summaryrefslogtreecommitdiff
path: root/modules
AgeCommit message (Collapse)Author
2022-03-02caddypki: Try to fix lint warningsMatthew Holt
2022-03-02caddypki: Refactor /pki/ admin endpointsMatthew Holt
Remove /pki/certificates/<ca> endpoint and split into two endpoints: - GET /pki/ca/<id> to get CA info and certs in JSON format - GET /pki/ca/<id>/certificates to get cert in PEM chain
2022-03-02fastcgi: Set SERVER_PORT to 80 or 443 depending on scheme (#4572)ttys3
2022-03-02pki: Implement API endpoints for certs and `caddy trust` (#4443)Francis Lavoie
* admin: Implement /pki/certificates/<id> API * pki: Lower "skip_install_trust" log level to INFO See https://github.com/caddyserver/caddy/issues/4058#issuecomment-976132935 It's not necessary to warn about this, because this was an option explicitly configured by the user. Still useful to log, but we don't need to be so loud about it. * cmd: Export functions needed for PKI app, return API response to caller * pki: Rewrite `caddy trust` command to use new admin endpoint instead * pki: Rewrite `caddy untrust` command to support using admin endpoint * Refactor cmd and pki packages for determining admin API endpoint
2022-03-01caddyhttp: Support zone identifiers in remote_ip matcher (#4597)BitWuehler
* Update matchers.go * Update matchers.go * implementation of zone_id handling * last changes in zone handling * give return true values instead of bool * Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> * changes as suggested * Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Update matchers.go * shortened the Match function * changed mazcher handling * Update matchers.go * delete space Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-03-01fileserver: Canonical redir when whole path is stripped (#4549)Francis Lavoie
2022-03-01reverseproxy: Move status replacement intercept to `replace_status` (#4300)Francis Lavoie
2022-02-19caddyhttp: Move HTTP redirect listener to an optional module (#4585)Francis Lavoie
2022-02-19logging: Add `roll_local_time` Caddyfile option (#4583)Francis Lavoie
2022-02-19caddyhttp: Always log handled errors at debug level (#4584)Francis Lavoie
2022-02-17caddytls: Support external certificate Managers (like Tailscale) (#4541)Matt Holt
Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-02-06templates: Elaborate on what's supported by the markdown function (#4564)Francis Lavoie
2022-02-01reverseproxy: Avoid returning a `nil` error during GetClientCertificate (#4550)Francis Lavoie
2022-01-25move common metrics-related funcs to internal packageDave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2022-01-25Update modules/caddyhttp/metrics_test.goFrancis Lavoie
2022-01-25other is not uppercaseDave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2022-01-25metrics: Enforce smaller set of method labelsDave Henderson
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
2022-01-24caddyhttp: Fix test when /tmp/etc already exists (#4544)Kevin Daudt
The TestFileListing test in tplcontext_test has one test that verifies if directory traversal is not happening. The context root is set to '/tmp' and then it tries to open '../../../../../etc', which gets normalized to '/tmp/etc'. The test then expects an error to be returned, assuming that '/tmp/etc' does not exist on the system. When it does exist, it results in a test failure: ``` --- FAIL: TestFileListing (0.00s) tplcontext_test.go:422: Test 4: Expected error but had none FAIL FAIL github.com/caddyserver/caddy/v2/modules/caddyhttp/templates 0.042s ``` Instead of using '/tmp' as root, use a dedicated directory created with `os.MkdirTemp()` instead. That way, we know that the directory is empty.
