summaryrefslogtreecommitdiff
path: root/caddyconfig
AgeCommit message (Collapse)Author
2022-09-15caddyhttp: Add 'skip_log' var to omit request from logs (#4691)Francis Lavoie
* caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-15httpcaddyfile: Fix bind when IPv6 is specified with network (#4950)Michael Stapelberg
* fix listening on IPv6 addresses: use net.JoinHostPort Commit 1e18afb5c862d62be130d563785de5c58f08ae8e broke my caddy setup. This commit fixes it. * Refactor solution; simplify, add descriptive comment * Move network to host, not copy Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-09-13httpcaddyfile: Fix sorting of repeated directivesMatthew Holt
Fixes #5037
2022-09-05httpcaddyfile: Add a couple more placeholder shortcuts (#5015)Francis Lavoie
This adds: - `{file.*}` -> `{http.request.uri.path.file.*}` - `{file_match.*}` -> `{http.matchers.file.*}` This is a follow-up to #4993 which introduces the new URI file placeholders, and a shortcut for using `file` matcher output. For example, where the `try_files` directive is a shortcut for this: ``` @try_files file <files...> rewrite @try_files {http.matchers.file.relative} ``` It could instead be: ``` @try_files file <files...> rewrite @try_files {file_match.relative} ```
2022-09-02core: Refactor listeners; use SO_REUSEPORT on Unix (#4705)Matt Holt
* core: Refactor listeners; use SO_REUSEPORT on Unix Just an experiment for now * Fix lint by logging error * TCP Keepalive configuration (#4865) * initial attempt at TCP Keepalive configuration * core: implement tcp-keepalive for linux * move canSetKeepAlive interface * Godoc for keepalive server parameter * handle return values * log keepalive errors * Clean up after bad merge * Merge in pluggable network types From 1edc1a45e3aee1f7d86b68c3ddaf2fd16ba8ab73 * Slight refactor, fix from recent merge conflict Co-authored-by: Karmanyaah Malhotra <karmanyaah.gh@malhotra.cc>
2022-09-01map: Coerce val to string, fix #4987Matthew Holt
Also prevent infinite recursion, and enforce placeholder syntax.
2022-09-01httpcaddyfile: Add shortcut for expression matchers (#4976)Francis Lavoie
2022-08-31httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001)Francis Lavoie
2022-08-24httpcaddyfile: Add ocsp_interval global option (#4980)Ben Burkert
2022-08-17core: Change net.IP to netip.Addr; use netip.Prefix (#4966)WilczyńskiT
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-08-15caddyhttp: Enable HTTP/3 by default (#4707)Matt Holt
2022-08-09httpcaddyfile: redir with "html" emits 200, no Location (fix #4940)Matthew Holt
The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-04Replace strings.Index usages with strings.Cut (#4930)WilczyńskiT
2022-08-03httpserver: Configurable shutdown delay (#4906)Matt Holt
2022-08-02chore: Bump up to Go 1.19, minimum 1.18 (#4925)Francis Lavoie
2022-07-29core: Windows service integration (#4790)WingLim
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-07-25httpcaddyfile: Detect ambiguous site definitions (fix #4635)Matthew Holt
Previously, our "duplicate key in server block" logic was flawed because it did not account for the site's bind address. We defer this check to when the listener addresses have been assigned, but before we commit a server block to its listener. Also refined how network address parsing and joining works, which was necessary for a less convoluted fix.
2022-06-29admin: Implement /adapt endpoint (close #4465) (#4846)Matt Holt
2022-06-01Fix #4822 and fix #4779Matthew Holt
The fix for 4822 is the change at the top of the file, and 4779's fix is toward the bottom of the file.
2022-05-24httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)Francis Lavoie
2022-05-08httpcaddyfile: Support multiple values for `default_bind` (#4774)Francis Lavoie
* httpcaddyfile: Support multiple values for `default_bind` * Fix ordering of server blocks
2022-05-06map: Prevent output destinations overlap with Caddyfile shorthands (#4657)Francis Lavoie
2022-05-06reverseproxy: Support performing pre-check requests (#4739)Francis Lavoie
2022-04-28httpcaddyfile: Fix duplicate access log when debug is on (#4746)Francis Lavoie
2022-04-25httpcaddyfile: Add `{vars.*}` placeholder shortcut, reverse `vars` sort ↵Francis Lavoie
order (#4726) * httpcaddyfile: Add `{vars.*}` placeholder shortcut I'm yoinking this from my https://github.com/caddyserver/caddy/pull/4657 PR because I think we should get this in ASAP for v2.5.0 along with the new `vars` directive. * Sort vars by matchers in reverse
2022-04-25httpcaddyfile: Deprecate paths in site addresses; use zap logs (#4728)Francis Lavoie
2022-04-21Make file modes consistentMatthew Holt
No need to have executable bit on .go or .txt files
2022-03-25go.mod: Upgrade CertMagic to v0.16.0Matthew Holt
Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-24httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661)Francis Lavoie
Guh, this is complicated. Fixes #4640 This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase. The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest.
