summaryrefslogtreecommitdiff
path: root/modules/caddyhttp
AgeCommit message (Collapse)Author
2020-06-03caddyhttp: Auto-redirects from all bind addresses (fix #3443)Matthew Holt
2020-06-01caddyauth: Cache basicauth results (fixes #3462) (#3465)Matt Holt
Cache capacity is currently hard-coded at 1000 with random eviction. It is enabled by default from Caddyfile configurations because I assume this is the most common preference.
2020-05-27reverseproxy: Pool copy buffers (minor optimization)Matthew Holt
2020-05-27reverseproxy: Enable response interception (#1447, #2920)Matthew Holt
It's a raw, low-level implementation for now, but it's very flexible. More sugar-coating can be added after error handling is more developed.
2020-05-26caddyhttp: Refactor header matchingMatthew Holt
This allows response matchers to benefit from the same matching logic as the request header matchers (mainly prefix/suffix wildcards).
2020-05-26caddyhttp: Add client.public_key(_sha256) placeholdersMatthew Holt
2020-05-26httpcaddyfile: New `handle_path` directive (#3281)Francis Lavoie
* caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-26cmd: file-server: add --access-log flag (#3454)Rui Lopes
2020-05-26reverseproxy: Improve error message when using scheme+placeholder (#3393)Francis Lavoie
* reverseproxy: Improve error message when using scheme+placeholder * reverseproxy: Simplify error message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-26reverseproxy: Fix https active health checks #3450 (#3451)AndyBan
2020-05-25chore: forego the use of deprecated cel func NewIdent in favor of NewVar (#3444)Mohammed Al Sahaf
2020-05-21caddyhttp: Add time.now placeholder and update cel-go (closes #2594)Matthew Holt
2020-05-21cmd: hash-password: Fix broken terminal state on SIGINT (#3416)Francis Lavoie
* caddyauth: Fix hash-password broken terminal state on SIGINT * caddycmd: Move TrapSignals calls to only subcommands that run long
2020-05-20reverseproxy: Don't overwrite existing X-Forwarded-Proto headerMatthew Holt
Correct behavior is not well defined because this is a non-standard header field. This could be a "hop-by-hop" field much like X-Forwarded-For is, but even our X-Forwarded-For implementation preserves prior entries. Or, it could be best to preserve the original value from the first hop, representing the protocol as facing the client. Let's try it the other way for a bit and see how it goes. See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
2020-05-18reverseproxy: Make debug log safe if error occursMatthew Holt
2020-05-18reverseproxy: Emit debug log before checking error (#3425)Matthew Holt
This way the upstream request will always be available even if it failed
2020-05-18templates: trim windows whitespace in SplitFrontMatter; fix #3386 (#3387)Thorkild Gregersen
* add test case for SplitFrontMatter showing issue with windows newline * fix issue with windows newline when using SplitFrontMatter * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * make it mere explicit what is trimmed from firstLine * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-18caddyauth: Add realm to basicauth Caddyfile directive (#3315)Francis Lavoie
2020-05-18fastcgi: `php_fastcgi` subdirectives to override shortcut behaviour (#3255)Francis Lavoie
* fastcgi: Add new php_fastcgi subdirectives to override the shortcut * fastcgi: Support "index off" to disable redir and try_files * fastcgi: Remove whitespace to satisfy linter * fastcgi: Run gofmt * fastcgi: Make a new dispenser instead of using rewind * fastcgi: Some fmt * fastcgi: Add a couple adapt tests * fastcgi: Clean up for loops * fastcgi: Move adapt tests to separate files
2020-05-13docs: link to CEL standard definitions (#3407)Mohammed Al Sahaf
* docs: link to CEL standard definitions * Rephrase the anchor to CEL standard definitions Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-13reverseproxy: Apply response header ops before copying it (fix #3382) (#3401)Matt Holt
2020-05-12all: Recover from panics in goroutinesMatthew Holt
2020-05-12cmd: reverse-proxy: add --insecure flag (with warning) (#3389)linquize
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-05-11caddyhttp: Fix merging of Caddyfile matchers in not blocks (#3379)Francis Lavoie
2020-05-11caddyhttp: Match hostnames with wildcards to loggers (#3378)Gregory Dosh
* adding wildcard matching of logger names * reordering precedence for more specific loggers to match first * removing dependence on certmagic and extra loop Co-authored-by: GregoryDosh <GregoryDosh@users.noreply.github.com>
2020-05-11cmd: hash-password: Support reading from stdin (#3373)Andrew Zhou
Closes #3365 * http: Add support in hash-password for reading from terminals/stdin * FIXUP: Run gofmt -s * FIXUP * FIXUP: Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * FIXUP Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-11caddyhttp: Minor refactoring for preparing requestsMatthew Holt
While building a layer4 app for Caddy, I discovered that we need the ability to fill a request's context just like the HTTP server does, hence this exported function PrepareRequest().
2020-05-06reverseproxy: Allow using TLS for port 80 upstreams (see #3361)Matthew Holt
An upstream like https://localhost:80 is still forbidden, but an addr of localhost:80 can be used while explicitly enabling TLS as an override; we just don't allow the implicit behavior to be ambiguous.
