Age | Commit message (Collapse) | Author |
|
No currently-known exploit here, just being conservative
|
|
|
|
Correct behavior is not well defined because this is a non-standard
header field. This could be a "hop-by-hop" field much like
X-Forwarded-For is, but even our X-Forwarded-For implementation
preserves prior entries. Or, it could be best to preserve the original
value from the first hop, representing the protocol as facing the
client.
Let's try it the other way for a bit and see how it goes.
See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
|
|
|
|
|
|
|
|
This way the upstream request will always be available even if it failed
|
|
|
|
* add test case for SplitFrontMatter showing issue with windows newline
* fix issue with windows newline when using SplitFrontMatter
* Update modules/caddyhttp/templates/frontmatter.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* make it mere explicit what is trimmed from firstLine
* Update modules/caddyhttp/templates/frontmatter.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut
* fastcgi: Support "index off" to disable redir and try_files
* fastcgi: Remove whitespace to satisfy linter
* fastcgi: Run gofmt
* fastcgi: Make a new dispenser instead of using rewind
* fastcgi: Some fmt
* fastcgi: Add a couple adapt tests
* fastcgi: Clean up for loops
* fastcgi: Move adapt tests to separate files
|
|
Notably, this adds Caddyfile syntax highlighting in markdown rendering
|
|
|
|
* run: Add the possibility to load an env file
* run: change envfile flag var
* run: do not ignore err values
* Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* docs: link to CEL standard definitions
* Rephrase the anchor to CEL standard definitions
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
|
|
* httpcaddyfile: Add shorthands for parameterized placeholders
httpcaddyfile: Now with regexp instead
httpcaddyfile: Allow dashes, gofmt
httpcaddyfile: Compile regexp only once
httpcaddyfile: Cleanup struct
httpcaddyfile: Optimize the replacers, pull out of the loop
httpcaddyfile: Add `{port}` shorthand
* httpcaddyfile: Switch `r.` to `re.`
|
|
* caddy: Add support for `d` duration unit
* Improvements to ParseDuration; add unit tests
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
Too flaky. We'll explore different avenues to testing s390x and ppc64le.
See discussion here: https://github.com/caddyserver/caddy/pull/3355
/cc @grooverdan, @Mohammed90 said he'll reach out to Elizabeth as you suggested.
|
|
* httpcaddyfile: Make global options pluggable
* httpcaddyfile: Add a global options adapt test
* httpcaddyfile: Wrap err
Co-Authored-By: Dave Henderson <dhenderson@gmail.com>
* httpcaddyfile: Revert wrap err
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
|
|
|
|
* adding wildcard matching of logger names
* reordering precedence for more specific loggers to match first
* removing dependence on certmagic and extra loop
Co-authored-by: GregoryDosh <GregoryDosh@users.noreply.github.com>
|
|
Closes #3365
* http: Add support in hash-password for reading from terminals/stdin
* FIXUP: Run gofmt -s
* FIXUP
* FIXUP: Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* FIXUP
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
While building a layer4 app for Caddy, I discovered that we need the
ability to fill a request's context just like the HTTP server does,
hence this exported function PrepareRequest().
|
|
successfully loaded (#3385)
|
|
|
|
* For `roll_size` and `roll_keep_for` directives, round up instead of down.
For example, if a user wants to be able to look back on 36 hours of logs,
but you must round to a 24-hour multiple, then it's better to round up to
48 hours (which includes the desired 36 hours) instead of down to 24 hours.
* `roll_size` had an off-by-one error that caused the size to be as much as
1 MB larger than requested. For example, requests of `1MB` and `1.1MB`
both became 2 MB. Now `1MB` means 1 MB, and `1.1MB` is rounded up to 2 MB.
|
|
|
|
|
|
https://caddy.community/t/cant-get-simple-alias-to-work/7911/8?u=matt
This removes an optimization where we amortized path matcher decoding.
The decoded matchers were index by... position... which obviously
changes during sorting. Duh.
Anyway, sorting is sliiightly slower now but the Caddyfile is not
really CPU-sensitive, so this is fine.
|
|
With the latest commit on smallstep/certificates, placeholders in config
are no longer needed.
|
|
|
|
|
|
An upstream like https://localhost:80 is still forbidden, but an addr of
localhost:80 can be used while explicitly enabling TLS as an override;
we just don't allow the implicit behavior to be ambiguous.
|
|
When client certificate is enabled Caddy check only last certificate from
request. When this cert is not in list of trusted leaf certificates,
connection is rejected. According to RFC TLS1.x the sender's certificate
must come first in the list. Each following certificate must directly
certify the one preceding it.
This patch fix this problem - first certificate is checked instead of last.
|
|
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
|
|
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
|
|
|
|
|
|
This can lead to nicer, smaller JSON output for Caddyfiles like this:
a {
tls internal
}
b {
tls foo@bar.com
}
i.e. where the tls directive only configures automation policies, and
is merely meant to enable TLS on a server block (if it wasn't implied).
This helps keeps implicit config implicit.
Needs a little more testing to ensure it doesn't break anything
important.
|
|
* pki: Initial commit of embedded ACME server (#3021)
* reverseproxy: Support auto-managed TLS client certificates (#3021)
* A little cleanup after today's review session
|
|
Previously, matching by trying files other than the actual path of the
URI was:
file {
try_files <files...>
}
Now, the same can be done in one line:
file <files...>
As before, an empty file matcher:
file
still matches if the request URI exists as a file in the site root.
|
|
* reverse_proxy: Initial attempt at H2C transport/client support (#3218)
I have not tested this yet
* Experimentally enabling H2C server support (closes #3227)
See also #3218
I have not tested this
* reverseproxy: Clean up H2C transport a bit
* caddyhttp: Update godoc for h2c server; clarify experimental status
* caddyhttp: Fix trailers when recording responses (fixes #3236)
* caddyhttp: Tweak h2c config settings and docs
|
|
* caddyconfig: Only parse # as start of comment if preceded by space
* caddyconfig: Simplify # logic using len(val), add a test
|
|
* httpcaddyfile: Support single-line matchers
* httpcaddyfile: Add single-line matcher test
* httpcaddyfile: Add a matcher syntax adapt test
|
|
|