| Age | Commit message (Collapse) | Author |
|---|
|
* logging: Implement Caddyfile support for filter encoder
* logging: Add support for parsing IP masks from strings
wip
* logging: Implement Caddyfile support for ip_mask
* logging: Get rid of unnecessary logic to allow strings, not that useful
* logging: Add adapt test
|
|
|
|
Now, a filename to hide that is specified without a path separator will
count as hidden if it appears in any component of the file path (not
only the last component); semantically, this means hiding a file by only
its name (without any part of a path) will hide both files and folders,
e.g. hiding ".git" will hide "/.git" and also "/.git/foo".
We also do prefix matching so that hiding "/.git" will hide "/.git"
and "/.git/foo" but not "/.gitignore".
The remaining logic is a globular match like before.
|
|
Reported in:
https://caddy.community/t/dns-challenge-with-namecheap-and-split-horizon-dns/9611/17?u=matt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
And #3391
Maybe also related: #3664
|
|
Update internal issuer for compatibility -- yay simpler code!
The .1 version also fixes non-critical SAN extensions that caused trust
issues on several clients.
|
|
* ci: Try Go 1.15 RC1 out of curiosity
* Go 1.15 was released; let's try it
* Update to latest quic-go
* Attempt at fixing broken test
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers
Configuring issuers explicitly in a Caddyfile is not easily compatible
with existing ACME-specific parameters such as email or acme_ca which
infer the kind of issuer it creates (this is complicated now because
the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit
that later if we need to.
New Caddyfile global option:
{
cert_issuer <name> ...
}
Or, alternatively, as a tls subdirective:
tls {
issuer <name> ...
}
For example, to use ZeroSSL with an API key:
{
cert_issuser zerossl API_KEY
}
For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB
credentials for you. You can also provide the EAB credentials directly
just like any other ACME endpoint:
{
cert_issuer acme {
eab KEY_ID MAC_KEY
}
}
All these examples use the new global option (or tls subdirective). You
can still use traditional/existing options with ZeroSSL, since it's
just another ACME endpoint:
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab KEY_ID MAC_KEY
}
That's all there is to it. You just can't mix-and-match acme_* options
with cert_issuer, because it becomes confusing/ambiguous/complicated to
merge the settings.
* Fix broken test
This test was asserting buggy behavior, oops - glad this branch both
discovers and fixes the bug at the same time!
* Fix broken test (post-merge)
* Update modules/caddytls/acmeissuer.go
Fix godoc comment
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Add support for ZeroSSL's EAB-by-email endpoint
Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to
the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to
generate EAB if not already provided); this is now possible with either
an API key or an email address.
* go.mod: Use latest certmagic, acmez, and x/net
* Wrap underlying logic rather than repeating it
Oops, duh
* Form-encode email info into request body for EAB endpoint
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
Now use context cancellation to stop active health checker, which is
simpler than and just as effective as using a separate stop channel.
|
|
|
|
* reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606).
* reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream.
* Minor cleanup; apply review suggestions
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
|
|
* fileserver: First attempt to fix failing test on Linux
I think I updated the wrong test case before
* Make new test function
I guess what we really are trying to test is the case insensitivity of
firstSplit. So a new test function is better for that.
|
|
* fix 2 possible bugs
* handle unhandled errors
|
|
|
|
We can't use a positional index on an original string that we got from
its lower-cased equivalent. Implement our own IndexFold() function b/c
the std lib does not have one.
|
|
* httpcaddyfile: Add `compression` to http transport config
* Add caddyfile adapt test for typical h2c setup
|
|
* Replace lego with acmez; upgrade CertMagic
* Update integration test
|
|
* caddyhttp, httpcaddyfile: Implement placeholders in template
* caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates
* Update modules/caddyhttp/templates/templates.go
updates JSON doc
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/templates/tplcontext.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* push: Implement HTTP/2 server push (close #3551)
* push: Abstract header ops by embedding into new struct type
This will allow us to add more fields to customize headers in
push-specific ways in the future.
* push: Ensure Link resources are pushed before response is written
* Change header name from X-Caddy-Push to Caddy-Push
|
|
|
|
* reverse proxy: Support more h2 stream scenarios (#3556)
* reverse proxy: add integration test for better h2 stream (#3556)
* reverse proxy: adjust comments as francislavoie suggests
* link to issue #3556 in the comments
|
|
* reverse proxy: add support for custom resolver
* reverse proxy: don't pollute the global resolver with bootstrap resolver setup
* Improve documentation of reverseproxy.UpstreamResolver fields
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver
* remove support for bootstraper of resolver
* godoc and code-style changes
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
We already restore them within the retry loop, but after successful
proxy we didn't reset them, so as handlers bubble back up, they would
see the values used for proxying.
Thanks to @ziddey for identifying the cause.
|
|
See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash
See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty
|
|
Completing a TODO!
|
|
* reverseproxy: Fix Caddyfile parsing for empty non-http transports
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Rename empty transport test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
It is essentially broken because it occludes many log fields.
See: https://github.com/caddyserver/caddy/issues/3575
|
|
|
|
* Update browse.go
* Update browselisting.go
* Update browsetpl.go
* fix linter err
* Update modules/caddyhttp/fileserver/browse.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddyhttp/fileserver/browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update browsetpl.go
change from -> offset
* Update browse.go
* Update browselisting.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
This makes it choose first matching closing fence instead of last one,
which could appear in document body.
|
|
Sometimes this operation can take a while (we observed 7 minutes
recently, with a large, globally-distributed storage backend).
|
|
This field order reads a little more naturally.
|
|
|
|
* cel: fix validation of expression result type
The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue.
* deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf
* downgrade github.com/smallstep/nosql to resolve warning pb.proto warning
|
|
|
|
|
|
* inital map implementation
* resolve the value during middleware execution
* use regex instead
* pr feedback
* renamed mmap to maphandler
* refactored GetString implementation
* fixed mispelling
* additional feedback
|
|
First try an exact lookup like before, but if it fails, strip the port
and try again. example.com:1234 should still use a logger keyed for
example.com if there is no key example.com:1234.
|
|
|
