Age | Commit message (Collapse) | Author |
|
|
|
* caddyhttp: Implement named routes, `invoke` directive
* gofmt
* Add experimental marker
* Adjust route compile comments
|
|
|
|
(#5494)
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile
* Add clarifying comment
|
|
|
|
* caddyhttp: Determine real client IP if trusted proxies configured
* Support customizing client IP header
* Implement client_ip matcher, deprecate remote_ip's forwarded option
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
|
|
* caddyhttp: Pluggable trusted proxy IP range sources
* Add request to the IPRangeSource interface
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
|
|
|
|
* acme_server: add certificate lifetime configuration option
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
* pki: allow intermediate cert lifetime to be configured
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
|
|
|
|
policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off
* Try removing this check altogether...
* Refine test timeouts slightly, sigh
* caddyhttp: Assume udp for unrecognized network type
Seems like the reasonable thing to do if a plugin registers its own
network type.
* Add comment to document my lack of knowledge
* Clean up and prepare to merge
Add comments to try to explain what happened
|
|
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)
* Correct boolean logic (oops)
|
|
Fix #4859
|
|
Attempt to reduce flakiness a bit more
Test suite needs to be rewritten.
|
|
|
|
fastcgi: Redirect using original URI path (fix #5073) and rewrite: Only trim prefix if matched
|
|
|
|
|
|
* httpcaddyfile: Fix `protocols` global option parsing
When checking for a block, the current nesting must be used, otherwise it returns the wrong thing.
* Adjust adapt test to cover the broken behaviour that is now fixed
* Fix some admin tests which suddenly run even with -short
|
|
* caddyhttp: Honor grace period in background
This avoids blocking during config reloads.
* Don't quit process until servers shut down
* Make tests more likely to pass on fast CI (#5045)
* caddyhttp: Even faster shutdowns
Simultaneously shut down all HTTP servers, rather than one at a time.
In practice there usually won't be more than 1 that lingers. But this
code ensures that they all Shutdown() in their own goroutine
and then we wait for them at the end (if exiting).
We also wait for them to start up so we can be fairly confident the
shutdowns have begun; i.e. old servers no longer
accepting new connections.
* Fix comment typo
* Pull functions out of loop, for readability
|
|
* caddyhttp: Implement `skip_log` handler
* Refactor to use vars middleware
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previously, our "duplicate key in server block" logic was flawed because
it did not account for the site's bind address. We defer this check to
when the listener addresses have been assigned, but before we commit
a server block to its listener.
Also refined how network address parsing and joining works, which was
necessary for a less convoluted fix.
|
|
* reverseproxy: Implement retry count, alternative to try_duration
* Add Caddyfile support for `retry_match`
* Refactor to deduplicate matcher parsing logic
* Fix lint
|
|
|
|
|
|
* Make reverse proxy TLS server name replaceable for SNI upstreams.
* Reverted previous TLS server name replacement, and implemented thread safe version.
* Move TLS servername replacement into it's own function
* Moved SNI servername replacement into httptransport.
* Solve issue when dynamic upstreams use wrong protocol upstream.
* Revert previous commit.
Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream.
Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d
* Added SkipTLSPorts option to http transport.
* Fix typo in test config file.
* Rename config option as suggested by Matt
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update code to match renamed config option.
* Fix typo in config option name.
* Fix another typo that I missed.
* Tests not completing because of apparent wrong ordering of options.
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
* Add renegotiation option in reverseproxy tls client
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* httpcaddyfile: Support multiple values for `default_bind`
* Fix ordering of server blocks
|
|
|
|
|
|
|
|
|