summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-04-20Update smallstep/certificatesMatthew Holt
2022-04-15ci: use latest Go version on macOS (#4708)Mohammed Al Sahaf
2022-04-13ci: Fix typoMatthew Holt
2022-04-13ci: Ensure we always check for latest version of Go (#4703)Francis Lavoie
* ci: Ensure we always check for latest version of Go * Try to force 1.18.1, 1.17.9 * Use includes for the actual go semver * Use `~` for semver here, apparently * Try to make tests still run on 1.18.0 for Mac, for now
2022-04-13cmd: Enhance .env (dotenv) file parsingMatthew Holt
Basic support for quoted values, newlines in quoted values, and comments. Does not support variable or command expansion.
2022-04-13caddypki: Load intermediate for signing on-the-fly (#4669)Francis Lavoie
* caddypki: Load intermediate for signing on-the-fly Fixes #4517 Big thanks to @maraino for adding an API in `smallstep/certificates` so that we can fix this * Debug log * Trying a hunch, does it need to be a pointer receiver? * Clarify pointer receiver Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-04-13fix typo (#4702)cui fliter
Signed-off-by: cuishuang <imcusg@gmail.com>
2022-04-12templates: Switch to `BurntSushi/toml` (#4700)Francis Lavoie
2022-04-12cmd: Add `--diff` option for `caddy fmt` (#4695)Francis Lavoie
2022-04-11reverseproxy: Add `_ms` placeholders for proxy durations (#4666)Francis Lavoie
* reverseproxy: Add `_ms` placeholders for proxy durations * Add http.request.duration_ms Also add comments, and change duration_sec to duration_ms * Add response.duration_ms for consistency * Add missing godoc comment Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-04-11reverseproxy: Sync up `handleUpgradeResponse` with stdlib (#4664)Francis Lavoie
* reverseproxy: Sync up `handleUpgradeResponse` with stdlib I had left this as a TODO for when we bump to minimum 1.17, but I should've realized it was under `internal` so it couldn't be used directly. Copied the functions we needed for parity. Hopefully this is ok! * Add tests and fix godoc comments Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-04-07staticfiles: Expand placeholder for index files (#4679)Y.Horie
2022-04-07logging: Caddyfile support for `duration_format` (#4684)Francis Lavoie
Somehow, this was missed. Oops!
2022-04-03cmd: Fix defaulting admin address if empty in config, fixes `reload` (#4674)Francis Lavoie
2022-03-28chore: Fix for xcaddy builds (#4665)Francis Lavoie
* chore: Attempt fix for xcaddy builds * Upgrade smallstep/certificates which avoids the problem
2022-03-25chore: Bump minimum Go to 1.17 (#4662)Francis Lavoie
2022-03-25go.mod: Upgrade CertMagic to v0.16.0Matthew Holt
Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-24httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661)Francis Lavoie
Guh, this is complicated. Fixes #4640 This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase. The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest.
2022-03-24chore: Clean up adapt test line endings (#4660)Francis Lavoie
Lots of the files were using CRLF instead of LF. Mostly my fault cause sometimes I make the files on Windows and VSCode for some reason kept making them with the wrong line endings. Sigh. Since .txt files typically default to spaces for indentation, I'm also adding an .editorconfig to ensure they use tabs instead
2022-03-24reverseproxy: Include port in A upstreams cacheMatthew Holt
Should fix #4659
2022-03-23caddyfile: Prevent bad block opening tokens (#4655)Francis Lavoie
* caddyfile: Prevent bad block opening tokens * Clarifying comments
2022-03-22Fix http3 servers dying after reload (#4654)Artem Mikheev
2022-03-22httpcaddyfile: Add 'vars' directiveMatthew Holt
See discussion in #4650
2022-03-21map: Evaluate placeholders in output vals (#4650)Matthew Holt
2022-03-21reverseproxy: Don't clear name in SRV upstreamsMatthew Holt
Fix for dc4d147388547515f77447d594024386b732e7d4
2022-03-19cmd: Set Origin header properly on API requestsMatthew Holt
Ref. https://caddy.community/t/bug-in-enforce-origin/15417
2022-03-18caddyfile: Support for raw token values; improve `map`, `expression` (#4643)Francis Lavoie
* caddyfile: Support for raw token values, improve `map`, `expression` * Applied code review comments * Rename RawVal to ValRaw Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-18reverseproxy: Expand SRV/A addrs for cache keyMatthew Holt
Hopefully fix #4645
2022-03-17map: Support numeric and bool types with CaddyfileMatthew Holt
Based on caddyserver/website#221
2022-03-15ci: Build on Go 1.18, bump actions versions (#4637)Francis Lavoie
* ci: Build on Go 1.18, bump actions versions * Revert linter version bump for now * Try linter again
2022-03-13chore: Comment fixes (#4634)Francis Lavoie
2022-03-11requestbody: Return HTTP 413 (fix #4558)Matthew Holt
2022-03-11caddyhttp: retain all values of vars matcher when specified multiple times ↵Mohammed Al Sahaf
(#4629)
2022-03-10go.mod: Upgrade some dependenciesMatthew Holt
Fixes bug in yuin/goldmark https://github.com/caddyserver/website/issues/217
2022-03-09reverseproxy: copy_response and copy_response_headers for handle_response ↵Francis Lavoie
routes (#4391) * reverseproxy: New `copy_response` handler for `handle_response` routes Followup to #4298 and #4388. This adds a new `copy_response` handler which may only be used in `reverse_proxy`'s `handle_response` routes, which can be used to actually copy the proxy response downstream. Previously, if `handle_response` was used (with routes, not the status code mode), it was impossible to use the upstream's response body at all, because we would always close the body, expecting the routes to write a new body from scratch. To implement this, I had to refactor `h.reverseProxy()` to move all the code that came after the `HandleResponse` loop into a new function. This new function `h.finalizeResponse()` takes care of preparing the response by removing extra headers, dealing with trailers, then copying the headers and body downstream. Since basically what we want `copy_response` to do is invoke `h.finalizeResponse()` at a configurable point in time, we need to pass down the proxy handler, the response, and some other state via a new `req.WithContext(ctx)`. Wrapping