summaryrefslogtreecommitdiff
path: root/go.sum
AgeCommit message (Collapse)Author
2022-08-08go.mod: Upgrade OpenTelemetry dependencies (#4937)lewandowski-stripe
2022-08-02go.mod: Upgrade CertMagic and acmezMatthew Holt
2022-08-02chore: Bump up to Go 1.19, minimum 1.18 (#4925)Francis Lavoie
2022-07-26go.mod: Upgrade dependenciesMatthew Holt
2022-07-06go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)Francis Lavoie
2022-06-22Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)Tristan Swadell
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-06-20go.mod: Update some dependenciesMatthew Holt
2022-06-01go.mod: Update go-yaml to v3Matthew Holt
2022-05-24go.mod: Upgrade some dependenciesMatthew Holt
2022-05-12chore: Bump quic-go to v0.27.0 (#4782)世界
2022-04-22caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723)Francis Lavoie
2022-04-20Update smallstep/certificatesMatthew Holt
2022-04-13caddypki: Load intermediate for signing on-the-fly (#4669)Francis Lavoie
* caddypki: Load intermediate for signing on-the-fly Fixes #4517 Big thanks to @maraino for adding an API in `smallstep/certificates` so that we can fix this * Debug log * Trying a hunch, does it need to be a pointer receiver? * Clarify pointer receiver Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-04-12templates: Switch to `BurntSushi/toml` (#4700)Francis Lavoie
2022-03-28chore: Fix for xcaddy builds (#4665)Francis Lavoie
* chore: Attempt fix for xcaddy builds * Upgrade smallstep/certificates which avoids the problem
2022-03-25go.mod: Upgrade CertMagic to v0.16.0Matthew Holt
Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-22Fix http3 servers dying after reload (#4654)Artem Mikheev
2022-03-15ci: Build on Go 1.18, bump actions versions (#4637)Francis Lavoie
* ci: Build on Go 1.18, bump actions versions * Revert linter version bump for now * Try linter again
2022-03-10go.mod: Upgrade some dependenciesMatthew Holt
Fixes bug in yuin/goldmark https://github.com/caddyserver/website/issues/217
2022-03-08tracing: New OpenTelemetry module (#4361)Andrii Kushch
* opentelemetry: create a new module * fix imports * fix test * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddyhttp/opentelemetry/tracer.go Co-authored-by: Dave Henderson <dhenderson@gmail.com> * rename error ErrUnsupportedTracesProtocol * replace spaces with tabs in the test data * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie <lavofr@gmail.com> * replace spaces with tabs in the README.md * use default values for a propagation and exporter protocol * set http attributes with helper * simplify code * Cleanup modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update documentation in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update link to naming spec in README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename module from opentelemetry to tracing Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Rename span_name to span Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Simplify otel resource creation Co-authored-by: Dave Henderson <dhenderson@gmail.com> * handle extra attributes Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel/semconv to 1.7.0 Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.opentelemetry.io/otel version * remove environment variable handling * always use tracecontext,baggage as propagators * extract tracer name into variable * rename OpenTelemetry to Tracing * simplify resource creation * update go.mod * rename package from opentelemetry to tracing * cleanup tests * update Caddyfile example in README.md * update README.md * fix test * fix module name in README.md * fix module name in README.md * change names in README.md and tests * order imports * remove redundant tests * Update documentation README.md Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Fix grammar Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * Update comments Co-authored-by: Dave Henderson <dhenderson@gmail.com> * update go.sum * update go.sum * Add otelhttp instrumentation, update OpenTelemetry libraries. * Use otelhttp instrumentation for instrumenting HTTP requests. This change uses context.WithValue to inject the next handler into the request context via a "nextCall" carrier struct, and pass it on to a standard Go HTTP handler returned by otelhttp.NewHandler. The underlying handler will extract the next handler from the context, call it and pass the returned error to the carrier struct. * use zap.Error() for the error log * remove README.md * update dependencies * clean up the code * change comment * move serveHTTP method from separate file * add syntax to the UnmarshalCaddyfile comment * go import the file * admin: Write proper status on invalid requests (#4569) (fix #4561) * update dependencies Co-authored-by: Dave Henderson <dhenderson@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Vibhav Pant <vibhavp@gmail.com> Co-authored-by: Alok Naushad <alokme123@gmail.com> Co-authored-by: Cedric Ziel <cedric@cedric-ziel.com>
2022-03-08caddytls: dns_challenge_override_domain for challenge delegation (#4596)Ran Chen
* Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-02-19go.mod: Revert version bump of CEL (#4587)Francis Lavoie
2022-02-17caddytls: Support external certificate Managers (like Tailscale) (#4541)Matt Holt
Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-02-01go.mod: Upgrade dependenciesMatthew Holt
Including crucial CertMagic upgrade
2022-01-30Interrim upgrade CertMagicMatthew Holt
For auto-replace certificate on revocation for on-demand mode, until a proper release is made.
