admin: Require identity for remote (fix #4478)

This commit is contained in:
Matthew Holt 2022-01-05 17:55:09 -07:00
parent 6cadb60fa2
commit b4bfa29be2
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -466,6 +466,9 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
} }
// create TLS config that will enforce mutual authentication // create TLS config that will enforce mutual authentication
if identityCertCache == nil {
return fmt.Errorf("cannot enable remote admin without a certificate cache; configure identity management to initialize a certificate cache")
}
cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false) cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false)
tlsConfig := cmCfg.TLSConfig() tlsConfig := cmCfg.TLSConfig()
tlsConfig.NextProtos = nil // this server does not solve ACME challenges tlsConfig.NextProtos = nil // this server does not solve ACME challenges