summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/reverseproxy
AgeCommit message (Collapse)Author
2022-12-05reverseproxy: Improve hostByHashing distribution (#5229)Alban Lecocq
* If upstreams are all using same host but with different ports ie: foobar:4001 foobar:4002 foobar:4003 ... Because fnv-1a has not a good enough avalanche effect Then the hostByHashing result is not well balanced over all upstreams As last byte FNV input tend to affect few bits, the idea is to change the concatenation order between the key and the upstream strings So the upstream last byte have more impact on hash diffusion
2022-11-30Clarify some docsMatthew Holt
2022-11-14reverseproxy: Mask the WS close message when we're the client (#5199)Francis Lavoie
* reverseproxy: Mask the WS close message when we're the client * weakrand * Bump golangci-lint version so path ignores work on Windows * gofmt * ugh, gofmt everything, I guess
2022-10-05caddytest: Revise sleep durationsMatthew Holt
Attempt to reduce flakiness a bit more Test suite needs to be rewritten.
2022-10-05forwardauth: Canonicalize header fields (fix #5038) (#5097)Matt Holt
2022-09-29Fix commentMatthew Holt
I apparently read the diff backwards in 2a8c458ffedf886af9542541ea1b1de62370929d
2022-09-29reverseproxy: Parse humanized byte size (fix #5095)Matthew Holt
2022-09-29reverseproxy: On 103 don't delete own headers (#5091)Matt Holt
See #5074
2022-09-28Merge pull request #5076 from caddyserver/fastcgi-redirMatt Holt
fastcgi: Redirect using original URI path (fix #5073) and rewrite: Only trim prefix if matched
2022-09-27reverseproxy: fix upstream scheme handling in command (#5088)lemmi
e338648fed3263200dfd6abc9f8100c6f1c0eb67 introduced multiple upstream addresses. A comment notes that mixing schemes isn't supported and therefore the first valid scheme is supposed to be used. Fixes setting the first scheme. fixes #5087
2022-09-23fastcgi: Redirect using original URI path (fix #5073)Matthew Holt
2022-09-16core: Variadic Context.Logger(); soft deprecationMatthew Holt
Ideally I'd just remove the parameter to caddy.Context.Logger(), but this would break most Caddy plugins. Instead, I'm making it variadic and marking it as partially deprecated. In the future, I might completely remove the parameter once most plugins have updated.
2022-09-15caddyhttp: Add --debug flag to commandsMatthew Holt
file-server and reverse-proxy This might be useful!
2022-09-15reverseproxy: Support repeated --to flags in command (#4693)Isaac Parker
* feat: Multiple 'to' upstreams in reverse-proxy cmd * Repeat --to for multiple upstreams, rather than comma-separating in a single flag Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-02reverseproxy: Close hijacked conns on reload/quit (#4895)Matt Holt
* reverseproxy: Close hijacked conns on reload/quit We also send a Close control message to both ends of WebSocket connections. I have tested this many times in my dev environment with consistent success, although the variety of scenarios was limited. * Oops... actually call Close() this time * CloseMessage --> closeMessage Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use httpguts, duh * Use map instead of sync.Map Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-09-02fastcgi: Optimize FastCGI transport (#4978)WeidiDeng
* break up code and use lazy reading and pool bufio.Writer * close underlying connection when operation failed * allocate bufWriter and streamWriter only once * refactor record writing * rebase from master * handle err * Fix type assertion Also reduce some duplication * Refactor client and clientCloser for logging Should reduce allocations * Minor cosmetic adjustments; apply Apache license * Appease the linter Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-09-02fastcgi: allow users to log stderr output (#4967) (#5004)fleandro
Co-authored-by: flga <flga@users.noreply.github.com>
2022-08-31events: Implement event system (#4912)Francis Lavoie
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-08-29Minor cleanup, resolve a couple lint warningsMatthew Holt
