Age | Commit message (Collapse) | Author |
|
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers
Configuring issuers explicitly in a Caddyfile is not easily compatible
with existing ACME-specific parameters such as email or acme_ca which
infer the kind of issuer it creates (this is complicated now because
the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit
that later if we need to.
New Caddyfile global option:
{
cert_issuer <name> ...
}
Or, alternatively, as a tls subdirective:
tls {
issuer <name> ...
}
For example, to use ZeroSSL with an API key:
{
cert_issuser zerossl API_KEY
}
For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB
credentials for you. You can also provide the EAB credentials directly
just like any other ACME endpoint:
{
cert_issuer acme {
eab KEY_ID MAC_KEY
}
}
All these examples use the new global option (or tls subdirective). You
can still use traditional/existing options with ZeroSSL, since it's
just another ACME endpoint:
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab KEY_ID MAC_KEY
}
That's all there is to it. You just can't mix-and-match acme_* options
with cert_issuer, because it becomes confusing/ambiguous/complicated to
merge the settings.
* Fix broken test
This test was asserting buggy behavior, oops - glad this branch both
discovers and fixes the bug at the same time!
* Fix broken test (post-merge)
* Update modules/caddytls/acmeissuer.go
Fix godoc comment
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Add support for ZeroSSL's EAB-by-email endpoint
Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to
the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to
generate EAB if not already provided); this is now possible with either
an API key or an email address.
* go.mod: Use latest certmagic, acmez, and x/net
* Wrap underlying logic rather than repeating it
Oops, duh
* Form-encode email info into request body for EAB endpoint
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
Now use context cancellation to stop active health checker, which is
simpler than and just as effective as using a separate stop channel.
|
|
|
|
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606).
* reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream.
* Minor cleanup; apply review suggestions
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
* fileserver: First attempt to fix failing test on Linux
I think I updated the wrong test case before
* Make new test function
I guess what we really are trying to test is the case insensitivity of
firstSplit. So a new test function is better for that.
|
|
* fix 2 possible bugs
* handle unhandled errors
|
|
|
|
We can't use a positional index on an original string that we got from
its lower-cased equivalent. Implement our own IndexFold() function b/c
the std lib does not have one.
|
|
* httpcaddyfile: Add `compression` to http transport config
* Add caddyfile adapt test for typical h2c setup
|
|
* caddyhttp, httpcaddyfile: Implement placeholders in template
* caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates
* Update modules/caddyhttp/templates/templates.go
updates JSON doc
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/templates/tplcontext.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* push: Implement HTTP/2 server push (close #3551)
* push: Abstract header ops by embedding into new struct type
This will allow us to add more fields to customize headers in
push-specific ways in the future.
* push: Ensure Link resources are pushed before response is written
* Change header name from X-Caddy-Push to Caddy-Push
|
|
|
|
* reverse proxy: Support more h2 stream scenarios (#3556)
* reverse proxy: add integration test for better h2 stream (#3556)
* reverse proxy: adjust comments as francislavoie suggests
* link to issue #3556 in the comments
|
|
* reverse proxy: add support for custom resolver
* reverse proxy: don't pollute the global resolver with bootstrap resolver setup
* Improve documentation of reverseproxy.UpstreamResolver fields
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver
* remove support for bootstraper of resolver
* godoc and code-style changes
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
We already restore them within the retry loop, but after successful
proxy we didn't reset them, so as handlers bubble back up, they would
see the values used for proxying.
Thanks to @ziddey for identifying the cause.
|
|
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash
See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
|
|
Completing a TODO!
|
|
* reverseproxy: Fix Caddyfile parsing for empty non-http transports
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Rename empty transport test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* Update browse.go
* Update browselisting.go
* Update browsetpl.go
* fix linter err
* Update modules/caddyhttp/fileserver/browse.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/fileserver/browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update browsetpl.go
change from -> offset
* Update browse.go
* Update browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
This makes it choose first matching closing fence instead of last one,
which could appear in document body.
|
|
This field order reads a little more naturally.
|
|
|
|
* cel: fix validation of expression result type
The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue.
* deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf
* downgrade github.com/smallstep/nosql to resolve warning pb.proto warning
|
|
|
|
|
|
* inital map implementation
* resolve the value during middleware execution
* use regex instead
* pr feedback
* renamed mmap to maphandler
* refactored GetString implementation
* fixed mispelling
* additional feedback
|
|
First try an exact lookup like before, but if it fails, strip the port
and try again. example.com:1234 should still use a logger keyed for
example.com if there is no key example.com:1234.
|
|
|
|
|
|
|
|
Caddyfile syntax: query ""
Or a nil matcher in the JSON should also match an empty query string.
See https://caddy.community/t/v2-match-empty-query/8708?u=matt
|
|
* templates: Add support for dots to close yaml frontmatter
* templates: Fix regression in body output
|
|
In commit f2ce81c, support for multiple path splitters was added. The
type of SplitPath changed from string to []string, and splitPos was
changed to loop through all values in SplitPath.
Before that commit, if SplitPath was empty, strings.Index returned 0 and
PATH_INFO was set correctly in buildEnv.
Currently, however, splitPos returns -1 for empty values of SplitPath,
behaving as if a split position could not be found at all. PATH_INFO is
then never set in buildEnv and remains empty.
Restore the old behaviour by explicitly checking whether SplitPath is
empty and returning 0 in splitPos.
Closes #3490
|
|
|
|
This is a recent patch in the Go standard library
|
|
|
|
|
|
This is just a convenience if using a static_response handler in an
error route, by setting the default status code to the same one as
the error status.
|
|
|
|
Cache capacity is currently hard-coded at 1000 with random eviction.
It is enabled by default from Caddyfile configurations because I assume
this is the most common preference.
|
|
|
|
It's a raw, low-level implementation for now, but it's very flexible.
More sugar-coating can be added after error handling is more developed.
|
|
This allows response matchers to benefit from the same matching logic
as the request header matchers (mainly prefix/suffix wildcards).
|
|
|
|
* caddyconfig: WIP implementation of handle_path
* caddyconfig: Complete the implementation - h.NewRoute was key
* caddyconfig: Add handle_path integration test
* caddyhttp: Use the path matcher as-is, strip the trailing *, update test
|
|
|
|
* reverseproxy: Improve error message when using scheme+placeholder
* reverseproxy: Simplify error message
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|