Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
And #3391
Maybe also related: #3664
|
|
|
|
Update internal issuer for compatibility -- yay simpler code!
The .1 version also fixes non-critical SAN extensions that caused trust
issues on several clients.
|
|
* ci: Try Go 1.15 RC1 out of curiosity
* Go 1.15 was released; let's try it
* Update to latest quic-go
* Attempt at fixing broken test
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
|
|
* httpcaddyfile: Flip `root` directive sort order
* httpcaddyfile: Sort directives with any matcher before those with none
* httpcaddyfile: Generalize reverse sort directives, improve logic
* httpcaddyfile: Fix "spelling" issue
* httpcaddyfile: Turns out the second change precludes the first
httpcaddyfile: Delete test that no longer makes sense
* httpcaddyfile: Shorten logic
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers
Configuring issuers explicitly in a Caddyfile is not easily compatible
with existing ACME-specific parameters such as email or acme_ca which
infer the kind of issuer it creates (this is complicated now because
the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit
that later if we need to.
New Caddyfile global option:
{
cert_issuer <name> ...
}
Or, alternatively, as a tls subdirective:
tls {
issuer <name> ...
}
For example, to use ZeroSSL with an API key:
{
cert_issuser zerossl API_KEY
}
For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB
credentials for you. You can also provide the EAB credentials directly
just like any other ACME endpoint:
{
cert_issuer acme {
eab KEY_ID MAC_KEY
}
}
All these examples use the new global option (or tls subdirective). You
can still use traditional/existing options with ZeroSSL, since it's
just another ACME endpoint:
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab KEY_ID MAC_KEY
}
That's all there is to it. You just can't mix-and-match acme_* options
with cert_issuer, because it becomes confusing/ambiguous/complicated to
merge the settings.
* Fix broken test
This test was asserting buggy behavior, oops - glad this branch both
discovers and fixes the bug at the same time!
* Fix broken test (post-merge)
* Update modules/caddytls/acmeissuer.go
Fix godoc comment
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Add support for ZeroSSL's EAB-by-email endpoint
Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to
the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to
generate EAB if not already provided); this is now possible with either
an API key or an email address.
* go.mod: Use latest certmagic, acmez, and x/net
* Wrap underlying logic rather than repeating it
Oops, duh
* Form-encode email info into request body for EAB endpoint
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
Now use context cancellation to stop active health checker, which is
simpler than and just as effective as using a separate stop channel.
|
|
|
|
We can't update smallstep/nosql and klauspost/cpuid yet because of
upstream breakage.
|
|
As of early August 2020 the VM has been down for several days due to
lack of power due related to bad weather at the data center... sigh.
|
|
When consolidating automation policies, ensure same subject names do not
get appended to list.
|
|
|
|
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606).
* reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream.
* Minor cleanup; apply review suggestions
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
* Bring `ensure_origin` and `origins` to caddyfile admin config
* Add unit test for caddyfile admin config update
* Add caddyfile adapt test for typical admin setup
* httpcaddyfile: Replace admin config error message when there's more arguments than needed
Replace d.Err() to d.ArgErr() since the latter provides similarly informative error message
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
* ci: include tracking of GOOS for which Caddy fails to build
* ci: split cross-build check into separate workflow
* ci: cross-build check: make it clear the cross-build check is not a blocker
* ci: cross-build check: set annotation instead of failing the build
* ci: cross-build check: explicitly set continue-on-error to force success marker
* ci: cross-build check: send stderr to /dev/null
* ci: Simplify workflow names
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* fileserver: First attempt to fix failing test on Linux
I think I updated the wrong test case before
* Make new test function
I guess what we really are trying to test is the case insensitivity of
firstSplit. So a new test function is better for that.
|
|
* fix 2 possible bugs
* handle unhandled errors
|
|
|
|
We can't use a positional index on an original string that we got from
its lower-cased equivalent. Implement our own IndexFold() function b/c
the std lib does not have one.
|
|
* httpcaddyfile: Add `compression` to http transport config
* Add caddyfile adapt test for typical h2c setup
|
|
* Replace lego with acmez; upgrade CertMagic
* Update integration test
|
|
* caddyhttp, httpcaddyfile: Implement placeholders in template
* caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates
* Update modules/caddyhttp/templates/templates.go
updates JSON doc
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/templates/tplcontext.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* push: Implement HTTP/2 server push (close #3551)
* push: Abstract header ops by embedding into new struct type
This will allow us to add more fields to customize headers in
push-specific ways in the future.
* push: Ensure Link resources are pushed before response is written
* Change header name from X-Caddy-Push to Caddy-Push
|
|
|
|
* reverse proxy: Support more h2 stream scenarios (#3556)
* reverse proxy: add integration test for better h2 stream (#3556)
* reverse proxy: adjust comments as francislavoie suggests
* link to issue #3556 in the comments
|
|
* reverse proxy: add support for custom resolver
* reverse proxy: don't pollute the global resolver with bootstrap resolver setup
* Improve documentation of reverseproxy.UpstreamResolver fields
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver
* remove support for bootstraper of resolver
* godoc and code-style changes
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
We already restore them within the retry loop, but after successful
proxy we didn't reset them, so as handlers bubble back up, they would
see the values used for proxying.
Thanks to @ziddey for identifying the cause.
|
|
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash
See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
|
|
Completing a TODO!
|
|
* reverseproxy: Fix Caddyfile parsing for empty non-http transports
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Rename empty transport test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
It is essentially broken because it occludes many log fields.
See: https://github.com/caddyserver/caddy/issues/3575
|
|
|
|
|
|
* Update browse.go
* Update browselisting.go
* Update browsetpl.go
* fix linter err
* Update modules/caddyhttp/fileserver/browse.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/fileserver/browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update browsetpl.go
change from -> offset
* Update browse.go
* Update browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
This makes it choose first matching closing fence instead of last one,
which could appear in document body.
|
|
Sometimes this operation can take a while (we observed 7 minutes
recently, with a large, globally-distributed storage backend).
|