summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-11-23caddypki: Use go.step.sm/crypto to generate the PKI (#5217)Mariano Cano
This commit replaces the use of github.com/smallstep/cli to generate the root and intermediate certificates and uses go.step.sm/crypto instead. It also upgrades the version of github.com/smallstep/certificates to the latest version.
2022-11-23admin: fix certificate renewal for admin (#5169)bit
certmagic.New takes a template and returns pointer to the new config. GetConfigForCert later must return a pointer to the new config not the template. fixes #5162
2022-11-14reverseproxy: Mask the WS close message when we're the client (#5199)Francis Lavoie
* reverseproxy: Mask the WS close message when we're the client * weakrand * Bump golangci-lint version so path ignores work on Windows * gofmt * ugh, gofmt everything, I guess
2022-11-08caddypki: Prefer user-configured root instead of generating new one (#5189)Jonathan Garcia
instead of generating a new root certificate at the default location load the certificate from the configuration. fixes: #5181
2022-11-06ci: set least privilged token for github actions for lint workflow (#5179)Ashish Kurmi
* ci: set least privilged token for github actions Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io> * ci:reverting github actions permissions for all but lint workflow Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
2022-10-29caddyhttp: Canonicalize header field names (#5176)Alexander Graf
2022-10-27caddytest: Increased sleep between retries to reduce flakey tests in CI (#5160)Benjamin Chalmers
* Incresed sleep between retries to reduce flakey tests in CI * Also changed wait time for admin * Modified time to make it more reliable Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2022-10-25cmd: replace deprecate func use (#5170)Mohammed Al Sahaf
2022-10-24go.mod: Upgrade some dependenciesMatthew Holt
Quic-go 0.30 should be faster
2022-10-24httploader: Close resp body on bad status codeMatthew Holt
Related to #5158
2022-10-24caddyconfig: Fix httploader leak from unused responses (#5159)Chris Lahaye
fixes #5158 Signed-off-by: Chris Lahaye <mail@chrislahaye.com> Signed-off-by: Chris Lahaye <mail@chrislahaye.com>
2022-10-24caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161)XYenon
2022-10-24fileserver: Reject non-GET/HEAD requests (close #5166) (#5167)Matt Holt
* fileserver: Reject non-GET/HEAD requests (close #5166) * Set Allow header according to RFC 9110 10.2.1
2022-10-18fileserver: Reject ADS and short name paths; trim trailing dots and spaces ↵Matt Holt
on Windows (#5148) * fileserver: Reject ADS and short name paths * caddyhttp: Trim trailing space and dot on Windows Windows ignores trailing dots and spaces in filenames. * Fix test * Adjust path filters * Revert Windows test * Actually revert the test * Just check for colons
2022-10-18map: Clarified how destination values should be formatted (#5156)Scott Mebberson
2022-10-17cmd: Add missing `\n` to HelpTemplate (#5151)BakaFT
2022-10-16docs: Fix templates documentation, stray newline breaks godoc (#5149)Francis Lavoie
2022-10-13httpcaddyfile: Improve detection of indistinguishable TLS automation ↵Matt Holt
policies (#5120) * httpcaddyfile: Skip some logic if auto_https off * Try removing this check altogether... * Refine test timeouts slightly, sigh * caddyhttp: Assume udp for unrecognized network type Seems like the reasonable thing to do if a plugin registers its own network type. * Add comment to document my lack of knowledge * Clean up and prepare to merge Add comments to try to explain what happened
2022-10-12httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)Matt Holt
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124) * Correct boolean logic (oops)
2022-10-08fileserver: stop listing dir when request context is cancelled (#5131)Abdussamet Koçak
Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished. Closes #5129
2022-10-07replacer: working directory global placeholder (#5127)Kévin Dunglas
2022-10-06httpcaddyfile: Fix `metrics` global option parsing (#5126)Francis Lavoie
2022-10-05caddyconfig: Implement retries into HTTPLoader (#5077)Cory Cooper
* httploader: Add max_retries * caddyconfig: dependency-free http config loading retries * caddyconfig: support `retry_delay` in http loader * httploader: Implement retries * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-10-05Fix typo in comment (#5121)Ioannis Cherouvim
2022-10-05logging: Fix `skip_hosts` with wildcards (#5102)Francis Lavoie
Fix #4859
2022-10-05caddytest: Revise sleep durationsMatthew Holt
Attempt to reduce flakiness a bit more Test suite needs to be rewritten.
