aboutsummaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-08-07caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)vnxme
* Runtime placeholders for caddytls matchers (1/3): - remove IPs validation in UnmarshalCaddyfile * Runtime placeholders for caddytls matchers (2/3): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddytls matchers (3/3): - add placeholder replacement for other strings * Runtime placeholders for caddyhttp matchers (1/1): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddyhttp/caddytls matchers: - move PrivateRandesCIDR under internal
2024-08-06go.mod: update quic-go package (#6498)WeidiDeng
2024-08-05browse: Customizable default sort options (#6468)lollipopkit🏳️‍⚧️
* fileserver: add `sort` options * fix: test * fileserver: check options in `Provison` * fileserver: more obvious err alerts in sort options
2024-08-03proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol ↵Prakhar Awasthi
(#6485) * proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support * proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-07-27encode: flush already compressed data from the encoder (#6471)WeidiDeng
2024-07-27chore: update golangci config (#6479)Mohammed Al Sahaf
Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-07-24caddytls: Caddyfile support for TLS conn and cert sel policies (#6462)vnxme
* Caddyfile support for TLS custom certificate selection policy * Caddyfile support for TLS connection policy
2024-07-24caddytls: Caddyfile support for TLS handshake matchers (#6461)vnxme
* Caddyfile support for TLS handshake matchers: - caddytls.MatchLocalIP - caddytls.MatchRemoteIP - caddytls.MatchServerName * Caddyfile support for TLS handshake matchers: - fix imports order Co-authored-by: Francis Lavoie <[email protected]> --------- Co-authored-by: Francis Lavoie <[email protected]>
2024-07-22ci: correct `-tags nobadger` on binary build (#6470)June 🍓🦴
2024-07-18reverseproxy: Fix panic when using header-related flags (fix #6464)Matthew Holt
2024-07-15reverseproxy: add health_upstream subdirective (#6451)schultzie
* Add health_upstream Signed-off-by: Dylan Schultz <[email protected]> * Add health_upstream to caddyfile parsing * Add Active Upstream case for health checks * Update ignore health port comment Signed-off-by: Dylan Schultz <[email protected]> * Update Upstream json doc Signed-off-by: Dylan Schultz <[email protected]> * Update modules/caddyhttp/reverseproxy/healthchecks.go Co-authored-by: Francis Lavoie <[email protected]> * Use error rather than log for health_port override Signed-off-by: Dylan Schultz <[email protected]> * Add comment about port being ignore if using upstream Signed-off-by: Dylan Schultz <[email protected]> --------- Signed-off-by: Dylan Schultz <[email protected]> Co-authored-by: Francis Lavoie <[email protected]>
2024-07-12reverseproxy: Caddyfile support for health_method (#6454)Jesper Brix Rosenkilde
* Add Caddyfile support of setting active health check request method * Add integration test for active health check request method
2024-07-11reverseproxy: Configurable method for active health checks (#6453)Jesper Brix Rosenkilde
* Add option to set which HTTP method to use for active health checks * Default Method to GET if not set
2024-07-09reverseproxy: Add placeholder for networkAddr in active health check headers ↵schultzie
(#6450) Co-authored-by: Francis Lavoie <[email protected]>
2024-07-09fixed bug in resolving ip version in dynamic upstreams (#6448)Aziz Rmadi
2024-07-07browse: Exclude symlink target size from total, show arrow on size (#6412)Francis Lavoie
* fileserver: Exclude symlink target size from total, show arrow on size * Keep both totals * Linter doesn't like my spelling :( * Stop parallelizing tests for now * Update modules/caddyhttp/fileserver/browse.html * Minor renamings --------- Co-authored-by: Matthew Holt <[email protected]>
2024-07-07browse: fix Content-Security-Policy warnings in Firefox (#6443)Steffen Busch
* Remove 'strict-dynamic' + block-all-mixed-content * CSP: remove 'unsafe-inline' from script-src
2024-07-06browse: add Content-Security-Policy w/ nonce (#6425)Steffen Busch
* browse: add Content-Security-Policy w/ nonce * Add backward-compat values to script-src * Remove dummy "#" href from layout anchors
2024-07-06reverseproxy: Add placeholder for host in active health check headers (#6440)Francis Lavoie
2024-07-05caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header ↵Matt Holt
when proxying (#6427) * caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying See RFC 8470: https://httpwg.org/specs/rfc8470.html Thanks to Michael Wedl (@MWedl) at the University of Applied Sciences St. Poelten for reporting this. * Don't return value for {remote} placeholder in early data * Add Caddyfile support
2024-07-04encode: Don't compress already-compressed fonts (#6432)Kévin Dunglas
* fix: don't compress already compressed fonts * fix: remove WOFF
2024-07-03reverseproxy: Only log host is up status on change (fixes #6415) (#6419)klaxa
2024-07-03intercept: fix http.intercept.header.* placeholder (#6429)Kévin Dunglas
2024-06-28reverseproxy: Wire up TLS options for H3 transportMatthew Holt
2024-06-19fileserver: Remove newline characters from precomputed etags (#6394)Aziz Rmadi
* Removed newline characters from precomputed etags * Update modules/caddyhttp/fileserver/staticfiles.go --------- Co-authored-by: Matt Holt <[email protected]>
2024-06-18caddyhttp: Convert IDNs to ASCII when provisioning Host matcherMatthew Holt
2024-06-15reverseproxy: add Max-Age option to sticky cookie (#6398)Jason Yuan
* reverseproxy: add Max-Age option to sticky cookie * Update selectionpolicies.go Co-authored-by: Francis Lavoie <[email protected]> * Update selectionpolicies.go Co-authored-by: Francis Lavoie <[email protected]> --------- Co-authored-by: Francis Lavoie <[email protected]>
2024-06-14caddyfile: Pass blocks to `import` for snippets (#6130)a
* a * a * a * a * a * a
2024-06-12logging: set file mode when the file already exist (#6391)Ririsoft
101d3e7 introduced a configuration option to set the log file mode. This option was not taken into account if the file already exists, making users having to delete their logs to have new logs created with the right mode.
