Age | Commit message (Collapse) | Author |
|
* core: Add optional unix socket file permissions
This commit also changes the default unix socket file permissions to `u=w,g=,o=` (octal: `0200`).
It used to default to the shell's umask (usually `u=rwx,g=rx,o=rx`, octal: `0755`).
`/run/caddy.sock` -> `/run/caddy.sock` with `0200` default perms
`/run/caddy.sock|0222` -> `/run/caddy.sock` with `0222` perms
`|` instead of `:` is used as a separator, to account for the `:` in Windows drive letters (e.g. `C:\absolute\path.sock`)
Fun fact:
The old unix(7) man page (pre Jun 2016) stated a socket needs both read and write perms.
Turns out, only write perms are needed.
Corrected in https://github.com/mkerrisk/man-pages/commit/7578ea2f85b272363d22680d69e7d32f0b59c83b
Despite this, most implementations still default to read+write to this date.
* Add cases with Windows paths to test
* Require write perms for the owning user
|
|
* acmeserver: Configurable `resolvers`, fix smallstep deprecations
* Improve default net/port
* Update proxy resolvers parsing to use the new function
* Update listeners.go
Co-authored-by: itsxaos <33079230+itsxaos@users.noreply.github.com>
---------
Co-authored-by: itsxaos <33079230+itsxaos@users.noreply.github.com>
|
|
|
|
Previously, our "duplicate key in server block" logic was flawed because
it did not account for the site's bind address. We defer this check to
when the listener addresses have been assigned, but before we commit
a server block to its listener.
Also refined how network address parsing and joining works, which was
necessary for a less convoluted fix.
|
|
With a simple heuristic for loopback addresses, we can enable this by
default without adding unnecessary inconvenience.
|
|
|
|
See https://caddy.community/t/caddy-v2-php-fpm-502-error/6571?u=matt
|
|
* fix OOM issue caught by fuzzing
* use ParsedAddress as the struct name for the result of ParseNetworkAddress
* simplify code using the ParsedAddress type
* minor cleanups
|
|
This PR enables the use of placeholders in an upstream's Dial address.
A Dial address must represent precisely one socket after replacements.
See also #998 and #1639.
|
|
My goodness that was complicated
Blessed be request.Context
Sort of
|
|
|