summaryrefslogtreecommitdiff
path: root/go.mod
AgeCommit message (Collapse)Author
2020-04-03go.mod: Update CertMagic to v0.10.8Matthew Holt
Fixes occasional panic due to closing closed channel
2020-04-01caddytls: Refactor certificate selection policies (close #1575)Matthew Holt
Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-01go.mod: Update smallstep/truststoreMatthew Holt
So that installation continues if Firefox is not installed See https://github.com/smallstep/truststore/issues/3
2020-03-31caddytls: Add support for externalAccountBinding ACME extensionMatthew Holt
2020-03-26caddytls: Match automation policies by wildcard subjects tooMatthew Holt
https://caddy.community/t/wildcard-snis-not-being-matched/7271/24?u=matt Also use new CertMagic function for matching wildcard names
2020-03-24Remove some non-essential plugins from this repo (#2780)Matthew Holt
Brotli encoder, jsonc and json5 config adapters, and the unfinished HTTP cache handler are removed. They will be available in separate repos.
2020-03-20go.mod: Update some deps; add new Strings lib to CEL matcherMatthew Holt
2020-03-20go.mod: Update CertMagicMatthew Holt
Might fix mysterious hangs after certificate validation
2020-03-19caddyhttp: Implement CEL matcher (see #3051) (#3155)Matt Holt
* caddyhttp: Implement CEL matcher (see #3051) CEL (Common Expression Language) is a very fast, flexible way to express complex logic, useful for matching requests when the conditions are not easy to express with JSON. This matcher may be considered experimental even after the 2.0 release. * Improve CEL module docs
2020-03-17Update dependencies and readmeMatthew Holt
2020-03-13Some hotfixes for beta 16Matthew Holt
2020-03-13Minor tweaksMatthew Holt
2020-03-13v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125)Matt Holt
* pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-06Merge branch 'certmagic-refactor' into v2Matthew Holt
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-03-02update quic-go to v0.15.1 (#3109)Marten Seemann
2020-03-01go.mod: update quic-go to v0.15.0 (supporting QUIC draft-27) (#3107)Marten Seemann
2020-02-25v2: 'log' directive for Caddyfile, and debug mode (#3052)Matt Holt
* httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-25go.mod: Bump to Go 1.14Matthew Holt
2020-02-17go.mod: update quic-go to v0.14.4 (#3048)Marten Seemann
2020-02-06Remove Starlark, for nowMatthew Holt
This is temporary as we prepare for a stable v2 release. We don't want to make promises we don't know we can keep, and the Starlark integration deserves much more focused attention which resources and funding do not currently permit. When the project is financially stable, I will be able to revisit this properly and add flexible, robust Starlark scripting support to Caddy 2.
2020-02-06caddyfile: tls: Ensure there is always a catch-all conn policy (#3005)Matthew Holt
If user provides their own certs or makes any hostname-specific TLS connection policy, it means that no TLS connection would be served for any other hostnames, even though you'd expect that TLS is enabled for them, too. So now we append a catch-all conn policy if none exist, which allows all ClientHellos to be matched and served. We also fix the consolidation of automation policies, which previously gobbled up automation policies without hosts in favor of automation policies with hosts. Instead of a host-specific policy eating up an identical catch-all policy, the catch-all policy eats up the identical host-specific policy, ensuring that the policy is applied to all hosts which need it. See also: https://caddy.community/t/v2-automatic-https-certificate-errors/6847/9?u=matt
2020-02-05http: Split 2-phase auto-HTTPS into 3 phasesMatthew Holt
This is necessary to avoid a race for sockets. Both the HTTP servers and CertMagic solvers will try to bind the HTTP/HTTPS ports, but we need to make sure that our HTTP servers bind first. This is kind of a new thing now that management is async in Caddy 2. Also update to CertMagic 0.9.2, which fixes some async use cases at scale.
