summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-07-30fileserver: Support virtual file systems (#4909)Matt Holt
* fileserver: Support virtual file systems (close #3720) This change replaces the hard-coded use of os.Open() and os.Stat() with the use of the new (Go 1.16) io/fs APIs, enabling virtual file systems. It introduces a new module namespace, caddy.fs, for such file systems. Also improve documentation for the file server. I realized it was one of the first modules written for Caddy 2, and the docs hadn't really been updated since! * Virtualize FS for file matcher; minor tweaks * Fix tests and rename dirFS -> osFS (Since we do not use a root directory, it is dynamic.)
2022-07-29Minor docs clarificationMatthew Holt
Related to #4565
2022-07-29core: Windows service integration (#4790)WingLim
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-07-29chore: Add .gitattributes to force *.go to LF (#4919)Francis Lavoie
* chore: Add .gitattributes to force *.go to LF * What if I remove this flag
2022-07-28Fix compilation on WindowsMatthew Holt
2022-07-28Ignore linter warningsMatthew Holt
Use of non-cryptographic random numbers in the load balancing is intentional.
2022-07-28Fix deprecation notice by using UTF16PtrFromStringMatthew Holt
2022-07-28caddyhttp: Clear out matcher error immediately after grabbing it (#4916)Francis Lavoie
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-07-28Finish fixing lint errors from ea8df6ffMatthew Holt
Follows up #4915
2022-07-28caddytls: Remove PreferServerCipherSuitesMatthew Holt
It has been deprecated by Go
2022-07-28caddyhttp: Use new CEL APIs (fix #4915)Matthew Holt
Hahaha this is the ultimate "I have no idea what I'm doing" commit but it compiles and the tests pass and I declare victory! ... probably broke something, should be tested more. It is nice that the protobuf dependency becomes indirect now.
2022-07-27ci: Run golangci-lint on multiple os(#4875) (#4913)Y.Horie
2022-07-26go.mod: Upgrade dependenciesMatthew Holt
2022-07-25httpcaddyfile: Detect ambiguous site definitions (fix #4635)Matthew Holt
Previously, our "duplicate key in server block" logic was flawed because it did not account for the site's bind address. We defer this check to when the listener addresses have been assigned, but before we commit a server block to its listener. Also refined how network address parsing and joining works, which was necessary for a less convoluted fix.
2022-07-25caddyhttp: Log shutdown errors, don't return (fix #4908)Matthew Holt
2022-07-23reverseproxy: Implement read & write timeouts for HTTP transport (#4905)Matt Holt
2022-07-20cmd: Fix reload with stdin (#4900)Francis Lavoie
2022-07-16caddyhttp: Enhance commentMatthew Holt
2022-07-13reverseproxy: Implement retry count, alternative to try_duration (#4756)Francis Lavoie
* reverseproxy: Implement retry count, alternative to try_duration * Add Caddyfile support for `retry_match` * Refactor to deduplicate matcher parsing logic * Fix lint
2022-07-13caddyhttp: Make query matcher more efficientMatthew Holt
Only parse query string once
2022-07-13reverseproxy: Export SetScheme() againMatthew Holt
Turns out the NTLM transport uses it. Oops.
2022-07-12admin: expect quoted ETags (#4879)jhwz
* expect quoted etags * admin: Minor refactor of etag facilities Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-07-12headers: Only replace known placeholders (#4880)Francis Lavoie
2022-07-08reverseproxy: Err 503 if all upstreams unavailableMatthew Holt
2022-07-08reverseproxy: Adjust new TLS Caddyfile directive names (#4872)Francis Lavoie
2022-07-07fileserver: Use safe redirects in file browserMatthew Holt
2022-07-06admin: support ETag on config endpoints (#4579)jhwz
* admin: support ETags * support etags Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-07-06go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)Francis Lavoie
2022-07-05caddytls: Reuse issuer between PreCheck and Issue (#4866)Matt Holt
This enables EAB reuse for ZeroSSLIssuer (which is now supported by ZeroSSL).
2022-06-29admin: Implement /adapt endpoint (close #4465) (#4846)Matt Holt
2022-06-28forwardauth: Fix case when `copy_headers` is omitted (#4856)Francis Lavoie
See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
2022-06-22Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)Tristan Swadell
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-06-22reverseproxy: Fix double headers in response handlers (#4847)Francis Lavoie
2022-06-22reverseproxy: Fix panic when TLS is not configured (#4848)Francis Lavoie
* reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-06-20reverseproxy: Skip TLS for certain configured ports (#4843)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-20go.mod: Update some dependenciesMatthew Holt
2022-06-16forwardauth: Support renaming copied headers, block support (#4783)Francis Lavoie
2022-06-15Add comment about xcaddy to mainMatthew Holt
2022-06-15headers: Support wildcards for delete ops (close #4830) (#4831)Matt Holt
2022-06-14reverseproxy: Dynamic ServerName for TLS upstreams (#4836)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-14reverseproxy: Make TLS renegotiation optionalMatthew Holt
2022-06-10reverseproxy: Add renegotiation param in TLS client (#4784)Yaacov Akiba Slama
* Add renegotiation option in reverseproxy tls client * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-08caddyhttp: Log error from CEL evaluation (fix #4832)Matthew Holt
2022-06-06reverseproxy: Correct the `tls_server_name` docs (#4827)Francis Lavoie
* reverseproxy: Correct the `tls_server_name` docs * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-03reverseproxy: HTTP 504 for upstream timeouts (#4824)Matt Holt
Closes #4823
2022-06-02caddytls: Make peer certificate verification pluggable (#4389)Gr33nbl00d
* caddytls: Adding ClientCertValidator for custom client cert validations * caddytls: Cleanups for ClientCertValidator changes caddytls: Cleanups for ClientCertValidator changes * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Unexported field Validators, corrected renaming of LeafVerificationValidator to LeafCertClientAuth * admin: Write proper status on invalid requests (#4569) (fix #4561) * Apply suggestions from code review * Register module; fix compilation * Add log for deprecation notice Co-authored-by: Roettges Florian <roettges.florian@scheidt-bachmann.de> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Alok Naushad <alokme123@gmail.com>
2022-06-02reverseproxy: api: Remove misleading 'healthy' valueMatthew Holt
In v2.5.0, upstream health was fixed such that whether an upstream is considered healthy or not is mostly up to each individual handler's config. Since "healthy" is an opinion, it is not a global value. I unintentionally left in the "healthy" field in the API endpoint for checking upstreams, and it is now misleading (see #4792). However, num_requests and fails remains, so health can be determined by the API client, rather than having it be opaquely (and unhelpfully) determined for the client. If we do restore this value later on, it'd need to be replicated once per reverse_proxy handler according to their individual configs.
2022-06-01go.mod: Update go-yaml to v3Matthew Holt
2022-06-01Fix #4822 and fix #4779Matthew Holt
The fix for 4822 is the change at the top of the file, and 4779's fix is toward the bottom of the file.
2022-05-29reverseproxy: Add --internal-certs CLI flag #3589 (#4817)Alexander M
added flag --internal-certs when set, for non-local domains the internal CA will be used for cert generation