summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-06-16httpcaddyfile: Fix ordering of catch-all site blocksMatthew Holt
Catch-alls should always go last. Normally this is the case, but we have a special case for comparing one wildcard-host site block to another non-wildcard host site block; and a catch-all site block is also a non-wildcard host site block, so now we have to special-case the catch-all site block. Sigh. This could be reproduced with a Caddyfile that has two site blocks: ":80" and "*.example.com", in that order.
2020-06-15templates: Add support for dots to close yaml frontmatter (#3498)Francis Lavoie
* templates: Add support for dots to close yaml frontmatter * templates: Fix regression in body output
2020-06-12ci: don't run s390x tests on PRs of forks (#3494)Mohammed Al Sahaf
* ci: don't run s390x tests on PRs of forks * ci: check if fork by matchinging name from event against name of repo
2020-06-12httpcaddyfile: New `acme_eab` option (#3492)Chris Ortman
* Adds global options for external account bindings * Maybe other people use ctags too? * Use nested block to configure external account * go format files * Restore acme_ca directive in test file * Change Caddyfile config syntax for acme_eab * Update test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-12ci: skip s390x tests on forks (#3493)Mohammed Al Sahaf
2020-06-12go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab)Matthew Holt
2020-06-12Merge branch 'eab-fix'Matthew Holt
2020-06-12ci: add CI on s390x (#3463)Mohammed Al Sahaf
* ci: lay out foundation for s390x tests * ci: uncomment the s390x test script & replace placeholders with real values * ci: amend the s390x test job name to be more consistent with others
2020-06-12fastcgi: Make sure splitPos handles empty SplitPath correctly (#3491)Wynn Wolf Arbor
In commit f2ce81c, support for multiple path splitters was added. The type of SplitPath changed from string to []string, and splitPos was changed to loop through all values in SplitPath. Before that commit, if SplitPath was empty, strings.Index returned 0 and PATH_INFO was set correctly in buildEnv. Currently, however, splitPos returns -1 for empty values of SplitPath, behaving as if a split position could not be found at all. PATH_INFO is then never set in buildEnv and remains empty. Restore the old behaviour by explicitly checking whether SplitPath is empty and returning 0 in splitPos. Closes #3490
2020-06-11caddyhttp: Add client cert SAN placeholdersMatthew Holt
2020-06-11caddytls: Don't decode HMACMatthew Holt
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
2020-06-11reverseproxy: Close websocket conn if req context cancelsMatthew Holt
This is a recent patch in the Go standard library
2020-06-08ci: Fix gemfury upload condition, move triggers to publish event (#3483)Francis Lavoie
2020-06-08ci: fix an oopsie in the release script (#3482)Mohammed Al Sahaf
2020-06-08reverseproxy: Add Caddyfile support for ClientCertificateAutomateMatthew Holt
2020-06-05httpcaddyfile: Add client_auth options to tls directive (#3335)NWHirschfeld
* reading client certificate config from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update caddyconfig/httpcaddyfile/builtins.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * added adapt test for parsing client certificate configuration from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844 Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update modules/caddytls/connpolicy.go * Make review adjustments Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-05caddytls: Configurable cache size limitMatthew Holt
2020-06-05go.mod: Update dependenciesMatthew Holt
2020-06-05ci: Disable publishing .deb on beta tags (#3473)Francis Lavoie
2020-06-04reverseproxy: Enable changing only the status code (close #2920)Matthew Holt
2020-06-04caddyhttp: Default to error status if found in contextMatthew Holt
This is just a convenience if using a static_response handler in an error route, by setting the default status code to the same one as the error status.
2020-06-03caddyhttp: Auto-redirects from all bind addresses (fix #3443)Matthew Holt
2020-06-03caddypki: Add 'acme_server' Caddyfile directiveMatthew Holt
2020-06-03httpcaddyfile: Sort site blocks with wildcards last (fix #3410)Matthew Holt
2020-06-03cmd: Only stop admin server on signal if it exists (fix #3470)Matthew Holt
2020-06-02caddytls: Actually use configured test CAMatthew Holt
2020-06-01caddyauth: Cache basicauth results (fixes #3462) (#3465)Matt Holt
Cache capacity is currently hard-coded at 1000 with random eviction. It is enabled by default from Caddyfile configurations because I assume this is the most common preference.
2020-06-01caddyfile: Add args on imports (#3423)Francis Lavoie
* caddyfile: Add support for args on imports * caddyfile: Add more import args tests
2020-06-01httpcaddyfile: Let modules add listener wrappers (#3397)Georges Haidar
* httpcaddyfile: allow modules to customize listener wrappers * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-01go.mod: Update dependenciesMatthew Holt
2020-05-29cmd: Support admin endpoint on unix socket (#3320)Matt Holt
2020-05-29caddyconfig: Minor internal and godoc tweaksMatthew Holt
2020-05-28logging: Net writer redials if write fails (#3453)Matt Holt
* logging: Net writer redials if write fails https://caddy.community/t/v2-log-output-net-does-not-reconnect-after-lost-connection/8386?u=matt * Only replace connection if redial succeeds * Fix error handling
2020-05-27reverseproxy: Pool copy buffers (minor optimization)Matthew Holt
2020-05-27reverseproxy: Enable response interception (#1447, #2920)Matthew Holt
It's a raw, low-level implementation for now, but it's very flexible. More sugar-coating can be added after error handling is more developed.
2020-05-27chore: Fix typo in dispenser.go (#3456)Francis Lavoie
2020-05-26caddyhttp: Refactor header matchingMatthew Holt
This allows response matchers to benefit from the same matching logic as the request header matchers (mainly prefix/suffix wildcards).
2020-05-26caddyhttp: Add client.public_key(_sha256) placeholdersMatthew Holt
2020-05-26httpcaddyfile: New `handle_path` directive (#3281)Francis Lavoie
* caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-26cmd: file-server: add --access-log flag (#3454)Rui Lopes
2020-05-26reverseproxy: Improve error message when using scheme+placeholder (#3393)Francis Lavoie
* reverseproxy: Improve error message when using scheme+placeholder * reverseproxy: Simplify error message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-26caddyfile: Move NewTestDispenser into non-test file (#3439)Francis Lavoie
2020-05-26reverseproxy: Fix https active health checks #3450 (#3451)AndyBan
2020-05-25chore: forego the use of deprecated cel func NewIdent in favor of NewVar (#3444)Mohammed Al Sahaf
2020-05-22chore: simplify goreleaser flow, add bash completions to .deb (#3436)Mohammed Al Sahaf
2020-05-21caddyhttp: Add time.now placeholder and update cel-go (closes #2594)Matthew Holt
2020-05-21cmd: hash-password: Fix broken terminal state on SIGINT (#3416)Francis Lavoie
* caddyauth: Fix hash-password broken terminal state on SIGINT * caddycmd: Move TrapSignals calls to only subcommands that run long
2020-05-21admin: Disallow websocketsMatthew Holt
No currently-known exploit here, just being conservative
2020-05-20Update SECURITY.mdMatt Holt
2020-05-20reverseproxy: Don't overwrite existing X-Forwarded-Proto headerMatthew Holt
Correct behavior is not well defined because this is a non-standard header field. This could be a "hop-by-hop" field much like X-Forwarded-For is, but even our X-Forwarded-For implementation preserves prior entries. Or, it could be best to preserve the original value from the first hop, representing the protocol as facing the client. Let's try it the other way for a bit and see how it goes. See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt