summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-02expose caddytest timeouts (#3329)Mark Sargent
2020-05-01httpcaddyfile: Update tls parsing for DNS providersMatthew Holt
2020-05-01httpcaddyfile: Minor fixes to parsing storage optionsMatthew Holt
2020-04-30go.mod: Remove DNSProviderMaker interface; update to lego 3.6Matthew Holt
2020-04-30caddytls: Adjust DNS challenge structure; clarify some docsMatthew Holt
2020-04-28caddyhttp: Better duration loggingMatthew Holt
Also un-nest all the error handling, that was unnecessary indentation
2020-04-28caddyhttp: General improvements to access logging (#3301)Matt Holt
* httpcaddyfile: Exclude access logs written to files from default log Even though any logs can just be ignored, most users don't seem to like configuring an access log to go to a file only to have it doubly appear in the default log. Related to: - #3294 - https://caddy.community/t/v2-logging-format/7642/4?u=matt - https://caddy.community/t/caddyfile-questions/7651/3?u=matt * caddyhttp: General improvements to access log controls (fixes #3310) * caddyhttp: Move log config nil check higher * Rename LoggerName -> DefaultLoggerName
2020-04-27cmd: Clean up, simplify reverse proxy command; fix some edge casesMatthew Holt
Now we take advantage of the address parsing capabilities of the HTTP caddyfile.
2020-04-27Minor comment fixMatthew Holt
2020-04-27caddyhttp: Add split_path to file matcher (used by php_fastcgi) (#3302)Francis Lavoie
* matcher: Add `split_path` option to file matcher; used in php_fastcgi * matcher: Skip try_files split if not the final part of the filename * matcher: Add MatchFile tests * matcher: Clarify SplitPath godoc
2020-04-26caddyhttp: Fix listener overlap detection on LinuxMatthew Holt
Sigh, apparently Linux is incapable of distinguishing host interfaces in socket addresses, even though it works fine on Mac. I suppose we just have to assume that any listeners with the same port are the same address, completely ignoring the host interface on Linux... oh well.
2020-04-26ci: Enable GoReleaser .deb support (#3309)Francis Lavoie
* ci: Enable GoReleaser .deb support * ci: Test .deb build * ci: Fix typo * ci: Turn off snapshot (breaks due to go mod edit) * ci: Force the tag to rc3 for now * ci: Let's try to publish the .debs * ci: Attempt to enable build cache, rebuild after fixed line endings * ci: Fix yml dupe ID issue, add caddy-api.service * ci: Split cache keys between files so they're separate * ci: Fix bindir * ci: Update the script files * ci: Retrigger * ci: Push to gemfury * ci: Use loop, fix bad env var * ci: Retrigger * ci: Try to force blank password? * ci: Check if the token is actually present * ci: Cleanup, remove debugging stuff * ci: Remove useless comment
2020-04-27refactored caddytest helpers (#3285)Mark Sargent
* refactored caddytest helpers * added cookie jar support. Added support for more http verbs
2020-04-25Fix misspelling in onDemandAskRequest error (#3308)Christoffer Andersson
2020-04-24docs: Improve template documentation slightly; use const, not literalMatthew Holt
2020-04-24httpcaddyfile: Add nil check to prevent panic, fix validation logicMatthew Holt
Panic would happen if an automation policy was specified in a singular server block that had no hostnames in its address. Definitely an edge case. Fixed a bug related to checking for server blocks with a host-less key that tried to make an automation policy. Previously if you had only two server blocks like ":443" and another one at ":80", the one at ":443" could not create a TLS automation policy because it thought it would interfere with TLS automation for the block at ":80", but obviously that key doesn't enable TLS because it is on the HTTP port. So now we are a little smarter and count only non-HTTP-empty-hostname keys. Also fixed a bug so that a key like "https://:1234" is sure to have TLS enabled by giving it a TLS connection policy. (Relaxed conditions slightly; the previous conditions were too strict, requiring there to be a TLS conn policy already or a default SNI to be non-empty.) Also clarified a comment thanks to feedback from @Mohammed90
2020-04-24dangit, of course I would bork my git commitMatthew Holt
2020-04-24caddyhttp: Fix auto redirects for catch-all HTTPS sitesMatthew Holt
Prior logic was not setting up redirects for the case when domain names are not known, but the server still clearly has TLS enabled.
