Age | Commit message (Collapse) | Author |
|
|
|
|
|
* core: Eliminate unnecessary shutdown delay on Unix
Fix #5393, alternate to #5405
* Comments, cleanup, adjust logs
* Fix build constraint
|
|
Changed to match the `vars` matcher's logic for handling placeholders
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
|
|
|
|
* cmd: Expand cobra support
* Convert commands to cobra, add short flags
* Fix version command typo
Co-authored-by: Emily Lange <git@indeednotjames.com>
* Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Emily Lange <git@indeednotjames.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
|
|
|
|
|
|
* reverseproxy: Don't buffer chunked requests (fix #5366)
Mostly reverts 845bc4d50b437995d574819850206e4b3db4040d (#5289)
Adds warning for unsafe config.
Deprecates unsafe properties in favor of simpler, safer designed ones.
* Update modules/caddyhttp/reverseproxy/caddyfile.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Update modules/caddyhttp/reverseproxy/reverseproxy.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Update modules/caddyhttp/reverseproxy/reverseproxy.go
Co-authored-by: Y.Horie <u5.horie@gmail.com>
* Remove unused code
---------
Co-authored-by: Y.Horie <u5.horie@gmail.com>
|
|
* chore: Upgrade various dependencies
* Support CEL file matcher with no args
* Document `http.request.orig_uri.path.*`, reorder placeholders in docs
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
* added some tests for parseUpstreamDialAddress
Test 4 fails because it produces "[[::1]]:80" instead of "[::1]:80"
* support absolute windows path in unix reverse proxy address
* make IsUnixNetwork public, support +h2c and reuse it
* add new tests
|
|
* log response size for websocket request
* record size when using hijack bufio.Writer
|
|
* caddyhttp: Pluggable trusted proxy IP range sources
* Add request to the IPRangeSource interface
|
|
* caddyauth: Add singleflight for basic auth
* Fixes #5338
* it occurred the thunder herd problem like this https://medium.com/@mhrlife/avoid-duplicate-requests-while-filling-cache-98c687879f59
* Update modules/caddyhttp/caddyauth/basicauth.go
Fix comment
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
|
|
|
|
|
|
|
|
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Fixes undefined
|
|
Fixes https://github.com/caddyserver/caddy/issues/5171
|
|
|
|
* Fixes #5236
* enable request body buffering in reverse proxy
when the request header has Transfer-Encoding: chunked
|
|
|
|
* reverseproxy: Set origreq in active health check
Fix #5281
* Oops; dereference Request
|
|
|
|
With placeholders
|
|
* encode: respect Cache-Control HTTP header no-transform
* encode: switch to strings.Contains
|
|
And fix a comment typo
|
|
* acme_server: add certificate lifetime configuration option
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
* pki: allow intermediate cert lifetime to be configured
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
|
|
* If upstreams are all using same host but with different ports
ie:
foobar:4001
foobar:4002
foobar:4003
...
Because fnv-1a has not a good enough avalanche effect
Then the hostByHashing result is not well balanced over
all upstreams
As last byte FNV input tend to affect few bits, the idea is to change
the concatenation order between the key and the upstream strings
So the upstream last byte have more impact on hash diffusion
|
|
|
|
This commit replaces the use of github.com/smallstep/cli to generate the
root and intermediate certificates and uses go.step.sm/crypto instead.
It also upgrades the version of github.com/smallstep/certificates to the
latest version.
|
|
* reverseproxy: Mask the WS close message when we're the client
* weakrand
* Bump golangci-lint version so path ignores work on Windows
* gofmt
* ugh, gofmt everything, I guess
|
|
instead of generating a new root certificate at the default location
load the certificate from the configuration.
fixes: #5181
|
|
|
|
|
|
* fileserver: Reject non-GET/HEAD requests (close #5166)
* Set Allow header according to RFC 9110 10.2.1
|
|
on Windows (#5148)
* fileserver: Reject ADS and short name paths
* caddyhttp: Trim trailing space and dot on Windows
Windows ignores trailing dots and spaces in filenames.
* Fix test
* Adjust path filters
* Revert Windows test
* Actually revert the test
* Just check for colons
|
|
|
|
|
|
policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off
* Try removing this check altogether...
* Refine test timeouts slightly, sigh
* caddyhttp: Assume udp for unrecognized network type
Seems like the reasonable thing to do if a plugin registers its own
network type.
* Add comment to document my lack of knowledge
* Clean up and prepare to merge
Add comments to try to explain what happened
|
|
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)
* Correct boolean logic (oops)
|
|
Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished.
Closes #5129
|
|
Fix #4859
|
|
Attempt to reduce flakiness a bit more
Test suite needs to be rewritten.
|
|
|
|
* logging: Perform filtering on arrays of strings (where possible)
* Add test for ip_mask filter
* Oops, need to continue when it's not an IP
* Test for invalid IPs
|
|
|