summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
AgeCommit message (Collapse)Author
2020-04-01rewrite: Fix for rewrites with URI placeholders (#3209)Matthew Holt
If a placeholder in the path component injects a query string such as the {http.request.uri} placeholder is wont to do, we need to separate it out from the path.
2020-03-30caddyhttp: Rename MatchNegate type to MatchNot typeMatthew Holt
This is more congruent with its module name. A change that affects only code, not configurations.
2020-03-30headers: Trim any trailing colon from field names as a courtesyMatthew Holt
2020-03-30Keep type information with placeholders until replacements happenMatthew Holt
2020-03-28httpcaddyfile: Put root directive first, before redir and rewriteMatthew Holt
See https://caddy.community/t/v2-match-any-path-but-files/7326/8?u=matt If rewrites (or redirects, for that matter) match on file existence, the file matcher would need to know the root of the site. Making this change implies that root directives that depend on rewritten URIs will not work as expected. However, I think this is very uncommon, and am not sure I have ever seen that. Usually, dynamic roots are based on host, not paths or query strings. I suspect that rewrites based on file existence will be more common than roots based on rewritten URIs, so I am moving root to be the first in the list. Users can always override this ordering with the 'order' global option.
2020-03-27reverse_proxy: Upstream.String() method returns either LookupSRV or DialMatthew Holt
Either Dial or LookupSRV will be set, but if we rely on Dial always being set, we could run into bugs. Note: Health checks don't support SRV upstreams.
2020-03-27caddyauth: Add Metadata field to caddyauth.User (#3174)Robin Lambertz
* caddyauth: Add Metadata field to caddyauth.User * Apply gofmt * Tidy it up a bit Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-03-24file_server: Fix dumb error check I must have written at 1amMatthew Holt
2020-03-24caddyhttp: Specify default access log for a server (fix #3185)Matthew Holt
2020-03-24reverse_proxy: Add support for SRV backends (#3180)Matt Holt
* reverse_proxy: Begin SRV lookup support (WIP) * reverse_proxy: Finish adding support for SRV-based backends (#3179)
2020-03-24Remove some non-essential plugins from this repo (#2780)Matthew Holt
Brotli encoder, jsonc and json5 config adapters, and the unfinished HTTP cache handler are removed. They will be available in separate repos.
2020-03-24fastcgi: Add debug log (#3178)Matthew Holt
2020-03-23fastcgi: Ensure root is always absolute (issue #3178) (#3182)Matt Holt
2020-03-23fastcgi: Fix PATH_INFO (issue #3178)Matthew Holt
2020-03-23caddyhttp: Always provision ACME issuers (fix terms agree error)Matthew Holt
2020-03-22fastcgi: Support multiple path splitters (close #1564)Matthew Holt
2020-03-20tls/http: Fix auto-HTTPS logic w/rt default issuers (fixes #3164)Matthew Holt
The comments in the code should explain the new logic thoroughly. The basic problem for the issue was that we were overriding a catch-all automation policy's explicitly-configured issuer with our own, for names that we thought looked like public names. In other words, one could configure an internal issuer for all names, but then our auto HTTPS would create a new policy for public-looking names that uses the default ACME issuer, because we assume public<==>ACME and nonpublic<==>Internal, but that is not always the case. The new logic still assumes nonpublic<==>Internal (on catch-all policies only), but no longer assumes that public-looking names always use an ACME issuer. Also fix a bug where HTTPPort and HTTPSPort from the HTTP app weren't being carried through to ACME issuers properly. It required a bit of refactoring.
2020-03-20go.mod: Update some deps; add new Strings lib to CEL matcherMatthew Holt
2020-03-20reverseproxy: Add Alt-Svc to Hop-by-hop headers list (#3159)Paolo Barbolini
Adds `Alt-Svc` to the list of headers that get removed when proxying to a backend. This fixes the issue of having the contents of the Alt-Svc header duplicated when proxying to another Caddy server.
2020-03-19caddyhttp: Implement CEL matcher (see #3051) (#3155)Matt Holt
* caddyhttp: Implement CEL matcher (see #3051) CEL (Common Expression Language) is a very fast, flexible way to express complex logic, useful for matching requests when the conditions are not easy to express with JSON. This matcher may be considered experimental even after the 2.0 release. * Improve CEL module docs
2020-03-19httpcaddyfile: Unify strip_prefix, strip_suffix, uri_replace directives (#3157)Matt Holt
* rewrite: strip_prefix, strip_suffix, uri_replace -> uri (closes #3140) * Add period, to satisfy @whitestrake :) and my own OCD * Restore implied / prefix
2020-03-18templates: Enable Goldmark's footnote extension (closes #3136)Matthew Holt
Also remove Table extension, since GFM (already enabled) apparently enables strikethrough, table, linkify, and tasklist extensions. https://github.com/yuin/goldmark#built-in-extensions
2020-03-18caddyhttp: Minor improved Caddyfile support for some matchersMatthew Holt
Simply allows the matcher to be specified multiple times in a set which may be more convenient than one long line.