2022-10-05core: Set version manually via CustomVersion (#5072)Adam Weinberger
* Allow version to be set manually When Caddy is built from a release tarball (as downloaded from GitHub), `caddy version` returns an empty string. This causes confusion for downstream packagers. With this commit, VersionString can be set with eg. go build (...) -ldflags '-X (...).VersionString=v1.2.3' Then the short form version will be "v1.2.3", and the full version string will begin with "v1.2.3 ". * Prefer embedded version, then CustomVersion * Prefer "unknown" for full version over empty Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-10-05forwardauth: Canonicalize header fields (fix #5038) (#5097)Matt Holt
2022-10-04logging: Perform filtering on arrays of strings (where possible) (#5101)Francis Lavoie
* logging: Perform filtering on arrays of strings (where possible) * Add test for ip_mask filter * Oops, need to continue when it's not an IP * Test for invalid IPs
2022-10-05logging: Add `time_local` option to use local time instead of UTC (#5108)Francis Lavoie
2022-10-04fileserver: Treat invalid file path as NotFound (#5099)xufanglu
treat invalid file path as notFound so that PassThru can work
2022-10-04logging: Better `console` encoder defaults (#5109)Francis Lavoie
This is something that has bothered me for a while, so I figured I'd do something about it now since I'm playing in the logging code lately. The `console` encoder doesn't actually match the defaults that zap's default logger uses. This makes it match better with the rest of the logs when using the `console` encoder alongside somekind of filter, which requires you to configure an encoder to wrap.
2022-10-04httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)Francis Lavoie
2022-10-04core: Chdir to executable location on Windows (#5115)Tobias Gruetzmacher
Since all Windows services are run from the Windows system directory, make it easier for users by switching to our program directory right after the start.
2022-10-04ci: enhance the CI/CD flow (#5118)Mohammed Al Sahaf
2022-10-02Fix inverted logic in Windows service detection (#5106)Tobias Gruetzmacher
2022-10-01fileserver: better dark mode visited link contrast (#5105)iliana etaoin
PR #4066 added a dark color scheme to the file_server browse template. PR #4356 later set the links for the `:visited` pseudo-class, but did not set anything for the dark mode, resulting in poor contrast. I selected some new colors by feel. This commit also adds an `a:visited:hover` for both, to go along with the normal blue hover colors.
2022-09-30go.mod: Upgrade select dependenciesMatthew Holt
2022-09-30caddyhttp: Remote IP prefix placeholdersMatthew Holt
See https://github.com/mholt/caddy-ratelimit/issues/12
2022-09-29map: Remove infinite recursion check (#5094)Matt Holt
It was not accurate. Placeholders could be used in outputs that are defined in the same mapping as long as that placeholder does not do the same. A more general solution would be to detect it at run-time in the replacer directly, but that's a bit tedious and will require allocations I think. A better implementation of this check could still be done, but I don't know if it would always be accurate. Could be a "best-effort" thing? But I've also never heard of an actual case where someone configured infinite recursion...
2022-09-29Fix commentMatthew Holt
I apparently read the diff backwards in 2a8c458ffedf886af9542541ea1b1de62370929d
2022-09-29reverseproxy: Parse humanized byte size (fix #5095)Matthew Holt
2022-09-29admin: Use replacer on listen addresses (#5071)Cory Cooper
* admin: use replacer on listen address * admin: consolidate replacer logic
2022-09-29core: Fix ListenQUIC listener key conflictMatthew Holt
Reported on commit e3e8aabbcf65d37516bb97f9dc0f77df52f8cf55 Abused this change in some bash for loops to rapidly reload config while making requests and didn't observe any memory or resource leaks.
2022-09-29reverseproxy: On 103 don't delete own headers (#5091)Matt Holt
See #5074
2022-09-28Merge pull request #5076 from caddyserver/fastcgi-redirMatt Holt
fastcgi: Redirect using original URI path (fix #5073) and rewrite: Only trim prefix if matched
2022-09-28caddyhttp: replace placeholders in map defaults (#5081)Will Norris
This updates the map directive to replace placeholders in default values in the same way as matched values.
2022-09-28core: Refactor and improve listener logic (#5089)Matt Holt
* core: Refactor, improve listener logic Deprecate: - caddy.Listen - caddy.ListenTimeout - caddy.ListenPacket Prefer caddy.NetworkAddress.Listen() instead. Change: - caddy.ListenQUIC (hopefully to remove later) - caddy.ListenerFunc signature (add context and ListenConfig) - Don't emit Alt-Svc header advertising h3 over HTTP/3 - Use quic.ListenEarly instead of quic.ListenEarlyAddr; this gives us more flexibility (e.g. possibility of HTTP/3 over UDS) but also introduces a new issue: https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608 - Unlink unix socket before and after use * Appease the linter * Keep ListenAll
2022-09-28rewrite: Only trim prefix if matchedMatthew Holt
See #5073
2022-09-27reverseproxy: fix upstream scheme handling in command (#5088)lemmi
e338648fed3263200dfd6abc9f8100c6f1c0eb67 introduced multiple upstream addresses. A comment notes that mixing schemes isn't supported and therefore the first valid scheme is supposed to be used. Fixes setting the first scheme. fixes #5087