2024-06-10logging: Customizable zap cores (#6381)Omar Ramadan
2024-06-10go.mod: update tscert package (#6384)Will Norris
The latest tscert allows callers to provide a custom http.Transport for calling Tailscale's local API. Updates tailscale/caddy-tailscale#66
2024-06-08logging: fix file mode configuration parsing (#6383)Ririsoft
Commit 101d3e7 introduced file mode setting, but was missing a JSON Marshaller so that CaddyFile can be converted to JSON safely.
2024-06-07caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380)Andreas Kohn
2024-06-06core: Split `run` into a public `ProvisionContext` and a private method (#6378)Andreas Kohn
* Split `run` into a public `BuildContext` and a private part `BuildContext` can be used to set up a caddy context from a config, but not start any listeners or active components: The returned context has the configured apps provisioned, but otherwise is inert. This is EXPERIMENTAL: Minimally it's missing documentation and the example for how this can be used to run unit tests. * Use the config from the context The config passed into `BuildContext` can be nil, in which case `BuildContext` will just make one up that works. In either case that will end up in the finished context. * Rename `BuildContext` to `ProvisionContext` to better match the function * Hide the `replaceAdminServer` parts The admin server is a global thing, and in the envisioned use case for `ProvisionContext` shouldn't actually exist. Hide this detail in a private `provisionContext` instead, and only expose it publicly with `replaceAdminServer` set to `false`. This should reduce foot-shooting potential further; in addition the documentation comment now clearly spells out that the exact interface and implementation details of `ProvisionContext` are experimental and subject to change.
2024-06-06logging: Customize log file permissions (#6314)Ririsoft
Adding a "mode" option to overwrite the default logfile permissions. Default remains "0600" which is the one currently used by lumberjack.
2024-06-06events: Getters for event info (close #6377)Matthew Holt
2024-06-06ci: add version key for .goreleaser.yml (#6376)Mohammed Al Sahaf
Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-06-05cmd: remove zealous check of Caddyfile auto-detection (#6370)Mohammed Al Sahaf
* cmd: remove zealous check of Caddyfile auto-detection * add test case * remove redundant check, add comment * one more case
2024-06-04caddyhttp: Add test cases to corpus (#6374)Matt Holt
* caddyhttp: Add test case to corpus * One more test case * Clean up stray comment * More tests
2024-06-04Make it possible to configure the `DisableStorageCheck` setting for ↵Andreas Kohn
certmagic (#6368) See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
2024-06-02cmd: fix regression in auto-detect of Caddyfile (#6362)v2.8.4Mohammed Al Sahaf
* cmd: fix regression in auto-detect of Caddyfile Signed-off-by: Mohammed Al Sahaf <[email protected]> * fix typo Co-authored-by: Git'Fellow <[email protected]> * add tests * address review comments --------- Signed-off-by: Mohammed Al Sahaf <[email protected]> Co-authored-by: Git'Fellow <[email protected]>
2024-06-02cmd: fix auto-detetction of .caddyfile extension (#6356)v2.8.3v2.8.2Mohammed Al Sahaf
* cmd: fix auto-detetction of .caddyfile extension Signed-off-by: Mohammed Al Sahaf <[email protected]> * move conditions around and add clarifying comment Signed-off-by: Mohammed Al Sahaf <[email protected]> * reject ambiguous config file name Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-06-02caddyhttp: properly sanitize requests for root path (#6360)Will Norris
SanitizePathJoin protects against directory traversal attacks by checking for requests whose URL path look like they are trying to request something other than a local file, and returns the root directory in those cases. The method is also careful to ensure that requests which contain a trailing slash include a trailing slash in the returned value. However, for requests that contain only a slash (requests for the root path), the IsLocal check returns early before the matching trailing slash is re-added. This change updates SanitizePathJoin to only perform the filepath.IsLocal check if the cleaned request URL path is non-empty. --- This change also updates the existing SanitizePathJoin tests to use filepath.FromSlash rather than filepath.Join. This makes the expected value a little easier to read, but also has the advantage of not being processed by filepath.Clean like filepath.Join is. This means that the exact expect value will be compared, not the result of first cleaning it. Fixes #6352
2024-06-01I'm so tired of typosMatthew Holt
2024-06-01caddytls: Implement certmagic.RenewalInfoGetterMatthew Holt
Fixes ARI errors reported here: https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
2024-06-02build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)dependabot[bot]
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-30caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)v2.8.1Francis Lavoie
2024-05-30core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)Anton Kovalenko
appDataDir components should be searchable (u+x) when they are created, or else Caddy is unable to start with an empty HOME.
2024-05-27acmeserver: Add `sign_with_root` for Caddyfile (#6345)v2.8.0Ranveer Avhad
* Added sign_with_root option available in the Caddyfile * Added tests for sign_with_root to validate the adapted JSON config
2024-05-23caddyfile: Reject global request matchers earlier (#6339)Francis Lavoie