summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-12-30caddyhttp: Fix `MatchPath` sanitizing (#4499)Francis Lavoie
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542 Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
2021-12-17reverseproxy: Fix incorrect `health_headers` Caddyfile parsing (#4485)Francis Lavoie
Fixes #4481
2021-12-15caddyhttp: Implement http.request.uuid placeholder (#4285)Rainer Borene
2021-12-13caddypki: Minor tweak, don't use context pointerMatthew Holt
2021-12-13caddyhttp: Enhance vars matcher (#4433)Matt Holt
* caddyhttp: Enhance vars matcher Enable "or" logic for multiple values. Fall back to checking placeholders if not a var name. * Fix tests (thanks @mohammed90 !)
2021-12-13pki: Avoid provisioning the `local` CA when not necessary (#4463)Francis Lavoie
* pki: Avoid provisioning the `local` CA when not necessary * pki: Refactor CA loading to keep the logic in the PKI app
2021-12-13httpcaddyfile: Fix sorting edgecase for nested `handle_path` (#4477)Francis Lavoie
2021-12-11fileserver: do not double-escape paths (#4447)Mohammed Al Sahaf
2021-12-10go.mod: Update smallstep/certificates, no longer need replace (#4475)Francis Lavoie
2021-12-09go.mod: Update smallstep/truststore, fix build on FreeBSD (#4473)Francis Lavoie
2021-12-07caddyfile: impove fmt warning message (#4444)Runzhi He
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-12-05docs: use backticks to not italicise glob path (#4460)Adam Burgess
2021-12-02logging: add support for hashing data (#4434)Kévin Dunglas
* logging: add support for hashing data * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> Co-authored-by: wiese <wiese@users.noreply.github.com>
2021-12-02caddyhttp: Make logging of credential headers opt-in (#4438)Francis Lavoie
2021-12-02fastcgi: Fix a TODO, prevent zap using reflection for logging env (#4437)Francis Lavoie
* fastcgi: Fix a TODO, prevent zap using reflection for logging env * Update modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2021-11-29go.mod: Update to latest smallstep/truststore, support FreeBSD (#4453)Francis Lavoie
2021-11-29templates: fix inconsistent nested includes (#4452)Tim Culverhouse
2021-11-29caddyhttp: Split up logged remote address into IP and port (#4403)Francis Lavoie
2021-11-29logging: Remove common_log field and single_field encoder (#4149) (#4282)Matt Holt
2021-11-28caddyfile: make renew_interval option configurable (#4451)Rainer Borene
2021-11-24reverseproxy: Adjust defaults, document defaults (#4436)Francis Lavoie
* reverseproxy: Adjust defaults, document defaults Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6. - Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release. - Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost! - Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience. * reverseproxy: Make keepalive interval configurable via Caddyfile * fastcgi: DialTimeout default for fastcgi transport too
2021-11-23logging: add a regexp filter (#4426)Kévin Dunglas
2021-11-23logging: add a filter for cookies (#4425)Kévin Dunglas
* feat(logging): add a filter for cookies * Improve godoc and add validation
2021-11-23logging: add a filter for query parameters (#4424)Kévin Dunglas
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-11-23fileserver: browse: do not encode the paths in breadcrumbs and page title ↵Mohammed Al Sahaf
(#4410)
2021-11-22fileserver: Fix handling of symlink sizes in directory listings (#4415)Jeremy Lin
2021-11-22caddyhttp: Log non-500 handler errors at debug level (#4429)Francis Lavoie
Fixes #4428 It's best to still log handler errors at debug level so that they're hidden by default, but still accessible if additional details are necessary.
2021-11-22caddyhttp: Log empty value for typical password headersMatthew Holt
Work around for common misconfiguration
2021-11-16core: Load config at interval instead of just onceMatthew Holt
2021-11-15caddyfile: Copy input before parsing (fix #4422)Matthew Holt
2021-11-15fileserver: Move default browse template into a separate file (#4417)Jeremy Lin
This makes it easier for users to find the default browse template if they want to create a custom template based on that. It also makes it easier to view the template with proper syntax highlighting.
