summaryrefslogtreecommitdiff
path: root/modules
AgeCommit message (Collapse)Author
2020-09-16fileserver: Fix try_files for directories; windows fix (#3684)Francis Lavoie
* fileserver: Fix try_files for directories, windows fix * fileserver: Add new file type placeholder, refactoring, tests * fileserver: Review cleanup * fileserver: Flip the return args order
2020-09-16caddyhttp: New placeholder for PEM of client certificate (#3662)Gaurav Dhameeja
* Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * fixed tests Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-09-15logging: Implement Caddyfile support for filter encoder (#3578)Francis Lavoie
* logging: Implement Caddyfile support for filter encoder * logging: Add support for parsing IP masks from strings wip * logging: Implement Caddyfile support for ip_mask * logging: Get rid of unnecessary logic to allow strings, not that useful * logging: Add adapt test
2020-09-11fileserver: Fix new file hide tests on Windows (#3719)Matt Holt
2020-09-11fileserver: Improve file hiding logic for directories and prefixesMatthew Holt
Now, a filename to hide that is specified without a path separator will count as hidden if it appears in any component of the file path (not only the last component); semantically, this means hiding a file by only its name (without any part of a path) will hide both files and folders, e.g. hiding ".git" will hide "/.git" and also "/.git/foo". We also do prefix matching so that hiding "/.git" will hide "/.git" and "/.git/foo" but not "/.gitignore". The remaining logic is a globular match like before.
2020-09-09caddytls: Fix resolvers option of acme issuer (Caddyfile)Matthew Holt
Reported in: https://caddy.community/t/dns-challenge-with-namecheap-and-split-horizon-dns/9611/17?u=matt
2020-09-08caddytls: Add `dns` config to acmeissuer (#3701)Francis Lavoie
2020-09-08browse: align template to struct field renames from 4940325 (#3706)Mohammed Al Sahaf
2020-09-08caddyhttp: Wrap http.Server logging with zap (#3668)Francis Lavoie
2020-09-08reverseproxy: Add `buffer_requests` option to `reverse_proxy` directive (#3710)Francis Lavoie
2020-08-31caddytls: Customize DNS resolvers for DNS challenge with CaddyfileMatthew Holt
2020-08-31reverseproxy: Abort active health checks on context cancellationMatthew Holt
2020-08-31fileserver: Fix inconsistencies in browse JSONMatthew Holt
2020-08-21caddytls: Configure custom DNS resolvers for DNS challenge (close #2476)Matthew Holt
And #3391 Maybe also related: #3664
2020-08-20go.mod: Use v0.15(.1) of smallstep libsMatthew Holt
Update internal issuer for compatibility -- yay simpler code! The .1 version also fixes non-critical SAN extensions that caused trust issues on several clients.
2020-08-20ci: Upgrade to Go 1.15 (#3642)Francis Lavoie
* ci: Try Go 1.15 RC1 out of curiosity * Go 1.15 was released; let's try it * Update to latest quic-go * Attempt at fixing broken test Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-17reverseproxy: Make default buffer size constMatthew Holt
2020-08-17reverseproxy: Support header selection policy on `Host` field (#3653)Francis Lavoie
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-07reverseproxy: Minor fixes and cleanupMatthew Holt
Now use context cancellation to stop active health checker, which is simpler than and just as effective as using a separate stop channel.
2020-08-07caddyhttp: Add TLS client cert info to logs (#3640)Matt Holt
2020-08-03reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620)Kevin Lin
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-08-01fileserver: Fix newly-introduced failing test on Linux (#3625)Matt Holt
* fileserver: First attempt to fix failing test on Linux I think I updated the wrong test case before * Make new test function I guess what we really are trying to test is the case insensitivity of firstSplit. So a new test function is better for that.
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-07-31caddyhttp: Add support to resolve DN in CEL expression (#3608)v-rosa
2020-07-31fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623)Matthew Holt
We can't use a positional index on an original string that we got from its lower-cased equivalent. Implement our own IndexFold() function b/c the std lib does not have one.