2021-12-10go.mod: Update smallstep/certificates, no longer need replace (#4475)Francis Lavoie
2021-12-09go.mod: Update smallstep/truststore, fix build on FreeBSD (#4473)Francis Lavoie
2021-11-29go.mod: Update to latest smallstep/truststore, support FreeBSD (#4453)Francis Lavoie
2021-11-08go.mod: Update ACMEz and CertMagicMatthew Holt
2021-10-21go.mod: Replace promptui with Apache-compatible fork (fix #4394)Matthew Holt
Ideally this needs to be fixed upstream in github.com/manifoldco/promptui, but it appears unmaintained. Our dependency is extremely indirect: $ go mod why github.com/juju/ansiterm # github.com/juju/ansiterm github.com/caddyserver/caddy/v2/modules/caddypki github.com/smallstep/certificates/authority go.step.sm/cli-utils/ui github.com/manifoldco/promptui github.com/juju/ansiterm And it appears that all dependencies in this chain are in conflict with the LGPL license. Ref: - https://github.com/manifoldco/promptui/issues/173 - https://github.com/manifoldco/promptui/pull/181 /cc @maraino
2021-10-12go.mod: Carefully upgrade some dependencies (fix #4251)Matthew Holt
The upgrade of smallstep/certificates fixes #4251. The upgrade of CertMagic fixes an issue reported in the forum that a longer timeout was confirmed to resolve (without any particular explanation, but oh well). Other upgrades have minor improvements and seem safe.
2021-09-03go.mod: Update CertMagicMatthew Holt
Adds one more debug log
2021-08-30go.mod: Upgrade CertMagic to v0.14.4Matthew Holt
Adds more debug logging
2021-08-26go.mod: Upgrade some dependenciesMatthew Holt
2021-08-25chore: Upgrade smallstep libs (#4307)Francis Lavoie
See https://github.com/smallstep/nosql/issues/12 for context.
2021-08-20chore: Update quic-go for go 1.17 support (#4297)Adam Weinberger
* Update quic-go for go 1.17 support * Complete quic-go update (go mod tidy)
2021-08-19chore: Upgrade smallstep libs (#4291)Francis Lavoie
See https://github.com/smallstep/nosql/issues/12 for context.
2021-06-18go.mod: Update dependencies (close #4216)Matthew Holt
2021-06-12go.mod: Use CertMagic v0.14.0 (fix #4191)Matt Holt
* Force auto-renew for OCSP revoked status (maybe) (fix #4191) * Use latest commit * go.mod: Use CertMagic v0.14.0 (fix #4191) Correctly replaces revoked certificates
2021-06-03go.mod: Update direct dependenciesMatthew Holt
2021-05-03go.mod: CertMagic v0.13.1Matthew Holt
2021-04-05go.mod: Update quic-go to v0.20.1 (#4075)Marten Seemann
2021-04-01go.mod: Use latest CertMagicMatthew Holt
2021-03-30caddy: Add InstanceID() methodMatthew Holt
Caddy can now generate and persist its own instance ID, a UUID that is stored in the data directory. This makes it possible to differentiate it from other instances in a cluster.
