summaryrefslogtreecommitdiff
path: root/caddyconfig
AgeCommit message (Collapse)Author
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-20httpcaddyfile: tls: Load repeated cert files only once, with one tagMatthew Holt
See end of issue #3004. Loading the same certificate file multiple times with different tags will result in it being de-duplicated in the in- memory cache, because of course they all have the same bytes. This meant that any certs of the same filename loaded with different tags would be overwritten by the next certificate of the same filename, and any conn policies looking for the tags of the previous ones would never find them, causing connections to fail. So, now we remember cert filenames and their tags, instead of loading them multiple times and overwriting previous ones. A user crafting their own JSON might make this error too... maybe we won't see it happen. But if it does, one possibility is, when loading a duplicate cert, instead of discarding it completely, merge the tag list into the one that's already stored in the cache, then discard.
2020-02-20httpcaddyfile: Combine repeated cert loaders (fix #3004)Matthew Holt
Also only append 1 catch-all TLS connection policy to a server, even if multiple site blocks contribute to that server.
2020-02-18httpcaddyfile: Properly add all cert loaders across sites (fixes #3056)Matthew Holt
2020-02-16httpcaddyfile: 'handle_errors' directiveMatthew Holt
Not sure I love the name of the directive; might change it later.
2020-02-16httpcaddyfile: Refactor global options parsing; prevent duplicate keysMatthew Holt
2020-02-16http: Remove redundant test fileMatthew Holt
Forgot to delete this when I moved its test into a different file
2020-02-14tls: Avoid duplication AutomationPolicies for large quantities of namesMatthew Holt
This should greatly reduce memory usage at scale. Part of an overall effort between Caddy 2 and CertMagic to optimize for large numbers of names.
2020-02-14caddyfile: Refactor; NewFromNextSegment(); fix repeated matchersMatthew Holt
Now multiple instances of the same matcher can be used within a named matcher without overwriting previous ones.
2020-02-12tls: Add acme_ca_root and tls/ca_root to caddyfile (#3040)Mark Sargent
2020-02-08httpcaddyfile: Add support for DNS challenge solversMatthew Holt
Configuration via the Caddyfile requires use of env variables, but an upstream issue is currently blocking that: https://github.com/go-acme/lego/issues/1054 Providers will need to be retrofitted upstream in order to support env var configuration.
2020-02-06caddyfile: tls: Ensure there is always a catch-all conn policy (#3005)Matthew Holt
If user provides their own certs or makes any hostname-specific TLS connection policy, it means that no TLS connection would be served for any other hostnames, even though you'd expect that TLS is enabled for them, too. So now we append a catch-all conn policy if none exist, which allows all ClientHellos to be matched and served. We also fix the consolidation of automation policies, which previously gobbled up automation policies without hosts in favor of automation policies with hosts. Instead of a host-specific policy eating up an identical catch-all policy, the catch-all policy eats up the identical host-specific policy, ensuring that the policy is applied to all hosts which need it. See also: https://caddy.community/t/v2-automatic-https-certificate-errors/6847/9?u=matt
2020-02-06caddyfile: tls: Tag manual certificates (#2588)Matthew Holt
This ensure that if there are multiple certs that match a particular ServerName or other parameter, then specifically the one the user provided in the Caddyfile will be used.
2020-02-04httpcaddyfile: Add {remote} shorthand placeholdersMatthew Holt
Also sort the list
2020-02-04httpcaddyfile: Make root directive mutually exclusiveMatthew Holt
See https://caddy.community/t/caddyfile-and-v2/6766/22?u=matt
2020-01-23httpcaddyfile: Skip hosts from auto-https when http:// scheme (fix #2998)Matthew Holt
2020-01-22httpcaddyfile: Rename 'headers' directive to 'header'Matthew Holt
2020-01-22httpcaddyfile: Update directive docs; put root after rewriteMatthew Holt
2020-01-22httpcaddyfile: Get rid of 'tls off' parameter; probably not usefulMatthew Holt
2020-01-19httpcaddyfile: Fix address parsing; don't infer port at parse-timeMatthew Holt
Before, listener ports could be wrong because ParseAddress doesn't know about the user-configured HTTP/HTTPS ports, instead hard-coding port 80 or 443, which could be wrong if the user changed them to something else. Now we defer port and scheme validation/inference to a later part of building the output JSON.
