Age | Commit message (Collapse) | Author |
|
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
* test: replicated empty tls automation policy issue
* fix: empty tls policy for an http:// endpoint running on a non-standard http port
|
|
|
|
|
|
|
|
We realized we made some mistakes with the directive ordering, so we're making some minor adjustments.
`abort` and `error` don't really make sense to be after other handler directives, because you would expect to be able to "fail-fast" and throw an error before falling through to some `file_server` or `respond` typically. So we're moving them up to just before `respond`, i.e. before the common handler directives.
This is also more consistent with our existing examples in the docs, which actually didn't work due to the directive ordering. See https://caddyserver.com/docs/caddyfile/directives/error#examples
Also, `push` doesn't quite make sense to be after `handle`/`route`, since its job is to read from response headers to push additional resources if necessary, and `handle`/`route` may be terminal so push would not be reached if it was declared outside those. And also, it would make sense to be _before_ `templates` because a template _could_ add a `Link` header to the response dynamically.
|
|
|
|
* httpcaddyfile: ensure hosts to skip can always be collected
Previously, some hosts that should be skipped in logging would
be missed as the current logic would only collect them after
encountering the first server that would log. This change makes sure
the ServerLogConfig is initialized before iterating over the server
blocks.
* httpcaddyfile: add test case for skip hosts behavior
|
|
|
|
|
|
* feat(fileserver): add 'canonical_uris' parameter to caddyfile
add 'canonical_uris' parameter to caddyfile
reference #2741
Signed-off-by: mritd <mritd@linux.com>
* feat(file_server): rename subdirective canonical_uris to disable_canonical_uris
rename subdirective canonical_uris to disable_canonical_uris
Signed-off-by: mritd <mritd@linux.com>
* test(caddyfile_adapt): add disable_canonical_uris subdirective test file
add disable_canonical_uris subdirective test file
Signed-off-by: mritd <mritd@linux.com>
|
|
If an email is specified in global options, a site called 'localhost' shouldn't be bunched together with public DNS names in the automation policies, which get the default, public-CA issuers. Fix old test that did this.
I also noticed that these two:
localhost {
}
example.com {
}
and
localhost, example.com {
}
produce slightly different TLS automation policies. The former is what the new test case covers, and we have logic that removes the empty automation policy for localhost so that auto-HTTPS can implicitly create one. (We prefer that whenever possible.) But the latter case produces two automation policies, with the second one being for localhost, with an explicit internal issuer. It's not wrong, just more explicit than it needs to be.
I'd really like to completely rewrite the code from scratch that generates automation policies, hopefully there is a simpler, more correct algorithm.
|
|
Commit 7c68809f4e13a7ac7c9e216a69410e7c1966c1df
|
|
In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs).
|
|
(#4192)
* Added preferred_chains option to Caddyfile
* Caddyfile adapt tests for preferred_chains
|
|
* add propagation_timeout to UnmarshalCaddyfile
- Closes #4177
* added caddyfile_adapt test
|
|
Fixes https://github.com/caddyserver/caddy/issues/4002
|
|
Also fix a previous test that asserted incorrect behavior.
|
|
Followup to #4150, #4151 /cc @ueffel @polarathene
After a bit of discussion with @mholt, we decided to remove `prefer` as a subdirective and just go with using the order implicitly always. Simpler config, simpler docs, etc.
Effectively changes 7776471 and reverts a small part of f35a7fa.
|
|
(#4151)
|
|
See https://caddyserver.com/docs/json/apps/http/#grace_period
|
|
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710)
* reverseproxy: complete handle_response test
* reverseproxy: Change handle_response matchers to use named matchers
reverseproxy: Add support for changing status code
* fastcgi: Remove obsolete TODO
We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case
* reverseproxy: Fix support for "4xx" type status codes
* Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* caddyhttp: Reorganize response matchers
* reverseproxy: Reintroduce caddyfile.Unmarshaler
* reverseproxy: Add comment mentioning Finalize should be called
Co-authored-by: Maxime Soulé <btik-git@scoubidou.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
Followup to https://github.com/caddyserver/caddy/commit/42b7134ffa3bf3e9e86514c82407979c2627a5ab
|
|
* httpcaddyfile: Fix unexpectedly removed policy
When user set on_demand tls option in a catch-all (:443) policy,
we expect other policies to not have the on_demand enabled
See ex in tls_automation_policies_5.txt
Btw, we can remove policies if they are **all** empty.