2020-04-22reverseproxy: Don't forget to provision embedded headers handlerMatthew Holt
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
2020-04-22caddyhttp: Fix trailers when recording responses (fixes #3236)Matthew Holt
2020-04-22httpcaddyfile: Why was this code repeated??Matthew Holt
2020-04-22caddyhttp: Fix common_log format's user ID placeholder (#3300)Francis Lavoie
2020-04-21reverseproxy: always set req.URL.Host with upstream (#3297)westwin
2020-04-21docs: Minor improvementsMatthew Holt
2020-04-20ci: fuzz: remove the fuzzer of the Caddyfile parser (#3288)Mohammed Al Sahaf
2020-04-19readme: Fix broken links (#3283)Francis Lavoie
Credit to @kanagawa41 for spotting these! Fixes #3282
2020-04-17doc: Improve commentMatthew Holt
2020-04-17ci: Cache the GOCACHE directory to speed up builds and tests (#3273)Francis Lavoie
* ci: Let's see if caching GOCACHE helps... * ci: Use GOCACHE env instead (fixes windows), remove build -a * ci: Hack to pull the GOCACHE env up to CI vars * ci: Change cache key (mainly to wipe cache now)
2020-04-17reverseproxy: Set X-Forwarded-Proto (closes #3275) (#3276)Matt Holt
2020-04-16docs: Pull contributing document from v1 branch (#3270)Francis Lavoie
* docs: Pull contributing document from v1 branch * Update .github/CONTRIBUTING.md Co-Authored-By: Matt Holt <mholt@users.noreply.github.com> * docs: [Responsible -> Coordinated] Disclosure * docs: Link to the new security policy page Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-04-16Add security policyMatthew Holt
2020-04-16admin: Close admin endpoint when shutting down (fixes #3269)Matthew Holt
2020-04-16admin: Disable host checking if wildcard interface is specifiedMatthew Holt
To clarify, listening on wildcard interfaces is NOT the default and should only be done under certain circumstances and when you know what you're doing. Emits a warning in the log. Fixes https://github.com/caddyserver/caddy-docker/issues/71
2020-04-14httpcaddyfile: Don't lowercase placeholder contents (fixes #3264)Matthew Holt
2020-04-14go.mod: Update dependencies including CertMagic (fixes #3202)Matthew Holt
2020-04-13core: Don't return error on RegisterModule() and RegisterAdapter()Matthew Holt
These functions are called at init-time, and their inputs are hard-coded so there are no environmental or user factors that could make it fail or succeed; the error return values are often ignored, and when they're not, they are usually a fatal error anyway. To ensure that a programmer mistake is not missed, we now panic instead. Last breaking change 🤞
2020-04-11Fix some godocsMatthew Holt
2020-04-10admin: Always enforce Host header checksMatthew Holt
With a simple heuristic for loopback addresses, we can enable this by default without adding unnecessary inconvenience.
2020-04-10Update link in readmeMatthew Holt
2020-04-10tests: Clean up redundant type declarationsMatthew Holt
2020-04-10httpcaddyfile: Don't remove empty TLS conn policies (fix #3249)Matthew Holt
Not sure why I thought that would be a good idea
2020-04-10caddyhttp: Add nil check (fixes #3248 and fixes #3250)Matthew Holt
2020-04-10Update readmeMatthew Holt
2020-04-09reverseproxy: Minor tweaksMatthew Holt
We'll need that context in v2.1 when the transport can manage its own client certificates; see #3198
2020-04-09caddytls: Don't initialize default internal issuer unless necessaryMatthew Holt
Otherwise, a password prompt can occur unnecessarily.
2020-04-09logging: Colorize output in all cases of stdout/stderrMatthew Holt
2020-04-09caddytls: Fix for TLS conn policy being applied to HTTP-only servers (#3243)Matt Holt
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223) * Account for HTTP port * Add integration test written by @sarge
2020-04-09go.mod: Update certmagicMatthew Holt
2020-04-09go.mod: Try smallstep againMatthew Holt
See if the broken dependency cycle has been... well, broken
2020-04-09go.mod: Update smallstep/cliMatthew Holt