2021-11-08caddyhttp: Sanitize the path before evaluating path matchers (#4407)Francis Lavoie
2021-11-08go.mod: Update ACMEz and CertMagicMatthew Holt
2021-11-08caddycmd: Add `--keep-backup` to upgrade commands (#4387)Francis Lavoie
* caddycmd: Add `--skip-cleanup` to upgrade commands This is a partial fix for https://github.com/caddyserver/caddy/issues/4057, making it possible to retain the old build of Caddy, in case something went wrong. * caddycmd: Fix duplicate error message The error message "download succeeded, but unable to execute" was repeated, because it was both in the `listModules`/`showVersion` functions and in the calling `upgradeBuild` function. Oversight when this was refactored. * caddycmd: Implement fix for performing cleanup on Windows Without this, the cleanup operation would fail with an error message like this: upgrade: download succeeded, but unable to clean up backup binary: remove C:\caddy\caddy.exe.tmp: Access is denied. * caddycmd: Rename to `--keep-backup`, simplify build constraints
2021-11-02caddytls: Mark storage clean timestamp at end of routine (#4401)Matt Holt
See discussion on 42b7134ffa3bf3e9e86514c82407979c2627a5ab
2021-10-27Fix lint message in metrics testsMatthew Holt
2021-10-26reverseproxy: Sanitize scheme and host on incoming requests (#4237)Francis Lavoie
* caddyhttp: Sanitize scheme and host on incoming requests * reverseproxy: Sanitize the URL scheme and host before proxying * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-10-26httpcaddyfile: Empty tls policy for internal http localhost (#4398)Marc Easen
* test: replicated empty tls automation policy issue * fix: empty tls policy for an http:// endpoint running on a non-standard http port
2021-10-21go.mod: Replace promptui with Apache-compatible fork (fix #4394)Matthew Holt
Ideally this needs to be fixed upstream in github.com/manifoldco/promptui, but it appears unmaintained. Our dependency is extremely indirect: $ go mod why github.com/juju/ansiterm # github.com/juju/ansiterm github.com/caddyserver/caddy/v2/modules/caddypki github.com/smallstep/certificates/authority go.step.sm/cli-utils/ui github.com/manifoldco/promptui github.com/juju/ansiterm And it appears that all dependencies in this chain are in conflict with the LGPL license. Ref: - https://github.com/manifoldco/promptui/issues/173 - https://github.com/manifoldco/promptui/pull/181 /cc @maraino
2021-10-20httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)Matthew Holt
Remove unnecessary Key() method and improve related tests
2021-10-20fileserver: Prevent focusing filter from scrolling on page load (#4393)Klaus Helenius
2021-10-19map: Fix 95c03506 (avoid repeated expansions)Matthew Holt
2021-10-18caddycmd: Add `--skip-standard` to `list-modules` command, quieter output ↵Francis Lavoie
(#4386) * caddycmd: Add --skip-standard to list-modules command, quieter output * caddycmd: Also quiet `caddy upgrade` output, redundant information
2021-10-18reverseproxy: Prevent copying the response if a response handler ran (#4388)Francis Lavoie
2021-10-16fileserver: Fix compression breaks using httpInclude (#4352) (#4358)Y.Horie
2021-10-13map: Fix regex mappingsMatthew Holt
It didn't really make sense how we were doing them before. See https://caddy.community/t/map-directive-and-regular-expressions/13866/6?u=matt
2021-10-12go.mod: Carefully upgrade some dependencies (fix #4251)Matthew Holt
The upgrade of smallstep/certificates fixes #4251. The upgrade of CertMagic fixes an issue reported in the forum that a longer timeout was confirmed to resolve (without any particular explanation, but oh well). Other upgrades have minor improvements and seem safe.
2021-10-11caddyhttp: reverseproxy: clarify warning for -insecure (#4379)Simão Gomes Viana
The question would only receive bad answers so it's better to just say what the option actually does.
2021-10-11caddycmd: fix caddy validate/fmt help message (#4377)M. Ángel Jimeno
* caddycmd: fix caddy validate help message Fixes #4376 * caddycmd: fix caddy fmt help message
2021-10-01caddyhttp: Placeholder for client cert in DER + base64 format (#4241)Oleg
* client.certificate_pem_encoded in base64 format * base64-encoding without pem encoding;naming change * fix cert.Raw instead of block.bytes