Age | Commit message (Collapse) | Author |
|
* matcher: Add `split_path` option to file matcher; used in php_fastcgi
* matcher: Skip try_files split if not the final part of the filename
* matcher: Add MatchFile tests
* matcher: Clarify SplitPath godoc
|
|
Sigh, apparently Linux is incapable of distinguishing host interfaces
in socket addresses, even though it works fine on Mac. I suppose we just
have to assume that any listeners with the same port are the same
address, completely ignoring the host interface on Linux... oh well.
|
|
|
|
Panic would happen if an automation policy was specified in a singular
server block that had no hostnames in its address. Definitely an edge
case.
Fixed a bug related to checking for server blocks with a host-less key
that tried to make an automation policy. Previously if you had only two
server blocks like ":443" and another one at ":80", the one at ":443"
could not create a TLS automation policy because it thought it would
interfere with TLS automation for the block at ":80", but obviously that
key doesn't enable TLS because it is on the HTTP port. So now we are a
little smarter and count only non-HTTP-empty-hostname keys.
Also fixed a bug so that a key like "https://:1234" is sure to have TLS
enabled by giving it a TLS connection policy. (Relaxed conditions
slightly; the previous conditions were too strict, requiring there to be
a TLS conn policy already or a default SNI to be non-empty.)
Also clarified a comment thanks to feedback from @Mohammed90
|
|
|
|
Prior logic was not setting up redirects for the case when domain names
are not known, but the server still clearly has TLS enabled.
|
|
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
These functions are called at init-time, and their inputs are hard-coded
so there are no environmental or user factors that could make it fail
or succeed; the error return values are often ignored, and when they're
not, they are usually a fatal error anyway. To ensure that a programmer
mistake is not missed, we now panic instead.
Last breaking change 🤞
|
|
|
|
|
|
We'll need that context in v2.1 when the transport can manage its own
client certificates; see #3198
|
|
Otherwise, a password prompt can occur unnecessarily.
|
|
As per https://github.com/caddyserver/caddy/issues/3051#issuecomment-611200414
|
|
* chore: make the linter happier
* chore: remove reference to maligned linter in .golangci.yml
|
|
|
|
Thanks to @TristonianJones for the tip!
https://github.com/caddyserver/caddy/commit/105acfa08664c97460a6fe3fb49635618be5bcb2#r38358983
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* caddyhttp: Support single-line not matcher shortcut
* caddyhttp: Some tests, I guess
|
|
Using html/template.HTML like we were doing before caused nested include
to be HTML-escaped, which breaks sites. Now we do not escape any of the
output; template input is usually trusted, and if it's not, users should
employ escaping actions within their templates to keep it safe. The docs
already said this.
|
|
|
|
|
|
Now using IANA-compliant names and Go 1.14's CipherSuites() function so
we don't have to maintain our own mapping of currently-secure cipher
suites.
|
|
Needed if port is 0, thus chosen by OS
|
|
|
|
See https://caddy.community/t/v2-matcher-or-in-not/7355/
|
|
If a placeholder in the path component injects a query string such as
the {http.request.uri} placeholder is wont to do, we need to separate it
out from the path.
|
|
This is more congruent with its module name. A change that affects only
code, not configurations.
|
|
|
|
|
|
See https://caddy.community/t/v2-match-any-path-but-files/7326/8?u=matt
If rewrites (or redirects, for that matter) match on file existence,
the file matcher would need to know the root of the site.
Making this change implies that root directives that depend on rewritten
URIs will not work as expected. However, I think this is very uncommon,
and am not sure I have ever seen that. Usually, dynamic roots are based
on host, not paths or query strings.
I suspect that rewrites based on file existence will be more common than
roots based on rewritten URIs, so I am moving root to be the first in
the list.
Users can always override this ordering with the 'order' global option.
|
|
Either Dial or LookupSRV will be set, but if we rely on Dial always
being set, we could run into bugs.
Note: Health checks don't support SRV upstreams.
|
|
* caddyauth: Add Metadata field to caddyauth.User
* Apply gofmt
* Tidy it up a bit
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* reverse_proxy: Begin SRV lookup support (WIP)
* reverse_proxy: Finish adding support for SRV-based backends (#3179)
|