summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-12-04fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)Francis Lavoie
* fastcgi: Set PATH_INFO to file matcher remainder as fallback * fastcgi: Avoid changing scriptName when not necessary * Stylistic tweaks Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-12-04go.mod: update quic-go to v0.19.3 (#3901)Marten Seemann
2020-12-03caddyauth: Use structured logMatthew Holt
2020-12-03Merge remote-tracking branch 'origin/master'Matthew Holt
2020-12-03cmd: add ability to read config from stdin (#3898)Jordi Masip
2020-12-02Add setcap script to gitignoreMatthew Holt
2020-12-02Minor commentsMatthew Holt
2020-12-02caddyhttp: Optimize large host matchersMatthew Holt
2020-12-01caddyauth: Use buffered channel passed to signal.Notify (#3895)Cuong Manh Le
The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer"
2020-11-30headers: Fix Caddyfile parsing with request matcher (#3892)Francis Lavoie
2020-11-26docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886)Francis Lavoie
2020-11-26fileserver: Add debug loggingMatthew Holt
2020-11-25reverseproxy: Handle "operation was canceled" errors (#3816)Daniel Santos
* fix(caddy): Avoid "operation was canceled" errors - Also add error handling for StatusGatewayTimeout * revert(caddy): Revert 504 handling - This will potentially break load balancing and health checks * Handle client cancellation as different error Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-11-25caddytls: Configure trusted CAs from PEM files (#3882)Matt Holt
Closes #3563
2020-11-24httpcaddyfile: Fix test on WindowsMatthew Holt
2020-11-24httpcaddyfile: Proper log config with catch-all blocks (fix #3878)Matthew Holt
2020-11-24Update readmeMatthew Holt
2020-11-24fileserver: Preserve transformed root (fix #3838)Matthew Holt
2020-11-23acme_server: fix reload of acme database (#3874)Ian
* acme_server: Refactor database creation apart from authority creation This is a WIP commit that doesn't really offer anything other than setting us up for using a UsagePool to gracefully reload acme_server configs. * Implement UsagePool * Remove unused context * Fix initializing non-ACME CA This will handle cases where a DB is not provided * Sanitize acme db path and clean debug logs * Move regex to package level to prevent recompiling
2020-11-23acme_server: switch to bbolt storage (#3868)Ian
* acme_server: switch to bbolt storage There have been some issues with the badger storage engine being used by the embedded acme_server. This will replace the storage engine with bbolt * Switch database path back to acme_server/db and remove if directory
2020-11-23caddyfile: Add support for env var defaults; add tests (#3682)Francis Lavoie
* caddyfile: Add support for env var defaults, tests * caddyfile: Use ?? instead, fix redundant cast, remove env chaining * caddyfile: Use : instead
2020-11-23httpcaddyfile: Configure servers via global options (#3836)Francis Lavoie
* httpcaddyfile: First pass at implementing server options * httpcaddyfile: Add listener wrapper support * httpcaddyfile: Sort sbaddrs to make adapt output more deterministic * httpcaddyfile: Add server options adapt tests * httpcaddyfile: Windows line endings lol * caddytest: More windows line endings lol (sorry Matt) * Update caddyconfig/httpcaddyfile/serveroptions.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Reword listener address "matcher" * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Deprecate experimental_http3 option (moved to servers) * httpcaddyfile: Remove validation step, no longer needed Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-23reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)Francis Lavoie
* reverseproxy: Add Caddyfile scheme shorthand for h2c * reverseproxy: Use parentheses for condition Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-21go.mod: update quic-go to v0.19.2 (#3880)Marten Seemann
2020-11-20reverseproxy: Logging for streaming and upgrades (#3689)Francis Lavoie
* reverseproxy: Enable error logging for connection upgrades * reverseproxy: Change some of the error levels, unsugar * Use unsugared log in one spot Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-11-20reverseproxy: Implement cookie hash selection policy (#3809)Dimitri Masson
* add CookieHashSelection for session affinity * add CookieHashSelection for session affinity * register module * reverse_proxy: Add and fix cookie lb_policy * reverse_proxy: Manage hmac.write error on cookie hash selection * reverse_proxy: fix some comments * reverse_proxy: variable `cookieValue` is inside the else block * reverse_proxy: Abstract duplicate nuanced logic of reservoir sampling into a function * reverse_proxy: Set a default secret is indeed useless * reverse_proxy: add configuration syntax for cookie lb_policy * reverse_proxy: doc typo and improvement Co-authored-by: utick <123liuqingdong@163.com>
