summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-05reverseproxy: Minor logging improvementsMatthew Holt
2021-05-04fileserver: Fix `file` matcher with empty `try_files` (#4147)Francis Lavoie
* fileserver: Fix `file` matcher with empty `try_files` Fixes https://github.com/caddyserver/caddy/issues/4146 If `TryFiles` is empty, we fill it with `r.URL.Path`. In this case, this is `/`. Then later, in `prepareFilePath()`, we run the replacer (which turns `{path}` into `/` at that point) but `file` remains the original value (and the placeholder is still the placeholder there). So then `strings.HasSuffix(file, "/")` will be `false` for the placeholder, but `true` for the empty `TryFiles` codepath, because `file` was `/` due to being set to the actual request value beforehand. This means that `suffix` becomes `//` in that case, so after `sanitizedPathJoin`, it becomes `./`, so `strictFileExists`'s `strings.HasSuffix(file, separator)` codepath will return true. I think we should change the `m.TryFiles == nil` codepath to `m.TryFiles = []string{"{http.request.uri.path}"}` for consistency. (And maybe consider hoisting this to `Provision` cause there's no point doing this on every request). I don't think this "optimization" of directly using `r.URL.Path` is so valuable, cause it causes this edgecase with directories. * Update modules/caddyhttp/fileserver/matcher.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-03go.mod: CertMagic v0.13.1Matthew Holt
2021-05-02reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)Francis Lavoie
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé <btik-git@scoubidou.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-02cmd: Add --envfile flag to `start` command (#4141)Jesse
* add envfile in start cmd * fix commandfuncs * fix commandfuncs * fix cmdStart envfile from bool to string Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-05-02httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)Francis Lavoie
2021-05-02httpcaddyfile: Add global option for `storage_clean_interval` (#4134)Francis Lavoie
Followup to https://github.com/caddyserver/caddy/commit/42b7134ffa3bf3e9e86514c82407979c2627a5ab
2021-05-02caddyhttp: performance improvement in HeaderRE Matcher (#4143)Calvin Xiao
Below is the report using `benchstat` and cmd: `go test -run=BenchmarkHeaderREMatcher -bench=BenchmarkHeaderREMatcher -benchmem -count=10` ``` name old time/op new time/op delta HeaderREMatcher-16 869ns ± 1% 658ns ± 0% -24.29% (p=0.000 n=10+10) name old alloc/op new alloc/op delta HeaderREMatcher-16 144B ± 0% 112B ± 0% -22.22% (p=0.000 n=10+10) name old allocs/op new allocs/op delta HeaderREMatcher-16 7.00 ± 0% 5.00 ± 0% -28.57% (p=0.000 n=10+10) ```
2021-04-30fileserver: Share template logic for both `templates` and `file_server ↵Jason Du
browse` (#4093) Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2021-04-30caddytls: Implement remote IP connection matcher (#4123)Matt Holt
* caddytls: Implement remote IP connection matcher * Implement IP range negation If both Ranges and NotRanges are specified, both must match.
2021-04-29httpcaddyfile: Fix unexpectedly removed policy (#4128)Alban Lecocq
* httpcaddyfile: Fix unexpectedly removed policy When user set on_demand tls option in a catch-all (:443) policy, we expect other policies to not have the on_demand enabled See ex in tls_automation_policies_5.txt Btw, we can remove policies if they are **all** empty. * Update caddyconfig/httpcaddyfile/tlsapp.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-04-29reverseproxy: fix hash selection policy (#4137)Simão Gomes Viana
* caddyhttp: reverseproxy: fix hash selection policy Fixes: #4135 Test: go test './...' -count=1 * caddyhttp: reverseproxy: add test to catch #4135 If you revert the last commit, the test will fail.
2021-04-29fileserver: Better handling of HTTP status override (#4132)Francis Lavoie
2021-04-22caddyfile: Fix `import` replacing unrelated placeholders (#4129)Francis Lavoie
* caddyfile: Fix `import` replacing unrelated placeholders See https://caddy.community/t/snippet-issue-works-outside-snippet/12231 So it turns out that `NewReplacer()` gives a replacer with some global defaults (like `{env.*}` and some system and time placeholders), which is not ideal when running `import` because we just want to replace `{args.*}` only, and nothing else. * caddyfile: Add test
2021-04-21caddytls: Add `load_storage` module (#4055)Francis Lavoie
An idea that came up in https://caddy.community/t/save-internally-issued-wildcard-certificate-in-consul/11740, this a simple module that might be useful for anyone who uses storage modules that aren't filesystem, to let them load certs/keys externally issued for use by Caddy. Bit goofy, since we need to fetch the certmagic.Storage during provisioning, it needs a wrapping struct instead of just being an array like `load_files`. Future work might involve adding Caddyfile support via a subdirective of the `tls` directive maybe?
2021-04-21reverseproxy: Admin endpoint for reporting upstream statuses (#4125)Francis Lavoie
2021-04-19caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)Francis Lavoie
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs * caddyhttp: Add integration test
2021-04-16httpcaddyfile: Take into account host scheme/port (fix #4113)Matthew Holt
2021-04-15fuzz: fix the FuzzFormat comparison (#4117)Mohammed Al Sahaf
2021-04-12caddytls: Disable OCSP stapling for manual certs (#4064)Matthew Holt
2021-04-12caddytls: Configurable storage clean intervalMatthew Holt
Can drastically reduce costs on storage backends where scans are expensive. Also reduced default interval to 24h. See https://github.com/silinternational/certmagic-storage-dynamodb/issues/18
2021-04-09caddyfile: reject cyclic imports (#4022)Mohammed Al Sahaf
* caddyfile: reject recursive self-imports * caddyfile: detect and reject cyclic imports of snippets and files * caddyfile: do not be stickler about connected nodes not being connected already * caddyfile: include missing test artifacts of cyclic imports * address review comments
2021-04-08ci: fuzz: add 4 more fuzzing targets (#4105)Mohammed Al Sahaf
2021-04-08fileserver: Add status code override (#4076)Francis Lavoie
After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file. This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins).
2021-04-05notify: Send all sd_notify signals from main caddy process (#4060)Carl George
Initial sd_notify support was added in #3963, but that sent signals from both cmdRun and cmdReload. This approach has two drawbacks: - Reloads initiated via the API do not send signals. - The signals are sent from different processes, which requires the `NotifyAccess=exec` directive in the unit file. This change moves the NotifyReloading and NotifyReadiness invocations to Load, which address both of those drawbacks. It also adds a complimentary NotifyStopping method which is invoked from handleStop. All the notify methods are defined in a notify package to avoid an import loop.
2021-04-05go.mod: Update quic-go to v0.20.1 (#4075)Marten Seemann
2021-04-02httpcaddyfile: Fix panic in automation policy consolidation (#4104)Francis Lavoie
* httpcaddyfile: Add reproduce test * httpcaddyfile: Don't allow `i` to go below zero
2021-04-02caddyfile: Normalize line endings before comparing fmt result (#4103)Francis Lavoie
2021-04-01ci: accommodate go1.16 changes to go mod (#4102)Mohammed Al Sahaf
As of go1.16, the `go` commands will no longer make automatic changes to go.{mod,sum} files (see: https://blog.golang.org/go116-module-changes). This broke the release script which relied on `go mod download` and/or `go build` to automatically generate the go.sum file. This commit explicitly invokes `go mod tidy` to have the go.sum file generated.
2021-04-01Minor tweaksMatthew Holt
2021-04-01go.mod: Use latest CertMagicMatthew Holt
2021-04-01Use 600 instead of 644 for UUID fileMatthew Holt
Are you happy, linter?
2021-03-30Change os to ioutil for nowMatthew Holt
My editor automatically changed ioutil.ReadFile() to os.ReadFile() in accordance with Go 1.16 changes. I didn't notice this until pushing. But we still have to support Go 1.15 for a little while.
2021-03-30reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)Dimitri Masson
2021-03-30caddy: Add InstanceID() methodMatthew Holt
Caddy can now generate and persist its own instance ID, a UUID that is stored in the data directory. This makes it possible to differentiate it from other instances in a cluster.
2021-03-29encode,staticfiles: Content negotiation, precompressed files (#4045)Steffen Brüheim
* encode: implement prefer setting * encode: minimum_length configurable via caddyfile * encode: configurable content-types which to encode * file_server: support precompressed files * encode: use ReponseMatcher for conditional encoding of content * linting error & documentation of encode.PrecompressedOrder * encode: allow just one response matcher also change the namespace of the encoders back, I accidently changed to precompressed >.> default matchers include a * to match to any charset, that may be appended * rounding of the PR * added integration tests for new caddyfile directives * improved various doc strings (punctuation and typos) * added json tag for file_server precompress order and encode matcher * file_server: add vary header, remove accept-ranges when serving precompressed files * encode: move Suffix implementation to precompressed modules
2021-03-29reverseproxy: Implement health_uri, deprecate health_path, supports query ↵Francis Lavoie
(#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2021-03-29caddyhttp: improve grammar of comment for AllowH2C (#4072)Simão Gomes Viana
2021-03-29sigtrap_posix: add missing comma to SIGTERM info (#4078)Simão Gomes Viana
Was missing a comma, so added it
2021-03-29cmd: Use formatted logger for config adapter warnings (#4080)Francis Lavoie
2021-03-29cmd: main: fix minor doc typos (#4082)Simão Gomes Viana
Fixed typos in the documentation
2021-03-29headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)Francis Lavoie
2021-03-29.gitignore: add IDE files (#4087)Simão Gomes Viana
These tend to clutter up repositories.
2021-03-19fileserver: Add a few more debug lines (#4063)Francis Lavoie
2021-03-19fileserver: Browse listing supports dark mode (#4066)rai
* Add dark color scheme media query * Theme search box, make everything less contrasting * Further contrast tweaks
2021-03-19CONTRIBUTING: fix spelling (#4070)Simão Gomes Viana
Minor spelling fixes to make this document even better
2021-03-12httpcaddyfile: Add `error` directive for the existing handler (#4034)Francis Lavoie
* httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-12logging: add replace filter for static value replacement (#4029)Aaron Taylor
This filter is intended to be useful in scenarios where you may want to redact a value with a static string, giving you information that the field did previously exist and was present, but not revealing the value itself in the logs. This was inspired by work on adding more complete support for removing sensitive values from logs [1]. An example use case would be the Authorization header in request log output, for which the value should usually not be logged, but it may be quite useful for debugging to confirm that the header was present in the request. [1] https://github.com/caddyserver/caddy/issues/3958
2021-03-12caddyconfig: add global option for configuring loggers (#4028)Aaron Taylor
This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log