2020-07-31httpcaddyfile: Add `compression` to http transport config (#3624)Ye Zhihao
* httpcaddyfile: Add `compression` to http transport config * Add caddyfile adapt test for typical h2c setup
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-20templates: Implement placeholders function (#3324)Patrick Hein
* caddyhttp, httpcaddyfile: Implement placeholders in template * caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates * Update modules/caddyhttp/templates/templates.go updates JSON doc Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddyhttp/templates/tplcontext.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-20push: Implement HTTP/2 server push (#3573)Matt Holt
* push: Implement HTTP/2 server push (close #3551) * push: Abstract header ops by embedding into new struct type This will allow us to add more fields to customize headers in push-specific ways in the future. * push: Ensure Link resources are pushed before response is written * Change header name from X-Caddy-Push to Caddy-Push
2020-07-20fastcgi: Add resolve_root_symlink (#3587)Manuel Dalla Lana
2020-07-20reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561)Kevin Lin
* reverse proxy: Support more h2 stream scenarios (#3556) * reverse proxy: add integration test for better h2 stream (#3556) * reverse proxy: adjust comments as francislavoie suggests * link to issue #3556 in the comments
2020-07-18reverseproxy: add support for custom DNS resolver (#3479)Mohammed Al Sahaf
* reverse proxy: add support for custom resolver * reverse proxy: don't pollute the global resolver with bootstrap resolver setup * Improve documentation of reverseproxy.UpstreamResolver fields Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver * remove support for bootstraper of resolver * godoc and code-style changes Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-17reverseproxy: Restore request's original host and header (fix #3509)Matthew Holt
We already restore them within the retry loop, but after successful proxy we didn't reset them, so as handlers bubble back up, they would see the values used for proxying. Thanks to @ziddey for identifying the cause.
2020-07-17fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570)Francis Lavoie
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
2020-07-17fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577)Francis Lavoie
Completing a TODO!
2020-07-17reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576)Francis Lavoie
* reverseproxy: Fix Caddyfile parsing for empty non-http transports * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Rename empty transport test Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-17caddyauth: hash-password: Set bcrypt cost to 14 (#3580)Matthew Holt
2020-07-16caddyhttp: Add {http.request.body} placeholderMatthew Holt
2020-07-13logging: ⚠️ Deprecate logfmt encoderMatthew Holt
It is essentially broken because it occludes many log fields. See: https://github.com/caddyserver/caddy/issues/3575
2020-07-11chore: Rename file to be consistentMatthew Holt
2020-07-08fileserver: Enable browse pagination with offset parameter (#3542)snu-ceyda
* Update browse.go * Update browselisting.go * Update browsetpl.go * fix linter err * Update modules/caddyhttp/fileserver/browse.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update modules/caddyhttp/fileserver/browselisting.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update browsetpl.go change from -> offset * Update browse.go * Update browselisting.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-07-08templates: Fix front matter closing fence searchMatthew Holt
This makes it choose first matching closing fence instead of last one, which could appear in document body.
2020-07-08caddytls: Move initial storage clean op into goroutineMatthew Holt
Sometimes this operation can take a while (we observed 7 minutes recently, with a large, globally-distributed storage backend).
2020-07-07caddyhttp: Reorder some access log fields; add host matcher test caseMatthew Holt
This field order reads a little more naturally.
2020-07-06templates: Disable hard wraps in Markdown rendering (#3553)Greg Anders
2020-06-30cel: fix validation of expression result type (#3526)Mohammed Al Sahaf
* cel: fix validation of expression result type The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue. * deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf * downgrade github.com/smallstep/nosql to resolve warning pb.proto warning
2020-06-30caddyhttp: Corrected host label index check (fix #3502)Matthew Holt
2020-06-26caddyhttp: Support placeholders in query matcher (#3521)James Birtles
2020-06-26caddyhttp: Add 'map' handler (#3199)Mark Sargent
* inital map implementation * resolve the value during middleware execution * use regex instead * pr feedback * renamed mmap to maphandler * refactored GetString implementation * fixed mispelling * additional feedback