summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-16docs: Pull contributing document from v1 branch (#3270)Francis Lavoie
* docs: Pull contributing document from v1 branch * Update .github/CONTRIBUTING.md Co-Authored-By: Matt Holt <mholt@users.noreply.github.com> * docs: [Responsible -> Coordinated] Disclosure * docs: Link to the new security policy page Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-04-16Add security policyMatthew Holt
2020-04-16admin: Close admin endpoint when shutting down (fixes #3269)Matthew Holt
2020-04-16admin: Disable host checking if wildcard interface is specifiedMatthew Holt
To clarify, listening on wildcard interfaces is NOT the default and should only be done under certain circumstances and when you know what you're doing. Emits a warning in the log. Fixes https://github.com/caddyserver/caddy-docker/issues/71
2020-04-14httpcaddyfile: Don't lowercase placeholder contents (fixes #3264)Matthew Holt
2020-04-14go.mod: Update dependencies including CertMagic (fixes #3202)Matthew Holt
2020-04-13core: Don't return error on RegisterModule() and RegisterAdapter()Matthew Holt
These functions are called at init-time, and their inputs are hard-coded so there are no environmental or user factors that could make it fail or succeed; the error return values are often ignored, and when they're not, they are usually a fatal error anyway. To ensure that a programmer mistake is not missed, we now panic instead. Last breaking change 🤞
2020-04-11Fix some godocsMatthew Holt
2020-04-10admin: Always enforce Host header checksMatthew Holt
With a simple heuristic for loopback addresses, we can enable this by default without adding unnecessary inconvenience.
2020-04-10Update link in readmeMatthew Holt
2020-04-10tests: Clean up redundant type declarationsMatthew Holt
2020-04-10httpcaddyfile: Don't remove empty TLS conn policies (fix #3249)Matthew Holt
Not sure why I thought that would be a good idea
2020-04-10caddyhttp: Add nil check (fixes #3248 and fixes #3250)Matthew Holt
2020-04-10Update readmeMatthew Holt
2020-04-09reverseproxy: Minor tweaksMatthew Holt
We'll need that context in v2.1 when the transport can manage its own client certificates; see #3198
2020-04-09caddytls: Don't initialize default internal issuer unless necessaryMatthew Holt
Otherwise, a password prompt can occur unnecessarily.
2020-04-09logging: Colorize output in all cases of stdout/stderrMatthew Holt
2020-04-09caddytls: Fix for TLS conn policy being applied to HTTP-only servers (#3243)Matt Holt
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223) * Account for HTTP port * Add integration test written by @sarge
2020-04-09go.mod: Update certmagicMatthew Holt
2020-04-09go.mod: Try smallstep againMatthew Holt
See if the broken dependency cycle has been... well, broken
2020-04-09go.mod: Update smallstep/cliMatthew Holt
2020-04-09go.mod: Update dependenciesMatthew Holt
Should fix the builds with GOPROXY=direct!
2020-04-08caddyhttp: CEL matcher checks return type; slight refactorMatthew Holt
As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414
2020-04-08chore: make the linter happier (#3245)Mohammed Al Sahaf
* chore: make the linter happier * chore: remove reference to maligned linter in .golangci.yml
2020-04-08httpcaddyfile, caddytls: Multiple edge case fixes; add testsMatthew Holt
- Create two default automation policies; if the TLS app is used in isolation with the 'automate' certificate loader, it will now use an internal issuer for internal-only names, and an ACME issuer for all other names by default. - If the HTTP Caddyfile adds an 'automate' loader, it now also adds an automation policy for any names in that loader that do not qualify for public certificates so that they will be issued internally. (It might be nice if this wasn't necessary, but the alternative is to either make auto-HTTPS logic way more complex by scanning the names in the 'automate' loader, or to have an automation policy without an issuer switch between default issuer based on the name being issued a certificate - I think I like the latter option better, right now we do something kind of like that but at a level above each individual automation policies, we do that switch only when no automation policies match, rather than when a policy without an issuer does match.) - Set the default LoggerName rather than a LoggerNames with an empty host value, which is now taken literally rather than as a catch-all. - hostsFromKeys, the function that gets a list of hosts from server block keys, no longer returns an empty string in its resulting slice, ever.
2020-04-08caddyhttp: Fix logging name associations by adding a defaultMatthew Holt
2020-04-08logging: Only colorize console outputMatthew Holt
2020-04-08httpcaddyfile: Add key_type global option (#3231)Francis Lavoie
2020-04-08cel: Leverage DefaultAdapter to extend CEL's type systemMatthew Holt
Thanks to @TristonianJones for the tip! https://github.com/caddyserver/caddy/commit/105acfa08664c97460a6fe3fb49635618be5bcb2#r38358983
2020-04-08caddyhttp: Return port placeholders as intsMatthew Holt
2020-04-07basicauth: Re-prompt after invalid credentials (fix #3239) (#3240)Matt Holt
2020-04-07templates: Update docsMatthew Holt
2020-04-07templates: Add env function (closes #3237)Matthew Holt
2020-04-07Merge branch 'remove-ntlm'Matthew Holt
2020-04-07reverseproxy: Remove NTLM transport; refactor and improve docsMatthew Holt
2020-04-07core: Rename ParsedAddress -> NetworkAddressMatthew Holt
2020-04-06docs: Clarify "not" matcher structure (see #3233)Matthew Holt
2020-04-06caddyhttp: Add missing LB policy Caddyfile unmarshalers (#3230)Francis Lavoie
2020-04-06caddyhttp: Strictly forbid unnecessary blocks on matchers (#3229)Francis Lavoie
2020-04-06caddyhttp: Support single-line not matcher (#3228)Francis Lavoie
* caddyhttp: Support single-line not matcher shortcut * caddyhttp: Some tests, I guess
2020-04-06templates: Use text/template; add experimental notice to docsMatthew Holt
Using html/template.HTML like we were doing before caused nested include to be HTML-escaped, which breaks sites. Now we do not escape any of the output; template input is usually trusted, and if it's not, users should employ escaping actions within their templates to keep it safe. The docs already said this.
2020-04-06httpcaddyfile: Carry bind setting through to ACME issuer (fixes #3232)Matthew Holt
2020-04-06caddytls: Support custom bind host for challenges (#3232)Matthew Holt
2020-04-06tests: Remove noisy logsMatthew Holt
2020-04-04ci: Tweak commit prefixes to ignoreMatthew Holt
2020-04-04cmd: Log warning if --resume and --config used togetherMatthew Holt
There's nothing actually risky/dangerous in this situation, it's mostly an attempt to get the user's attention
2020-04-03chore: add adapt tests. fix load failure not failing tests (#3222)Mark Sargent
* add adaption tests. fix load failure not failing tests * removed unnecessary assignment
2020-04-03httpcaddyfile: Yield cleaner JSON when conn policy or log name is emptyMatthew Holt
2020-04-03go.mod: Update CertMagic (again) v0.10.10Matthew Holt
2020-04-03go.mod: Use latest Certmagic (v0.10.9)Matthew Holt