summaryrefslogtreecommitdiff
path: root/caddy.go
AgeCommit message (Collapse)Author
2021-02-24Update docs; commit setcap.shMatthew Holt
2021-02-23core: Initialize logging before adminMatthew Holt
We'll see how this goes. https://caddy.community/t/calling-the-admin-api-from-within-a-route-route-causes-a-deadlock/11319
2021-01-27admin: Identity management, remote admin, config loaders (#3994)Matt Holt
This commits dds 3 separate, but very related features: 1. Automated server identity management How do you know you're connecting to the server you think you are? How do you know the server connecting to you is the server instance you think it is? Mutually-authenticated TLS (mTLS) answers both of these questions. Using TLS to authenticate requires a public/private key pair (and the peer must trust the certificate you present to it). Fortunately, Caddy is really good at managing certificates by now. We tap into that power to make it possible for Caddy to obtain and renew its own identity credentials, or in other words, a certificate that can be used for both server verification when clients connect to it, and client verification when it connects to other servers. Its associated private key is essentially its identity, and TLS takes care of possession proofs. This configuration is simply a list of identifiers and an optional list of custom certificate issuers. Identifiers are things like IP addresses or DNS names that can be used to access the Caddy instance. The default issuers are ZeroSSL and Let's Encrypt, but these are public CAs, so they won't issue certs for private identifiers. Caddy will simply manage credentials for these, which other parts of Caddy can use, for example: remote administration or dynamic config loading (described below). 2. Remote administration over secure connection This feature adds generic remote admin functionality that is safe to expose on a public interface. - The "remote" (or "secure") endpoint is optional. It does not affect the standard/local/plaintext endpoint. - It's the same as the [API endpoint on localhost:2019](https://caddyserver.com/docs/api), but over TLS. - TLS cannot be disabled on this endpoint. - TLS mutual auth is required, and cannot be disabled. - The server's certificate _must_ be obtained and renewed via automated means, such as ACME. It cannot be manually loaded. - The TLS server takes care of verifying the client. - The admin handler takes care of application-layer permissions (methods and paths that each client is allowed to use).\ - Sensible defaults are still WIP. - Config fields subject to change/renaming. 3. Dyanmic config loading at startup Since this feature was planned in tandem with remote admin, and depends on its changes, I am combining them into one PR. Dynamic config loading is where you tell Caddy how to load its config, and then it loads and runs that. First, it will load the config you give it (and persist that so it can be optionally resumed later). Then, it will try pulling its _actual_ config using the module you've specified (dynamically loaded configs are _not_ persisted to storage, since resuming them doesn't make sense). This PR comes with a standard config loader module called `caddy.config_loaders.http`. Caddyfile config for all of this can probably be added later. COMMITS: * admin: Secure socket for remote management Functional, but still WIP. Optional secure socket for the admin endpoint is designed for remote management, i.e. to be exposed on a public port. It enforces TLS mutual authentication which cannot be disabled. The default port for this is :2021. The server certificate cannot be specified manually, it MUST be obtained from a certificate issuer (i.e. ACME). More polish and sensible defaults are still in development. Also cleaned up and consolidated the code related to quitting the process. * Happy lint * Implement dynamic config loading; HTTP config loader module This allows Caddy to load a dynamic config when it starts. Dynamically-loaded configs are intentionally not persisted to storage. Includes an implementation of the standard config loader, HTTPLoader. Can be used to download configs over HTTP(S). * Refactor and cleanup; prevent recursive config pulls Identity management is now separated from remote administration. There is no need to enable remote administration if all you want is identity management, but you will need to configure identity management if you want remote administration. * Fix lint warnings * Rename identities->identifiers for consistency
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-05-13cmd: Add pidfile support (closes #3235)Matthew Holt
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-03-31pki: Add trust subcommand to install root cert (closes #3204)Matthew Holt
2020-03-06Merge branch 'certmagic-refactor' into v2Matthew Holt
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-27Fix spelling error (#3085)Success Go
2019-12-31Couple of minor fixes, update readmeMatthew Holt
2019-12-31Tune AppConfigDir and docs for Storage moduleMatthew Holt
2019-12-31Config auto-save; run --resume flag; update environ output (close #2903)Matthew Holt
Config auto-saving is on by default and can be disabled. The --environ flag (or environ subcommand) now print more useful information from Caddy and the runtime, including some nifty paths.
2019-12-31Change storage paths to follow OS conventions; migrate folder (#2955)Matthew Holt
2019-12-29Improve docs, especially w.r.t. placeholders and template actionsMatthew Holt
2019-12-15logging: Implement net writer (#2884)Abdelmalek Ihdene
* Implement UDP writer * Implement Net Writer * Utilize Caddy's address parsing functions * A couple little fixes (see #2884)
2019-12-12cmd: Fix validate command when JSON contains "@id" fieldsMatthew Holt
Also, don't run admin server when validating...
2019-12-10v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924)Matt Holt
This commit goes a long way toward making automated documentation of Caddy config and Caddy modules possible. It's a broad, sweeping change, but mostly internal. It allows us to automatically generate docs for all Caddy modules (including future third-party ones) and make them viewable on a web page; it also doubles as godoc comments. As such, this commit makes significant progress in migrating the docs from our temporary wiki page toward our new website which is still under construction. With this change, all host modules will use ctx.LoadModule() and pass in both the struct pointer and the field name as a string. This allows the reflect package to read the struct tag from that field so that it can get the necessary information like the module namespace and the inline key. This has the nice side-effect of unifying the code and documentation. It also simplifies module loading, and handles several variations on field types for raw module fields (i.e. variations on json.RawMessage, such as arrays and maps). I also renamed ModuleInfo.Name -> ModuleInfo.ID, to make it clear that the ID is the "full name" which includes both the module namespace and the name. This clarity is helpful when describing module hierarchy. As of this change, Caddy modules are no longer an experimental design. I think the architecture is good enough to go forward.