a new context is pretty much the only way we have to jump a few layers in the HTTP middleware chain and let a handler pick up this information. Feels a bit dirty, but it works. Also fixed a bug with the `http.reverse_proxy.upstream.duration` placeholder, it always had the same duration as `http.reverse_proxy.upstream.latency`, but the former was meant to be the time taken for the roundtrip _plus_ copying/writing the response. * Delete the "Content-Length" header if we aren't copying Fixes a bug where the Content-Length will mismatch the actual bytes written if we skipped copying the response, so we get a message like this when using curl: ``` curl: (18) transfer closed with 18 bytes remaining to read ``` To replicate: ``` { admin off debug } :8881 { reverse_proxy 127.0.0.1:8882 { @200 status 200 handle_response @200 { header Foo bar } } } :8882 { header Content-Type application/json respond `{"hello": "world"}` 200 } ``` * Implement `copy_response_headers`, with include/exclude list support * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-03-08tracing: New OpenTelemetry module (#4361)Andrii Kushch
* opentelemetry: create a new module * fix imports * fix test * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/tracer.go Co-authored-by: Dave Henderson <dhenderson@gmail.com> * rename error ErrUnsupportedTracesProtocol * replace spaces with tabs in the test data * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * replace spaces with tabs in the README.md * use default values for a propagation and exporter protocol * set http attributes with helper * simplify code * Cleanup modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update documentation in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link to naming spec in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename module from opentelemetry to tracing Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Simplify otel resource creation Co-authored-by: Dave Henderson <dhenderson@gmail.com> * handle extra attributes Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel/semconv to 1.7.0 Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel version * remove environment variable handling * always use tracecontext,baggage as propagators * extract tracer name into variable * rename OpenTelemetry to Tracing * simplify resource creation * update go.mod * rename package from opentelemetry to tracing * cleanup tests * update Caddyfile example in README.md * update README.md * fix test * fix module name in README.md * fix module name in README.md * change names in README.md and tests * order imports * remove redundant tests * Update documentation README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Fix grammar Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.sum * update go.sum * Add otelhttp instrumentation, update OpenTelemetry libraries. * Use otelhttp instrumentation for instrumenting HTTP requests. This change uses context.WithValue to inject the next handler into the request context via a "nextCall" carrier struct, and pass it on to a standard Go HTTP handler returned by otelhttp.NewHandler. The underlying handler will extract the next handler from the context, call it and pass the returned error to the carrier struct. * use zap.Error() for the error log * remove README.md * update dependencies * clean up the code * change comment * move serveHTTP method from separate file * add syntax to the UnmarshalCaddyfile comment * go import the file * admin: Write proper status on invalid requests (#4569) (fix #4561) * update dependencies Co-authored-by: Dave Henderson <dhenderson@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Vibhav Pant <vibhavp@gmail.com> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Cedric Ziel <cedric@cedric-ziel.com>
2022-03-08caddytls: dns_challenge_override_domain for challenge delegation (#4596)Ran Chen
* Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-07fastcgi: Protect against requests with null bytes in the path (#4614)Francis Lavoie
2022-03-06reverseproxy: Dynamic upstreams (with SRV and A/AAAA support) (#4470)Matt Holt
* reverseproxy: Begin refactor to enable dynamic upstreams Streamed here: https://www.youtube.com/watch?v=hj7yzXb11jU * Implement SRV and A/AAA upstream sources Also get upstreams at every retry loop iteration instead of just once before the loop. See #4442. * Minor tweaks from review * Limit size of upstreams caches * Add doc notes deprecating LookupSRV * Provision dynamic upstreams Still WIP, preparing to preserve health checker functionality * Rejigger health checks Move active health check results into handler-specific Upstreams. Improve documentation regarding health checks and upstreams. * Deprecation notice * Add Caddyfile support, use `caddy.Duration` * Interface guards * Implement custom resolvers, add resolvers to http transport Caddyfile * SRV: fix Caddyfile `name` inline arg, remove proto condition * Use pointer receiver * Add debug logs Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-03-06reverseproxy: Implement trusted proxies for `X-Forwarded-*` headers (#4507)Francis Lavoie
2022-03-05reverseproxy: Refactor dial address parsing, augment command parsing (#4616)Francis Lavoie
2022-03-04fileserver: Add `pass_thru` Caddyfile option (#4613)Francis Lavoie
2022-03-04Appease the linterMatthew Holt
2022-03-04caddyhttp: Honor wildcard hosts in log SkipHosts (#4606)Matt Holt
2022-03-03core: Retry dynamic config load if config unchangedMatthew Holt
(see discussion in #4603)
2022-03-03templates: Fix docs for .ArgsMatthew Holt
2022-03-03core: Retry dynamic config load if error or no-op (#4603)Matthew Holt
Also fix ineffectual assignment (unrelated)
2022-03-03reverseproxy: Make shallow-ish clone of the request (#4551)Francis Lavoie
* reverseproxy: Make shallow-ish clone of the request * Refactor request cloning into separate function Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-02caddyhttp: Don't attempt to manage Tailscale certsMatthew Holt
If .ts.net domains are explicitly added to config, don't try to manage a cert for them (it will fail, and our implicit Tailscale module will get those certs at run-time).
2022-03-02caddypki: Try to fix lint warningsMatthew Holt