Age | Commit message (Collapse) | Author |
|
x/net 0.7.0 contains a security patch apparently.
|
|
* reverseproxy: Don't buffer chunked requests (fix #5366)
Mostly reverts 845bc4d50b437995d574819850206e4b3db4040d (#5289)
Adds warning for unsafe config.
Deprecates unsafe properties in favor of simpler, safer designed ones.
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Update modules/caddyhttp/reverseproxy/reverseproxy.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Update modules/caddyhttp/reverseproxy/reverseproxy.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Remove unused code
---------
Co-authored-by: Y.Horie <u5.horie@gmail.com>
|
|
* chore: Upgrade various dependencies
* Support CEL file matcher with no args
* Document `http.request.orig_uri.path.*`, reorder placeholders in docs
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* added some tests for parseUpstreamDialAddress
Test 4 fails because it produces "[[::1]]:80" instead of "[::1]:80"
* support absolute windows path in unix reverse proxy address
* make IsUnixNetwork public, support +h2c and reuse it
* add new tests
|
|
* log response size for websocket request
* record size when using hijack bufio.Writer
|
|
* caddyhttp: Pluggable trusted proxy IP range sources
* Add request to the IPRangeSource interface
|
|
|
|
* caddyauth: Add singleflight for basic auth
* Fixes #5338
* it occurred the thunder herd problem like this https://medium.com/@mhrlife/avoid-duplicate-requests-while-filling-cache-98c687879f59
* Update modules/caddyhttp/caddyauth/basicauth.go
Fix comment
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
Fixes https://github.com/caddyserver/caddy/issues/5346
|
|
Fixes https://github.com/caddyserver/caddy/issues/5349
|
|
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Fixes undefined
|
|
Fixes https://github.com/caddyserver/caddy/issues/5171
|
|
As of Tailscale 1.34.0 on Windows, Tailscale now uses a named pipe to
connect to the local tailscale service.
This pulls in tailscale/tscert#5 as reported in tailscale/tscert#4.
(Sorry, we should've noticed this earlier!)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
* cmd: Fix caddy fmt if input isn't formatted
* Fixes #5294
* return exit 1 with an error message
* cmd: Use formattingDifference for caddy fmt
* #5294
* expose caddyfile.formattingDifference
|
|
* httpcaddyfile: Change the parse rules when empty file or dotfile with a glob.
* Fixes #5295
* Empty file should just log a warning, and result in no tokens.
* The last segment of the path is '*', it should skip any dotfiles.
* The last segment of the path is '.*', it should read all dotfiles in a dir.
* httpcaddyfile: Regard empty files as import files which include only white space.
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
|
|
|
|
|
|
* Fixes #5236
* enable request body buffering in reverse proxy
when the request header has Transfer-Encoding: chunked
|
|
|
|
* reverseproxy: Set origreq in active health check
Fix #5281
* Oops; dereference Request
|
|
|
|
With placeholders
|
|
Attempt to fix logo that was appearing black in some browsers (perhaps due to CSP?).
Thanks to @IndeedNotJames for investigating! Hopefully this works.
|
|
Update logo and fix test result badge
|
|
|
|
|
|
|
|
* encode: respect Cache-Control HTTP header no-transform
* encode: switch to strings.Contains
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
* version: don't panic if read build info doesn't work
If `debug.ReadBuildInfo()` doesn't return the build information we
should not try to access it. Especially if users only want to build with
the `CustomVersion` we should not assume access to
`debug.ReadBuildInfo()`.
The build environment where this isn't available for me is when building
with bazel.
* exit early
|
|
* readme: white ZeroSSL text color in dark mode
* fix: keep `valign` for GitHub mobile app
|
|
|
|
And fix a comment typo
|
|
* acme_server: add certificate lifetime configuration option
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
* pki: allow intermediate cert lifetime to be configured
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
|
|
|
|
* If upstreams are all using same host but with different ports
ie:
foobar:4001
foobar:4002
foobar:4003
...
Because fnv-1a has not a good enough avalanche effect
Then the hostByHashing result is not well balanced over
all upstreams
As last byte FNV input tend to affect few bits, the idea is to change
the concatenation order between the key and the upstream strings
So the upstream last byte have more impact on hash diffusion
|