| Age | Commit message (Collapse) | Author | 
|---|
|  |  | 
|  |  | 
|  |  | 
|  | We now store the parsed site/server block keys with the server block,
rather than parsing the addresses every time we read them.
Also detect conflicting schemes, i.e. TLS and non-TLS cannot be served
from the same server (natively -- modules could be built for it).
Also do not add site subroutes (subroutes generated specifically from
site blocks in the Caddyfile) that are empty. | 
|  | Thus far the fuzzers have found a few crashers in the Caddyfile parser. However, the fuzzer have been stuck at import glob expansion after import glob expansion, which aren't reproducible. | 
|  | Certificate selection used to be a module, but this seems unnecessary,
especially since the built-in CustomSelectionPolicy allows quite complex
selection logic on a number of fields in certs. If we need to extend
that logic, we can, but I don't think there are SO many possibilities
that we need modules.
This update also allows certificate selection to choose between multiple
matching certs based on client compatibility and makes a number of other
improvements in the default cert selection logic, both here and in the
latest CertMagic.
The hardest part of this was the conn policy consolidation logic
(Caddyfile only, of course). We have to merge connection policies that
we can easily combine, because if two certs are manually loaded in a
Caddyfile site block, that produces two connection policies, and each
cert is tagged with a different tag, meaning only the first would ever
be selected. So given the same matchers, we can merge the two, but this
required improving the Tag selection logic to support multiple tags to
choose from, hence "tags" changed to "any_tag" or "all_tags" (but we
use any_tag in our Caddyfile logic).
Combining conn policies with conflicting settings is impossible, so
that should return an error if two policies with the exact same matchers
have non-empty settings that are not the same (the one exception being
any_tag which we can merge because the logic for them is to OR them).
It was a bit complicated. It seems to work in numerous tests I've
conducted, but we'll see how it pans out in the release candidates. | 
|  | This allows modules to test their UnmarshalCaddyfile methods. | 
|  | Now using IANA-compliant names and Go 1.14's CipherSuites() function so
we don't have to maintain our own mapping of currently-secure cipher
suites. | 
|  | If a site block has a key like "http://localhost:2016", then the log for
that site must be mapped to "localhost:2016" and not just "localhost"
because "localhost:2016" will be the value of the Host header of requests.
But a key like "localhost:80" does not include the port since the Host
header will not include ":80" because it is a standard port.
Fixes https://caddy.community/t/v2-common-log-format-not-working/7352?u=matt | 
|  |  | 
|  | See https://caddy.community/t/v2-match-any-path-but-files/7326/8?u=matt
If rewrites (or redirects, for that matter) match on file existence,
the file matcher would need to know the root of the site.
Making this change implies that root directives that depend on rewritten
URIs will not work as expected. However, I think this is very uncommon,
and am not sure I have ever seen that. Usually, dynamic roots are based
on host, not paths or query strings.
I suspect that rewrites based on file existence will be more common than
roots based on rewritten URIs, so I am moving root to be the first in
the list.
Users can always override this ordering with the 'order' global option. | 
|  |  | 
|  | This seems unnecessary for now and we can always add it in later if
people have a good reason to need it. | 
|  |  | 
|  |  | 
|  | Brotli encoder, jsonc and json5 config adapters, and the unfinished
HTTP cache handler are removed.
They will be available in separate repos. | 
|  | Fixes
https://caddy.community/t/v2-help-to-set-up-a-yourls-instance/7260/22 | 
|  |  | 
|  |  | 
|  | * admin: Refactor /load endpoint out of caddy package
This eliminates the caddy package's dependency on the caddyconfig
package, which helps prevent import cycles.
* v2: adapter: register config adapters as Caddy modules
* v2: adapter: simplify adapter registration as adapters and modules
* v2: adapter: let RegisterAdapter be in charge of registering adapters as modules
* v2: adapter: remove underscrores placeholders
* v2: adapter: explicitly ignore the error of writing response of writing warnings back to client
* Implicitly wrap config adapters as modules
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com> | 
|  | I must have written that one before the helper function
`RegisterHandlerDirective`. | 
|  |  | 
|  |  | 
|  | * rewrite: strip_prefix, strip_suffix, uri_replace -> uri (closes #3140)
* Add period, to satisfy @whitestrake :) and my own OCD
* Restore implied / prefix | 
|  |  | 
|  |  | 
|  | It's hard to say whether this was actually a bug, but the linked issue
shows why the old behavior was confusing. Basically, we infer that a
rewrite handler is supposed to act as an internal redirect, which likely
means it will no longer match the matcher(s) it did before the rewrite.
