summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-08-17reverseproxy: Make default buffer size constMatthew Holt
2020-08-17httpcaddyfile: Improve directive sorting logic (#3658)Francis Lavoie
* httpcaddyfile: Flip `root` directive sort order * httpcaddyfile: Sort directives with any matcher before those with none * httpcaddyfile: Generalize reverse sort directives, improve logic * httpcaddyfile: Fix "spelling" issue * httpcaddyfile: Turns out the second change precludes the first httpcaddyfile: Delete test that no longer makes sense * httpcaddyfile: Shorten logic Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-17reverseproxy: Support header selection policy on `Host` field (#3653)Francis Lavoie
2020-08-11Update comment and Caddy 1 EOLMatthew Holt
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-08go.mod: Bump CertMagicMatthew Holt
2020-08-07reverseproxy: Minor fixes and cleanupMatthew Holt
Now use context cancellation to stop active health checker, which is simpler than and just as effective as using a separate stop channel.
2020-08-07caddyhttp: Add TLS client cert info to logs (#3640)Matt Holt
2020-08-06go.mod: Update some dependenciesMatthew Holt
We can't update smallstep/nosql and klauspost/cpuid yet because of upstream breakage.
2020-08-06ci: Ignore s390x failures (#3644)Matt Holt
As of early August 2020 the VM has been down for several days due to lack of power due related to bad weather at the data center... sigh.
2020-08-06httpcaddyfile: Avoid repeated subjects in APs (fix #3618)Matthew Holt
When consolidating automation policies, ensure same subject names do not get appended to list.
2020-08-05httpcaddyfile: Allow named matchers in `route` blocks (#3632)Francis Lavoie
2020-08-03reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)Kevin Lin
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-03httpcaddyfile: Bring `enforce_origin` and `origins` to admin config (#3595)Ye Zhihao
* Bring `ensure_origin` and `origins` to caddyfile admin config * Add unit test for caddyfile admin config update * Add caddyfile adapt test for typical admin setup * httpcaddyfile: Replace admin config error message when there's more arguments than needed Replace d.Err() to d.ArgErr() since the latter provides similarly informative error message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-03cmd: Print caddy version with environ or --environ (#3627)Matthew Holt
2020-08-01ci: Include tracking of GOOS for which Caddy fails to build (#3617)Mohammed Al Sahaf
* ci: include tracking of GOOS for which Caddy fails to build * ci: split cross-build check into separate workflow * ci: cross-build check: make it clear the cross-build check is not a blocker * ci: cross-build check: set annotation instead of failing the build * ci: cross-build check: explicitly set continue-on-error to force success marker * ci: cross-build check: send stderr to /dev/null * ci: Simplify workflow names Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-01fileserver: Fix newly-introduced failing test on Linux (#3625)Matt Holt
* fileserver: First attempt to fix failing test on Linux I think I updated the wrong test case before * Make new test function I guess what we really are trying to test is the case insensitivity of firstSplit. So a new test function is better for that.
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-07-31caddyhttp: Add support to resolve DN in CEL expression (#3608)v-rosa
2020-07-31fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)Matthew Holt
We can't use a positional index on an original string that we got from its lower-cased equivalent. Implement our own IndexFold() function b/c the std lib does not have one.
2020-07-31httpcaddyfile: Add `compression` to http transport config (#3624)Ye Zhihao
* httpcaddyfile: Add `compression` to http transport config * Add caddyfile adapt test for typical h2c setup
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-20templates: Implement placeholders function (#3324)Patrick Hein
* caddyhttp, httpcaddyfile: Implement placeholders in template * caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates * Update modules/caddyhttp/templates/templates.go updates JSON doc Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddyhttp/templates/tplcontext.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-20go.mod: Update quic-go, truststore, and goldmarkMatthew Holt
2020-07-20caddyfile: Export Tokenize function for lexing (#3549)Francis Lavoie
2020-07-20push: Implement HTTP/2 server push (#3573)Matt Holt
* push: Implement HTTP/2 server push (close #3551) * push: Abstract header ops by embedding into new struct type This will allow us to add more fields to customize headers in push-specific ways in the future. * push: Ensure Link resources are pushed before response is written * Change header name from X-Caddy-Push to Caddy-Push
2020-07-20fastcgi: Add resolve_root_symlink (#3587)Manuel Dalla Lana
2020-07-20reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)Kevin Lin
* reverse proxy: Support more h2 stream scenarios (#3556) * reverse proxy: add integration test for better h2 stream (#3556) * reverse proxy: adjust comments as francislavoie suggests * link to issue #3556 in the comments
2020-07-18reverseproxy: add support for custom DNS resolver (#3479)Mohammed Al Sahaf
* reverse proxy: add support for custom resolver * reverse proxy: don't pollute the global resolver with bootstrap resolver setup * Improve documentation of reverseproxy.UpstreamResolver fields Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver * remove support for bootstraper of resolver * godoc and code-style changes Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-17reverseproxy: Restore request's original host and header (fix #3509)Matthew Holt
We already restore them within the retry loop, but after successful proxy we didn't reset them, so as handlers bubble back up, they would see the values used for proxying. Thanks to @ziddey for identifying the cause.
2020-07-17fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)Francis Lavoie
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
2020-07-17fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)Francis Lavoie
Completing a TODO!
2020-07-17reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)Francis Lavoie
* reverseproxy: Fix Caddyfile parsing for empty non-http transports * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Rename empty transport test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-17readme: Minor tweaksMatthew Holt
2020-07-17caddyauth: hash-password: Set bcrypt cost to 14 (#3580)Matthew Holt
2020-07-16caddyhttp: Add {http.request.body} placeholderMatthew Holt
2020-07-16readme: Update badgesMatthew Holt
2020-07-13logging: ⚠️ Deprecate logfmt encoderMatthew Holt
It is essentially broken because it occludes many log fields. See: https://github.com/caddyserver/caddy/issues/3575
2020-07-11chore: Rename file to be consistentMatthew Holt
2020-07-10docs: Remove extra word in README.md (#3564)Kévin Dunglas
2020-07-08fileserver: Enable browse pagination with offset parameter (#3542)snu-ceyda
* Update browse.go * Update browselisting.go * Update browsetpl.go * fix linter err * Update modules/caddyhttp/fileserver/browse.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddyhttp/fileserver/browselisting.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update browsetpl.go change from -> offset * Update browse.go * Update browselisting.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-08templates: Fix front matter closing fence searchMatthew Holt
This makes it choose first matching closing fence instead of last one, which could appear in document body.
2020-07-08caddytls: Move initial storage clean op into goroutineMatthew Holt
Sometimes this operation can take a while (we observed 7 minutes recently, with a large, globally-distributed storage backend).
2020-07-07caddyhttp: Reorder some access log fields; add host matcher test caseMatthew Holt
This field order reads a little more naturally.
2020-07-07httpcaddyfile: Reorder automation policy logic (close #3550)Matthew Holt
2020-07-06go.mod: Upgrade and downgrade smallstep, quic-go, and cpuidMatthew Holt
Closes #3537 and fixes #3535
2020-07-06templates: Disable hard wraps in Markdown rendering (#3553)Greg Anders
2020-06-30ci: Fix another oops with publish workflow (#3536)Francis Lavoie
2020-06-30cel: fix validation of expression result type (#3526)Mohammed Al Sahaf
* cel: fix validation of expression result type The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue. * deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf * downgrade github.com/smallstep/nosql to resolve warning pb.proto warning
2020-06-30caddyhttp: Corrected host label index check (fix #3502)Matthew Holt