2019-11-27admin: Preserve "@id" fields through partial changes (fixes #2902)Matthew Holt
2019-11-04reverse_proxy: Add UnmarshalCaddyfile for random_choose selection policyMatthew Holt
Also allow caddy.Duration to be given integer values which are treated like regular time.Duration values (nanoseconds). Fixes #2856
2019-11-04core: Major refactor of admin endpoint and config handlingMatthew Holt
Fixed several bugs and made other improvements. All config changes are now mediated by the global config state manager. It used to be that initial configs given at startup weren't tracked, so you could start caddy with --config caddy.json and then do a GET /config/ and it would return null. That is fixed, along with several other general flow/API enhancements, with more to come.
2019-10-29logging: Tweak defaults (enable logging by default, color level enc.)Matthew Holt
2019-10-28v2: Logging! (#2831)Matt Holt
* logging: Initial implementation * logging: More encoder formats, better defaults * logging: Fix repetition bug with FilterEncoder; add more presets * logging: DiscardWriter; delete or no-op logs that discard their output * logging: Add http.handlers.log module; enhance Replacer methods The Replacer interface has new methods to customize how to handle empty or unrecognized placeholders. Closes #2815. * logging: Overhaul HTTP logging, fix bugs, improve filtering, etc. * logging: General cleanup, begin transitioning to using new loggers * Fixes after merge conflict
2019-09-30Clean up provisioned modules on error; refactor Run(); add Validate()Matthew Holt
Modules that return an error during provisioning should still be cleaned up so that they don't leak any resources they may have allocated before the error occurred. Cleanup should be able to run even if Provision does not complete fully.
2019-09-14Eliminate some TODOsMatthew Holt
2019-09-13Hard-code 'main' module name until bug upstream in Go modules is fixedMatthew Holt
See https://github.com/golang/go/issues/29228
2019-08-17Fixing a compilation error (#2712)Albert Shirima
./caddy.go:230:12: cannot use *dep (type debug.Module) as type *debug.Module in return argument ./caddy.go:233:12: cannot use bi.Main (type debug.Module) as type *debug.Module in return argument
2019-08-07Part 1: Optimize using compiler's inliner (#2687)Dominik Braun
* optimized functions for inlining * added note regarding ResponseWriterWrapper * optimzed browseWrite* methods for FileServer * created benchmarks for comparison * creating browseListing instance in each function * created benchmarks for openResponseWriter * removed benchmarks of old implementations * implemented sync.Pool for byte buffers * using global sync.Pool for writing JSON/HTML
2019-07-15Minor tweaksMatthew Holt
2019-07-12Get module name at runtime, and tidy up modulesMatthew Holt
2019-07-12Standardize exit codes and improve shutdown handling; update gitignoreMatthew Holt
2019-07-03Change storage module key from "system" to "module"Matthew Holt
2019-07-02go.mod: Append /v2 to module name; update all import pathsMatthew Holt
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-06-30Add licenseMatthew Holt
2019-06-28Refactor code related to getting current versionMatthew Holt
And set version in CertMagic for User-Agent purposes
2019-06-28Caddy 2 gets a CLI! And admin endpoint is now configurable via JSONMatthew Holt
2019-06-14Rename caddy2 -> caddyMatthew Holt
Removes the version from the package name
2019-05-29Fix bug unmarshaling custom duration valuesMatthew Holt
2019-05-22Export types and fields necessary to build configs (for config adapters)Matthew Holt
Also flag most fields with 'omitempty' for JSON marshaling
2019-05-20Implement most of static file server; refactor and improve ReplacerMatthew Holt
2019-05-16Architectural shift to using context for config and module stateMatthew Holt
2019-05-16Some minor updates, and get rid of OnLoad/OnUnloadMatthew Holt
2019-04-29Instantiate apps that are needed but not explicitly configuredMatthew Holt
2019-04-25Initial commit of Storage, TLS, and automatic HTTPS implementationsMatthew Holt
2019-04-11Begin implementing error handling and re-handlingMatthew Holt
2019-04-08Implement "global" state for modules, OnLoad and OnUnload callbacksMatthew Holt
Tested for memory leaks and performance. Obviously the added locking and global state is not awesome, but the alternative is a little uglier IMO: we'd have to make some sort of "liaison" value which stores the state, then pass it around to every module, and so LoadModule becomes a lot less accessible, and each module would need to maintain a reference to it... nope, just ugly. I think this is the cleaner solution: just make sure only one Start() happens at a time, and keep global things global. Very simple log middleware is an example. Might need to reorder the operations in Start() and handle errors differently, etc. Otherwise, I'm mostly happy with this solution...
2019-04-02Close listeners which are no longer usedMatthew Holt
2019-04-02Merged in deadlines (pull request #1)Matt Holt
Cleanly fake-close listeners * WIP debugging listener deadlines * Fix listener deadlines
2019-03-31Very basic middleware and route matching functionalityMatthew Holt
2019-03-27Fix goroutine leak in RunMatthew Holt
D'oh, the servers' Shutdown() would never be called because they were never added to the list of servers. Thanks Danny for finding this.