2022-03-23caddyfile: Prevent bad block opening tokens (#4655)Francis Lavoie
* caddyfile: Prevent bad block opening tokens * Clarifying comments
2022-03-22httpcaddyfile: Add 'vars' directiveMatthew Holt
See discussion in #4650
2022-03-18caddyfile: Support for raw token values; improve `map`, `expression` (#4643)Francis Lavoie
* caddyfile: Support for raw token values, improve `map`, `expression` * Applied code review comments * Rename RawVal to ValRaw Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-15ci: Build on Go 1.18, bump actions versions (#4637)Francis Lavoie
* ci: Build on Go 1.18, bump actions versions * Revert linter version bump for now * Try linter again
2022-03-13chore: Comment fixes (#4634)Francis Lavoie
2022-03-09reverseproxy: copy_response and copy_response_headers for handle_response ↵Francis Lavoie
routes (#4391) * reverseproxy: New `copy_response` handler for `handle_response` routes Followup to #4298 and #4388. This adds a new `copy_response` handler which may only be used in `reverse_proxy`'s `handle_response` routes, which can be used to actually copy the proxy response downstream. Previously, if `handle_response` was used (with routes, not the status code mode), it was impossible to use the upstream's response body at all, because we would always close the body, expecting the routes to write a new body from scratch. To implement this, I had to refactor `h.reverseProxy()` to move all the code that came after the `HandleResponse` loop into a new function. This new function `h.finalizeResponse()` takes care of preparing the response by removing extra headers, dealing with trailers, then copying the headers and body downstream. Since basically what we want `copy_response` to do is invoke `h.finalizeResponse()` at a configurable point in time, we need to pass down the proxy handler, the response, and some other state via a new `req.WithContext(ctx)`. Wrapping a new context is pretty much the only way we have to jump a few layers in the HTTP middleware chain and let a handler pick up this information. Feels a bit dirty, but it works. Also fixed a bug with the `http.reverse_proxy.upstream.duration` placeholder, it always had the same duration as `http.reverse_proxy.upstream.latency`, but the former was meant to be the time taken for the roundtrip _plus_ copying/writing the response. * Delete the "Content-Length" header if we aren't copying Fixes a bug where the Content-Length will mismatch the actual bytes written if we skipped copying the response, so we get a message like this when using curl: ``` curl: (18) transfer closed with 18 bytes remaining to read ``` To replicate: ``` { admin off debug } :8881 { reverse_proxy 127.0.0.1:8882 { @200 status 200 handle_response @200 { header Foo bar } } } :8882 { header Content-Type application/json respond `{"hello": "world"}` 200 } ``` * Implement `copy_response_headers`, with include/exclude list support * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-03-08tracing: New OpenTelemetry module (#4361)Andrii Kushch
* opentelemetry: create a new module * fix imports * fix test * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/tracer.go Co-authored-by: Dave Henderson <dhenderson@gmail.com> * rename error ErrUnsupportedTracesProtocol * replace spaces with tabs in the test data * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * replace spaces with tabs in the README.md * use default values for a propagation and exporter protocol * set http attributes with helper * simplify code * Cleanup modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update documentation in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link to naming spec in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename module from opentelemetry to tracing Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Simplify otel resource creation Co-authored-by: Dave Henderson <dhenderson@gmail.com> * handle extra attributes Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel/semconv to 1.7.0 Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel version * remove environment variable handling * always use tracecontext,baggage as propagators * extract tracer name into variable * rename OpenTelemetry to Tracing * simplify resource creation * update go.mod * rename package from opentelemetry to tracing * cleanup tests * update Caddyfile example in README.md * update README.md * fix test * fix module name in README.md * fix module name in README.md * change names in README.md and tests * order imports * remove redundant tests * Update documentation README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Fix grammar Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.sum * update go.sum * Add otelhttp instrumentation, update OpenTelemetry libraries. * Use otelhttp instrumentation for instrumenting HTTP requests. This change uses context.WithValue to inject the next handler into the request context via a "nextCall" carrier struct, and pass it on to a standard Go HTTP handler returned by otelhttp.NewHandler. The underlying handler will extract the next handler from the context, call it and pass the returned error to the carrier struct. * use zap.Error() for the error log * remove README.md * update dependencies * clean up the code * change comment * move serveHTTP method from separate file * add syntax to the UnmarshalCaddyfile comment * go import the file * admin: Write proper status on invalid requests (#4569) (fix #4561) * update dependencies Co-authored-by: Dave Henderson <dhenderson@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Vibhav Pant <vibhavp@gmail.com> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Cedric Ziel <cedric@cedric-ziel.com>
2022-03-08caddytls: dns_challenge_override_domain for challenge delegation (#4596)Ran Chen
* Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-05reverseproxy: Refactor dial address parsing, augment command parsing (#4616)Francis Lavoie
2022-03-01httpcaddyfile: Support explicitly turning off `strict_sni_host` (#4592)Francis Lavoie
2022-02-19httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589)Francis Lavoie
2022-02-17caddyconfig: Support placeholders in HTTP loaderMatthew Holt
2022-02-17caddytls: Support external certificate Managers (like Tailscale) (#4541)Matt Holt
Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-01-18httpcaddyfile: Add pki app `root` and `intermediate` cert/key config (#4514)Francis Lavoie
2022-01-18rewrite: Add `method` Caddyfile directive (#4528)Francis Lavoie
2022-01-18httpcaddyfile: Add `default_bind` global option (#4531)Francis Lavoie
2022-01-18httpcaddyfile: Fix incorrect handling of IPv6 bind addresses (#4532)Francis Lavoie
The `net.JoinHostPort()` function has some naiive logic for handling IPv6, it just checks if the host part has a `:` and if so it wraps the host part with `[ ]` but this causes our network type prefix to get wrapped as well, which is invalid for `caddy.NetworkAddress`. Instead, we can just concatenate the host and port manually here to avoid this side-effect.
2022-01-05httpcaddyfile: Support configuring `pki` app names via global options (#4450)Francis Lavoie
2021-12-13httpcaddyfile: Fix sorting edgecase for nested `handle_path` (#4477)Francis Lavoie
2021-12-07caddyfile: impove fmt warning message (#4444)Runzhi He
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-12-02caddyhttp: Make logging of credential headers opt-in (#4438)Francis Lavoie