summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-05-19admin: Reinstate internal redirect for /id/ requestsMatthew Holt
Fix regression from ab80ff4fd2911afc394b9dbceeb9f71c7a0b7ec1 (probably a mistake when rebasing) See https://caddy.community/t/id-selector-is-not-working-after-upgrade-to-2-4-0/12513?u=matt
2021-05-11cmd: upgrade: inherit the permissions of the original executable (#4160)Mohammed Al Sahaf
2021-05-11httpcaddyfile: Fix automation policy consolidation again (fix #4161)Matthew Holt
Also fix a previous test that asserted incorrect behavior.
2021-05-10caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)Matthew Penner
* caddyfile(formatter): fix nesting not decrementing This is an extremely weird edge-case where if you had a environment variable {} on one line, a comment on the next line, and the closing of the block on the following line; the rest of the Caddyfile would be indented further than it should've been. ref; https://github.com/matthewpi/vscode-caddyfile-support/issues/13 * run gofmt * fmt: better way of handling edge case
2021-05-10encode: Drop `prefer` from Caddyfile (#4156)Francis Lavoie
Followup to #4150, #4151 /cc @ueffel @polarathene After a bit of discussion with @mholt, we decided to remove `prefer` as a subdirective and just go with using the order implicitly always. Simpler config, simpler docs, etc. Effectively changes 7776471 and reverts a small part of f35a7fa.
2021-05-10encode: Default to order the formats are enabled for `prefer` in Caddyfile ↵Francis Lavoie
(#4151)
2021-05-08caddytls: Run replacer on ask URL, for env vars (#4154)Francis Lavoie
Fixes #3922
2021-05-07httpcaddyfile: Add `grace_period` global option (#4152)Francis Lavoie
See https://caddyserver.com/docs/json/apps/http/#grace_period
2021-05-05caddyhttp: Fix fallback for the error handler chain (#4131)Francis Lavoie
* caddyhttp: Fix fallback for the error handler chain The fix I went with in the end (after realizing some mistaken assumptions in #4131) is to just make the routes fall back to errorEmptyHandler instead of the non-error empty handler, if Terminal is true, making the routes error-aware. Ultimately this was probably just an oversight when errors was implemented at some point in the early betas of v2. See https://caddy.community/t/problem-with-basicauth-handle-errors/12243/9 for context. * Revert "caddyhttp: Fix fallback for the error handler chain" This reverts commit 95b6ac44a6122d3ca5513a13bbc723cd5f4785f8. * caddyhttp: Fix via `routes.go`
2021-05-05reverseproxy: Minor logging improvementsMatthew Holt
2021-05-04fileserver: Fix `file` matcher with empty `try_files` (#4147)Francis Lavoie
* fileserver: Fix `file` matcher with empty `try_files` Fixes https://github.com/caddyserver/caddy/issues/4146 If `TryFiles` is empty, we fill it with `r.URL.Path`. In this case, this is `/`. Then later, in `prepareFilePath()`, we run the replacer (which turns `{path}` into `/` at that point) but `file` remains the original value (and the placeholder is still the placeholder there). So then `strings.HasSuffix(file, "/")` will be `false` for the placeholder, but `true` for the empty `TryFiles` codepath, because `file` was `/` due to being set to the actual request value beforehand. This means that `suffix` becomes `//` in that case, so after `sanitizedPathJoin`, it becomes `./`, so `strictFileExists`'s `strings.HasSuffix(file, separator)` codepath will return true. I think we should change the `m.TryFiles == nil` codepath to `m.TryFiles = []string{"{http.request.uri.path}"}` for consistency. (And maybe consider hoisting this to `Provision` cause there's no point doing this on every request). I don't think this "optimization" of directly using `r.URL.Path` is so valuable, cause it causes this edgecase with directories. * Update modules/caddyhttp/fileserver/matcher.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-03go.mod: CertMagic v0.13.1Matthew Holt
