summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md11
-rw-r--r--modules/caddyhttp/rewrite/caddyfile.go3
-rw-r--r--modules/caddyhttp/templates/tplcontext.go20
3 files changed, 27 insertions, 7 deletions
diff --git a/README.md b/README.md
index 7aaf57e..84b79e8 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Please file issues to propose new features and report bugs, and after the bug or
Requirements:
- [Go 1.13 or newer](https://golang.org/dl/)
-- Make sure you do not disable [Go modules](https://github.com/golang/go/wiki/Modules) (`export GO111MODULE=auto`)
+- Do NOT disable [Go modules](https://github.com/golang/go/wiki/Modules) (`export GO111MODULE=auto`)
Download the `v2` source code:
@@ -120,10 +120,10 @@ Caddy 2 can be configured with a Caddyfile, much like in v1, for example:
```plain
example.com
-templates
-encode gzip zstd
try_files {path}.html {path}
-reverse_proxy /api localhost:9005
+encode gzip zstd
+reverse_proxy /api localhost:9005
+php_fastcgi /blog unix//path/to/socket
file_server
```
@@ -199,6 +199,7 @@ The following is a non-comprehensive list of significant improvements over Caddy
- TLS Session Ticket Ephemeral Keys (STEKs) can be rotated in a cluster for increased performance (no other web server does this either!)
- Ability to select a specific certificate per ClientHello given multiple qualifying certificates
- Provide TLS certificates without persisting them to disk; keep private keys entirely in memory
+ - Certificate management at startup is now asynchronous and much easier to use through machine reboots and in unsupervised settings
- All-new HTTP server core
- Listeners can be configured for any network type, address, and port range
- Customizable TLS connection policies
@@ -218,6 +219,8 @@ The following is a non-comprehensive list of significant improvements over Caddy
- Done away with URL-rewriting hacks often needed in Caddy 1
- Highly descriptive/traceable errors
- Very flexible error handling, with the ability to specify a whole list of routes just for error cases
+ - The proxy has numerous improvements, including dynamic backends and more configurable health checks
+ - FastCGI support integrated with the reverse proxy
- More control over automatic HTTPS: disable entirely, disable only HTTP->HTTPS redirects, disable only cert management, and for certain names, etc.
- Use Starlark to build custom, dynamic HTTP handlers at request-time
- We are finding that -- on average -- Caddy 2's Starlark handlers are ~1.25-2x faster than NGINX+Lua.
diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go
index cb65d43..a1fc874 100644
--- a/modules/caddyhttp/rewrite/caddyfile.go
+++ b/modules/caddyhttp/rewrite/caddyfile.go
@@ -31,6 +31,9 @@ func init() {
func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) {
var rewr Rewrite
for h.Next() {
+ if !h.NextArg() {
+ return nil, h.ArgErr()
+ }
rewr.URI = h.Val()
if h.NextArg() {
return nil, h.ArgErr()
diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go
index 40d1370..e3909b2 100644
--- a/modules/caddyhttp/templates/tplcontext.go
+++ b/modules/caddyhttp/templates/tplcontext.go
@@ -22,6 +22,7 @@ import (
"net"
"net/http"
"path"
+ "strconv"
"strings"
"sync"
@@ -79,8 +80,18 @@ func (c templateContext) Include(filename string, args ...interface{}) (template
// are NOT escaped, so you should only include trusted resources.
// If it is not trusted, be sure to use escaping functions yourself.
func (c templateContext) HTTPInclude(uri string) (template.HTML, error) {
- if c.Req.Header.Get(recursionPreventionHeader) == "1" {
- return "", fmt.Errorf("virtual request cycle")
+ // prevent virtual request loops by counting how many levels
+ // deep we are; and if we get too deep, return an error
+ recursionCount := 1
+ if numStr := c.Req.Header.Get(recursionPreventionHeader); numStr != "" {
+ num, err := strconv.Atoi(numStr)
+ if err != nil {
+ return "", fmt.Errorf("parsing %s: %v", recursionPreventionHeader, err)
+ }
+ if num >= 3 {
+ return "", fmt.Errorf("virtual request cycle")
+ }
+ recursionCount = num + 1
}
buf := bufPool.Get().(*bytes.Buffer)
@@ -91,7 +102,10 @@ func (c templateContext) HTTPInclude(uri string) (template.HTML, error) {
if err != nil {
return "", err
}
- virtReq.Header.Set(recursionPreventionHeader, "1")
+ virtReq.Host = c.Req.Host
+ virtReq.Header = c.Req.Header.Clone()
+ virtReq.Trailer = c.Req.Trailer.Clone()
+ virtReq.Header.Set(recursionPreventionHeader, strconv.Itoa(recursionCount))
vrw := &virtualResponseWriter{body: buf, header: make(http.Header)}
server := c.Req.Context().Value(caddyhttp.ServerCtxKey).(http.Handler)