summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-12-30ci: Update goreleaser to fix deprecation notices (#3945)Francis Lavoie
See https://goreleaser.com/deprecations#nfpmsfiles and https://goreleaser.com/deprecations#nfpmsconfig_files
2020-12-29ci: reject tags if not signed by Matthew Holt's key (#3932)Mohammed Al Sahaf
* ci: reject tags if not signed by Matthew Holt's key * ci: don't reject tags if an intermediate commits are not signed
2020-12-16caddyfile: Fix minor bug in formatterMatthew Holt
2020-12-15caddytls: Improve alt chain preference settingsMatthew Holt
This allows for finer-grained control when choosing alternate chains than simply the previous/Certbot-esque behavior of "choose first chain that contains an issuer's common name." This update allows you to sort by length (if optimizing for efficiency on the wire) and also to select the chain with a specific root CommonName.
2020-12-14reverseproxy: Minor lint fixesMatthew Holt
2020-12-10caddyhttp: Optionally use forwarded IP for remote_ip matcherMatthew Holt
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default. This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
2020-12-10caddyhttp: Clean up internal auto-HTTPS redirect codeMatthew Holt
Refactor redirect route creation into own function. Improve condition for appending port. Fixes a bug manifested through new test case: TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses
2020-12-09caddyhttp: Document that remote_ip reads X-Forwarded-For headerMatthew Holt
https://caddy.community/t/remote-ip-behaviour/10762?u=matt
2020-12-09go.mod: Update CertMagic (fix #3911)Matthew Holt
2020-12-09httpcaddyfile: support matching headers that do not exist (#3909)Jack Baron
* add integration test for null header matcher * implement null header matcher syntax * avoid repeating magic ! * check for field following ! character
2020-12-08go.mod: Upgrade some dependenciesMatthew Holt
2020-12-07httpcaddyfile: Decrement counter when removing conn policy (fix #3906)Matthew Holt
2020-12-04fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)Francis Lavoie
* fastcgi: Set PATH_INFO to file matcher remainder as fallback * fastcgi: Avoid changing scriptName when not necessary * Stylistic tweaks Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-12-04go.mod: update quic-go to v0.19.3 (#3901)Marten Seemann
2020-12-03caddyauth: Use structured logMatthew Holt
2020-12-03Merge remote-tracking branch 'origin/master'Matthew Holt
2020-12-03cmd: add ability to read config from stdin (#3898)Jordi Masip
2020-12-02Add setcap script to gitignoreMatthew Holt
2020-12-02Minor commentsMatthew Holt
2020-12-02caddyhttp: Optimize large host matchersMatthew Holt
2020-12-01caddyauth: Use buffered channel passed to signal.Notify (#3895)Cuong Manh Le
The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer"
2020-11-30headers: Fix Caddyfile parsing with request matcher (#3892)Francis Lavoie
2020-11-26docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886)Francis Lavoie
2020-11-26fileserver: Add debug loggingMatthew Holt
2020-11-25reverseproxy: Handle "operation was canceled" errors (#3816)Daniel Santos
* fix(caddy): Avoid "operation was canceled" errors - Also add error handling for StatusGatewayTimeout * revert(caddy): Revert 504 handling - This will potentially break load balancing and health checks * Handle client cancellation as different error Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-11-25caddytls: Configure trusted CAs from PEM files (#3882)Matt Holt
Closes #3563
2020-11-24httpcaddyfile: Fix test on WindowsMatthew Holt
2020-11-24httpcaddyfile: Proper log config with catch-all blocks (fix #3878)Matthew Holt
2020-11-24Update readmeMatthew Holt
2020-11-24fileserver: Preserve transformed root (fix #3838)Matthew Holt
2020-11-23acme_server: fix reload of acme database (#3874)Ian
* acme_server: Refactor database creation apart from authority creation This is a WIP commit that doesn't really offer anything other than setting us up for using a UsagePool to gracefully reload acme_server configs. * Implement UsagePool * Remove unused context * Fix initializing non-ACME CA This will handle cases where a DB is not provided * Sanitize acme db path and clean debug logs * Move regex to package level to prevent recompiling
2020-11-23acme_server: switch to bbolt storage (#3868)Ian
* acme_server: switch to bbolt storage There have been some issues with the badger storage engine being used by the embedded acme_server. This will replace the storage engine with bbolt * Switch database path back to acme_server/db and remove if directory
2020-11-23caddyfile: Add support for env var defaults; add tests (#3682)Francis Lavoie
* caddyfile: Add support for env var defaults, tests * caddyfile: Use ?? instead, fix redundant cast, remove env chaining * caddyfile: Use : instead
2020-11-23httpcaddyfile: Configure servers via global options (#3836)Francis Lavoie