2020-11-20headers: Support default header values in Caddyfile with '?' (#3807)Gilbert Gilb's
* implement default values for header directive closes #3804 * remove `set_default` header op and rely on "require" handler instead This has the following advantages over the previous attempt: - It does not introduce a new operation for headers, but rather nicely extends over an existing feature in the header handler. - It removes the need to specify the header as "deferred" because it is already implicitely deferred by the use of the require handler. This should be less confusing to the user. * add integration test for header directive in caddyfile * bubble up errors when parsing caddyfile header directive * don't export unnecessarily and don't canonicalize headers unnecessarily * fix response headers not passed in blocks * caddyfile: fix clash when using default header in block Each header is now set in a separate handler so that it doesn't clash with other headers set/added/deleted in the same block. * caddyhttp: New idle_timeout default of 5m * reverseproxy: fix random hangs on http/2 requests with server push (#3875) see https://github.com/golang/go/issues/42534 * Refactor and cleanup with improvements * More specific link Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> Co-authored-by: Денис Телюх <telyukh.denis@gmail.com>
2020-11-18Merge branch 'master' of https://github.com/caddyserver/caddyMatthew Holt
2020-11-18caddyhttp: Return error if error handling errorMatthew Holt
Before, if there was an error in the error handler, we would not write a status code, which resulted in Go writing a 200 for us by default, which does not make sense when there's an error. Now we write the second error's status if available, otherwise 500.
2020-11-18reverseproxy: fix random hangs on http/2 requests with server push (#3875)Денис Телюх
see https://github.com/golang/go/issues/42534
2020-11-18caddyhttp: New idle_timeout default of 5mMatthew Holt
2020-11-17caddyhttp: Fix header matcher when using nilMatthew Holt
Uncovered in #3807
2020-11-16reverse_proxy: Fix random_choose selection policy (#3811)Dimitri Masson
2020-11-16requestbody: Add Caddyfile support (#3859)Nicola Piccinini
* Add Caddyfile support for request_body: ``` request_body { max_size 10000000 } ``` * Improve Caddyfile parser for request_body module * Remove unnecessary `continue` * Add sample for caddyfile_adapt_test
2020-11-16caddytls: Support multiple issuers (#3862)Matt Holt
* caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-13basicauth: Minor internal improvements (#3861)Aurelia
* nitpicks and small improvements in basicauth module 1: roll two if statements into one, since err will be nil in the second case anyhow 2: unlock cache mutex after reading the key, as this happens by-value and reduces code complexity 3: switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track * allocate the right kind of mutex
2020-11-12caddytls: Support ACME alt cert chain preferencesMatthew Holt
2020-11-12Update contact infoMatthew Holt
2020-11-04httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)Gaurav Dhameeja
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-11-04ci: remove the continuous fuzzing job (#3845)Mohammed Al Sahaf
Between Github Actions deprecting a command we use[0] and Fuzzit planning to deprecate their standalone service after being acquired by Gitlab[1][2], there are no reasons to keep this job. [0] https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ [1] https://about.gitlab.com/press/releases/2020-06-11-gitlab-acquires-peach-tech-and-fuzzit-to-expand-devsecops-offering.html [2] https://fuzzit.dev/2020/06/11/news-fuzzit-is-acquired-by-gitlab/
2020-11-02caddyhttp: Merge query matchers in Caddyfile (#3839)Francis Lavoie
Also, turns out that `Add` on headers will work even if there's nothing there yet, so we can remove the condition I introduced in #3832
2020-11-02logging: Fix for IP filteringChristoph Kluge
2020-11-02fastcgi: Add timeouts support to Caddyfile adapter (#3842)Francis Lavoie
* fastcgi: Add timeouts support to Caddyfile adapter * fastcgi: Use tabs instead of spaces
2020-11-02reverseproxy: Wire up some http transport options in Caddyfile (#3843)Francis Lavoie
2020-11-02fileserver: Improve and clarify file hiding logic (#3844)Matt Holt
* fileserver: Improve and clarify file hiding logic * Oops, forgot to run integration tests * Make this one integration test OS-agnostic * See if this appeases the Windows gods * D'oh
2020-10-31caddyauth: Prevent user enumeration by timingMatthew Holt
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!
2020-10-31caddyhttp: Merge header matchers in Caddyfile (#3832)Francis Lavoie
2020-10-30reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)Francis Lavoie
2020-10-29reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)Jason McCallister
* check if the host is a placeholder * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>