summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
AgeCommit message (Collapse)Author
2020-11-17caddyhttp: Fix header matcher when using nilMatthew Holt
Uncovered in #3807
2020-11-16reverse_proxy: Fix random_choose selection policy (#3811)Dimitri Masson
2020-11-16requestbody: Add Caddyfile support (#3859)Nicola Piccinini
* Add Caddyfile support for request_body: ``` request_body { max_size 10000000 } ``` * Improve Caddyfile parser for request_body module * Remove unnecessary `continue` * Add sample for caddyfile_adapt_test
2020-11-16caddytls: Support multiple issuers (#3862)Matt Holt
* caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-13basicauth: Minor internal improvements (#3861)Aurelia
* nitpicks and small improvements in basicauth module 1: roll two if statements into one, since err will be nil in the second case anyhow 2: unlock cache mutex after reading the key, as this happens by-value and reduces code complexity 3: switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track * allocate the right kind of mutex
2020-11-04httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)Gaurav Dhameeja
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-11-02caddyhttp: Merge query matchers in Caddyfile (#3839)Francis Lavoie
Also, turns out that `Add` on headers will work even if there's nothing there yet, so we can remove the condition I introduced in #3832
2020-11-02fastcgi: Add timeouts support to Caddyfile adapter (#3842)Francis Lavoie
* fastcgi: Add timeouts support to Caddyfile adapter * fastcgi: Use tabs instead of spaces
2020-11-02reverseproxy: Wire up some http transport options in Caddyfile (#3843)Francis Lavoie
2020-11-02fileserver: Improve and clarify file hiding logic (#3844)Matt Holt
* fileserver: Improve and clarify file hiding logic * Oops, forgot to run integration tests * Make this one integration test OS-agnostic * See if this appeases the Windows gods * D'oh
2020-10-31caddyauth: Prevent user enumeration by timingMatthew Holt
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!
2020-10-31caddyhttp: Merge header matchers in Caddyfile (#3832)Francis Lavoie
2020-10-30reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)Francis Lavoie
2020-10-29reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)Jason McCallister
* check if the host is a placeholder * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-10-13caddyhttp: Restore original request params before error handlers (#3781)Matt Holt
* caddyhttp: Restore original request params before error handlers Fixes #3717 * Add comment
2020-10-13reverseproxy: Fix dial placeholders, SRV, active health checks (#3780)Matt Holt
* reverseproxy: Fix dial placeholders, SRV, active health checks Supercedes #3776 Partially reverts or updates #3756, #3693, and #3695 * reverseproxy: add integration tests Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2020-10-02map: Bug fixes; null literal with hyphen in CaddyfileMatthew Holt
2020-10-02map: Apply default if mapped output is nilMatthew Holt
2020-10-02map: Reimplement; multiple outputs; optimizeMatthew Holt
2020-10-01reverseproxy: allow no port for SRV; fix regression in d55d50b (#3756)Mohammed Al Sahaf
* reverseproxy: fix breakage in handling SRV lookup introduced by 3695 * reverseproxy: validate against incompatible config options with lookup_srv * reverseproxy: add integration test cases for validations involving lookup_srv * reverseproxy: clarify the reason for skipping an iteration * grammar.. Oxford comma Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Fixes #3753
2020-10-01reverseproxy: Change 500 error to 502 for lookup_srv config (#3771)Aleksei
Fixes #3763
2020-10-01reverseproxy: default to port 80 for upstreams in Caddyfile (#3772)Mohammed Al Sahaf
* reverseproxy: default to port 80 for port-less upstream dial addresses * reverseproxy: replace integration test with an adapter test Fixes #3761
2020-10-01reverseproxy: Ignore RFC 1521 params in Content-Type header (#3758)Christian Flach
Without this change, a Content-Type header like "text/event-stream;charset=utf-8" would not trigger the immediate flushing. Fixes #3765
2020-09-25caddyfile: Add support for `vars` and `vars_regexp` matchers (#3730)Mohammed Al Sahaf
* caddyfile: support vars and vars_regexp matchers in the caddyfile * caddyfile: matchers: Brian Kernighan said printf is good debugging tool but didn't say keep them around
2020-09-22metrics: Always track method label in uppercase (#3742)Dave Henderson
* metrics: Always track method label in uppercase Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Just use strings.ToUpper for clarity Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-09-21metrics: Fix panic when headers aren't written (#3737)Dave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-09-17metrics: Fix hidden panic while observing with bad exemplars (#3733)Dave Henderson
* metrics: Fixing panic while observing with bad exemplars Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Minor cleanup The server is already added to the context. So, we can simply use that to get the server name, which is a field on the server. * Add integration test for auto HTTP->HTTPS redirects A test like this would have caught the problem in the first place Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-09-17caddyhttp: Remove server name from metricsMatthew Holt
For some reason this breaks automatic HTTP->HTTPS redirects. I am not sure why yet, but as a hotfix remove this until we understand it better.