* httpcaddyfile: First pass at implementing server options * httpcaddyfile: Add listener wrapper support * httpcaddyfile: Sort sbaddrs to make adapt output more deterministic * httpcaddyfile: Add server options adapt tests * httpcaddyfile: Windows line endings lol * caddytest: More windows line endings lol (sorry Matt) * Update caddyconfig/httpcaddyfile/serveroptions.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Reword listener address "matcher" * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Deprecate experimental_http3 option (moved to servers) * httpcaddyfile: Remove validation step, no longer needed Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-23reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)Francis Lavoie
* reverseproxy: Add Caddyfile scheme shorthand for h2c * reverseproxy: Use parentheses for condition Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-21go.mod: update quic-go to v0.19.2 (#3880)Marten Seemann
2020-11-20reverseproxy: Logging for streaming and upgrades (#3689)Francis Lavoie
* reverseproxy: Enable error logging for connection upgrades * reverseproxy: Change some of the error levels, unsugar * Use unsugared log in one spot Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-11-20reverseproxy: Implement cookie hash selection policy (#3809)Dimitri Masson
* add CookieHashSelection for session affinity * add CookieHashSelection for session affinity * register module * reverse_proxy: Add and fix cookie lb_policy * reverse_proxy: Manage hmac.write error on cookie hash selection * reverse_proxy: fix some comments * reverse_proxy: variable `cookieValue` is inside the else block * reverse_proxy: Abstract duplicate nuanced logic of reservoir sampling into a function * reverse_proxy: Set a default secret is indeed useless * reverse_proxy: add configuration syntax for cookie lb_policy * reverse_proxy: doc typo and improvement Co-authored-by: utick <123liuqingdong@163.com>
2020-11-20headers: Support default header values in Caddyfile with '?' (#3807)Gilbert Gilb's
* implement default values for header directive closes #3804 * remove `set_default` header op and rely on "require" handler instead This has the following advantages over the previous attempt: - It does not introduce a new operation for headers, but rather nicely extends over an existing feature in the header handler. - It removes the need to specify the header as "deferred" because it is already implicitely deferred by the use of the require handler. This should be less confusing to the user. * add integration test for header directive in caddyfile * bubble up errors when parsing caddyfile header directive * don't export unnecessarily and don't canonicalize headers unnecessarily * fix response headers not passed in blocks * caddyfile: fix clash when using default header in block Each header is now set in a separate handler so that it doesn't clash with other headers set/added/deleted in the same block. * caddyhttp: New idle_timeout default of 5m * reverseproxy: fix random hangs on http/2 requests with server push (#3875) see https://github.com/golang/go/issues/42534 * Refactor and cleanup with improvements * More specific link Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> Co-authored-by: Денис Телюх <telyukh.denis@gmail.com>
2020-11-18Merge branch 'master' of https://github.com/caddyserver/caddyMatthew Holt
2020-11-18caddyhttp: Return error if error handling errorMatthew Holt
Before, if there was an error in the error handler, we would not write a status code, which resulted in Go writing a 200 for us by default, which does not make sense when there's an error. Now we write the second error's status if available, otherwise 500.
2020-11-18reverseproxy: fix random hangs on http/2 requests with server push (#3875)Денис Телюх
see https://github.com/golang/go/issues/42534
2020-11-18caddyhttp: New idle_timeout default of 5mMatthew Holt
2020-11-17caddyhttp: Fix header matcher when using nilMatthew Holt
Uncovered in #3807
2020-11-16reverse_proxy: Fix random_choose selection policy (#3811)Dimitri Masson
2020-11-16requestbody: Add Caddyfile support (#3859)Nicola Piccinini
* Add Caddyfile support for request_body: ``` request_body { max_size 10000000 } ``` * Improve Caddyfile parser for request_body module * Remove unnecessary `continue` * Add sample for caddyfile_adapt_test
2020-11-16caddytls: Support multiple issuers (#3862)Matt Holt
* caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-13basicauth: Minor internal improvements (#3861)Aurelia
* nitpicks and small improvements in basicauth module 1: roll two if statements into one, since err will be nil in the second case anyhow 2: unlock cache mutex after reading the key, as this happens by-value and reduces code complexity 3: switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track * allocate the right kind of mutex
2020-11-12caddytls: Support ACME alt cert chain preferencesMatthew Holt