Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
Also un-nest all the error handling, that was unnecessary indentation
|
|
* httpcaddyfile: Exclude access logs written to files from default log
Even though any logs can just be ignored, most users don't seem to like
configuring an access log to go to a file only to have it doubly appear
in the default log.
Related to:
- #3294
- https://caddy.community/t/v2-logging-format/7642/4?u=matt
- https://caddy.community/t/caddyfile-questions/7651/3?u=matt
* caddyhttp: General improvements to access log controls (fixes #3310)
* caddyhttp: Move log config nil check higher
* Rename LoggerName -> DefaultLoggerName
|
|
Now we take advantage of the address parsing capabilities of the HTTP
caddyfile.
|
|
|
|
* matcher: Add `split_path` option to file matcher; used in php_fastcgi
* matcher: Skip try_files split if not the final part of the filename
* matcher: Add MatchFile tests
* matcher: Clarify SplitPath godoc
|
|
Sigh, apparently Linux is incapable of distinguishing host interfaces
in socket addresses, even though it works fine on Mac. I suppose we just
have to assume that any listeners with the same port are the same
address, completely ignoring the host interface on Linux... oh well.
|
|
* ci: Enable GoReleaser .deb support
* ci: Test .deb build
* ci: Fix typo
* ci: Turn off snapshot (breaks due to go mod edit)
* ci: Force the tag to rc3 for now
* ci: Let's try to publish the .debs
* ci: Attempt to enable build cache, rebuild after fixed line endings
* ci: Fix yml dupe ID issue, add caddy-api.service
* ci: Split cache keys between files so they're separate
* ci: Fix bindir
* ci: Update the script files
* ci: Retrigger
* ci: Push to gemfury
* ci: Use loop, fix bad env var
* ci: Retrigger
* ci: Try to force blank password?
* ci: Check if the token is actually present
* ci: Cleanup, remove debugging stuff
* ci: Remove useless comment
|
|
* refactored caddytest helpers
* added cookie jar support. Added support for more http verbs
|
|
|
|
|
|
Panic would happen if an automation policy was specified in a singular
server block that had no hostnames in its address. Definitely an edge
case.
Fixed a bug related to checking for server blocks with a host-less key
that tried to make an automation policy. Previously if you had only two
server blocks like ":443" and another one at ":80", the one at ":443"
could not create a TLS automation policy because it thought it would
interfere with TLS automation for the block at ":80", but obviously that
key doesn't enable TLS because it is on the HTTP port. So now we are a
little smarter and count only non-HTTP-empty-hostname keys.
Also fixed a bug so that a key like "https://:1234" is sure to have TLS
enabled by giving it a TLS connection policy. (Relaxed conditions
slightly; the previous conditions were too strict, requiring there to be
a TLS conn policy already or a default SNI to be non-empty.)
Also clarified a comment thanks to feedback from @Mohammed90
|
|
|
|
Prior logic was not setting up redirects for the case when domain names
are not known, but the server still clearly has TLS enabled.
|
|
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Credit to @kanagawa41 for spotting these!
Fixes #3282
|
|
|
|
* ci: Let's see if caching GOCACHE helps...
* ci: Use GOCACHE env instead (fixes windows), remove build -a
* ci: Hack to pull the GOCACHE env up to CI vars
* ci: Change cache key (mainly to wipe cache now)
|
|
|
|
* docs: Pull contributing document from v1 branch
* Update .github/CONTRIBUTING.md
Co-Authored-By: Matt Holt <mholt@users.noreply.github.com>
* docs: [Responsible -> Coordinated] Disclosure
* docs: Link to the new security policy page
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
To clarify, listening on wildcard interfaces is NOT the default and
should only be done under certain circumstances and when you know
what you're doing. Emits a warning in the log.
Fixes https://github.com/caddyserver/caddy-docker/issues/71
|
|
|
|
|
|
These functions are called at init-time, and their inputs are hard-coded
so there are no environmental or user factors that could make it fail
or succeed; the error return values are often ignored, and when they're
not, they are usually a fatal error anyway. To ensure that a programmer
mistake is not missed, we now panic instead.
Last breaking change 🤞
|
|
|
|
With a simple heuristic for loopback addresses, we can enable this by
default without adding unnecessary inconvenience.
|
|
|
|
|
|
Not sure why I thought that would be a good idea
|
|
|
|
|
|
We'll need that context in v2.1 when the transport can manage its own
client certificates; see #3198
|
|
Otherwise, a password prompt can occur unnecessarily.
|
|
|
|
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223)
* Account for HTTP port
* Add integration test written by @sarge
|
|
|
|
See if the broken dependency cycle has been... well, broken
|
|
|