summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-09-16caddyhttp: New placeholder for PEM of client certificate (#3662)Gaurav Dhameeja
* Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * fixed tests Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-09-15logging: Implement Caddyfile support for filter encoder (#3578)Francis Lavoie
* logging: Implement Caddyfile support for filter encoder * logging: Add support for parsing IP masks from strings wip * logging: Implement Caddyfile support for ip_mask * logging: Get rid of unnecessary logic to allow strings, not that useful * logging: Add adapt test
2020-09-14cmd: Allow `caddy fmt` to read from stdin (#3680)Matthew Penner
* Allow 'caddy fmt' to read from stdin * fmt: use '-' as the file name for reading from stdin * Minor adjustments Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-09-11httpcaddyfile: Properly record whether we added catch-all conn policyMatthew Holt
We recently introduced `if !cp.SettingsEmpty()` which conditionally adds the connection policy to the list. If the condition evaluates to false, the policy wouldn't actually be added, even if hasCatchAllTLSConnPolicy was set to true on the previous line. Now we set that variable in accordance with whether we actually add the policy. While debugging this I noticed that catch-all policies added early in that loop (i.e. not at the end if we later determine we need one) are not always at the end of the list. They should be, though, since they are selected by which one matches first, and having a catch-all first would nullify any more specific ones later in the list. So I added a sort in consolidateConnPolicies to take care of that. Should fix #3670 and https://caddy.community/t/combining-on-demand-tls-with-custom-ssl-certs-doesnt-seem-to-work-in-2-1-1/9719 but I won't know for sure until somebody verifies it, since at least in the GitHub issue there is not yet enough information (the configs are redacted).
2020-09-11fileserver: Fix new file hide tests on Windows (#3719)Matt Holt
2020-09-11fileserver: Improve file hiding logic for directories and prefixesMatthew Holt
Now, a filename to hide that is specified without a path separator will count as hidden if it appears in any component of the file path (not only the last component); semantically, this means hiding a file by only its name (without any part of a path) will hide both files and folders, e.g. hiding ".git" will hide "/.git" and also "/.git/foo". We also do prefix matching so that hiding "/.git" will hide "/.git" and "/.git/foo" but not "/.gitignore". The remaining logic is a globular match like before.
2020-09-09caddytls: Fix resolvers option of acme issuer (Caddyfile)Matthew Holt
Reported in: https://caddy.community/t/dns-challenge-with-namecheap-and-split-horizon-dns/9611/17?u=matt
2020-09-08caddytls: Add `dns` config to acmeissuer (#3701)Francis Lavoie
2020-09-08browse: align template to struct field renames from 4940325 (#3706)Mohammed Al Sahaf
2020-09-08caddyhttp: Wrap http.Server logging with zap (#3668)Francis Lavoie
2020-09-08reverseproxy: Add `buffer_requests` option to `reverse_proxy` directive (#3710)Francis Lavoie
2020-08-31caddytls: Customize DNS resolvers for DNS challenge with CaddyfileMatthew Holt
2020-08-31reverseproxy: Abort active health checks on context cancellationMatthew Holt
2020-08-31fileserver: Fix inconsistencies in browse JSONMatthew Holt
2020-08-21caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)Matthew Holt
And #3391 Maybe also related: #3664
2020-08-20ci: Tweaks for multi go version tests (#3673)Francis Lavoie
2020-08-20go.mod: Use v0.15(.1) of smallstep libsMatthew Holt
Update internal issuer for compatibility -- yay simpler code! The .1 version also fixes non-critical SAN extensions that caused trust issues on several clients.
2020-08-20ci: Upgrade to Go 1.15 (#3642)Francis Lavoie
* ci: Try Go 1.15 RC1 out of curiosity * Go 1.15 was released; let's try it * Update to latest quic-go * Attempt at fixing broken test Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-17reverseproxy: Make default buffer size constMatthew Holt
2020-08-17httpcaddyfile: Improve directive sorting logic (#3658)Francis Lavoie
* httpcaddyfile: Flip `root` directive sort order * httpcaddyfile: Sort directives with any matcher before those with none * httpcaddyfile: Generalize reverse sort directives, improve logic * httpcaddyfile: Fix "spelling" issue * httpcaddyfile: Turns out the second change precludes the first httpcaddyfile: Delete test that no longer makes sense * httpcaddyfile: Shorten logic Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-17reverseproxy: Support header selection policy on `Host` field (#3653)Francis Lavoie
2020-08-11Update comment and Caddy 1 EOLMatthew Holt
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-08go.mod: Bump CertMagicMatthew Holt
2020-08-07reverseproxy: Minor fixes and cleanupMatthew Holt
Now use context cancellation to stop active health checker, which is simpler than and just as effective as using a separate stop channel.
