summaryrefslogtreecommitdiff
path: root/caddyconfig
AgeCommit message (Collapse)Author
2020-06-12httpcaddyfile: New `acme_eab` option (#3492)Chris Ortman
* Adds global options for external account bindings * Maybe other people use ctags too? * Use nested block to configure external account * go format files * Restore acme_ca directive in test file * Change Caddyfile config syntax for acme_eab * Update test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-05httpcaddyfile: Add client_auth options to tls directive (#3335)NWHirschfeld
* reading client certificate config from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update caddyconfig/httpcaddyfile/builtins.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * added adapt test for parsing client certificate configuration from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844 Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update modules/caddytls/connpolicy.go * Make review adjustments Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-03caddypki: Add 'acme_server' Caddyfile directiveMatthew Holt
2020-06-03httpcaddyfile: Sort site blocks with wildcards last (fix #3410)Matthew Holt
2020-06-01caddyfile: Add args on imports (#3423)Francis Lavoie
* caddyfile: Add support for args on imports * caddyfile: Add more import args tests
2020-06-01httpcaddyfile: Let modules add listener wrappers (#3397)Georges Haidar
* httpcaddyfile: allow modules to customize listener wrappers * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-29caddyconfig: Minor internal and godoc tweaksMatthew Holt
2020-05-27chore: Fix typo in dispenser.go (#3456)Francis Lavoie
2020-05-26httpcaddyfile: New `handle_path` directive (#3281)Francis Lavoie
* caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-26caddyfile: Move NewTestDispenser into non-test file (#3439)Francis Lavoie
2020-05-20httpcaddyfile: Improve error on matcher declared outside site block (#3431)Francis Lavoie
2020-05-19httpcaddyfile: Add `auto_https` global option (#3284)Francis Lavoie
2020-05-15httpcaddyfile: Be stricter about `log` syntax (#3419)Francis Lavoie
2020-05-11httpcaddyfile: Shorthands for parameterized placeholders (#3305)Francis Lavoie
* httpcaddyfile: Add shorthands for parameterized placeholders httpcaddyfile: Now with regexp instead httpcaddyfile: Allow dashes, gofmt httpcaddyfile: Compile regexp only once httpcaddyfile: Cleanup struct httpcaddyfile: Optimize the replacers, pull out of the loop httpcaddyfile: Add `{port}` shorthand * httpcaddyfile: Switch `r.` to `re.`
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-05-11httpcaddyfile: Make global options pluggable (#3265)Francis Lavoie
* httpcaddyfile: Make global options pluggable * httpcaddyfile: Add a global options adapt test * httpcaddyfile: Wrap err Co-Authored-By: Dave Henderson <dhenderson@gmail.com> * httpcaddyfile: Revert wrap err Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2020-05-06httpcaddyfile: Fix route ordering bugMatthew Holt
https://caddy.community/t/cant-get-simple-alias-to-work/7911/8?u=matt This removes an optimization where we amortized path matcher decoding. The decoded matchers were index by... position... which obviously changes during sorting. Duh. Anyway, sorting is sliiightly slower now but the Caddyfile is not really CPU-sensitive, so this is fine.
2020-05-05httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319)Matt Holt
This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important.
2020-05-05caddyconfig: Don't start comments in middle of tokens (#3267)Francis Lavoie
* caddyconfig: Only parse # as start of comment if preceded by space * caddyconfig: Simplify # logic using len(val), add a test
2020-05-05httpcaddyfile: Support single-line matchers (#3263)Francis Lavoie
* httpcaddyfile: Support single-line matchers * httpcaddyfile: Add single-line matcher test * httpcaddyfile: Add a matcher syntax adapt test
2020-05-05caddyfile: Support backticks as quotes (closes #2591) (#3242)Matt Holt
2020-05-02caddytls: Finish upgrading to libdns DNS providers for ACME challengesMatthew Holt
Until we finish the migration to the new acme library, we have to bring the solver type in-house. It's small and temporary.