2022-01-19caddyhttp: Reject absurd methods (#4538)Matt Holt
* caddyhttp: Reject absurdly long methods * Limit method to 32 chars and truncate * Just reject the request and debug-log it * Log remote address
2022-01-19Improve the reverse-proxy CLI --to flag help message (#4535)Vojtech Vitek
2022-01-18caddytls: Add internal Caddyfile `lifetime`, `sign_with_root` opts (#4513)Francis Lavoie
2022-01-18rewrite: Add `method` Caddyfile directive (#4528)Francis Lavoie
2022-01-18caddyhttp: Fix HTTP->HTTPS redir not preferring HTTPS port if ambiguous (#4530)Francis Lavoie
2022-01-13rewrite: Fix a double-encode issue when using the `{uri}` placeholder (#4516)Francis Lavoie
2022-01-13caddytls: Fix `MatchRemoteIP` provisoning with multiple CIDR ranges (#4522)GallopingKylin
2022-01-12caddyhttp: Return HTTP 421 for mismatched Host header (#4023)rayjlinden
Potential fix for #4017 although the consensus is unclear. Made change to return status code 421 instead of 403 when StrictSNIHost matching is on.
2022-01-07caddypki: Return error if no PEM data foundMatthew Holt
Best guess for https://caddy.community/t/on-fly-certificate-generation-based-on-sni/14639/4
2022-01-05caddyhttp: Redirect HTTP requests on the HTTPS port to https:// (#4313)Francis Lavoie
* caddyhttp: Redirect HTTP requests on the HTTPS port to https:// * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-01-05templates: Document .OriginalReqMatthew Holt
Close caddyserver/website#91
2022-01-04admin, reverseproxy: Stop timers if canceled to avoid goroutine leak (#4482)Денис Телюх
2022-01-04logging: Support turning off roll compression via Caddyfile (#4505)Francis Lavoie
2022-01-04headers: Fix `+` in Caddyfile to properly append rather than set (#4506)Francis Lavoie
2021-12-30caddyhttp: Fix `MatchPath` sanitizing (#4499)Francis Lavoie
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542 Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
2021-12-17reverseproxy: Fix incorrect `health_headers` Caddyfile parsing (#4485)Francis Lavoie
Fixes #4481
2021-12-15caddyhttp: Implement http.request.uuid placeholder (#4285)Rainer Borene
2021-12-13caddypki: Minor tweak, don't use context pointerMatthew Holt
2021-12-13caddyhttp: Enhance vars matcher (#4433)Matt Holt
* caddyhttp: Enhance vars matcher Enable "or" logic for multiple values. Fall back to checking placeholders if not a var name. * Fix tests (thanks @mohammed90 !)
2021-12-13pki: Avoid provisioning the `local` CA when not necessary (#4463)Francis Lavoie
* pki: Avoid provisioning the `local` CA when not necessary * pki: Refactor CA loading to keep the logic in the PKI app
2021-12-11fileserver: do not double-escape paths (#4447)Mohammed Al Sahaf
2021-12-05docs: use backticks to not italicise glob path (#4460)Adam Burgess
2021-12-02logging: add support for hashing data (#4434)Kévin Dunglas
* logging: add support for hashing data * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> * Update modules/logging/filters.go Co-authored-by: wiese <wiese@users.noreply.github.com> Co-authored-by: wiese <wiese@users.noreply.github.com>
2021-12-02caddyhttp: Make logging of credential headers opt-in (#4438)Francis Lavoie
2021-12-02fastcgi: Fix a TODO, prevent zap using reflection for logging env (#4437)Francis Lavoie
* fastcgi: Fix a TODO, prevent zap using reflection for logging env * Update modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2021-11-29templates: fix inconsistent nested includes (#4452)Tim Culverhouse
2021-11-29caddyhttp: Split up logged remote address into IP and port (#4403)Francis Lavoie
2021-11-29logging: Remove common_log field and single_field encoder (#4149) (#4282)Matt Holt
2021-11-24reverseproxy: Adjust defaults, document defaults (#4436)Francis Lavoie
* reverseproxy: Adjust defaults, document defaults Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6. - Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release. - Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost! - Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience. * reverseproxy: Make keepalive interval configurable via Caddyfile * fastcgi: DialTimeout default for fastcgi transport too
2021-11-23logging: add a regexp filter (#4426)Kévin Dunglas
2021-11-23logging: add a filter for cookies (#4425)Kévin Dunglas
* feat(logging): add a filter for cookies * Improve godoc and add validation
2021-11-23logging: add a filter for query parameters (#4424)Kévin Dunglas
Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>