2020-03-17httpcaddyfile: Many tls-related improvements including on-demand supportMatthew Holt
Holy heck this was complicated
2020-03-16caddyhttp: Support path matcher of "*" without panicMatthew Holt
2020-03-15caddyhttp: Clean up; move some code aroundMatthew Holt
2020-03-15caddyhttp: Add support for listener wrapper modulesMatthew Holt
Wrapping listeners is useful for composing custom behavior related to accepting, closing, reading/writing connections (etc) below the application layer; for example, the PROXY protocol.
2020-03-15caddytls: Clean up some code related to automationMatthew Holt
2020-03-15Add missing license textsMatthew Holt
2020-03-14fileserver: Add --templates flag to file-server commandMatthew Holt
2020-03-13Some hotfixes for beta 16Matthew Holt
2020-03-13Minor tweaksMatthew Holt
2020-03-13v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125)Matt Holt
* pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-09caddyhttp: New algorithm for auto HTTP->HTTPS redirects (fix #3127) (#3128)Matt Holt
It's still not perfect but I think it should be more correct for slightly more complex configs. Might still fall apart for complex configs that use on-demand TLS or at a large scale (workarounds are to just implement your own redirects, very easy to do anyway).
2020-03-07http_ntlm: fix panic due to unintialized embedded field (#3120)Mohammed Al Sahaf
2020-03-07tls: Couple of quick fixes for 4d18587192e4fffe5b34b714eaabcfc212914c1eMatthew Holt
2020-03-06Merge branch 'certmagic-refactor' into v2Matthew Holt
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-28reverse_proxy, php_fastcgi: Fix upstream parsing regression (fix #3101)Matthew Holt
2020-02-27Couple of minor docs tweaksMatthew Holt
2020-02-27Refactor ExtractMatcherSet()Matthew Holt
2020-02-27reverse_proxy: Allow use of URL to specify schemeMatthew Holt
This makes it more convenient to configure quick proxies that use HTTPS but also introduces a lot of logical complexity. We have to do a lot of verification for consistency and errors. Path and query string is not supported (i.e. no rewriting). Scheme and port can be inferred from each other if HTTP(S)/80/443. If omitted, defaults to HTTP. Any explicit transport config must be consistent with the upstream schemes, and the upstream schemes must all match too. But, this change allows a config that used to require this: reverse_proxy example.com:443 { transport http { tls } } to be reduced to this: reverse_proxy https://example.com which is really nice syntactic sugar (and is reminiscent of Caddy 1).
2020-02-27cmd/reverse_proxy: Add --change-host-header flagMatthew Holt
"Transparent mode" is the default, just like the actual handler.
2020-02-27Fix typos (#3087)Success Go
* Fix typo * Fix typo, thanks for Spell Checker under VS Code
2020-02-27Revert "reverse_proxy: Add 'transparent' Caddyfile subdirective (closes #2873)"Matthew Holt
This reverts commit 86b785e51cccd5df18611c380962cbd4faf38af5.
2020-02-27reverse_proxy: Add 'transparent' Caddyfile subdirective (closes #2873)Matthew Holt
2020-02-27It might be HTTP->HTTPS in the comment (#3086)Success Go
2020-02-26Initial implementation of global default SNI option (#3047)Mark Sargent
* add global default sni * fixed grammar * httpcaddyfile: Reduce some duplicated code * Um, re-commit already-committed commit, I guess? (sigh) Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-02-25Expose TLS placeholders (#2982)Cameron Moore
* caddytls: Add CipherSuiteName and ProtocolName functions The cipher_suites.go file is derived from a commit to the Go master branch that's slated for Go 1.14. Once Go 1.14 is released, this file can be removed. * caddyhttp: Use commonLogEmptyValue in common_log replacer * caddyhttp: Add TLS placeholders * caddytls: update unsupportedProtocols Don't export unsupportedProtocols and update its godoc to mention that it's used for logging only. * caddyhttp: simplify getRegTLSReplacement signature getRegTLSReplacement should receive a string instead of a pointer. * caddyhttp: Remove http.request.tls.client.cert replacer The previous behavior of printing the raw certificate bytes was ported from Caddy 1, but the usefulness of that approach is suspect. Remove the client cert replacer from v2 until a use case is presented. * caddyhttp: Use tls.CipherSuiteName from Go 1.14 Remove ported version of CipherSuiteName in the process.
2020-02-23reverse_proxy: Health checks: Don't cross the streamsMatthew Holt
Fixes https://caddy.community/t/v2-health-checks-are-going-to-the-wrong-upstream/7084?u=matt ... I think