summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy
AgeCommit message (Collapse)Author
2020-05-12cmd: reverse-proxy: add --insecure flag (with warning) (#3389)linquize
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-05-06reverseproxy: Allow using TLS for port 80 upstreams (see #3361)Matthew Holt
An upstream like https://localhost:80 is still forbidden, but an addr of localhost:80 can be used while explicitly enabling TLS as an override; we just don't allow the implicit behavior to be ambiguous.
2020-05-05reverseproxy: Add tls_server_name option to Caddyfile (#3322)Francis Lavoie
2020-05-05pki: Embedded ACME server (#3198)Matt Holt
* pki: Initial commit of embedded ACME server (#3021) * reverseproxy: Support auto-managed TLS client certificates (#3021) * A little cleanup after today's review session
2020-05-05httpserver: Add experimental H2C support (#3289)Matt Holt
* reverse_proxy: Initial attempt at H2C transport/client support (#3218) I have not tested this yet * Experimentally enabling H2C server support (closes #3227) See also #3218 I have not tested this * reverseproxy: Clean up H2C transport a bit * caddyhttp: Update godoc for h2c server; clarify experimental status * caddyhttp: Fix trailers when recording responses (fixes #3236) * caddyhttp: Tweak h2c config settings and docs
2020-05-01reverseproxy: Remove circuitbreaker module (see #3331)Matthew Holt
Moving to https://github.com/caddyserver/circuitbreaker Nobody was using it anyway -- it works well, but something got fumbled in a refactoring *months* ago. Turns out that we forgot the interface guards AND botched a method name (my bad) - Ok() should have been OK(). So it would always have thrown a runtime panic if it tried to be loaded. The module itself works well, but obviously nobody used it because nobody reported the error. Fixing this while we move it to the new repo. Removing this removes the last Bazaar/Launchpad dependency (I think).
2020-04-27cmd: Clean up, simplify reverse proxy command; fix some edge casesMatthew Holt
Now we take advantage of the address parsing capabilities of the HTTP caddyfile.
2020-04-27caddyhttp: Add split_path to file matcher (used by php_fastcgi) (#3302)Francis Lavoie
* matcher: Add `split_path` option to file matcher; used in php_fastcgi * matcher: Skip try_files split if not the final part of the filename * matcher: Add MatchFile tests * matcher: Clarify SplitPath godoc
2020-04-24docs: Improve template documentation slightly; use const, not literalMatthew Holt
2020-04-22reverseproxy: Don't forget to provision embedded headers handlerMatthew Holt
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
2020-04-21reverseproxy: always set req.URL.Host with upstream (#3297)westwin
2020-04-17reverseproxy: Set X-Forwarded-Proto (closes #3275) (#3276)Matt Holt
2020-04-09reverseproxy: Minor tweaksMatthew Holt
We'll need that context in v2.1 when the transport can manage its own client certificates; see #3198
2020-04-07Merge branch 'remove-ntlm'Matthew Holt
2020-04-07reverseproxy: Remove NTLM transport; refactor and improve docsMatthew Holt
2020-04-07core: Rename ParsedAddress -> NetworkAddressMatthew Holt
2020-04-06caddyhttp: Add missing LB policy Caddyfile unmarshalers (#3230)Francis Lavoie
2020-04-03fastcgi: Account for lack of split path configuration (fix #3221)Matthew Holt
2020-04-01caddytls: Update cipher suite names and curve namesMatthew Holt
Now using IANA-compliant names and Go 1.14's CipherSuites() function so we don't have to maintain our own mapping of currently-secure cipher suites.
2020-04-01caddyhttp: 'not' matcher now accepts multiple matcher sets and OR's them (#3208)Matt Holt
See https://caddy.community/t/v2-matcher-or-in-not/7355/
2020-03-30caddyhttp: Rename MatchNegate type to MatchNot typeMatthew Holt
This is more congruent with its module name. A change that affects only code, not configurations.
2020-03-30Keep type information with placeholders until replacements happenMatthew Holt
2020-03-27reverse_proxy: Upstream.String() method returns either LookupSRV or DialMatthew Holt
Either Dial or LookupSRV will be set, but if we rely on Dial always being set, we could run into bugs. Note: Health checks don't support SRV upstreams.
