summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-18httpcaddyfile: Add pki app `root` and `intermediate` cert/key config (#4514)Francis Lavoie
2022-01-18rewrite: Add `method` Caddyfile directive (#4528)Francis Lavoie
2022-01-18caddyhttp: Fix HTTP->HTTPS redir not preferring HTTPS port if ambiguous (#4530)Francis Lavoie
2022-01-18httpcaddyfile: Add `default_bind` global option (#4531)Francis Lavoie
2022-01-18httpcaddyfile: Fix incorrect handling of IPv6 bind addresses (#4532)Francis Lavoie
The `net.JoinHostPort()` function has some naiive logic for handling IPv6, it just checks if the host part has a `:` and if so it wraps the host part with `[ ]` but this causes our network type prefix to get wrapped as well, which is invalid for `caddy.NetworkAddress`. Instead, we can just concatenate the host and port manually here to avoid this side-effect.
2022-01-16cmd: Print error if fmt overwrite fails (fix #4524)Matthew Holt
2022-01-13rewrite: Fix a double-encode issue when using the `{uri}` placeholder (#4516)Francis Lavoie
2022-01-13caddytls: Fix `MatchRemoteIP` provisoning with multiple CIDR ranges (#4522)GallopingKylin
2022-01-12caddyhttp: Return HTTP 421 for mismatched Host header (#4023)rayjlinden
Potential fix for #4017 although the consensus is unclear. Made change to return status code 421 instead of 403 when StrictSNIHost matching is on.
2022-01-10Fix lint warningsMatthew Holt
2022-01-10core: Simplify shared listeners, fix deadline bugMatthew Holt
When this listener code was first written, UsagePool didn't exist. We can simplify much of the wrapped listener logic by utilizing UsagePool. This also fixes a bug where new servers were able to clear deadlines set by old servers, even if the old server didn't get booted out of its Accept() call yet. And with the deadline cleared, they never would. (Sometimes. Based on reports and difficulty of reproducing the bug, this behavior was extremely rare.) I don't know why that happened exactly, maybe some polling mechanism in the kernel and if the timings worked out just wrong it would expose the bug. Anyway, now we ensure that only the closer that set the deadline is the same one that clears it, ensuring that old servers always return out of Accept(), because the deadline doesn't get cleared until they do. Of course, all this hinges on the hope that my suspicions in the middle of the night are correct and that kernels work the way I think they do in my head. Also minor enhancement to UsagePool where if a value errors upon construction (a very real possibility with listeners), it is removed from the pool. Not 100% sure the sync logic is correct there, or maybe we don't have to even put it in the pool until after construction, but it's subtle either way and I think this is safe... right?
2022-01-07caddypki: Return error if no PEM data foundMatthew Holt
Best guess for https://caddy.community/t/on-fly-certificate-generation-based-on-sni/14639/4
2022-01-05httpcaddyfile: Support configuring `pki` app names via global options (#4450)Francis Lavoie
2022-01-05caddyhttp: Redirect HTTP requests on the HTTPS port to https:// (#4313)Francis Lavoie
* caddyhttp: Redirect HTTP requests on the HTTPS port to https:// * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-01-05admin: Require identity for remote (fix #4478)Matthew Holt
2022-01-05templates: Document .OriginalReqMatthew Holt
Close caddyserver/website#91
2022-01-04admin, reverseproxy: Stop timers if canceled to avoid goroutine leak (#4482)Денис Телюх
2022-01-04logging: Support turning off roll compression via Caddyfile (#4505)Francis Lavoie
2022-01-04headers: Fix `+` in Caddyfile to properly append rather than set (#4506)Francis Lavoie
2021-12-30caddyhttp: Fix `MatchPath` sanitizing (#4499)Francis Lavoie
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542 Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
2021-12-17reverseproxy: Fix incorrect `health_headers` Caddyfile parsing (#4485)Francis Lavoie
Fixes #4481
2021-12-15caddyhttp: Implement http.request.uuid placeholder (#4285)Rainer Borene
2021-12-13caddypki: Minor tweak, don't use context pointerMatthew Holt
2021-12-13caddyhttp: Enhance vars matcher (#4433)Matt Holt
* caddyhttp: Enhance vars matcher Enable "or" logic for multiple values. Fall back to checking placeholders if not a var name. * Fix tests (thanks @mohammed90 !)
2021-12-13pki: Avoid provisioning the `local` CA when not necessary (#4463)Francis Lavoie
* pki: Avoid provisioning the `local` CA when not necessary * pki: Refactor CA loading to keep the logic in the PKI app
2021-12-13httpcaddyfile: Fix sorting edgecase for nested `handle_path` (#4477)Francis Lavoie
2021-12-11fileserver: do not double-escape paths (#4447)Mohammed Al Sahaf
2021-12-10go.mod: Update smallstep/certificates, no longer need replace (#4475)Francis Lavoie
2021-12-09go.mod: Update smallstep/truststore, fix build on FreeBSD (#4473)Francis Lavoie
2021-12-07caddyfile: impove fmt warning message (#4444)Runzhi He
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-12-05docs: use backticks to not italicise glob path (#4460)Adam Burgess
2021-12-02logging: add support for hashing data (#4434)Kévin Dunglas
* logging: add support for hashing data * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> Co-authored-by: wiese <wiese@users.noreply.github.com>
2021-12-02caddyhttp: Make logging of credential headers opt-in (#4438)Francis Lavoie
2021-12-02fastcgi: Fix a TODO, prevent zap using reflection for logging env (#4437)Francis Lavoie
* fastcgi: Fix a TODO, prevent zap using reflection for logging env * Update modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2021-11-29go.mod: Update to latest smallstep/truststore, support FreeBSD (#4453)Francis Lavoie
2021-11-29templates: fix inconsistent nested includes (#4452)Tim Culverhouse
2021-11-29caddyhttp: Split up logged remote address into IP and port (#4403)Francis Lavoie
2021-11-29logging: Remove common_log field and single_field encoder (#4149) (#4282)Matt Holt
2021-11-28caddyfile: make renew_interval option configurable (#4451)Rainer Borene
2021-11-24reverseproxy: Adjust defaults, document defaults (#4436)Francis Lavoie
* reverseproxy: Adjust defaults, document defaults Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6. - Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release. - Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost! - Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience. * reverseproxy: Make keepalive interval configurable via Caddyfile * fastcgi: DialTimeout default for fastcgi transport too
2021-11-23logging: add a regexp filter (#4426)Kévin Dunglas
2021-11-23logging: add a filter for cookies (#4425)Kévin Dunglas
* feat(logging): add a filter for cookies * Improve godoc and add validation
2021-11-23logging: add a filter for query parameters (#4424)Kévin Dunglas
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-11-23fileserver: browse: do not encode the paths in breadcrumbs and page title ↵Mohammed Al Sahaf
(#4410)
2021-11-22fileserver: Fix handling of symlink sizes in directory listings (#4415)Jeremy Lin
2021-11-22caddyhttp: Log non-500 handler errors at debug level (#4429)Francis Lavoie
Fixes #4428 It's best to still log handler errors at debug level so that they're hidden by default, but still accessible if additional details are necessary.
2021-11-22caddyhttp: Log empty value for typical password headersMatthew Holt
Work around for common misconfiguration
2021-11-16core: Load config at interval instead of just onceMatthew Holt
2021-11-15caddyfile: Copy input before parsing (fix #4422)Matthew Holt
2021-11-15fileserver: Move default browse template into a separate file (#4417)Jeremy Lin
This makes it easier for users to find the default browse template if they want to create a custom template based on that. It also makes it easier to view the template with proper syntax highlighting.