Age | Commit message (Collapse) | Author |
|
* reverse proxy: Support more h2 stream scenarios (#3556)
* reverse proxy: add integration test for better h2 stream (#3556)
* reverse proxy: adjust comments as francislavoie suggests
* link to issue #3556 in the comments
|
|
* reverse proxy: add support for custom resolver
* reverse proxy: don't pollute the global resolver with bootstrap resolver setup
* Improve documentation of reverseproxy.UpstreamResolver fields
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver
* remove support for bootstraper of resolver
* godoc and code-style changes
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
We already restore them within the retry loop, but after successful
proxy we didn't reset them, so as handlers bubble back up, they would
see the values used for proxying.
Thanks to @ziddey for identifying the cause.
|
|
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash
See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
|
|
Completing a TODO!
|
|
* reverseproxy: Fix Caddyfile parsing for empty non-http transports
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Rename empty transport test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
In commit f2ce81c, support for multiple path splitters was added. The
type of SplitPath changed from string to []string, and splitPos was
changed to loop through all values in SplitPath.
Before that commit, if SplitPath was empty, strings.Index returned 0 and
PATH_INFO was set correctly in buildEnv.
Currently, however, splitPos returns -1 for empty values of SplitPath,
behaving as if a split position could not be found at all. PATH_INFO is
then never set in buildEnv and remains empty.
Restore the old behaviour by explicitly checking whether SplitPath is
empty and returning 0 in splitPos.
Closes #3490
|
|
This is a recent patch in the Go standard library
|
|
|
|
|
|
|
|
It's a raw, low-level implementation for now, but it's very flexible.
More sugar-coating can be added after error handling is more developed.
|
|
* reverseproxy: Improve error message when using scheme+placeholder
* reverseproxy: Simplify error message
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
* caddyauth: Fix hash-password broken terminal state on SIGINT
* caddycmd: Move TrapSignals calls to only subcommands that run long
|
|
Correct behavior is not well defined because this is a non-standard
header field. This could be a "hop-by-hop" field much like
X-Forwarded-For is, but even our X-Forwarded-For implementation
preserves prior entries. Or, it could be best to preserve the original
value from the first hop, representing the protocol as facing the
client.
Let's try it the other way for a bit and see how it goes.
See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
|
|
|
|
This way the upstream request will always be available even if it failed
|
|
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut
* fastcgi: Support "index off" to disable redir and try_files
* fastcgi: Remove whitespace to satisfy linter
* fastcgi: Run gofmt
* fastcgi: Make a new dispenser instead of using rewind
* fastcgi: Some fmt
* fastcgi: Add a couple adapt tests
* fastcgi: Clean up for loops
* fastcgi: Move adapt tests to separate files
|
|
|
|
|
|
|
|
* caddy: Add support for `d` duration unit
* Improvements to ParseDuration; add unit tests
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
An upstream like https://localhost:80 is still forbidden, but an addr of
localhost:80 can be used while explicitly enabling TLS as an override;
we just don't allow the implicit behavior to be ambiguous.
|
|
|
|
* pki: Initial commit of embedded ACME server (#3021)
* reverseproxy: Support auto-managed TLS client certificates (#3021)
* A little cleanup after today's review session
|
|
* reverse_proxy: Initial attempt at H2C transport/client support (#3218)
I have not tested this yet
* Experimentally enabling H2C server support (closes #3227)
See also #3218
I have not tested this
* reverseproxy: Clean up H2C transport a bit
* caddyhttp: Update godoc for h2c server; clarify experimental status
* caddyhttp: Fix trailers when recording responses (fixes #3236)
* caddyhttp: Tweak h2c config settings and docs
|
|
Moving to https://github.com/caddyserver/circuitbreaker
Nobody was using it anyway -- it works well, but something got fumbled
in a refactoring *months* ago. Turns out that we forgot the interface
guards AND botched a method name (my bad) - Ok() should have been OK().
So it would always have thrown a runtime panic if it tried to be loaded.
The module itself works well, but obviously nobody used it because
nobody reported the error. Fixing this while we move it to the new repo.
Removing this removes the last Bazaar/Launchpad dependency (I think).
|
|
Now we take advantage of the address parsing capabilities of the HTTP
caddyfile.
|
|
* matcher: Add `split_path` option to file matcher; used in php_fastcgi
* matcher: Skip try_files split if not the final part of the filename
* matcher: Add MatchFile tests
* matcher: Clarify SplitPath godoc
|
|
|
|
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
|
|
|
|
|
|
We'll need that context in v2.1 when the transport can manage its own
client certificates; see #3198
|
|
|
|
|
|
|
|
|
|
|
|
Now using IANA-compliant names and Go 1.14's CipherSuites() function so
we don't have to maintain our own mapping of currently-secure cipher
suites.
|
|
See https://caddy.community/t/v2-matcher-or-in-not/7355/
|
|
This is more congruent with its module name. A change that affects only
code, not configurations.
|
|
|
|
Either Dial or LookupSRV will be set, but if we rely on Dial always
being set, we could run into bugs.
Note: Health checks don't support SRV upstreams.
|
|
* reverse_proxy: Begin SRV lookup support (WIP)
* reverse_proxy: Finish adding support for SRV-based backends (#3179)
|
|
Brotli encoder, jsonc and json5 config adapters, and the unfinished
HTTP cache handler are removed.
They will be available in separate repos.
|
|
|