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2021-02-24go.mod: Latest CertMagic (updated libdns conventions)Matthew Holt
2021-02-10caddytls: Save email with account if not already specifiedMatthew Holt
I'm pretty sure this fixes a bug when the default email is used...
2021-01-27admin: Identity management, remote admin, config loaders (#3994)Matt Holt
This commits dds 3 separate, but very related features: 1. Automated server identity management How do you know you're connecting to the server you think you are? How do you know the server connecting to you is the server instance you think it is? Mutually-authenticated TLS (mTLS) answers both of these questions. Using TLS to authenticate requires a public/private key pair (and the peer must trust the certificate you present to it). Fortunately, Caddy is really good at managing certificates by now. We tap into that power to make it possible for Caddy to obtain and renew its own identity credentials, or in other words, a certificate that can be used for both server verification when clients connect to it, and client verification when it connects to other servers. Its associated private key is essentially its identity, and TLS takes care of possession proofs. This configuration is simply a list of identifiers and an optional list of custom certificate issuers. Identifiers are things like IP addresses or DNS names that can be used to access the Caddy instance. The default issuers are ZeroSSL and Let's Encrypt, but these are public CAs, so they won't issue certs for private identifiers. Caddy will simply manage credentials for these, which other parts of Caddy can use, for example: remote administration or dynamic config loading (described below). 2. Remote administration over secure connection This feature adds generic remote admin functionality that is safe to expose on a public interface. - The "remote" (or "secure") endpoint is optional. It does not affect the standard/local/plaintext endpoint. - It's the same as the [API endpoint on localhost:2019](https://caddyserver.com/docs/api), but over TLS. - TLS cannot be disabled on this endpoint. - TLS mutual auth is required, and cannot be disabled. - The server's certificate _must_ be obtained and renewed via automated means, such as ACME. It cannot be manually loaded. - The TLS server takes care of verifying the client. - The admin handler takes care of application-layer permissions (methods and paths that each client is allowed to use).\ - Sensible defaults are still WIP. - Config fields subject to change/renaming. 3. Dyanmic config loading at startup Since this feature was planned in tandem with remote admin, and depends on its changes, I am combining them into one PR. Dynamic config loading is where you tell Caddy how to load its config, and then it loads and runs that. First, it will load the config you give it (and persist that so it can be optionally resumed later). Then, it will try pulling its _actual_ config using the module you've specified (dynamically loaded configs are _not_ persisted to storage, since resuming them doesn't make sense). This PR comes with a standard config loader module called `caddy.config_loaders.http`. Caddyfile config for all of this can probably be added later. COMMITS: * admin: Secure socket for remote management Functional, but still WIP. Optional secure socket for the admin endpoint is designed for remote management, i.e. to be exposed on a public port. It enforces TLS mutual authentication which cannot be disabled. The default port for this is :2021. The server certificate cannot be specified manually, it MUST be obtained from a certificate issuer (i.e. ACME). More polish and sensible defaults are still in development. Also cleaned up and consolidated the code related to quitting the process. * Happy lint * Implement dynamic config loading; HTTP config loader module This allows Caddy to load a dynamic config when it starts. Dynamically-loaded configs are intentionally not persisted to storage. Includes an implementation of the standard config loader, HTTPLoader. Can be used to download configs over HTTP(S). * Refactor and cleanup; prevent recursive config pulls Identity management is now separated from remote administration. There is no need to enable remote administration if all you want is identity management, but you will need to configure identity management if you want remote administration. * Fix lint warnings * Rename identities->identifiers for consistency
2021-01-07caddytls: Configurable OCSP stapling; global option (closes #3714)Matthew Holt
Allows user to disable OCSP stapling (including support in the Caddyfile via the ocsp_stapling global option) or overriding responder URLs. Useful in environments where responders are not reachable due to firewalls.
2021-01-04go.mod: Update CertMagic and acmez (improved IDN support)Matthew Holt