summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-21admin: Disallow websocketsMatthew Holt
No currently-known exploit here, just being conservative
2020-05-20Update SECURITY.mdMatt Holt
2020-05-20reverseproxy: Don't overwrite existing X-Forwarded-Proto headerMatthew Holt
Correct behavior is not well defined because this is a non-standard header field. This could be a "hop-by-hop" field much like X-Forwarded-For is, but even our X-Forwarded-For implementation preserves prior entries. Or, it could be best to preserve the original value from the first hop, representing the protocol as facing the client. Let's try it the other way for a bit and see how it goes. See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
2020-05-20httpcaddyfile: Improve error on matcher declared outside site block (#3431)Francis Lavoie
2020-05-19httpcaddyfile: Add `auto_https` global option (#3284)Francis Lavoie
2020-05-18reverseproxy: Make debug log safe if error occursMatthew Holt
2020-05-18reverseproxy: Emit debug log before checking error (#3425)Matthew Holt
This way the upstream request will always be available even if it failed
2020-05-18pki: Add docs to some struct fieldsMatthew Holt
2020-05-18templates: trim windows whitespace in SplitFrontMatter; fix #3386 (#3387)Thorkild Gregersen
* add test case for SplitFrontMatter showing issue with windows newline * fix issue with windows newline when using SplitFrontMatter * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * make it mere explicit what is trimmed from firstLine * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-18caddyauth: Add realm to basicauth Caddyfile directive (#3315)Francis Lavoie
2020-05-18fastcgi: `php_fastcgi` subdirectives to override shortcut behaviour (#3255)Francis Lavoie
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut * fastcgi: Support "index off" to disable redir and try_files * fastcgi: Remove whitespace to satisfy linter * fastcgi: Run gofmt * fastcgi: Make a new dispenser instead of using rewind * fastcgi: Some fmt * fastcgi: Add a couple adapt tests * fastcgi: Clean up for loops * fastcgi: Move adapt tests to separate files
2020-05-17go.mod: Update dependenciesMatthew Holt
Notably, this adds Caddyfile syntax highlighting in markdown rendering
2020-05-15httpcaddyfile: Be stricter about `log` syntax (#3419)Francis Lavoie
2020-05-15cmd: Add --envfile flag to run command (#3278)elcore
* run: Add the possibility to load an env file * run: change envfile flag var * run: do not ignore err values * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-14caddytest: Refactor Caddyfile adapt tests to separate files (#3398)Francis Lavoie
2020-05-13cmd: Add pidfile support (closes #3235)Matthew Holt
2020-05-13docs: link to CEL standard definitions (#3407)Mohammed Al Sahaf
* docs: link to CEL standard definitions * Rephrase the anchor to CEL standard definitions Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-13reverseproxy: Apply response header ops before copying it (fix #3382) (#3401)Matt Holt
2020-05-12all: Recover from panics in goroutinesMatthew Holt
2020-05-12cmd: reverse-proxy: add --insecure flag (with warning) (#3389)linquize
2020-05-11httpcaddyfile: Shorthands for parameterized placeholders (#3305)Francis Lavoie
* httpcaddyfile: Add shorthands for parameterized placeholders httpcaddyfile: Now with regexp instead httpcaddyfile: Allow dashes, gofmt httpcaddyfile: Compile regexp only once httpcaddyfile: Cleanup struct httpcaddyfile: Optimize the replacers, pull out of the loop httpcaddyfile: Add `{port}` shorthand * httpcaddyfile: Switch `r.` to `re.`
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-05-11ci: Delete .travis.yml (#3396)Francis Lavoie
Too flaky. We'll explore different avenues to testing s390x and ppc64le. See discussion here: https://github.com/caddyserver/caddy/pull/3355 /cc @grooverdan, @Mohammed90 said he'll reach out to Elizabeth as you suggested.
2020-05-11httpcaddyfile: Make global options pluggable (#3265)Francis Lavoie
* httpcaddyfile: Make global options pluggable * httpcaddyfile: Add a global options adapt test * httpcaddyfile: Wrap err Co-Authored-By: Dave Henderson <dhenderson@gmail.com> * httpcaddyfile: Revert wrap err Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2020-05-11caddyhttp: Fix merging of Caddyfile matchers in not blocks (#3379)Francis Lavoie
2020-05-11caddyhttp: Match hostnames with wildcards to loggers (#3378)Gregory Dosh
* adding wildcard matching of logger names * reordering precedence for more specific loggers to match first * removing dependence on certmagic and extra loop Co-authored-by: GregoryDosh <GregoryDosh@users.noreply.github.com>
2020-05-11cmd: hash-password: Support reading from stdin (#3373)Andrew Zhou
Closes #3365 * http: Add support in hash-password for reading from terminals/stdin * FIXUP: Run gofmt -s * FIXUP * FIXUP: Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * FIXUP Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-11caddyhttp: Minor refactoring for preparing requestsMatthew Holt
While building a layer4 app for Caddy, I discovered that we need the ability to fill a request's context just like the HTTP server does, hence this exported function PrepareRequest().