2020-08-07caddyhttp: Add TLS client cert info to logs (#3640)Matt Holt
2020-08-06go.mod: Update some dependenciesMatthew Holt
We can't update smallstep/nosql and klauspost/cpuid yet because of upstream breakage.
2020-08-06ci: Ignore s390x failures (#3644)Matt Holt
As of early August 2020 the VM has been down for several days due to lack of power due related to bad weather at the data center... sigh.
2020-08-06httpcaddyfile: Avoid repeated subjects in APs (fix #3618)Matthew Holt
When consolidating automation policies, ensure same subject names do not get appended to list.
2020-08-05httpcaddyfile: Allow named matchers in `route` blocks (#3632)Francis Lavoie
2020-08-03reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)Kevin Lin
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-03httpcaddyfile: Bring `enforce_origin` and `origins` to admin config (#3595)Ye Zhihao
* Bring `ensure_origin` and `origins` to caddyfile admin config * Add unit test for caddyfile admin config update * Add caddyfile adapt test for typical admin setup * httpcaddyfile: Replace admin config error message when there's more arguments than needed Replace d.Err() to d.ArgErr() since the latter provides similarly informative error message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-03cmd: Print caddy version with environ or --environ (#3627)Matthew Holt
2020-08-01ci: Include tracking of GOOS for which Caddy fails to build (#3617)Mohammed Al Sahaf
* ci: include tracking of GOOS for which Caddy fails to build * ci: split cross-build check into separate workflow * ci: cross-build check: make it clear the cross-build check is not a blocker * ci: cross-build check: set annotation instead of failing the build * ci: cross-build check: explicitly set continue-on-error to force success marker * ci: cross-build check: send stderr to /dev/null * ci: Simplify workflow names Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-01fileserver: Fix newly-introduced failing test on Linux (#3625)Matt Holt
* fileserver: First attempt to fix failing test on Linux I think I updated the wrong test case before * Make new test function I guess what we really are trying to test is the case insensitivity of firstSplit. So a new test function is better for that.
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-07-31caddyhttp: Add support to resolve DN in CEL expression (#3608)v-rosa
2020-07-31fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)Matthew Holt
We can't use a positional index on an original string that we got from its lower-cased equivalent. Implement our own IndexFold() function b/c the std lib does not have one.
2020-07-31httpcaddyfile: Add `compression` to http transport config (#3624)Ye Zhihao
* httpcaddyfile: Add `compression` to http transport config * Add caddyfile adapt test for typical h2c setup
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-20templates: Implement placeholders function (#3324)Patrick Hein
* caddyhttp, httpcaddyfile: Implement placeholders in template * caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates * Update modules/caddyhttp/templates/templates.go updates JSON doc Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddyhttp/templates/tplcontext.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-20go.mod: Update quic-go, truststore, and goldmarkMatthew Holt
2020-07-20caddyfile: Export Tokenize function for lexing (#3549)Francis Lavoie
2020-07-20push: Implement HTTP/2 server push (#3573)Matt Holt
* push: Implement HTTP/2 server push (close #3551) * push: Abstract header ops by embedding into new struct type This will allow us to add more fields to customize headers in push-specific ways in the future. * push: Ensure Link resources are pushed before response is written * Change header name from X-Caddy-Push to Caddy-Push
2020-07-20fastcgi: Add resolve_root_symlink (#3587)Manuel Dalla Lana
2020-07-20reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)Kevin Lin
* reverse proxy: Support more h2 stream scenarios (#3556) * reverse proxy: add integration test for better h2 stream (#3556) * reverse proxy: adjust comments as francislavoie suggests * link to issue #3556 in the comments
2020-07-18reverseproxy: add support for custom DNS resolver (#3479)Mohammed Al Sahaf
* reverse proxy: add support for custom resolver * reverse proxy: don't pollute the global resolver with bootstrap resolver setup * Improve documentation of reverseproxy.UpstreamResolver fields Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver * remove support for bootstraper of resolver * godoc and code-style changes Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-17reverseproxy: Restore request's original host and header (fix #3509)Matthew Holt
We already restore them within the retry loop, but after successful proxy we didn't reset them, so as handlers bubble back up, they would see the values used for proxying. Thanks to @ziddey for identifying the cause.
2020-07-17fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)Francis Lavoie
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
2020-07-17fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)Francis Lavoie
Completing a TODO!