summaryrefslogtreecommitdiff
path: root/caddytest
AgeCommit message (Collapse)Author
2020-08-17httpcaddyfile: Improve directive sorting logic (#3658)Francis Lavoie
* httpcaddyfile: Flip `root` directive sort order * httpcaddyfile: Sort directives with any matcher before those with none * httpcaddyfile: Generalize reverse sort directives, improve logic * httpcaddyfile: Fix "spelling" issue * httpcaddyfile: Turns out the second change precludes the first httpcaddyfile: Delete test that no longer makes sense * httpcaddyfile: Shorten logic Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-05httpcaddyfile: Allow named matchers in `route` blocks (#3632)Francis Lavoie
2020-08-03reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)Kevin Lin
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-03httpcaddyfile: Bring `enforce_origin` and `origins` to admin config (#3595)Ye Zhihao
* Bring `ensure_origin` and `origins` to caddyfile admin config * Add unit test for caddyfile admin config update * Add caddyfile adapt test for typical admin setup * httpcaddyfile: Replace admin config error message when there's more arguments than needed Replace d.Err() to d.ArgErr() since the latter provides similarly informative error message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-31httpcaddyfile: Add `compression` to http transport config (#3624)Ye Zhihao
* httpcaddyfile: Add `compression` to http transport config * Add caddyfile adapt test for typical h2c setup
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-20reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)Kevin Lin
* reverse proxy: Support more h2 stream scenarios (#3556) * reverse proxy: add integration test for better h2 stream (#3556) * reverse proxy: adjust comments as francislavoie suggests * link to issue #3556 in the comments
2020-07-17reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)Francis Lavoie
* reverseproxy: Fix Caddyfile parsing for empty non-http transports * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Rename empty transport test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-26caddyhttp: Add 'map' handler (#3199)Mark Sargent
* inital map implementation * resolve the value during middleware execution * use regex instead * pr feedback * renamed mmap to maphandler * refactored GetString implementation * fixed mispelling * additional feedback
2020-06-22fastcgi: Fix php_fastcgi matcher regression (#3512)Francis Lavoie
2020-06-12httpcaddyfile: New `acme_eab` option (#3492)Chris Ortman
* Adds global options for external account bindings * Maybe other people use ctags too? * Use nested block to configure external account * go format files * Restore acme_ca directive in test file * Change Caddyfile config syntax for acme_eab * Update test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-05httpcaddyfile: Add client_auth options to tls directive (#3335)NWHirschfeld
* reading client certificate config from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update caddyconfig/httpcaddyfile/builtins.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * added adapt test for parsing client certificate configuration from Caddyfile Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844 Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de> * Update modules/caddytls/connpolicy.go * Make review adjustments Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-01caddyfile: Add args on imports (#3423)Francis Lavoie
* caddyfile: Add support for args on imports * caddyfile: Add more import args tests
2020-05-26httpcaddyfile: New `handle_path` directive (#3281)Francis Lavoie
* caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-19httpcaddyfile: Add `auto_https` global option (#3284)Francis Lavoie
2020-05-18fastcgi: `php_fastcgi` subdirectives to override shortcut behaviour (#3255)Francis Lavoie
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut * fastcgi: Support "index off" to disable redir and try_files * fastcgi: Remove whitespace to satisfy linter * fastcgi: Run gofmt * fastcgi: Make a new dispenser instead of using rewind * fastcgi: Some fmt * fastcgi: Add a couple adapt tests * fastcgi: Clean up for loops * fastcgi: Move adapt tests to separate files
2020-05-14caddytest: Refactor Caddyfile adapt tests to separate files (#3398)Francis Lavoie
2020-05-11httpcaddyfile: Shorthands for parameterized placeholders (#3305)Francis Lavoie
* httpcaddyfile: Add shorthands for parameterized placeholders httpcaddyfile: Now with regexp instead httpcaddyfile: Allow dashes, gofmt httpcaddyfile: Compile regexp only once httpcaddyfile: Cleanup struct httpcaddyfile: Optimize the replacers, pull out of the loop httpcaddyfile: Add `{port}` shorthand * httpcaddyfile: Switch `r.` to `re.`
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-05-11httpcaddyfile: Make global options pluggable (#3265)Francis Lavoie
* httpcaddyfile: Make global options pluggable * httpcaddyfile: Add a global options adapt test * httpcaddyfile: Wrap err Co-Authored-By: Dave Henderson <dhenderson@gmail.com> * httpcaddyfile: Revert wrap err Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2020-05-11caddyhttp: Fix merging of Caddyfile matchers in not blocks (#3379)Francis Lavoie
2020-05-10fix testharness, dumps the current config, only if the config was ↵Mark Sargent
successfully loaded (#3385)
2020-05-05httpcaddyfile: Support single-line matchers (#3263)Francis Lavoie
* httpcaddyfile: Support single-line matchers * httpcaddyfile: Add single-line matcher test * httpcaddyfile: Add a matcher syntax adapt test
2020-05-02expose caddytest timeouts (#3329)Mark Sargent
2020-04-27refactored caddytest helpers (#3285)Mark Sargent
* refactored caddytest helpers * added cookie jar support. Added support for more http verbs
2020-04-09caddytls: Fix for TLS conn policy being applied to HTTP-only servers (#3243)Matt Holt
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223) * Account for HTTP port * Add integration test written by @sarge
2020-04-08chore: make the linter happier (#3245)Mohammed Al Sahaf
* chore: make the linter happier * chore: remove reference to maligned linter in .golangci.yml
2020-04-03chore: add adapt tests. fix load failure not failing tests (#3222)Mark Sargent
* add adaption tests. fix load failure not failing tests * removed unnecessary assignment
2020-04-01caddytls: Refactor certificate selection policies (close #1575)Matthew Holt
Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-03-25ci: exclude integration tests for now (#3188)Mark Sargent
A workaround for inconsistent results on Windows
2020-03-23report error on failed location response (#3184)Mark Sargent
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-03-22ci: test local CA and update SNI tests (#3145)Mark Sargent
* run caddy tests in process * call main with run args * exclude tests - windows * include json example * disable caddyfile tests, include json test with non trusted local ca * converted SNI tests to json syntax
2020-03-17caddyhttp: Add default SNI tests (#3146)Mark Sargent
* added sni tests * set the default sni when there is no host to match * removed invalid sni test. Disabled tests that rely on host headers. * readded SNI tests. Added logging of config load times
2020-03-13caddyhttp: Fix default SNI for default conn policy (#3141)Mark Sargent
* add integration tests * removed SNI test * remove integration test condition * minor edit * fix sni when using static certificates Co-authored-by: Matt Holt <mholt@users.noreply.github.com>