summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
AgeCommit message (Collapse)Author
2021-05-02caddyhttp: performance improvement in HeaderRE Matcher (#4143)Calvin Xiao
Below is the report using `benchstat` and cmd: `go test -run=BenchmarkHeaderREMatcher -bench=BenchmarkHeaderREMatcher -benchmem -count=10` ``` name old time/op new time/op delta HeaderREMatcher-16 869ns ± 1% 658ns ± 0% -24.29% (p=0.000 n=10+10) name old alloc/op new alloc/op delta HeaderREMatcher-16 144B ± 0% 112B ± 0% -22.22% (p=0.000 n=10+10) name old allocs/op new allocs/op delta HeaderREMatcher-16 7.00 ± 0% 5.00 ± 0% -28.57% (p=0.000 n=10+10) ```
2021-04-30fileserver: Share template logic for both `templates` and `file_server ↵Jason Du
browse` (#4093) Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2021-04-29reverseproxy: fix hash selection policy (#4137)Simão Gomes Viana
* caddyhttp: reverseproxy: fix hash selection policy Fixes: #4135 Test: go test './...' -count=1 * caddyhttp: reverseproxy: add test to catch #4135 If you revert the last commit, the test will fail.
2021-04-29fileserver: Better handling of HTTP status override (#4132)Francis Lavoie
2021-04-21reverseproxy: Admin endpoint for reporting upstream statuses (#4125)Francis Lavoie
2021-04-19caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)Francis Lavoie
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs * caddyhttp: Add integration test
2021-04-08ci: fuzz: add 4 more fuzzing targets (#4105)Mohammed Al Sahaf
2021-04-08fileserver: Add status code override (#4076)Francis Lavoie
After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file. This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins).
2021-03-30reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)Dimitri Masson
2021-03-29encode,staticfiles: Content negotiation, precompressed files (#4045)Steffen Brüheim
* encode: implement prefer setting * encode: minimum_length configurable via caddyfile * encode: configurable content-types which to encode * file_server: support precompressed files * encode: use ReponseMatcher for conditional encoding of content * linting error & documentation of encode.PrecompressedOrder * encode: allow just one response matcher also change the namespace of the encoders back, I accidently changed to precompressed >.> default matchers include a * to match to any charset, that may be appended * rounding of the PR * added integration tests for new caddyfile directives * improved various doc strings (punctuation and typos) * added json tag for file_server precompress order and encode matcher * file_server: add vary header, remove accept-ranges when serving precompressed files * encode: move Suffix implementation to precompressed modules
2021-03-29reverseproxy: Implement health_uri, deprecate health_path, supports query ↵Francis Lavoie
(#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2021-03-29caddyhttp: improve grammar of comment for AllowH2C (#4072)Simão Gomes Viana
2021-03-29headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)Francis Lavoie
2021-03-19fileserver: Add a few more debug lines (#4063)Francis Lavoie
2021-03-19fileserver: Browse listing supports dark mode (#4066)rai
* Add dark color scheme media query * Theme search box, make everything less contrasting * Further contrast tweaks
2021-03-12httpcaddyfile: Add `error` directive for the existing handler (#4034)Francis Lavoie
* httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-10map: Accept regex substitution in outputs (#3991)Rajat Jain
* Replace placeholders with regex groups * using Matcher methods * test added * linting fix * Revert "linting fix" This reverts commit cafd7296f43639bbcd2601bea79a47f60763a200. * Revert "test added" This reverts commit 3a76cc7b0bc5dcef15ca5c8ec22efcd4067d484c. * Revert "using Matcher methods" This reverts commit cc34337b8ebb61d40ec343cee0fc225a694d3db6. * tests added
2021-03-03reverseproxy: Fix upstreams with placeholders with no port (#4046)Francis Lavoie
2021-03-01rewrite: Implement regex path replacementsMatthew Holt
https://caddy.community/t/collapsing-multiple-forward-slashes-in-path-only/11626
2021-03-01fileserver: Don't replace in request paths (fix #4027)Matthew Holt
2021-02-25reverseproxy: Fix round robin data race (#4038)Matthew Holt
2021-02-22reverseproxy: Add duration/latency placeholders (close #4012) (#4013)Matt Holt
* reverseproxy: Add duration/latency placeholders (close #4012) (and #2268) Adds 4 placeholders, one is actually outside reverse proxy though: {http.request.duration} is how long since the server decoded the HTTP request (headers). {http.reverse_proxy.upstream.latency} is how long it took a proxy upstream to write the response header. {http.reverse_proxy.upstream.duration} is total time proxying to the upstream, including writing response body to client. {http.reverse_proxy.duration} is total time spent proxying, including selecting an upstream and retries. Obviously, most of these are only useful at the end of a request, like when writing response headers or logs. See also: https://caddy.community/t/any-equivalent-of-request-time-and-upstream-header-time-from-nginx/11418 * Add new placeholders to documentation
2021-02-16Improve security warningsMatthew Holt
2021-02-11caddyhttp: Support placeholders in header matcher values (close #3916)Matthew Holt
2021-02-09reverseproxy: Response buffering & configurable buffer sizeMatthew Holt
Proxy response bodies can now be buffered, and the size of the request body and response body buffer can be limited. Any remaining content that doesn't fit in the buffer will remain on the wire until it can be read; i.e. bodies are not truncated, even if the buffer is not big enough. This fulfills a customer requirement. This was made possible by their sponsorship!