2020-01-10cmd: Add build-info command; update CertMagicMatthew Holt
2020-01-08go.mod: Update lego, tidy upMatthew Holt
2019-12-23templates: Change functions, add front matter support, better markdownMatthew Holt
2019-12-23cmd: Eliminate unintended use of cgoMatthew Holt
This means the stop command can only use the API to stop the instance; no more signaling, unless we find a cgo-free way of doing it.
2019-12-17Update go.mod; use CertMagic v0.9.0Matthew Holt
2019-12-07update quic-go to v0.14.1 (#2918)Marten Seemann
2019-12-03update quic-go to v0.14.0 (#2916)Marten Seemann
2019-11-09go.mod: update quic-go to v0.13.1 (#2871)Marten Seemann
2019-11-04core: Major refactor of admin endpoint and config handlingMatthew Holt
Fixed several bugs and made other improvements. All config changes are now mediated by the global config state manager. It used to be that initial configs given at startup weren't tracked, so you could start caddy with --config caddy.json and then do a GET /config/ and it would return null. That is fixed, along with several other general flow/API enhancements, with more to come.
2019-10-28v2: Logging! (#2831)Matt Holt
* logging: Initial implementation * logging: More encoder formats, better defaults * logging: Fix repetition bug with FilterEncoder; add more presets * logging: DiscardWriter; delete or no-op logs that discard their output * logging: Add http.handlers.log module; enhance Replacer methods The Replacer interface has new methods to customize how to handle empty or unrecognized placeholders. Closes #2815. * logging: Overhaul HTTP logging, fix bugs, improve filtering, etc. * logging: General cleanup, begin transitioning to using new loggers * Fixes after merge conflict
2019-10-25fuzz: introduce continuous fuzzing for Caddy (#2723)Mohammed Al Sahaf
* fuzz: lay down the foundation for continuous fuzzing * improve the fuzzers and add some * fuzz: add Fuzzit badge to README & enable fuzzers submission in CI * v2-fuzz: do away with the submodule approach for fuzzers * fuzz: enable fuzzit
2019-10-21tls: Make the on-demand rate limiter actually workMatthew Holt
This required a custom rate limiter implementation in CertMagic
2019-10-16tls: Asynchronous cert management at startup (uses CertMagic v0.8.0)Matthew Holt
2019-10-11go.mod: Use latest certmagic which uses lego v3.1.0Matthew Holt
2019-10-10go.mod: Update dependenciesMatthew Holt
2019-10-01go.mod: Use latest certmagicMatthew Holt
2019-09-30tls: Change struct fields to pointers, add nil checks; rate.Burst updateMatthew Holt
Making them pointers makes for cleaner JSON when adapting configs, if the struct is empty now it will be omitted entirely. The x/time/rate package was updated to support changing the burst, so we've incorporated that here and removed a TODO.
2019-09-24tls/acme: Ability to customize trusted roots for ACME servers (#2756)Matt Holt
Closes #2702
2019-09-20go.mod: Update certmagic to v0.7.3Matthew Holt
2019-09-19httpcaddyfile: Global storage configuration (closes #2758)Matthew Holt
2019-09-17tls: Clean up expired OCSP staples and certificatesMatthew Holt
2019-09-13Use keybase fork of mitchellh/go-ps for bug fixes (#2750)Mohammed Al Sahaf
2019-09-13http: Consider wildcards when evaluating automatic HTTPSMatthew Holt
2019-09-12go.mod: Use lego v3 and CertMagic 0.7.0Matthew Holt
2019-09-10Experimental IETF-standard HTTP/3 support (known issue exists) (#2727)Matt Holt
* Begin WIP integration of HTTP/3 support * http3: Set actual Handler, make fakeClosePacketConn type for UDP sockets Also use latest quic-go for ALPN fix * Manually keep track of and close HTTP/3 listeners * Update quic-go after working through some http3 bugs * Fix go mod * Make http3 optional for now
2019-09-09Merge pull request #2737 from caddyserver/fastcgi (reverse proxy!)Matt Holt
v2: Refactor reverse proxy and add FastCGI support
2019-09-02reverse_proxy: WIP refactor and support for FastCGIMatthew Holt