191ffacfa4ed747bd5cdce8da8917f.tar.gz caddy-b4bfa29be2191ffacfa4ed747bd5cdce8da8917f.zip