2021-02-02caddyhttp: Check for invalid subdirectives of static_responseMatthew Holt
Ref: https://caddy.community/t/acme-server-implementation/11256/
2021-02-02httpcaddyfile: Fix default issuers when email providedMatthew Holt
If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-01-28caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)Matt Holt
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) * Move abort directive ordering; clean up redirects Seems logical for the end-all of handlers to go at the... end. The Connection header no longer needs to be set there, since Close is true, and the static_response handler now does that.
2021-01-19Revert "requestbody: Allow overwriting remote address"Matthew Holt
This reverts commit 0bf2046da7f2f5bf1b7d9fa055ae28de9a06ddaf. No actual use case.
2021-01-16map: Add missing json struct tagMatthew Holt
2021-01-11templates: Add fileExists and httpError template actionsMatthew Holt
The httpError function isn't particularly useful until https://github.com/golang/go/issues/34201 is fixed in the Go standard lib.
2021-01-11requestbody: Allow overwriting remote addressMatthew Holt
An experimental feature, let's see if it's useful.
2021-01-11rewrite: Use RawPath instead of Path (fix #3596) (#3918)go-d
Prevent information loss, i.e. the encoded form that was sent by the client, when using URL strip/replace.
2021-01-05caddyfile: Refactor unmarshaling of module tokensMatthew Holt
Eliminates a fair amount of repeated code
2021-01-04reverseproxy: Caddyfile health check headers, host header support (#3948)yaxin
* reverse_proxy: 1.health check headers can be set through Caddyfile using health_headers directive; 2.health check header host can be set properly * reverse_proxy: replace example with syntax definition inline health_headers directive parse function * bugfix: change caddyfile_adapt testcase file from space to tab * reverseproxy: modify health_header value document as optional and add more test cases
2021-01-04caddyfile: Introduce basic linting and fmt check (#3923)Matt Holt
* caddyfile: Introduce basic linting and fmt check This will help encourage people to keep their Caddyfiles tidy. * Remove unrelated tests I am not sure that testing the output of warnings here is quite the right idea; these tests are just for syntax and parsing success.
2020-12-30fileserver: Fix "go up" links in browse listings (closes #3942)Matthew Holt
At some point we changed how paths are represented down the function calls of browse listings and forgot to update the canGoUp logic. I think this is right? It's simpler now.
2020-12-14reverseproxy: Minor lint fixesMatthew Holt
2020-12-10caddyhttp: Optionally use forwarded IP for remote_ip matcherMatthew Holt
The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default. This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this.
2020-12-10caddyhttp: Clean up internal auto-HTTPS redirect codeMatthew Holt
Refactor redirect route creation into own function. Improve condition for appending port. Fixes a bug manifested through new test case: TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses
2020-12-09caddyhttp: Document that remote_ip reads X-Forwarded-For headerMatthew Holt
https://caddy.community/t/remote-ip-behaviour/10762?u=matt
2020-12-09httpcaddyfile: support matching headers that do not exist (#3909)Jack Baron
* add integration test for null header matcher * implement null header matcher syntax * avoid repeating magic ! * check for field following ! character
2020-12-04fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)Francis Lavoie
* fastcgi: Set PATH_INFO to file matcher remainder as fallback * fastcgi: Avoid changing scriptName when not necessary * Stylistic tweaks Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-12-03caddyauth: Use structured logMatthew Holt
2020-12-02Minor commentsMatthew Holt
2020-12-02caddyhttp: Optimize large host matchersMatthew Holt
2020-12-01caddyauth: Use buffered channel passed to signal.Notify (#3895)Cuong Manh Le
The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer"
2020-11-30headers: Fix Caddyfile parsing with request matcher (#3892)Francis Lavoie
2020-11-26docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886)Francis Lavoie