summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-09tls: Add distributed_stek moduleMatthew Holt
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. TLS session ticket keys are sensitive, so they should be rotated on a regular basis. Only Caddy does this by default. However, a cluster of servers that rotate keys without synchronization will lose the benefits of having sessions in the first place if the client is routed to a different backend. This module coordinates STEK rotation in a fleet so the same keys are used, and rotated, across the whole cluster. No other server does this, but Twitter wrote about how they hacked together a solution a few years ago: https://blog.twitter.com/engineering/en_us/a/2013/forward-secrecy-at-twitter.html
2019-10-09tls: Add pem_loader moduleMatthew Holt
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. The PEM loader allows you to embed PEM files (certificates and keys) directly into your config, rather than requiring them to be stored on potentially insecure storage, which adds attack vectors. This is useful in automated settings where sensitive key material is stored only in memory. Note that if the config is persisted to disk, that added benefit may go away, but there will still be the benefit of having lesser dependence on external files.
2019-10-09reverse_proxy: Add local circuit breakerMatthew Holt
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. The local circuit breaker is a simple metrics counter that can cause the reverse proxy to consider a backend unhealthy before it actually goes offline, by measuring recent latencies over a sliding window. Credit to Danny Navarro
2019-10-09http: Add work-in-progress cache handler moduleMatthew Holt
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. The cache HTTP handler will be a high-performing, distributed cache layer for HTTP requests. Right now, the implementation is a very basic proof-of-concept, and further development is required.
2019-10-09admin: /config and /id endpointsMatthew Holt
This integrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. The /config and /id endpoints make granular config changes possible as well as the exporting of the current configuration. The /load endpoint has been modified to wrap the /config handler so that the currently-running config can always be available for export. The difference is that /load allows configs of varying formats and converts them using config adapters. The adapted config is then processed with /config as JSON. The /config and /id endpoints accept only JSON.
2019-10-08cmd: Built-in commands all use RegisterCommand (#2794)yzongyue
2019-10-06cmd/main: Plug in json5 and jsonc config adaptersMatthew Holt
2019-10-06cmd: adapt: Default --adapter value is "caddyfile"Matthew Holt
2019-10-06rewrite: Return parse error if too many Caddyfile args (fixes #2791)Matthew Holt
2019-10-05reverse_proxy: Implement retry_match; by default only retry GET requestsMatthew Holt
See https://caddy.community/t/http-proxy-and-non-get-retries/6304
2019-10-05caddyhttp: Define MatcherSets and RawMatcherSets typesMatthew Holt
2019-10-04file_server: Set default address to :2015 if --listen not specifiedMatthew Holt
2019-10-04reverse_proxy: Configurable request headers on active health checksMatthew Holt
See https://caddy.community/t/health-check-user-agent/6309
2019-10-03Add file-server and reverse-proxy subcommandsMatthew Holt
2019-10-02caddytls: nil check on storageClean fields on StopMatthew Holt
2019-10-01Update CLI docs in READMEMatthew Holt
2019-10-01v2: introduce CI (#2768)Mohammed Al Sahaf
* v2: introduce CI for v2 branch * v2-ci: split test report generation from test pass to preserve exit code * v2-ci: spilt lint results from unit test results * v2-ci: fix testRunTitle name * v2-ci: break up the steps for more accurate status indicators * v2-ci: break steps into different jobs * v2-ci: revert back to single-job pattern * v2-ci: reflect the true result by coercing SucceededWithIssues into Failed in the last step * v2-ci: don't fail the build on lint errors
2019-10-01go.mod: Use latest certmagicMatthew Holt
2019-10-01cmd: CLI improvements; add --validate to adapt commandMatthew Holt
2019-09-30cmd: Add validate subcommand; list-modules --versions; some renamingMatthew Holt
Renames --config-adapter flag to --adapter, adapt-config command to adapt, --print-env flag to --environ, and --input flag to --config.
2019-09-30cmd: Refactor subcommands, add help, make them pluggableaca
* cli: Change command structure, add help subcommand (#328) * cli: improve subcommand structure - make help command as normal subcommand - add flag usage message for each command * cmd: Refactor subcommands and command line help; make commands pluggable
2019-09-30caddytls: Ensure automation field is not nil when appending (fix #2779)Matthew Holt
2019-09-30Clean up provisioned modules on error; refactor Run(); add Validate()Matthew Holt
Modules that return an error during provisioning should still be cleaned up so that they don't leak any resources they may have allocated before the error occurred. Cleanup should be able to run even if Provision does not complete fully.
