Age | Commit message (Collapse) | Author |
|
Holy heck this was complicated
|
|
* added sni tests
* set the default sni when there is no host to match
* removed invalid sni test. Disabled tests that rely on host headers.
* readded SNI tests. Added logging of config load times
|
|
This fixes indentation for blocks starting with
a brace as:
```Caddyfile
{
...
}
```
Fixes #3144
Signed-off-by: Vaibhav <vrongmeal@gmail.com>
|
|
|
|
|
|
|
|
|
|
Wrapping listeners is useful for composing custom behavior related
to accepting, closing, reading/writing connections (etc) below the
application layer; for example, the PROXY protocol.
|
|
|
|
|
|
|
|
When using the default automation policy specifically, ap.Issuer would
be nil, so we'd end up overwriting the ap.magic.Issuer's default value
(after New()) with nil; this instead sets Issuer on the template before
New() is called, and no overwriting is done.
|
|
|
|
See https://caddy.community/t/fail-to-start-caddy2-not-nss-security-databases-found/7223?u=matt
|
|
|
|
|
|
* add integration tests
* removed SNI test
* remove integration test condition
* minor edit
* fix sni when using static certificates
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* pki: Initial commit of PKI app (WIP) (see #2502 and #3021)
* pki: Ability to use root/intermediates, and sign with root
* pki: Fix benign misnamings left over from copy+paste
* pki: Only install root if not already trusted
* Make HTTPS port the default; all names use auto-HTTPS; bug fixes
* Fix build - what happened to our CI tests??
* Fix go.mod
|
|
* Fix #3130: Crash at fuzzing target replacer
* Add additional test case based on fuzzer feedback
|
|
|
|
It's still not perfect but I think it should be more correct for
slightly more complex configs. Might still fall apart for complex
configs that use on-demand TLS or at a large scale (workarounds are
to just implement your own redirects, very easy to do anyway).
|
|
|
|
Fixes #3116
* Rework Replacer loop to ignore escaped braces
* Add benchmark tests for replacer
* Optimise handling of escaped braces
* Handle escaped closing braces
* Remove additional check for closing brace
This commit removes the additional check for input in which the closing
brace appears before the opening brace. This check has been removed for
performance reasons as it is deemed an unlikely edge case.
* Check for escaped closing braces in placeholder name
|
|
* ability to specify that client cert must be present in SSL
* changed the clientauthtype to string and make room for the values supported by go as in caddy1
* renamed the config parameter according to review comments and added documentation on allowed values
* missed a reference
* Minor cleanup; docs enhancements
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
This is a breaking change primarily in two areas:
- Storage paths for certificates have changed
- Slight changes to JSON config parameters
Huge improvements in this commit, to be detailed more in
the release notes.
The upcoming PKI app will be powered by Smallstep libraries.
|
|
Build the published executables with CGO disabled, stripped, and with `-trimpath` for more reproducible build
|
|
* remove the certificate tag tracking from global state
* refactored helper state, added log counter
* moved state initialisation close to where it is used.
* added helper state comment
|
|
|
|
|
|
Previously the formatter did not include support for
blocks inside other blocks. Hence the formatter could
not indent some files properly. This fixes it.
Fixes #3104
Signed-off-by: Vaibhav <vrongmeal@gmail.com>
|
|
This takes the config file as input and formats it.
Prints the result to stdout. Can write changes to
file if `--write` flag is passed.
Fixes #3020
Signed-off-by: Vaibhav <vrongmeal@gmail.com>
|
|
* ci: publish build artifacts (per-commit Caddy binaries)
* ci: include OS name in artifact name of *nix binaries so they don't overwrite each other
|
|
|
|
+ a couple other minor changes from linter
|
|
|
|
|
|
|
|
|
|
This makes it more convenient to configure quick proxies that use HTTPS
but also introduces a lot of logical complexity. We have to do a lot of
verification for consistency and errors.
Path and query string is not supported (i.e. no rewriting).
Scheme and port can be inferred from each other if HTTP(S)/80/443.
If omitted, defaults to HTTP.
Any explicit transport config must be consistent with the upstream
schemes, and the upstream schemes must all match too.
But, this change allows a config that used to require this:
reverse_proxy example.com:443 {
transport http {
tls
}
}
to be reduced to this:
reverse_proxy https://example.com
which is really nice syntactic sugar (and is reminiscent of Caddy 1).
|
|
"Transparent mode" is the default, just like the actual handler.
|
|
* Fix typo
* Fix typo, thanks for Spell Checker under VS Code
|
|
This reverts commit 86b785e51cccd5df18611c380962cbd4faf38af5.
|
|
|
|
|
|
|
|
* ci: update golangci-lint
* ci: build Caddy to catch build error
* ci: remove GO111MODULE env var
* ci: update MacOS image
|