summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-06-20reverseproxy: Skip TLS for certain configured ports (#4843)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-20go.mod: Update some dependenciesMatthew Holt
2022-06-16forwardauth: Support renaming copied headers, block support (#4783)Francis Lavoie
2022-06-15Add comment about xcaddy to mainMatthew Holt
2022-06-15headers: Support wildcards for delete ops (close #4830) (#4831)Matt Holt
2022-06-14reverseproxy: Dynamic ServerName for TLS upstreams (#4836)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-14reverseproxy: Make TLS renegotiation optionalMatthew Holt
2022-06-10reverseproxy: Add renegotiation param in TLS client (#4784)Yaacov Akiba Slama
* Add renegotiation option in reverseproxy tls client * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-08caddyhttp: Log error from CEL evaluation (fix #4832)Matthew Holt
2022-06-06reverseproxy: Correct the `tls_server_name` docs (#4827)Francis Lavoie
* reverseproxy: Correct the `tls_server_name` docs * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-03reverseproxy: HTTP 504 for upstream timeouts (#4824)Matt Holt
Closes #4823
2022-06-02caddytls: Make peer certificate verification pluggable (#4389)Gr33nbl00d
* caddytls: Adding ClientCertValidator for custom client cert validations * caddytls: Cleanups for ClientCertValidator changes caddytls: Cleanups for ClientCertValidator changes * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Unexported field Validators, corrected renaming of LeafVerificationValidator to LeafCertClientAuth * admin: Write proper status on invalid requests (#4569) (fix #4561) * Apply suggestions from code review * Register module; fix compilation * Add log for deprecation notice Co-authored-by: Roettges Florian <roettges.florian@scheidt-bachmann.de> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Alok Naushad <alokme123@gmail.com>
2022-06-02reverseproxy: api: Remove misleading 'healthy' valueMatthew Holt
In v2.5.0, upstream health was fixed such that whether an upstream is considered healthy or not is mostly up to each individual handler's config. Since "healthy" is an opinion, it is not a global value. I unintentionally left in the "healthy" field in the API endpoint for checking upstreams, and it is now misleading (see #4792). However, num_requests and fails remains, so health can be determined by the API client, rather than having it be opaquely (and unhelpfully) determined for the client. If we do restore this value later on, it'd need to be replicated once per reverse_proxy handler according to their individual configs.
2022-06-01go.mod: Update go-yaml to v3Matthew Holt
2022-06-01Fix #4822 and fix #4779Matthew Holt
The fix for 4822 is the change at the top of the file, and 4779's fix is toward the bottom of the file.
2022-05-29reverseproxy: Add --internal-certs CLI flag #3589 (#4817)Alexander M
added flag --internal-certs when set, for non-local domains the internal CA will be used for cert generation
2022-05-25ci: Fix build caching on Windows (#4811)Francis Lavoie
* ci: Fix build caching on Windows I was getting tired of Windows being slow as molasses in our CI jobs, so I went to look at our trusty source of github actions + golang information, and found a somewhat recent commit that actually fixed it. See https://github.com/mvdan/github-actions-golang/commit/4b754729baa709da219a5889c459010d4eda1888 I'll do a 2nd empty commit to re-trigger CI shortly to confirm that it actually fixes it. * Retrigger CI
2022-05-24templates: Add `humanize` function (#4767)Aleks
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-05-24core: Micro-optim in run() (#4810)Kévin Dunglas
2022-05-24go.mod: Upgrade some dependenciesMatthew Holt
2022-05-24httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)Francis Lavoie
2022-05-17templates: Documentation consistency (#4796)David Larlet
2022-05-12chore: Bump quic-go to v0.27.0 (#4782)世界
2022-05-10reverseproxy: Support http1.1>h2c (close #4777) (#4778)Matt Holt
2022-05-09rewrite: Handle fragment before query (fix #4775)Matthew Holt
2022-05-08httpcaddyfile: Support multiple values for `default_bind` (#4774)Francis Lavoie
* httpcaddyfile: Support multiple values for `default_bind` * Fix ordering of server blocks
2022-05-06map: Prevent output destinations overlap with Caddyfile shorthands (#4657)Francis Lavoie
2022-05-06reverseproxy: Support performing pre-check requests (#4739)Francis Lavoie
2022-05-04caddyfile: Shortcut for `remote_ip` for private IP ranges (#4753)Francis Lavoie
2022-05-04reverseproxy: Permit resolver addresses to not specify a port (#4760)Francis Lavoie
Context: https://caddy.community/t/caddy-2-5-dynamic-upstreams-and-consul-srv-dns/15839 I realized it probably makes sense to allow `:53` to be omitted, since it's the default port for DNS.