2019-09-30httpcaddyfile: Add acme_ca and email global optionsMatthew Holt
Also add ability to access options from individual unmarshalers through the Helper values
2019-09-30caddyhttp: 'not' matcher: Support Caddyfile unmarshalingMatthew Holt
2019-09-30Add license header to filestorage.goMatthew Holt
2019-09-30tls: Change struct fields to pointers, add nil checks; rate.Burst updateMatthew Holt
Making them pointers makes for cleaner JSON when adapting configs, if the struct is empty now it will be omitted entirely. The x/time/rate package was updated to support changing the burst, so we've incorporated that here and removed a TODO.
2019-09-28caddyfile: Fix lexer behavior with regards to escaped newlinesMatthew Holt
Newlines (\n) can be escaped outside of quoted areas and the newline will be treated as whitespace but not as an actual line break. Escaping newlines inside a quoted area is not necessary, and because quotes trigger literal interpretation of the contents, the escaping backslash will be parsed as a literal backslash, and the newline will not be escaped. Caveat: When a newline is escaped, tokens after it until an unescaped newline will appear to the parser be on the same line as the initial token after the last unescaped newline. This may technically lead to some false line numbers if errors are given, but escaped newlines are counted so that the next token after an unescaped newline is correct. See #2766
2019-09-26httpcaddyfile: Fix missing module name of storage adapterMatthew Holt
2019-09-24tls: Make cert and OCSP check intervals configurableMatthew Holt
This enables use of ACME CAs that issue shorter-lived certs
2019-09-24tls/acme: Ability to customize trusted roots for ACME servers (#2756)Matt Holt
Closes #2702
2019-09-20go.mod: Update certmagic to v0.7.3Matthew Holt
2019-09-20reverse_proxy/headers: Expose header replacement ability in CaddyfileMatthew Holt
Adds header_up and header_down subdirectives to reverse_proxy
2019-09-19httpcaddyfile: Global storage configuration (closes #2758)Matthew Holt
2019-09-18http: Improve auto HTTP->HTTPS redirects, fix edge casesMatthew Holt
See https://caddy.community/t/v2-issues-with-multiple-server-blocks-in-caddyfile-style-config/6206/13?u=matt Also print pid when using `caddy start`
2019-09-18httpcaddyfile: Fix nil pointer dereferenceMatthew Holt
2019-09-18host matcher: Strip [ ] from IPv6 addressesMatthew Holt
2019-09-17Allow domain fronting with TLS client auth if explicitly configuredMatthew Holt
2019-09-17tls: Clean up expired OCSP staples and certificatesMatthew Holt
2019-09-17fastcgi: Implement / redirect for index.php with php_fastcgi directive (#2754)Matt Holt
* fastcgi: Implement / redirect for index.php with php_fastcgi directive See #2752 and https://caddy.community/t/v2-redirect-path-to-path-index-php-with-assets/6196?u=matt * caddyhttp: MatchNegate implements json.Marshaler * fastcgi: Add /index.php element to try_files matcher * fastcgi: Make /index.php redirect permanent
2019-09-16httpcaddyfile: static_response -> respond; minor cleanupsMatthew Holt
2019-09-14reverse_proxy: Close idle connections on module unloadMatthew Holt
2019-09-14Eliminate some TODOsMatthew Holt
2019-09-14reverse_proxy: Ability to mutate headers; set upstream placeholdersMatthew Holt
2019-09-14headers: Ability to mutate request headers including http.Request.HostMatthew Holt
Also a few bug fixes
2019-09-13Use keybase fork of mitchellh/go-ps for bug fixes (#2750)Mohammed Al Sahaf
2019-09-13Forgot to commit caddyfile.go changes in last commitMatthew Holt
2019-09-13headers: Add ability to replace substrings in header fieldsMatthew Holt
This will probably be useful so the proxy can rewrite header values.
2019-09-13encode: Fix bug where default status code was being writtenMatthew Holt
for small responses. See https://caddy.community/t/v2-permanent-redirect-prompt/6190?u=matt
2019-09-13Update v2 readme in prep for beta1Matthew Holt