2020-09-17metrics: Initial integration of Prometheus metrics (#3709)Dave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2020-09-17reverseproxy: Correct alternate port for active health checks (#3693)Mohammed Al Sahaf
* reverseproxy: construct active health-check transport from scratch (Fixes #3691) * reverseproxy: do upstream health-check on the correct alternative port * reverseproxy: add integration test for health-check on alternative port * reverseproxy: put back the custom transport for health-check http client * reverseproxy: cleanup health-check integration test * reverseproxy: fix health-check of unix socket upstreams * reverseproxy: skip unix socket tests on Windows * tabs > spaces Co-authored-by: Francis Lavoie <lavofr@gmail.com> * make the linter (and @francislavoie) happy Co-authored-by: Francis Lavoie <lavofr@gmail.com> * One more lint fix Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-09-16reverseproxy: Enforce port range size of 1 at provision (#3695)Mohammed Al Sahaf
* reverse_proxy: ensure upstream address has port range of only 1 * reverse_proxy: don't log the error if upstream range size is more than 1
2020-09-16fileserver: Fix try_files for directories; windows fix (#3684)Francis Lavoie
* fileserver: Fix try_files for directories, windows fix * fileserver: Add new file type placeholder, refactoring, tests * fileserver: Review cleanup * fileserver: Flip the return args order
2020-09-16caddyhttp: New placeholder for PEM of client certificate (#3662)Gaurav Dhameeja
* Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * fixed tests Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-09-11fileserver: Fix new file hide tests on Windows (#3719)Matt Holt
2020-09-11fileserver: Improve file hiding logic for directories and prefixesMatthew Holt
Now, a filename to hide that is specified without a path separator will count as hidden if it appears in any component of the file path (not only the last component); semantically, this means hiding a file by only its name (without any part of a path) will hide both files and folders, e.g. hiding ".git" will hide "/.git" and also "/.git/foo". We also do prefix matching so that hiding "/.git" will hide "/.git" and "/.git/foo" but not "/.gitignore". The remaining logic is a globular match like before.
2020-09-08browse: align template to struct field renames from 4940325 (#3706)Mohammed Al Sahaf
2020-09-08caddyhttp: Wrap http.Server logging with zap (#3668)Francis Lavoie
2020-09-08reverseproxy: Add `buffer_requests` option to `reverse_proxy` directive (#3710)Francis Lavoie
2020-08-31reverseproxy: Abort active health checks on context cancellationMatthew Holt
2020-08-31fileserver: Fix inconsistencies in browse JSONMatthew Holt
2020-08-20ci: Upgrade to Go 1.15 (#3642)Francis Lavoie
* ci: Try Go 1.15 RC1 out of curiosity * Go 1.15 was released; let's try it * Update to latest quic-go * Attempt at fixing broken test Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-17reverseproxy: Make default buffer size constMatthew Holt
2020-08-17reverseproxy: Support header selection policy on `Host` field (#3653)Francis Lavoie
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-07reverseproxy: Minor fixes and cleanupMatthew Holt
Now use context cancellation to stop active health checker, which is simpler than and just as effective as using a separate stop channel.
2020-08-07caddyhttp: Add TLS client cert info to logs (#3640)Matt Holt
2020-08-03reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)Kevin Lin
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-01fileserver: Fix newly-introduced failing test on Linux (#3625)Matt Holt
* fileserver: First attempt to fix failing test on Linux I think I updated the wrong test case before * Make new test function I guess what we really are trying to test is the case insensitivity of firstSplit. So a new test function is better for that.
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-07-31caddyhttp: Add support to resolve DN in CEL expression (#3608)v-rosa