2020-03-24reverse_proxy: Add support for SRV backends (#3180)Matt Holt
* reverse_proxy: Begin SRV lookup support (WIP) * reverse_proxy: Finish adding support for SRV-based backends (#3179)
2020-03-24Remove some non-essential plugins from this repo (#2780)Matthew Holt
Brotli encoder, jsonc and json5 config adapters, and the unfinished HTTP cache handler are removed. They will be available in separate repos.
2020-03-24fastcgi: Add debug log (#3178)Matthew Holt
2020-03-23fastcgi: Ensure root is always absolute (issue #3178) (#3182)Matt Holt
2020-03-23fastcgi: Fix PATH_INFO (issue #3178)Matthew Holt
2020-03-22fastcgi: Support multiple path splitters (close #1564)Matthew Holt
2020-03-20reverseproxy: Add Alt-Svc to Hop-by-hop headers list (#3159)Paolo Barbolini
Adds `Alt-Svc` to the list of headers that get removed when proxying to a backend. This fixes the issue of having the contents of the Alt-Svc header duplicated when proxying to another Caddy server.
2020-03-13Minor tweaksMatthew Holt
2020-03-13v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125)Matt Holt
* pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-07http_ntlm: fix panic due to unintialized embedded field (#3120)Mohammed Al Sahaf
2020-03-06Merge branch 'certmagic-refactor' into v2Matthew Holt
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-28reverse_proxy, php_fastcgi: Fix upstream parsing regression (fix #3101)Matthew Holt
2020-02-27Refactor ExtractMatcherSet()Matthew Holt
2020-02-27reverse_proxy: Allow use of URL to specify schemeMatthew Holt
This makes it more convenient to configure quick proxies that use HTTPS but also introduces a lot of logical complexity. We have to do a lot of verification for consistency and errors. Path and query string is not supported (i.e. no rewriting). Scheme and port can be inferred from each other if HTTP(S)/80/443. If omitted, defaults to HTTP. Any explicit transport config must be consistent with the upstream schemes, and the upstream schemes must all match too. But, this change allows a config that used to require this: reverse_proxy example.com:443 { transport http { tls } } to be reduced to this: reverse_proxy https://example.com which is really nice syntactic sugar (and is reminiscent of Caddy 1).
2020-02-27cmd/reverse_proxy: Add --change-host-header flagMatthew Holt
"Transparent mode" is the default, just like the actual handler.
2020-02-27Fix typos (#3087)Success Go
* Fix typo * Fix typo, thanks for Spell Checker under VS Code
2020-02-27Revert "reverse_proxy: Add 'transparent' Caddyfile subdirective (closes #2873)"Matthew Holt
This reverts commit 86b785e51cccd5df18611c380962cbd4faf38af5.
2020-02-27reverse_proxy: Add 'transparent' Caddyfile subdirective (closes #2873)Matthew Holt
2020-02-23reverse_proxy: Health checks: Don't cross the streamsMatthew Holt
Fixes https://caddy.community/t/v2-health-checks-are-going-to-the-wrong-upstream/7084?u=matt ... I think
2020-02-14caddyfile: Refactor; NewFromNextSegment(); fix repeated matchersMatthew Holt
Now multiple instances of the same matcher can be used within a named matcher without overwriting previous ones.
2020-01-22reverseproxy: Fix casing of RootCAPEMFilesMatthew Holt
2020-01-22reverseproxy: Accept integer values for flush_interval (fix #2996)Matthew Holt
2020-01-18reverse_proxy: CB docs; rename type -> factor (#2986)Mohammed Al Sahaf
* v2: add documentation for circuit breaker config and "random selection" load balancing policy * v2: rename circuit breaker config inline key from `type` to `breaker` to avoid json key clash between the `circuit_breaker` type and the `type` field of the generic circuit breaker Config struct used by circuit breaking implementations * v2: restore the circuit breaker inline key to `type` and rename the name circuit breaker config field from `Type` to `Factor`
2020-01-16httpcaddyfile: Fix nested blocks; add handle directive; refactorMatthew Holt
The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-11http: A little more polish on rewrite handler and try_files directiveMatthew Holt