From a458544d9f6e6aaf72aeab0454acfa482880d3d6 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 16 Oct 2019 15:18:02 -0600
Subject: Minor enhancements/fixes to rewrite directive and template virt req's

---
 README.md                                 | 11 +++++++----
 modules/caddyhttp/rewrite/caddyfile.go    |  3 +++
 modules/caddyhttp/templates/tplcontext.go | 20 +++++++++++++++++---
 3 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 7aaf57e..84b79e8 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ Please file issues to propose new features and report bugs, and after the bug or
 Requirements:
 
 - [Go 1.13 or newer](https://golang.org/dl/)
-- Make sure you do not disable [Go modules](https://github.com/golang/go/wiki/Modules) (`export GO111MODULE=auto`)
+- Do NOT disable [Go modules](https://github.com/golang/go/wiki/Modules) (`export GO111MODULE=auto`)
 
 Download the `v2` source code:
 
@@ -120,10 +120,10 @@ Caddy 2 can be configured with a Caddyfile, much like in v1, for example:
 ```plain
 example.com
 
-templates
-encode    gzip zstd
 try_files {path}.html {path}
-reverse_proxy /api localhost:9005
+encode gzip zstd
+reverse_proxy /api  localhost:9005
+php_fastcgi   /blog unix//path/to/socket
 file_server
 ```
 
@@ -199,6 +199,7 @@ The following is a non-comprehensive list of significant improvements over Caddy
     - TLS Session Ticket Ephemeral Keys (STEKs) can be rotated in a cluster for increased performance (no other web server does this either!)
     - Ability to select a specific certificate per ClientHello given multiple qualifying certificates
     - Provide TLS certificates without persisting them to disk; keep private keys entirely in memory
+	- Certificate management at startup is now asynchronous and much easier to use through machine reboots and in unsupervised settings
 - All-new HTTP server core
 	- Listeners can be configured for any network type, address, and port range
 	- Customizable TLS connection policies
@@ -218,6 +219,8 @@ The following is a non-comprehensive list of significant improvements over Caddy
     - Done away with URL-rewriting hacks often needed in Caddy 1
 	- Highly descriptive/traceable errors
 	- Very flexible error handling, with the ability to specify a whole list of routes just for error cases
+	- The proxy has numerous improvements, including dynamic backends and more configurable health checks
+	- FastCGI support integrated with the reverse proxy
 	- More control over automatic HTTPS: disable entirely, disable only HTTP->HTTPS redirects, disable only cert management, and for certain names, etc.
     - Use Starlark to build custom, dynamic HTTP handlers at request-time
         - We are finding that -- on average -- Caddy 2's Starlark handlers are ~1.25-2x faster than NGINX+Lua.
diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go
index cb65d43..a1fc874 100644
--- a/modules/caddyhttp/rewrite/caddyfile.go
+++ b/modules/caddyhttp/rewrite/caddyfile.go
@@ -31,6 +31,9 @@ func init() {
 func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) {
 	var rewr Rewrite
 	for h.Next() {
+		if !h.NextArg() {
+			return nil, h.ArgErr()
+		}
 		rewr.URI = h.Val()
 		if h.NextArg() {
 			return nil, h.ArgErr()
diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go
index 40d1370..e3909b2 100644
--- a/modules/caddyhttp/templates/tplcontext.go
+++ b/modules/caddyhttp/templates/tplcontext.go
@@ -22,6 +22,7 @@ import (
 	"net"
 	"net/http"
 	"path"
+	"strconv"
 	"strings"
 	"sync"
 
@@ -79,8 +80,18 @@ func (c templateContext) Include(filename string, args ...interface{}) (template
 // are NOT escaped, so you should only include trusted resources.
 // If it is not trusted, be sure to use escaping functions yourself.
 func (c templateContext) HTTPInclude(uri string) (template.HTML, error) {
-	if c.Req.Header.Get(recursionPreventionHeader) == "1" {
-		return "", fmt.Errorf("virtual request cycle")
+	// prevent virtual request loops by counting how many levels
+	// deep we are; and if we get too deep, return an error
+	recursionCount := 1
+	if numStr := c.Req.Header.Get(recursionPreventionHeader); numStr != "" {
+		num, err := strconv.Atoi(numStr)
+		if err != nil {
+			return "", fmt.Errorf("parsing %s: %v", recursionPreventionHeader, err)
+		}
+		if num >= 3 {
+			return "", fmt.Errorf("virtual request cycle")
+		}
+		recursionCount = num + 1
 	}
 
 	buf := bufPool.Get().(*bytes.Buffer)
@@ -91,7 +102,10 @@ func (c templateContext) HTTPInclude(uri string) (template.HTML, error) {
 	if err != nil {
 		return "", err
 	}
-	virtReq.Header.Set(recursionPreventionHeader, "1")
+	virtReq.Host = c.Req.Host
+	virtReq.Header = c.Req.Header.Clone()
+	virtReq.Trailer = c.Req.Trailer.Clone()
+	virtReq.Header.Set(recursionPreventionHeader, strconv.Itoa(recursionCount))
 
 	vrw := &virtualResponseWriter{body: buf, header: make(http.Header)}
 	server := c.Req.Context().Value(caddyhttp.ServerCtxKey).(http.Handler)
-- 
cgit v1.2.3