2020-05-05reverseproxy: Add tls_server_name option to Caddyfile (#3322)Francis Lavoie
2020-05-05pki: Embedded ACME server (#3198)Matt Holt
* pki: Initial commit of embedded ACME server (#3021) * reverseproxy: Support auto-managed TLS client certificates (#3021) * A little cleanup after today's review session
2020-05-05file_server: Accept files args in one-liner of Caddyfile matcher (#3298)Matt Holt
Previously, matching by trying files other than the actual path of the URI was: file { try_files <files...> } Now, the same can be done in one line: file <files...> As before, an empty file matcher: file still matches if the request URI exists as a file in the site root.
2020-05-05httpserver: Add experimental H2C support (#3289)Matt Holt
* reverse_proxy: Initial attempt at H2C transport/client support (#3218) I have not tested this yet * Experimentally enabling H2C server support (closes #3227) See also #3218 I have not tested this * reverseproxy: Clean up H2C transport a bit * caddyhttp: Update godoc for h2c server; clarify experimental status * caddyhttp: Fix trailers when recording responses (fixes #3236) * caddyhttp: Tweak h2c config settings and docs
2020-05-01reverseproxy: Remove circuitbreaker module (see #3331)Matthew Holt
Moving to https://github.com/caddyserver/circuitbreaker Nobody was using it anyway -- it works well, but something got fumbled in a refactoring *months* ago. Turns out that we forgot the interface guards AND botched a method name (my bad) - Ok() should have been OK(). So it would always have thrown a runtime panic if it tried to be loaded. The module itself works well, but obviously nobody used it because nobody reported the error. Fixing this while we move it to the new repo. Removing this removes the last Bazaar/Launchpad dependency (I think).
2020-04-28caddyhttp: Better duration loggingMatthew Holt
Also un-nest all the error handling, that was unnecessary indentation
2020-04-28caddyhttp: General improvements to access logging (#3301)Matt Holt
* httpcaddyfile: Exclude access logs written to files from default log Even though any logs can just be ignored, most users don't seem to like configuring an access log to go to a file only to have it doubly appear in the default log. Related to: - #3294 - https://caddy.community/t/v2-logging-format/7642/4?u=matt - https://caddy.community/t/caddyfile-questions/7651/3?u=matt * caddyhttp: General improvements to access log controls (fixes #3310) * caddyhttp: Move log config nil check higher * Rename LoggerName -> DefaultLoggerName
2020-04-27cmd: Clean up, simplify reverse proxy command; fix some edge casesMatthew Holt
Now we take advantage of the address parsing capabilities of the HTTP caddyfile.
2020-04-27Minor comment fixMatthew Holt
2020-04-27caddyhttp: Add split_path to file matcher (used by php_fastcgi) (#3302)Francis Lavoie
* matcher: Add `split_path` option to file matcher; used in php_fastcgi * matcher: Skip try_files split if not the final part of the filename * matcher: Add MatchFile tests * matcher: Clarify SplitPath godoc
2020-04-26caddyhttp: Fix listener overlap detection on LinuxMatthew Holt
Sigh, apparently Linux is incapable of distinguishing host interfaces in socket addresses, even though it works fine on Mac. I suppose we just have to assume that any listeners with the same port are the same address, completely ignoring the host interface on Linux... oh well.
2020-04-24docs: Improve template documentation slightly; use const, not literalMatthew Holt
2020-04-24httpcaddyfile: Add nil check to prevent panic, fix validation logicMatthew Holt
Panic would happen if an automation policy was specified in a singular server block that had no hostnames in its address. Definitely an edge case. Fixed a bug related to checking for server blocks with a host-less key that tried to make an automation policy. Previously if you had only two server blocks like ":443" and another one at ":80", the one at ":443" could not create a TLS automation policy because it thought it would interfere with TLS automation for the block at ":80", but obviously that key doesn't enable TLS because it is on the HTTP port. So now we are a little smarter and count only non-HTTP-empty-hostname keys. Also fixed a bug so that a key like "https://:1234" is sure to have TLS enabled by giving it a TLS connection policy. (Relaxed conditions slightly; the previous conditions were too strict, requiring there to be a TLS conn policy already or a default SNI to be non-empty.) Also clarified a comment thanks to feedback from @Mohammed90
2020-04-24dangit, of course I would bork my git commitMatthew Holt
2020-04-24caddyhttp: Fix auto redirects for catch-all HTTPS sitesMatthew Holt
Prior logic was not setting up redirects for the case when domain names are not known, but the server still clearly has TLS enabled.
2020-04-22reverseproxy: Don't forget to provision embedded headers handlerMatthew Holt
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
2020-04-22caddyhttp: Fix trailers when recording responses (fixes #3236)Matthew Holt
2020-04-22caddyhttp: Fix common_log format's user ID placeholder (#3300)Francis Lavoie
2020-04-21reverseproxy: always set req.URL.Host with upstream (#3297)westwin
2020-04-21docs: Minor improvementsMatthew Holt
2020-04-17reverseproxy: Set X-Forwarded-Proto (closes #3275) (#3276)Matt Holt