Age | Commit message (Collapse) | Author |
|
* ci: add tests on s390x and ppc64le
* ci: use Travis as CI for ppc64le and s390x
* ci: cache Go builds on Travis
* ci: avoid Travis duplicate builds
|
|
Until we finish the migration to the new acme library, we have to bring
the solver type in-house. It's small and temporary.
|
|
Coulda sworn I did this already but I think I messed up my git commands
|
|
Moving to https://github.com/caddyserver/circuitbreaker
Nobody was using it anyway -- it works well, but something got fumbled
in a refactoring *months* ago. Turns out that we forgot the interface
guards AND botched a method name (my bad) - Ok() should have been OK().
So it would always have thrown a runtime panic if it tried to be loaded.
The module itself works well, but obviously nobody used it because
nobody reported the error. Fixing this while we move it to the new repo.
Removing this removes the last Bazaar/Launchpad dependency (I think).
|
|
|
|
|
|
|
|
|
|
|
|
Also un-nest all the error handling, that was unnecessary indentation
|
|
* httpcaddyfile: Exclude access logs written to files from default log
Even though any logs can just be ignored, most users don't seem to like
configuring an access log to go to a file only to have it doubly appear
in the default log.
Related to:
- #3294
- https://caddy.community/t/v2-logging-format/7642/4?u=matt
- https://caddy.community/t/caddyfile-questions/7651/3?u=matt
* caddyhttp: General improvements to access log controls (fixes #3310)
* caddyhttp: Move log config nil check higher
* Rename LoggerName -> DefaultLoggerName
|
|
Now we take advantage of the address parsing capabilities of the HTTP
caddyfile.
|
|
|
|
* matcher: Add `split_path` option to file matcher; used in php_fastcgi
* matcher: Skip try_files split if not the final part of the filename
* matcher: Add MatchFile tests
* matcher: Clarify SplitPath godoc
|
|
Sigh, apparently Linux is incapable of distinguishing host interfaces
in socket addresses, even though it works fine on Mac. I suppose we just
have to assume that any listeners with the same port are the same
address, completely ignoring the host interface on Linux... oh well.
|
|
* ci: Enable GoReleaser .deb support
* ci: Test .deb build
* ci: Fix typo
* ci: Turn off snapshot (breaks due to go mod edit)
* ci: Force the tag to rc3 for now
* ci: Let's try to publish the .debs
* ci: Attempt to enable build cache, rebuild after fixed line endings
* ci: Fix yml dupe ID issue, add caddy-api.service
* ci: Split cache keys between files so they're separate
* ci: Fix bindir
* ci: Update the script files
* ci: Retrigger
* ci: Push to gemfury
* ci: Use loop, fix bad env var
* ci: Retrigger
* ci: Try to force blank password?
* ci: Check if the token is actually present
* ci: Cleanup, remove debugging stuff
* ci: Remove useless comment
|
|
* refactored caddytest helpers
* added cookie jar support. Added support for more http verbs
|
|
|
|
|
|
Panic would happen if an automation policy was specified in a singular
server block that had no hostnames in its address. Definitely an edge
case.
Fixed a bug related to checking for server blocks with a host-less key
that tried to make an automation policy. Previously if you had only two
server blocks like ":443" and another one at ":80", the one at ":443"
could not create a TLS automation policy because it thought it would
interfere with TLS automation for the block at ":80", but obviously that
key doesn't enable TLS because it is on the HTTP port. So now we are a
little smarter and count only non-HTTP-empty-hostname keys.
Also fixed a bug so that a key like "https://:1234" is sure to have TLS
enabled by giving it a TLS connection policy. (Relaxed conditions
slightly; the previous conditions were too strict, requiring there to be
a TLS conn policy already or a default SNI to be non-empty.)
Also clarified a comment thanks to feedback from @Mohammed90
|
|
|
|
Prior logic was not setting up redirects for the case when domain names
are not known, but the server still clearly has TLS enabled.
|
|
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Credit to @kanagawa41 for spotting these!
Fixes #3282
|
|
|
|
* ci: Let's see if caching GOCACHE helps...
* ci: Use GOCACHE env instead (fixes windows), remove build -a
* ci: Hack to pull the GOCACHE env up to CI vars
* ci: Change cache key (mainly to wipe cache now)
|
|
|
|
* docs: Pull contributing document from v1 branch
* Update .github/CONTRIBUTING.md
Co-Authored-By: Matt Holt <mholt@users.noreply.github.com>
* docs: [Responsible -> Coordinated] Disclosure
* docs: Link to the new security policy page
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
To clarify, listening on wildcard interfaces is NOT the default and
should only be done under certain circumstances and when you know
what you're doing. Emits a warning in the log.
Fixes https://github.com/caddyserver/caddy-docker/issues/71
|
|
|
|
|
|
These functions are called at init-time, and their inputs are hard-coded
so there are no environmental or user factors that could make it fail
or succeed; the error return values are often ignored, and when they're
not, they are usually a fatal error anyway. To ensure that a programmer
mistake is not missed, we now panic instead.
Last breaking change 🤞
|
|
|
|
With a simple heuristic for loopback addresses, we can enable this by
default without adding unnecessary inconvenience.
|
|
|
|
|
|
Not sure why I thought that would be a good idea
|
|
|
|
|
|
We'll need that context in v2.1 when the transport can manage its own
client certificates; see #3198
|
|
Otherwise, a password prompt can occur unnecessarily.
|
|
|