2021-05-02reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)Francis Lavoie
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé <btik-git@scoubidou.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-02cmd: Add --envfile flag to `start` command (#4141)Jesse
* add envfile in start cmd * fix commandfuncs * fix commandfuncs * fix cmdStart envfile from bool to string Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-05-02httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)Francis Lavoie
2021-05-02httpcaddyfile: Add global option for `storage_clean_interval` (#4134)Francis Lavoie
Followup to https://github.com/caddyserver/caddy/commit/42b7134ffa3bf3e9e86514c82407979c2627a5ab
2021-05-02caddyhttp: performance improvement in HeaderRE Matcher (#4143)Calvin Xiao
Below is the report using `benchstat` and cmd: `go test -run=BenchmarkHeaderREMatcher -bench=BenchmarkHeaderREMatcher -benchmem -count=10` ``` name old time/op new time/op delta HeaderREMatcher-16 869ns ± 1% 658ns ± 0% -24.29% (p=0.000 n=10+10) name old alloc/op new alloc/op delta HeaderREMatcher-16 144B ± 0% 112B ± 0% -22.22% (p=0.000 n=10+10) name old allocs/op new allocs/op delta HeaderREMatcher-16 7.00 ± 0% 5.00 ± 0% -28.57% (p=0.000 n=10+10) ```
2021-04-30fileserver: Share template logic for both `templates` and `file_server ↵Jason Du
browse` (#4093) Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2021-04-30caddytls: Implement remote IP connection matcher (#4123)Matt Holt
* caddytls: Implement remote IP connection matcher * Implement IP range negation If both Ranges and NotRanges are specified, both must match.
2021-04-29httpcaddyfile: Fix unexpectedly removed policy (#4128)Alban Lecocq
* httpcaddyfile: Fix unexpectedly removed policy When user set on_demand tls option in a catch-all (:443) policy, we expect other policies to not have the on_demand enabled See ex in tls_automation_policies_5.txt Btw, we can remove policies if they are **all** empty. * Update caddyconfig/httpcaddyfile/tlsapp.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-04-29reverseproxy: fix hash selection policy (#4137)Simão Gomes Viana
* caddyhttp: reverseproxy: fix hash selection policy Fixes: #4135 Test: go test './...' -count=1 * caddyhttp: reverseproxy: add test to catch #4135 If you revert the last commit, the test will fail.
2021-04-29fileserver: Better handling of HTTP status override (#4132)Francis Lavoie
2021-04-22caddyfile: Fix `import` replacing unrelated placeholders (#4129)Francis Lavoie
* caddyfile: Fix `import` replacing unrelated placeholders See https://caddy.community/t/snippet-issue-works-outside-snippet/12231 So it turns out that `NewReplacer()` gives a replacer with some global defaults (like `{env.*}` and some system and time placeholders), which is not ideal when running `import` because we just want to replace `{args.*}` only, and nothing else. * caddyfile: Add test
2021-04-21caddytls: Add `load_storage` module (#4055)Francis Lavoie
An idea that came up in https://caddy.community/t/save-internally-issued-wildcard-certificate-in-consul/11740, this a simple module that might be useful for anyone who uses storage modules that aren't filesystem, to let them load certs/keys externally issued for use by Caddy. Bit goofy, since we need to fetch the certmagic.Storage during provisioning, it needs a wrapping struct instead of just being an array like `load_files`. Future work might involve adding Caddyfile support via a subdirective of the `tls` directive maybe?