So if the rewrite directive shares a matcher with any adjacent route or
directive, it can be confusing/misleading if we consolidate the rewrite
into the same route as the next handler, which shouldn't (probably) match
after the rewrite is complete.
This is kiiiind of a hacky workaround to a quirky problem.
For edge cases like these, it is probably "cleaner" to just use handle
blocks instead, to group handlers under the same matcher, nginx-style. | 
|  | Holy heck this was complicated | 
|  | * added sni tests
* set the default sni when there is no host to match
* removed invalid sni test. Disabled tests that rely on host headers.
* readded SNI tests. Added logging of config load times | 
|  | This fixes indentation for blocks starting with
a brace as:
```Caddyfile
{
    ...
}
```
Fixes #3144
Signed-off-by: Vaibhav <vrongmeal@gmail.com> | 
|  |  | 
|  |  | 
|  | * add integration tests
* removed SNI test
* remove integration test condition
* minor edit
* fix sni when using static certificates
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  | * pki: Initial commit of PKI app (WIP) (see #2502 and #3021)
* pki: Ability to use root/intermediates, and sign with root
* pki: Fix benign misnamings left over from copy+paste
* pki: Only install root if not already trusted
* Make HTTPS port the default; all names use auto-HTTPS; bug fixes
* Fix build - what happened to our CI tests??
* Fix go.mod | 
|  |  | 
|  |  | 
|  | This is a breaking change primarily in two areas:
 - Storage paths for certificates have changed
 - Slight changes to JSON config parameters
Huge improvements in this commit, to be detailed more in
the release notes.
The upcoming PKI app will be powered by Smallstep libraries. | 
|  | * remove the certificate tag tracking from global state
* refactored helper state, added log counter
* moved state initialisation close to where it is used.
* added helper state comment | 
|  | Previously the formatter did not include support for
blocks inside other blocks. Hence the formatter could
not indent some files properly. This fixes it.
Fixes #3104
Signed-off-by: Vaibhav <vrongmeal@gmail.com> | 
|  | This takes the config file as input and formats it.
Prints the result to stdout. Can write changes to
file if `--write` flag is passed.
Fixes #3020
Signed-off-by: Vaibhav <vrongmeal@gmail.com> | 
|  |  | 
|  | + a couple other minor changes from linter | 
|  |  | 
|  |  | 
|  | * Fix typo
* Fix typo, thanks for Spell Checker under VS Code | 
|  | Small expansion to the work done in https://github.com/caddyserver/caddy/pull/2963 which simply calls `os.ExpandEnv` so env vars like `{$URL}` where `$URL=$SCHEME://$HOST:$PORT` (contrived) get the expanded $SCHEME, $HOST, and $PORT variables included | 
|  | * add global default sni
* fixed grammar
* httpcaddyfile: Reduce some duplicated code
* Um, re-commit already-committed commit, I guess? (sigh)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> | 
|  | * httpcaddyfile: Begin implementing log directive, and debug mode
For now, debug mode just sets the log level for all logs to DEBUG
(unless a level is specified explicitly).
* httpcaddyfile: Finish 'log' directive
Also rename StringEncoder -> SingleFieldEncoder
* Fix minor bug in replacer (when vals are empty) | 
|  | This is useful in 'handle' and 'route' directives, for instance, if you
want to keep your matcher definitions by the directives that use them. | 
|  | * caddytls: Add CipherSuiteName and ProtocolName functions
The cipher_suites.go file is derived from a commit to the Go master
branch that's slated for Go 1.14.  Once Go 1.14 is released, this file
can be removed.
* caddyhttp: Use commonLogEmptyValue in common_log replacer
* caddyhttp: Add TLS placeholders
* caddytls: update unsupportedProtocols
Don't export unsupportedProtocols and update its godoc to mention that
it's used for logging only.
* caddyhttp: simplify getRegTLSReplacement signature
getRegTLSReplacement should receive a string instead of a pointer.
* caddyhttp: Remove http.request.tls.client.cert replacer
The previous behavior of printing the raw certificate bytes was ported
from Caddy 1, but the usefulness of that approach is suspect.  Remove
the client cert replacer from v2 until a use case is presented.
* caddyhttp: Use tls.CipherSuiteName from Go 1.14
Remove ported version of CipherSuiteName in the process. |