summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-01-07httpcaddyfile: Support repeated use of cert_issuer global optionMatthew Holt
This changes the signature of UnmarshalGlobalFunc but this is probably OK since it's only used by this repo as far as we know. We need this change in order to "remember" the previous value in case a global option appears more than once, which is now a possibility with the cert_issuer option since Caddy now supports multiple issuers in the order defined by the user. Bonus: the issuer subdirective of tls now supports one-liner for "acme" when all you need to set is the directory: issuer acme <dir>
2021-01-06caddytls: add 'key_type' subdirective (#3956)Jordi Masip
* caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
2021-01-05caddyfile: Refactor unmarshaling of module tokensMatthew Holt
Eliminates a fair amount of repeated code
2021-01-04go.mod: Update CertMagic and acmez (improved IDN support)Matthew Holt
2021-01-04reverseproxy: Caddyfile health check headers, host header support (#3948)yaxin
* reverse_proxy: 1.health check headers can be set through Caddyfile using health_headers directive; 2.health check header host can be set properly * reverse_proxy: replace example with syntax definition inline health_headers directive parse function * bugfix: change caddyfile_adapt testcase file from space to tab * reverseproxy: modify health_header value document as optional and add more test cases
2021-01-04httpcaddyfile: Adjust iterator when removing AP (fix #3953)Matthew Holt
2021-01-04cmd: Organize list-modules output; --packages flag (#3925)Matt Holt
2021-01-04caddyfile: Introduce basic linting and fmt check (#3923)Matt Holt
* caddyfile: Introduce basic linting and fmt check This will help encourage people to keep their Caddyfiles tidy. * Remove unrelated tests I am not sure that testing the output of warnings here is quite the right idea; these tests are just for syntax and parsing success.
2020-12-30ci: force fetch the upstream tags (#3947)Mohammed Al Sahaf
2020-12-30metrics: allow disabling OpenMetrics negotiation (#3944)Dave Henderson
* metrics: allow disabling OpenMetrics negotiation Signed-off-by: Dave Henderson <dhenderson@gmail.com> * fixup! metrics: allow disabling OpenMetrics negotiation
2020-12-30ci: Add pushing to cloudsmith (#3941)Francis Lavoie
* ci: Add pushing to cloudsmith * ci: Update comments, remove env TODO * ci: Fix Cloudsmith installation by setting PATH * docs: Add Cloudsmith attribution to README * ci: Switch to keeping armv7 as the armhf .deb
2020-12-30fileserver: Fix "go up" links in browse listings (closes #3942)Matthew Holt
At some point we changed how paths are represented down the function calls of browse listings and forgot to update the canGoUp logic. I think this is right? It's simpler now.
2020-12-30ci: Update goreleaser to fix deprecation notices (#3945)Francis Lavoie
See https://goreleaser.com/deprecations#nfpmsfiles and https://goreleaser.com/deprecations#nfpmsconfig_files
2020-12-29ci: reject tags if not signed by Matthew Holt's key (#3932)Mohammed Al Sahaf
* ci: reject tags if not signed by Matthew Holt's key * ci: don't reject tags if an intermediate commits are not signed
2020-12-16caddyfile: Fix minor bug in formatterMatthew Holt
2020-12-15caddytls: Improve alt chain preference settingsMatthew Holt
This allows for finer-grained control when choosing alternate chains than simply the previous/Certbot-esque behavior of "choose first chain that contains an issuer's common name." This update allows you to sort by length (if optimizing for efficiency on the wire) and also to select the chain with a specific root CommonName.