2022-08-27Remove duplicate words in comments (#4986)Abirdcfly
2022-08-27reverseproxy: Add upstreams healthy metrics (#4935)Dávid Szabó
2022-08-25reverseproxy: Multiple dynamic upstreamsMatthew Holt
This allows users to, for example, get upstreams from multiple SRV endpoints in order (such as primary and secondary clusters). Also, gofmt went to town on the comments, sigh
2022-08-17core: Change net.IP to netip.Addr; use netip.Prefix (#4966)WilczyńskiT
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-08-12reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953)Francis Lavoie
2022-08-12reverseproxy: Ignore context cancel in stream mode (#4952)Matt Holt
2022-08-12reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951)Francis Lavoie
2022-08-09reverseproxy: Support 1xx status codes (HTTP early hints) (#4882)Kévin Dunglas
2022-08-06Replace strings.Index with strings.Cut (#4932)Chirag Maheshwari
2022-08-04Replace strings.Index usages with strings.Cut (#4930)WilczyńskiT
2022-08-04cmd: Use newly-available version information (#4931)Matt Holt
2022-08-02chore: Bump up to Go 1.19, minimum 1.18 (#4925)Francis Lavoie
2022-08-01caddyhttp: Implement `caddy respond` command (#4870)Matt Holt
2022-07-28Ignore linter warningsMatthew Holt
Use of non-cryptographic random numbers in the load balancing is intentional.
2022-07-23reverseproxy: Implement read & write timeouts for HTTP transport (#4905)Matt Holt
2022-07-13reverseproxy: Implement retry count, alternative to try_duration (#4756)Francis Lavoie
* reverseproxy: Implement retry count, alternative to try_duration * Add Caddyfile support for `retry_match` * Refactor to deduplicate matcher parsing logic * Fix lint
2022-07-13reverseproxy: Export SetScheme() againMatthew Holt
Turns out the NTLM transport uses it. Oops.
2022-07-08reverseproxy: Err 503 if all upstreams unavailableMatthew Holt
2022-07-08reverseproxy: Adjust new TLS Caddyfile directive names (#4872)Francis Lavoie
2022-06-28forwardauth: Fix case when `copy_headers` is omitted (#4856)Francis Lavoie
See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code.
2022-06-22reverseproxy: Fix double headers in response handlers (#4847)Francis Lavoie
2022-06-22reverseproxy: Fix panic when TLS is not configured (#4848)Francis Lavoie
* reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-06-20reverseproxy: Skip TLS for certain configured ports (#4843)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-16forwardauth: Support renaming copied headers, block support (#4783)Francis Lavoie
2022-06-14reverseproxy: Dynamic ServerName for TLS upstreams (#4836)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-14reverseproxy: Make TLS renegotiation optionalMatthew Holt
2022-06-10reverseproxy: Add renegotiation param in TLS client (#4784)Yaacov Akiba Slama
* Add renegotiation option in reverseproxy tls client * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-06reverseproxy: Correct the `tls_server_name` docs (#4827)Francis Lavoie
* reverseproxy: Correct the `tls_server_name` docs * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-03reverseproxy: HTTP 504 for upstream timeouts (#4824)Matt Holt
Closes #4823
2022-06-02reverseproxy: api: Remove misleading 'healthy' valueMatthew Holt
In v2.5.0, upstream health was fixed such that whether an upstream is considered healthy or not is mostly up to each individual handler's config. Since "healthy" is an opinion, it is not a global value. I unintentionally left in the "healthy" field in the API endpoint for checking upstreams, and it is now misleading (see #4792). However, num_requests and fails remains, so health can be determined by the API client, rather than having it be opaquely (and unhelpfully) determined for the client. If we do restore this value later on, it'd need to be replicated once per reverse_proxy handler according to their individual configs.
2022-05-29reverseproxy: Add --internal-certs CLI flag #3589 (#4817)Alexander M
added flag --internal-certs when set, for non-local domains the internal CA will be used for cert generation