2022-05-02templates: Add custom template function registration (#4757)Tyler Kropp
* Add custom template function registration * Rename TemplateFunctions to CustomFunctions * Add documentation * Document CustomFunctions interface * Preallocate custom functions map list * Fix interface name in error message
2022-05-02reverseproxy: Fix Caddyfile support for `replace_status` (#4754)Francis Lavoie
2022-04-28httpcaddyfile: Fix duplicate access log when debug is on (#4746)Francis Lavoie
2022-04-28logging: Implement rename filter, changes field key names (#4745)Francis Lavoie
2022-04-28logging: Use `RedirectStdLog` to capture more stdlib logs (#4732)Francis Lavoie
* logging: Use `RedirectStdLog` * .gitignore a file pattern that I'm constantly using for testing
2022-04-28cmd: Fix unix socket addresses for admin API requests (#4742)Francis Lavoie
Fixes a regression in c2327161f725c820826587381f37d651a2b9736d
2022-04-28caddyhttp: Improve listen addr error message for IPv6 (#4740)Francis Lavoie
2022-04-27templates: Add missing backticks in docs (#4737)Marco Kaufmann
2022-04-27reverseproxy: Improve hashing LB policies with HRW (#4724)Matt Holt
* reverseproxy: Improve hashing LB policies with HRW Previously, if a list of upstreams changed, hash-based LB policies would be greatly affected because the hash relied on the position of upstreams in the pool. Highest Random Weight or "rendezvous" hashing is apparently robust to pool changes. It runs in O(n) instead of O(log n), but n is very small usually. * Fix bug and update tests
2022-04-25caddypki: Fix `caddy trust` command to use the correct API endpoint (#4730)Francis Lavoie
2022-04-25httpcaddyfile: Add `{vars.*}` placeholder shortcut, reverse `vars` sort ↵Francis Lavoie
order (#4726) * httpcaddyfile: Add `{vars.*}` placeholder shortcut I'm yoinking this from my https://github.com/caddyserver/caddy/pull/4657 PR because I think we should get this in ASAP for v2.5.0 along with the new `vars` directive. * Sort vars by matchers in reverse
2022-04-25httpcaddyfile: Deprecate paths in site addresses; use zap logs (#4728)Francis Lavoie
2022-04-22caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723)Francis Lavoie
2022-04-21Make file modes consistentMatthew Holt
No need to have executable bit on .go or .txt files
2022-04-20Update smallstep/certificatesMatthew Holt
2022-04-15ci: use latest Go version on macOS (#4708)Mohammed Al Sahaf
2022-04-13ci: Fix typoMatthew Holt
2022-04-13ci: Ensure we always check for latest version of Go (#4703)Francis Lavoie
* ci: Ensure we always check for latest version of Go * Try to force 1.18.1, 1.17.9 * Use includes for the actual go semver * Use `~` for semver here, apparently * Try to make tests still run on 1.18.0 for Mac, for now
2022-04-13cmd: Enhance .env (dotenv) file parsingMatthew Holt
Basic support for quoted values, newlines in quoted values, and comments. Does not support variable or command expansion.
2022-04-13caddypki: Load intermediate for signing on-the-fly (#4669)Francis Lavoie
* caddypki: Load intermediate for signing on-the-fly Fixes #4517 Big thanks to @maraino for adding an API in `smallstep/certificates` so that we can fix this * Debug log * Trying a hunch, does it need to be a pointer receiver? * Clarify pointer receiver Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>