2020-01-17httpcaddyfile: Move redir before rewriteMatthew Holt
Using rewrite is like saying, "I accept this request, but I just need to act on it as if it came in differently." Whereas redir implies more of, "I reject this request, send it to me differently, then I will process it." Makes sense for it to come before rewrites. This can always be changed using the 'order' global option if needed.
2020-01-16httpcaddyfile: Fix nested blocks; add handle directive; refactorMatthew Holt
The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-16httpcaddyfile: Replace 'handler_order' option with 'order'Matthew Holt
This allows individual directives to be ordered relative to others, where order matters (for example HTTP handlers). Will primarily be useful when developing new directives, so you don't have to modify the Caddy source code. Can also be useful if you prefer that redir comes before rewrite, for example. Note that these are global options. The route directive can be used to give a specific order to a specific group of HTTP handler directives.
2020-01-16httpcaddyfile: Group try_files routes together (#2891)Matthew Holt
This ensures that only the first matching route is used.
2020-01-15caddyfile: Sort site subroutes by key specificity, and make exclusiveMatthew Holt
In the v1 Caddyfile, only the first matching site definition would be used, so setting these `Terminal: true` ensures that only the first matching one is used in v2, too. We also have to sort by key specificity... Caddy 1 had a special data structure for selecting the most specific site definition, but we don't have that structure in v2, so we need to sort by length (of host and path, separately). For blocks where more than one key is present, we choose the longest host and path (independently, need not be from same key) by which to sort.
2020-01-10http: Remove {...query_string} placeholder, in favor of {...query}Matthew Holt
I am not sure if the query_string one is necessary or useful yet. We can always add it later if needed.
2020-01-09caddyfile: advance cursor for claimed token in NewFromNextTokens() (#2971)Zaq? Wiedmann
When we append a token to the new dispenser, we need to consume it in the parent, too; otherwise it gets scanned twice, which in this case messed up the nesting count which got decremented once too many times.
2020-01-09caddyfile: fix replacing variables on imported files (#2970)Mark Sargent
* fix replacing variables on imported files * refactored replaceEnvVars to ensure it is always called * Use byte slices for easier use Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-01-09caddyfile: Use of vars no longer requires nesting in subroutesMatthew Holt
This is because of our sequential handling logic which was recently merged; if vars is the first handler in the chain, it will be run before the next route's matchers are executed, so there's no need to nest the handlers anymore.
2020-01-09v2: Implement Caddyfile enhancements (breaking changes) (#2960)Matt Holt
* http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-09caddyfile: Less strict URL parsing; allows placeholdersMatthew Holt
See https://caddy.community/t/caddy-v2-reusable-snippets/6744/11?u=matt
2020-01-09caddyfile: Preprocess env vars in {$THIS} format (#2963)Mark Sargent
* transform a caddyfile with environment variables * support adapt time and runtime variables in the caddyfile * caddyfile: Pre-process environment variables before parsing Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2019-12-13tls: Ensure conn policy is created when providing certs in CaddyfileMatthew Holt
Fixes #2929
2019-12-13Couple of quick fixesMatthew Holt
2019-12-12rewrite: strip_prefix, strip_suffix, and uri_replace dirs (closes #2906)Matthew Holt
2019-12-12try_files, rewrite: allow query string in try_files (fix #2891)Matthew Holt
Also some minor cleanup/improvements discovered along the way
2019-12-10fuzz: Remove Caddyfile adapter from fuzz corpus (#2925)Matt Holt
The Caddyfile adapter does not need to be fuzzed, as all it really does is invoke the Caddyfile parser, which is already fuzzed
2019-12-10v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924)Matt Holt
This commit goes a long way toward making automated documentation of Caddy config and Caddy modules possible. It's a broad, sweeping change, but mostly internal. It allows us to automatically generate docs for all Caddy modules (including future third-party ones) and make them viewable on a web page; it also doubles as godoc comments. As such, this commit makes significant progress in migrating the docs from our temporary wiki page toward our new website which is still under construction. With this change, all host modules will use ctx.LoadModule() and pass in both the struct pointer and the field name as a string. This allows the reflect package to read the struct tag from that field so that it can get the necessary information like the module namespace and the inline key. This has the nice side-effect of unifying the code and documentation. It also simplifies module loading, and handles several variations on field types for raw module fields (i.e. variations on json.RawMessage, such as arrays and maps). I also renamed ModuleInfo.Name -> ModuleInfo.ID, to make it clear that the ID is the "full name" which includes both the module namespace and the name. This clarity is helpful when describing module hierarchy. As of this change, Caddy modules are no longer an experimental design. I think the architecture is good enough to go forward.