2021-04-21reverseproxy: Admin endpoint for reporting upstream statuses (#4125)Francis Lavoie
2021-04-19caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)Francis Lavoie
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs * caddyhttp: Add integration test
2021-04-16httpcaddyfile: Take into account host scheme/port (fix #4113)Matthew Holt
2021-04-15fuzz: fix the FuzzFormat comparison (#4117)Mohammed Al Sahaf
2021-04-12caddytls: Disable OCSP stapling for manual certs (#4064)Matthew Holt
2021-04-12caddytls: Configurable storage clean intervalMatthew Holt
Can drastically reduce costs on storage backends where scans are expensive. Also reduced default interval to 24h. See https://github.com/silinternational/certmagic-storage-dynamodb/issues/18
2021-04-09caddyfile: reject cyclic imports (#4022)Mohammed Al Sahaf
* caddyfile: reject recursive self-imports * caddyfile: detect and reject cyclic imports of snippets and files * caddyfile: do not be stickler about connected nodes not being connected already * caddyfile: include missing test artifacts of cyclic imports * address review comments
2021-04-08ci: fuzz: add 4 more fuzzing targets (#4105)Mohammed Al Sahaf
2021-04-08fileserver: Add status code override (#4076)Francis Lavoie
After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file. This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins).
2021-04-05notify: Send all sd_notify signals from main caddy process (#4060)Carl George
Initial sd_notify support was added in #3963, but that sent signals from both cmdRun and cmdReload. This approach has two drawbacks: - Reloads initiated via the API do not send signals. - The signals are sent from different processes, which requires the `NotifyAccess=exec` directive in the unit file. This change moves the NotifyReloading and NotifyReadiness invocations to Load, which address both of those drawbacks. It also adds a complimentary NotifyStopping method which is invoked from handleStop. All the notify methods are defined in a notify package to avoid an import loop.
2021-04-05go.mod: Update quic-go to v0.20.1 (#4075)Marten Seemann
2021-04-02httpcaddyfile: Fix panic in automation policy consolidation (#4104)Francis Lavoie
* httpcaddyfile: Add reproduce test * httpcaddyfile: Don't allow `i` to go below zero
2021-04-02caddyfile: Normalize line endings before comparing fmt result (#4103)Francis Lavoie
2021-04-01ci: accommodate go1.16 changes to go mod (#4102)Mohammed Al Sahaf
As of go1.16, the `go` commands will no longer make automatic changes to go.{mod,sum} files (see: https://blog.golang.org/go116-module-changes). This broke the release script which relied on `go mod download` and/or `go build` to automatically generate the go.sum file. This commit explicitly invokes `go mod tidy` to have the go.sum file generated.
2021-04-01Minor tweaksMatthew Holt
2021-04-01go.mod: Use latest CertMagicMatthew Holt
2021-04-01Use 600 instead of 644 for UUID fileMatthew Holt
Are you happy, linter?
2021-03-30Change os to ioutil for nowMatthew Holt
My editor automatically changed ioutil.ReadFile() to os.ReadFile() in accordance with Go 1.16 changes. I didn't notice this until pushing. But we still have to support Go 1.15 for a little while.
2021-03-30reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)Dimitri Masson
2021-03-30caddy: Add InstanceID() methodMatthew Holt
Caddy can now generate and persist its own instance ID, a UUID that is stored in the data directory. This makes it possible to differentiate it from other instances in a cluster.
2021-03-29encode,staticfiles: Content negotiation, precompressed files (#4045)Steffen Brüheim
* encode: implement prefer setting * encode: minimum_length configurable via caddyfile * encode: configurable content-types which to encode * file_server: support precompressed files * encode: use ReponseMatcher for conditional encoding of content * linting error & documentation of encode.PrecompressedOrder * encode: allow just one response matcher also change the namespace of the encoders back, I accidently changed to precompressed >.> default matchers include a * to match to any charset, that may be appended * rounding of the PR * added integration tests for new caddyfile directives * improved various doc strings (punctuation and typos) * added json tag for file_server precompress order and encode matcher * file_server: add vary header, remove accept-ranges when serving precompressed files * encode: move Suffix implementation to precompressed modules
2021-03-29reverseproxy: Implement health_uri, deprecate health_path, supports query ↵Francis Lavoie
(#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2021-03-29caddyhttp: improve grammar of comment for AllowH2C (#4072)Simão Gomes Viana
2021-03-29sigtrap_posix: add missing comma to SIGTERM info (#4078)Simão Gomes Viana
Was missing a comma, so added it
2021-03-29cmd: Use formatted logger for config adapter warnings (#4080)Francis Lavoie