2020-05-10fix testharness, dumps the current config, only if the config was ↵Mark Sargent
successfully loaded (#3385)
2020-05-08docs: Fix TOC/section header mismatch (#3380)Chandler Swift
2020-05-07log: improve rounding logic for log rolling directives (#3367)Jeremy Lin
* For `roll_size` and `roll_keep_for` directives, round up instead of down. For example, if a user wants to be able to look back on 36 hours of logs, but you must round to a 24-hour multiple, then it's better to round up to 48 hours (which includes the desired 36 hours) instead of down to 24 hours. * `roll_size` had an off-by-one error that caused the size to be as much as 1 MB larger than requested. For example, requests of `1MB` and `1.1MB` both became 2 MB. Now `1MB` means 1 MB, and `1.1MB` is rounded up to 2 MB.
2020-05-07Update readmeMatthew Holt
2020-05-07docs: Fix command.Func documentation (#3371)Jose Donizetti
2020-05-06httpcaddyfile: Fix route ordering bugMatthew Holt
https://caddy.community/t/cant-get-simple-alias-to-work/7911/8?u=matt This removes an optimization where we amortized path matcher decoding. The decoded matchers were index by... position... which obviously changes during sorting. Duh. Anyway, sorting is sliiightly slower now but the Caddyfile is not really CPU-sensitive, so this is fine.
2020-05-06Update dependencies and get rid of placeholder hacks in CA codeMatthew Holt
With the latest commit on smallstep/certificates, placeholders in config are no longer needed.
2020-05-06ci: Add release tagged event triggers to sister repos (#3321)Francis Lavoie
2020-05-06core: Support loading modules from [][]json.RawMessage fieldsMatthew Holt
2020-05-06reverseproxy: Allow using TLS for port 80 upstreams (see #3361)Matthew Holt
An upstream like https://localhost:80 is still forbidden, but an addr of localhost:80 can be used while explicitly enabling TLS as an override; we just don't allow the implicit behavior to be ambiguous.
2020-05-06tls/client auth: verify first certificates in client request (#3344)Karol Będkowski
When client certificate is enabled Caddy check only last certificate from request. When this cert is not in list of trusted leaf certificates, connection is rejected. According to RFC TLS1.x the sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it. This patch fix this problem - first certificate is checked instead of last.
2020-05-05ci: Add linux-armv5 builds (#3356)Dave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-05-06Fixing goreleaser syntax error (#3355)Dave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-05-05ci: add s390x and ppc64le builds for linux (#3325)Daniel Black
2020-05-05reverseproxy: Add tls_server_name option to Caddyfile (#3322)Francis Lavoie
2020-05-05httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)Matt Holt
This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
2020-05-05pki: Embedded ACME server (#3198)Matt Holt
* pki: Initial commit of embedded ACME server (#3021) * reverseproxy: Support auto-managed TLS client certificates (#3021) * A little cleanup after today's review session
2020-05-05file_server: Accept files args in one-liner of Caddyfile matcher (#3298)Matt Holt
Previously, matching by trying files other than the actual path of the URI was: file { try_files <files...> } Now, the same can be done in one line: file <files...> As before, an empty file matcher: file still matches if the request URI exists as a file in the site root.
2020-05-05httpserver: Add experimental H2C support (#3289)Matt Holt
* reverse_proxy: Initial attempt at H2C transport/client support (#3218) I have not tested this yet * Experimentally enabling H2C server support (closes #3227) See also #3218 I have not tested this * reverseproxy: Clean up H2C transport a bit * caddyhttp: Update godoc for h2c server; clarify experimental status * caddyhttp: Fix trailers when recording responses (fixes #3236) * caddyhttp: Tweak h2c config settings and docs
2020-05-05caddyconfig: Don't start comments in middle of tokens (#3267)Francis Lavoie
* caddyconfig: Only parse # as start of comment if preceded by space * caddyconfig: Simplify # logic using len(val), add a test
2020-05-05httpcaddyfile: Support single-line matchers (#3263)Francis Lavoie
* httpcaddyfile: Support single-line matchers * httpcaddyfile: Add single-line matcher test * httpcaddyfile: Add a matcher syntax adapt test
2020-05-05caddyfile: Support backticks as quotes (closes #2591) (#3242)Matt Holt