2019-11-29v2: fixes query matcher parsing (#2901)Mark Sargent
* fixes query matcher parsing * return correct argument error when parsing query matcher
2019-11-29http: Shorten regexp matcher placeholders; allow "=/" for simple matcherMatthew Holt
2019-11-04Prepare for beta 9 tagMatthew Holt
2019-11-04caddyfile: Fix bug with DeleteMatthew Holt
It now will delete the current token even if it is the last one
2019-10-30admin listener as opt-in for initial config (#2834)Andreas Schneider
* Always cleanup admin endpoint first * Error out if no config has been set (#2833) * Ignore explicitly missing admin config (#2833) * Separate config loading from admin initialization (#2833) * Add admin option to specify admin listener address (#2833) * Use zap for reporting admin endpoint status
2019-10-30Add missing fuzzer (#2844)Mohammed Al Sahaf
* fuzz: add missing fuzzer by fixing .gitignore adding a negation for caddyfile/ directory * ci: print fuzzing type for debuggability and traceability * README: update the Fuzzit badge to point to the correct Caddy server Github organization
2019-10-30fuzz: Don't call Load() in HTTP caddyfile adapter fuzz testsMatthew Holt
Doing so has a tendency to request certificates...
2019-10-28caddyhttp: Minor cleanup and fix nil pointer deref in caddyfile adapterMatthew Holt
2019-10-25fuzz: introduce continuous fuzzing for Caddy (#2723)Mohammed Al Sahaf
* fuzz: lay down the foundation for continuous fuzzing * improve the fuzzers and add some * fuzz: add Fuzzit badge to README & enable fuzzers submission in CI * v2-fuzz: do away with the submodule approach for fuzzers * fuzz: enable fuzzit
2019-10-15v2: Make tests work on Windows (#2782)Matt Holt
* file_server: Make tests work on Windows * caddyfile: Fix escaping when character is not escapable We only escape certain characters depending on inside or outside of quotes (mainly newlines and quotes). We don't want everyone to have to escape Windows file paths like C:\\Windows\\... but we can't drop the \ either if it's just C:\Windows\...
2019-10-15v2: Project-and-CI-wide linter config (#2812)Mohammed Al Sahaf
* v2: split golangci-lint configuration into its own file to allow code editors to take advantage of it * v2: simplify code * v2: set the correct lint output formatting * v2: invert the logic of linter's configuration of output formatting to allow the editor convenience over CI-specific customization. Customize the output format in CI by passing the flag. * v2: remove irrelevant golangci-lint config
2019-10-10http: authentication module; hash-password cmd; http_basic providerMatthew Holt
This implements HTTP basicauth into Caddy 2. The basic auth module will not work with passwords that are not securely hashed, so a subcommand hash-password was added to make it convenient to produce those hashes. Also included is Caddyfile support. Closes #2747.