| Age | Commit message (Collapse) | Author | 
|---|
|  |  | 
|  | * fileserver: Support virtual file systems (close #3720)
This change replaces the hard-coded use of os.Open() and os.Stat() with
the use of the new (Go 1.16) io/fs APIs, enabling virtual file systems.
It introduces a new module namespace, caddy.fs, for such file systems.
Also improve documentation for the file server. I realized it was one of
the first modules written for Caddy 2, and the docs hadn't really been
updated since!
* Virtualize FS for file matcher; minor tweaks
* Fix tests and rename dirFS -> osFS
(Since we do not use a root directory, it is dynamic.) | 
|  | Related to #4565 | 
|  | Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> | 
|  | * chore: Add .gitattributes to force *.go to LF
* What if I remove this flag | 
|  |  | 
|  | Use of non-cryptographic random numbers in the load balancing
is intentional. | 
|  |  | 
|  | Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> | 
|  | Follows up #4915 | 
|  | It has been deprecated by Go | 
|  | Hahaha this is the ultimate "I have no idea what I'm doing" commit but it
compiles and the tests pass and I declare victory!
... probably broke something, should be tested more.
It is nice that the protobuf dependency becomes indirect now. | 
|  |  | 
|  |  | 
|  | Previously, our "duplicate key in server block" logic was flawed because
it did not account for the site's bind address. We defer this check to
when the listener addresses have been assigned, but before we commit
a server block to its listener.
Also refined how network address parsing and joining works, which was
necessary for a less convoluted fix. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | * reverseproxy: Implement retry count, alternative to try_duration
* Add Caddyfile support for `retry_match`
* Refactor to deduplicate matcher parsing logic
* Fix lint | 
|  | Only parse query string once | 
|  | Turns out the NTLM transport uses it. Oops. | 
|  | * expect quoted etags
* admin: Minor refactor of etag facilities
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | * admin: support ETags
* support etags
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  |  | 
|  | This enables EAB reuse for ZeroSSLIssuer (which is now supported by ZeroSSL). | 
|  |  | 
|  | See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code. | 
|  | Co-authored-by: Francis Lavoie <lavofr@gmail.com> | 
|  |  | 
|  | * reverseproxy: Fix panic when TLS is not configured
* Refactor and simplify setScheme
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> | 
|  | * Make reverse proxy TLS server name replaceable for SNI upstreams.
* Reverted previous TLS server name replacement, and implemented thread safe version.
* Move TLS servername replacement into it's own function
* Moved SNI servername replacement into httptransport.
* Solve issue when dynamic upstreams use wrong protocol upstream.
* Revert previous commit.
Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream.
Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d
* Added SkipTLSPorts option to http transport.
* Fix typo in test config file.
* Rename config option as suggested by Matt
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update code to match renamed config option.
* Fix typo in config option name.
* Fix another typo that I missed.
* Tests not completing because of apparent wrong ordering of options.
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | * Make reverse proxy TLS server name replaceable for SNI upstreams.
* Reverted previous TLS server name replacement, and implemented thread safe version.
* Move TLS servername replacement into it's own function
* Moved SNI servername replacement into httptransport.
* Solve issue when dynamic upstreams use wrong protocol upstream.
* Revert previous commit.
Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream.
Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  |  | 
|  | * Add renegotiation option in reverseproxy tls client
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  |  | 
|  | * reverseproxy: Correct the `tls_server_name` docs
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  | Closes #4823 | 
|  | * caddytls: Adding ClientCertValidator for custom client cert validations
* caddytls: Cleanups for ClientCertValidator changes
caddytls: Cleanups for ClientCertValidator changes
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Unexported field Validators, corrected renaming of LeafVerificationValidator to LeafCertClientAuth
* admin: Write proper status on invalid requests (#4569) (fix #4561)
* Apply suggestions from code review
* Register module; fix compilation
* Add log for deprecation notice
Co-authored-by: Roettges Florian <roettges.florian@scheidt-bachmann.de>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Alok Naushad <alokme123@gmail.com> | 
|  | In v2.5.0, upstream health was fixed such that whether an upstream is
considered healthy or not is mostly up to each individual handler's
config. Since "healthy" is an opinion, it is not a global value.
I unintentionally left in the "healthy" field in the API endpoint for
checking upstreams, and it is now misleading (see #4792).
However, num_requests and fails remains, so health can be determined by
the API client, rather than having it be opaquely (and unhelpfully)
determined for the client.
If we do restore this value later on, it'd need to be replicated once
per reverse_proxy handler according to their individual configs. | 
|  |  | 
|  | The fix for 4822 is the change at the top of the file, and
4779's fix is toward the bottom of the file. |