2020-05-02caddytls: Fix namespace tls.dns -> dns.providersMatthew Holt
Coulda sworn I did this already but I think I messed up my git commands
2020-05-01httpcaddyfile: Update tls parsing for DNS providersMatthew Holt
2020-05-01httpcaddyfile: Minor fixes to parsing storage optionsMatthew Holt
2020-04-30caddytls: Adjust DNS challenge structure; clarify some docsMatthew Holt
2020-04-28caddyhttp: General improvements to access logging (#3301)Matt Holt
* httpcaddyfile: Exclude access logs written to files from default log Even though any logs can just be ignored, most users don't seem to like configuring an access log to go to a file only to have it doubly appear in the default log. Related to: - #3294 - https://caddy.community/t/v2-logging-format/7642/4?u=matt - https://caddy.community/t/caddyfile-questions/7651/3?u=matt * caddyhttp: General improvements to access log controls (fixes #3310) * caddyhttp: Move log config nil check higher * Rename LoggerName -> DefaultLoggerName
2020-04-24httpcaddyfile: Add nil check to prevent panic, fix validation logicMatthew Holt
Panic would happen if an automation policy was specified in a singular server block that had no hostnames in its address. Definitely an edge case. Fixed a bug related to checking for server blocks with a host-less key that tried to make an automation policy. Previously if you had only two server blocks like ":443" and another one at ":80", the one at ":443" could not create a TLS automation policy because it thought it would interfere with TLS automation for the block at ":80", but obviously that key doesn't enable TLS because it is on the HTTP port. So now we are a little smarter and count only non-HTTP-empty-hostname keys. Also fixed a bug so that a key like "https://:1234" is sure to have TLS enabled by giving it a TLS connection policy. (Relaxed conditions slightly; the previous conditions were too strict, requiring there to be a TLS conn policy already or a default SNI to be non-empty.) Also clarified a comment thanks to feedback from @Mohammed90
2020-04-22httpcaddyfile: Why was this code repeated??Matthew Holt
2020-04-20ci: fuzz: remove the fuzzer of the Caddyfile parser (#3288)Mohammed Al Sahaf
2020-04-14httpcaddyfile: Don't lowercase placeholder contents (fixes #3264)Matthew Holt
2020-04-13core: Don't return error on RegisterModule() and RegisterAdapter()Matthew Holt
These functions are called at init-time, and their inputs are hard-coded so there are no environmental or user factors that could make it fail or succeed; the error return values are often ignored, and when they're not, they are usually a fatal error anyway. To ensure that a programmer mistake is not missed, we now panic instead. Last breaking change 🤞
2020-04-10tests: Clean up redundant type declarationsMatthew Holt
2020-04-10httpcaddyfile: Don't remove empty TLS conn policies (fix #3249)Matthew Holt
Not sure why I thought that would be a good idea
2020-04-09caddytls: Fix for TLS conn policy being applied to HTTP-only servers (#3243)Matt Holt
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223) * Account for HTTP port * Add integration test written by @sarge
2020-04-08chore: make the linter happier (#3245)Mohammed Al Sahaf
* chore: make the linter happier * chore: remove reference to maligned linter in .golangci.yml
2020-04-08httpcaddyfile, caddytls: Multiple edge case fixes; add testsMatthew Holt
- Create two default automation policies; if the TLS app is used in isolation with the 'automate' certificate loader, it will now use an internal issuer for internal-only names, and an ACME issuer for all other names by default. - If the HTTP Caddyfile adds an 'automate' loader, it now also adds an automation policy for any names in that loader that do not qualify for public certificates so that they will be issued internally. (It might be nice if this wasn't necessary, but the alternative is to either make auto-HTTPS logic way more complex by scanning the names in the 'automate' loader, or to have an automation policy without an issuer switch between default issuer based on the name being issued a certificate - I think I like the latter option better, right now we do something kind of like that but at a level above each individual automation policies, we do that switch only when no automation policies match, rather than when a policy without an issuer does match.) - Set the default LoggerName rather than a LoggerNames with an empty host value, which is now taken literally rather than as a catch-all. - hostsFromKeys, the function that gets a list of hosts from server block keys, no longer returns an empty string in its resulting slice, ever.
2020-04-08httpcaddyfile: Add key_type global option (#3231)Francis Lavoie
2020-04-06caddyhttp: Support single-line not matcher (#3228)Francis Lavoie
* caddyhttp: Support single-line not matcher shortcut * caddyhttp: Some tests, I guess
2020-04-06httpcaddyfile: Carry bind setting through to ACME issuer (fixes #3232)Matthew Holt
2020-04-06tests: Remove noisy logsMatthew Holt
2020-04-03httpcaddyfile: Yield cleaner JSON when conn policy or log name is emptyMatthew Holt
2020-04-02httpcaddyfile: Refactor site key parsing; detect conflicting schemesMatthew Holt
We now store the parsed site/server block keys with the server block, rather than parsing the addresses every time we read them. Also detect conflicting schemes, i.e. TLS and non-TLS cannot be served from the same server (natively -- modules could be built for it). Also do not add site subroutes (subroutes generated specifically from site blocks in the Caddyfile) that are empty.
2020-04-02ci: fuzz: skip fuzz data that contains `import` (#3214)Mohammed Al Sahaf
Thus far the fuzzers have found a few crashers in the Caddyfile parser. However, the fuzzer have been stuck at import glob expansion after import glob expansion, which aren't reproducible.
2020-04-01caddytls: Refactor certificate selection policies (close #1575)Matthew Holt
Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-01caddyfile: Export NewTestDispenser() (close #2930)Matthew Holt
This allows modules to test their UnmarshalCaddyfile methods.
2020-04-01caddytls: Update cipher suite names and curve namesMatthew Holt
Now using IANA-compliant names and Go 1.14's CipherSuites() function so we don't have to maintain our own mapping of currently-secure cipher suites.
2020-03-30httpcaddyfile: Include non-standard ports when mapping logger namesMatthew Holt
If a site block has a key like "http://localhost:2016", then the log for that site must be mapped to "localhost:2016" and not just "localhost" because "localhost:2016" will be the value of the Host header of requests. But a key like "localhost:80" does not include the port since the Host header will not include ":80" because it is a standard port. Fixes https://caddy.community/t/v2-common-log-format-not-working/7352?u=matt
2020-03-29caddyfile: Minor fixes to the formatterMatthew Holt
2020-03-28httpcaddyfile: Put root directive first, before redir and rewriteMatthew Holt
See https://caddy.community/t/v2-match-any-path-but-files/7326/8?u=matt If rewrites (or redirects, for that matter) match on file existence, the file matcher would need to know the root of the site. Making this change implies that root directives that depend on rewritten URIs will not work as expected. However, I think this is very uncommon, and am not sure I have ever seen that. Usually, dynamic roots are based on host, not paths or query strings. I suspect that rewrites based on file existence will be more common than roots based on rewritten URIs, so I am moving root to be the first in the list. Users can always override this ordering with the 'order' global option.