2020-12-14reverseproxy: Minor lint fixesMatthew Holt
2020-12-10caddyhttp: Optionally use forwarded IP for remote_ip matcherMatthew Holt
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default. This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
2020-12-10caddyhttp: Clean up internal auto-HTTPS redirect codeMatthew Holt
Refactor redirect route creation into own function. Improve condition for appending port. Fixes a bug manifested through new test case: TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses
2020-12-09caddyhttp: Document that remote_ip reads X-Forwarded-For headerMatthew Holt
https://caddy.community/t/remote-ip-behaviour/10762?u=matt
2020-12-09go.mod: Update CertMagic (fix #3911)Matthew Holt
2020-12-09httpcaddyfile: support matching headers that do not exist (#3909)Jack Baron
* add integration test for null header matcher * implement null header matcher syntax * avoid repeating magic ! * check for field following ! character
2020-12-08go.mod: Upgrade some dependenciesMatthew Holt
2020-12-07httpcaddyfile: Decrement counter when removing conn policy (fix #3906)Matthew Holt
2020-12-04fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)Francis Lavoie
* fastcgi: Set PATH_INFO to file matcher remainder as fallback * fastcgi: Avoid changing scriptName when not necessary * Stylistic tweaks Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-12-04go.mod: update quic-go to v0.19.3 (#3901)Marten Seemann
2020-12-03caddyauth: Use structured logMatthew Holt
2020-12-03Merge remote-tracking branch 'origin/master'Matthew Holt
2020-12-03cmd: add ability to read config from stdin (#3898)Jordi Masip
2020-12-02Add setcap script to gitignoreMatthew Holt
2020-12-02Minor commentsMatthew Holt
2020-12-02caddyhttp: Optimize large host matchersMatthew Holt
2020-12-01caddyauth: Use buffered channel passed to signal.Notify (#3895)Cuong Manh Le
The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer"
2020-11-30headers: Fix Caddyfile parsing with request matcher (#3892)Francis Lavoie
2020-11-26docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886)Francis Lavoie
2020-11-26fileserver: Add debug loggingMatthew Holt
2020-11-25reverseproxy: Handle "operation was canceled" errors (#3816)Daniel Santos
* fix(caddy): Avoid "operation was canceled" errors - Also add error handling for StatusGatewayTimeout * revert(caddy): Revert 504 handling - This will potentially break load balancing and health checks * Handle client cancellation as different error Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-11-25caddytls: Configure trusted CAs from PEM files (#3882)Matt Holt
Closes #3563
2020-11-24httpcaddyfile: Fix test on WindowsMatthew Holt
2020-11-24httpcaddyfile: Proper log config with catch-all blocks (fix #3878)Matthew Holt
2020-11-24Update readmeMatthew Holt
2020-11-24fileserver: Preserve transformed root (fix #3838)Matthew Holt
2020-11-23acme_server: fix reload of acme database (#3874)Ian
* acme_server: Refactor database creation apart from authority creation This is a WIP commit that doesn't really offer anything other than setting us up for using a UsagePool to gracefully reload acme_server configs. * Implement UsagePool * Remove unused context * Fix initializing non-ACME CA This will handle cases where a DB is not provided * Sanitize acme db path and clean debug logs * Move regex to package level to prevent recompiling
2020-11-23acme_server: switch to bbolt storage (#3868)Ian
* acme_server: switch to bbolt storage There have been some issues with the badger storage engine being used by the embedded acme_server. This will replace the storage engine with bbolt * Switch database path back to acme_server/db and remove if directory
2020-11-23caddyfile: Add support for env var defaults; add tests (#3682)Francis Lavoie
* caddyfile: Add support for env var defaults, tests * caddyfile: Use ?? instead, fix redundant cast, remove env chaining * caddyfile: Use : instead
2020-11-23httpcaddyfile: Configure servers via global options (#3836)Francis Lavoie
* httpcaddyfile: First pass at implementing server options * httpcaddyfile: Add listener wrapper support * httpcaddyfile: Sort sbaddrs to make adapt output more deterministic * httpcaddyfile: Add server options adapt tests * httpcaddyfile: Windows line endings lol * caddytest: More windows line endings lol (sorry Matt) * Update caddyconfig/httpcaddyfile/serveroptions.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Reword listener address "matcher" * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * httpcaddyfile: Deprecate experimental_http3 option (moved to servers) * httpcaddyfile: Remove validation step, no longer needed Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-23reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)Francis Lavoie
* reverseproxy: Add Caddyfile scheme shorthand for h2c * reverseproxy: Use parentheses for condition Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-21go.mod: update quic-go to v0.19.2 (#3880)Marten Seemann
2020-11-20reverseproxy: Logging for streaming and upgrades (#3689)Francis Lavoie
* reverseproxy: Enable error logging for connection upgrades * reverseproxy: Change some of the error levels, unsugar * Use unsugared log in one spot Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>