* Update caddyconfig/httpcaddyfile/tlsapp.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* caddyfile: Fix `import` replacing unrelated placeholders
See https://caddy.community/t/snippet-issue-works-outside-snippet/12231
So it turns out that `NewReplacer()` gives a replacer with some global defaults (like `{env.*}` and some system and time placeholders), which is not ideal when running `import` because we just want to replace `{args.*}` only, and nothing else.
* caddyfile: Add test
|
|
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs
* caddyhttp: Add integration test
|
|
|
|
After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file.
This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins).
|
|
* httpcaddyfile: Add reproduce test
* httpcaddyfile: Don't allow `i` to go below zero
|
|
* encode: implement prefer setting
* encode: minimum_length configurable via caddyfile
* encode: configurable content-types which to encode
* file_server: support precompressed files
* encode: use ReponseMatcher for conditional encoding of content
* linting error & documentation of encode.PrecompressedOrder
* encode: allow just one response matcher
also change the namespace of the encoders back, I accidently changed to precompressed >.>
default matchers include a * to match to any charset, that may be appended
* rounding of the PR
* added integration tests for new caddyfile directives
* improved various doc strings (punctuation and typos)
* added json tag for file_server precompress order and encode matcher
* file_server: add vary header, remove accept-ranges when serving precompressed files
* encode: move Suffix implementation to precompressed modules
|
|
(#4050)
* reverseproxy: Implement health_uri, replaces health_path, supports query
Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx".
* reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
|
|
|
|
This filter is intended to be useful in scenarios where you may want to
redact a value with a static string, giving you information that the
field did previously exist and was present, but not revealing the value
itself in the logs.
This was inspired by work on adding more complete support for removing
sensitive values from logs [1]. An example use case would be the
Authorization header in request log output, for which the value should
usually not be logged, but it may be quite useful for debugging to
confirm that the header was present in the request.
[1] https://github.com/caddyserver/caddy/issues/3958
|
|
This change is aimed at enhancing the logging module within the
Caddyfile directive to allow users to configure logs other than the HTTP
access log stream, which is the current capability of the Caddyfile [1].
The intent here is to leverage the same syntax as the server log
directive at a global level, so that similar customizations can be added
without needing to resort to a JSON-based configuration.
Discussion for this approach happened in the referenced issue.
Closes https://github.com/caddyserver/caddy/issues/3958
[1] https://caddyserver.com/docs/caddyfile/directives/log
|
|
* Replace placeholders with regex groups
* using Matcher methods
* test added
* linting fix
* Revert "linting fix"
This reverts commit cafd7296f43639bbcd2601bea79a47f60763a200.
* Revert "test added"
This reverts commit 3a76cc7b0bc5dcef15ca5c8ec22efcd4067d484c.
* Revert "using Matcher methods"
This reverts commit cc34337b8ebb61d40ec343cee0fc225a694d3db6.
* tests added
|
|
|
|
A site block that has a catch-all and the shortest address is now sorted better.
https://caddy.community/t/caddy-suddenly-directs-my-site-to-the-wrong-directive/11597/2
|
|
Fixes a bug introduced in #3862
|
|
Previous commit improved the Caddyfile adapter so it doesn't unnecessarily add names to "skip" in "auto_https" when the server is already HTTP-only.
This commit updates the tests to reflect that change, while also fixing the Caddyfile formatting in many of the tests.
We also print the line number of the divergence between input and formatted version in Caddyfile adapt warnings - very useful for finding initial formatting problems.
|
|
This is probably an invasive change, but existing tests continue to pass.
It seems to make sense this way. There is likely an edge case I haven't
considered.
|
|
* caddytls: add 'key_type' subdirective
* Suggested change
* *string -> string
* test
|
|
* reverse_proxy: 1.health check headers can be set through Caddyfile using health_headers directive; 2.health check header host can be set properly
* reverse_proxy:
replace example with syntax definition
inline health_headers directive parse function
* bugfix: change caddyfile_adapt testcase file from space to tab
* reverseproxy: modify health_header value document as optional and add more test cases
|
|
|
|
* metrics: allow disabling OpenMetrics negotiation
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
* fixup! metrics: allow disabling OpenMetrics negotiation
|
|
Refactor redirect route creation into own function.
Improve condition for appending port.
Fixes a bug manifested through new test case:
TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses
|
|
* add integration test for null header matcher
* implement null header matcher syntax
* avoid repeating magic !
* check for field following ! character
|
|
|
|
|
|
|