aboutsummaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-10-07caddytls: Drop `rate_limit` and `burst`, has been deprecateddrop-ondemand-ratelimitFrancis Lavoie
2024-10-04caddyhttp: Use internal issuer for IPs when no APs configuredMatthew Holt
This fixes a regression in 2.8 where IP addresses would be considered qualifying for public certs by auto-HTTPS. The default issuers do not issue IP certs at this time, so if no APs are explicitly configured, we assign them to the internal issuer. We have to add a couple lines of code because CertMagic can no longer consider IPs as not qualifying for public certs, since there are public CAs that issue IP certs. This edge case is specific to Caddy's auto-HTTPS. Without this patch, Caddy will try using Let's Encrypt or ZeroSSL's ACME endpoint to get IP certs, neither of which support that.
2024-10-02go.mod: Upgrade some dependenciesMatthew Holt
2024-10-02ci: install xcaddy to fix release flow (#6602)v2.9.0-beta.2Mohammed Al Sahaf
2024-10-02metrics: scope metrics to active config, add optional per-host metrics (#6531)v2.9.0-beta.1Mohammed Al Sahaf
* Add per host config * Pass host label when option is enabled * Test per host enabled * metrics: scope metrics per loaded config * doc and linter Signed-off-by: Mohammed Al Sahaf <[email protected]> * inject the custom registry into the admin handler Co-Authored-By: Dave Henderson <[email protected]> * remove `TODO` comment * fixes Signed-off-by: Mohammed Al Sahaf <[email protected]> * refactor to delay metrics admin handler provision Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]> Co-authored-by: Hussam Almarzooq <[email protected]> Co-authored-by: Dave Henderson <[email protected]>
2024-10-02caddyhttp: Implement `auto_https prefer_wildcard` option (#6146)Francis Lavoie
* Allow specifying multiple `auto_https` options * Implement `auto_https prefer_wildcard` option * Adapt tests, add mock DNS module for config testing * Rebase fix
2024-10-02caddyhttp: Escaping placeholders in CEL, add `vars` and `vars_regexp` (#6594)Francis Lavoie
* caddyhttp: Escaping placeholders in CEL * Simplify some of the test cases * Implement vars and vars_regexp in CEL * dupl lint is dumb * Better consts for the placeholder CEL shortcut * Bump CEL version, register a few extensions * Refactor s390x test script for readability * Add retries for s390x to smooth over flakiness * Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-01cmd: Better error handling when reloading (#6601)Matt Holt
* caddyhttp: Limit auto-HTTPS error logs to 100 domains * Improve error message and increase error size limit
2024-10-01caddytls: Support new tls.context module (#6369)Matt Holt
* caddytls: Support new tls.context module This allows modules to manipulate the context passed into CertMagic's GetCertificate function, which can be useful for tracing/metrics, or other custom logic. This is experimental and may resolve the request of a sponsor, so we'll see how it goes! * Derpy derp
2024-10-01http: ReponseWriter prefer ReadFrom if available (#6565)WeidiDeng
Co-authored-by: Matt Holt <[email protected]>
2024-10-01chore: Adjust incorrect `reverse_proxy` Caddyfile comment (#6598)Francis Lavoie
2024-10-01caddyhttp: Fix listener wrapper regression from #6573 (#6599)Aaron Paterson
2024-09-30core: Implement socket activation listeners (#6573)Aaron Paterson
* caddy adapt for listen_protocols * adapt listen_socket * allow multiple listen sockets for port ranges and readd socket fd listen logic * readd logic to start servers according to listener protocols * gofmt * adapt caddytest * gosec * fmt and rename listen to listenWithSocket * fmt and rename listen to listenWithSocket * more consistent error msg * non unix listenReusableWithSocketFile * remove unused func * doc comment typo * nonosec * commit * doc comments * more doc comments * comment was misleading, cardinality did not change * addressesWithProtocols * update test * fd/ and fdgram/ * rm addr * actually write... * i guess we doin' "skip": now * wrong var in placeholder * wrong var in placeholder II * update param name in comment * dont save nil file pointers * windows * key -> parsedKey * osx * multiple default_bind with protocols * check for h1 and h2 listener netw
2024-09-29doc: remove docs of deprecated directives (#6566)Mohammed Al Sahaf
Co-authored-by: Francis Lavoie <[email protected]>
2024-09-26caddyhttp: Optimize logs using zap's WithLazy() (#6590)Alexander Stecher
* uses zap's .WithLazy with a cloned request * fixes the cloning * adds comment explaining why cloning is faster
2024-09-25chore: Use slices package where possible (#6585)Francis Lavoie
* chore: Use slices package where possible * More, mostly using ContainsFunc * Even more slice operations
2024-09-25caddytls: Give a better error message when given encrypted private keys (#6591)Francis Lavoie
2024-09-21caddyhttp: enable qlog, controlled by QLOGDIR env (#6581)Marten Seemann
2024-09-20update quic-go to v0.47.0 (#6582)Marten Seemann
2024-09-16ci: update the linter action version (#6575)Mohammed Al Sahaf
* ci: update the linter action version Signed-off-by: Mohammed Al Sahaf <[email protected]> * exclude rule `G115`; disable deprecated linter Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-09-13perf: use zap's Check() to prevent useless allocs (#6560)Kévin Dunglas
* perf: use zap's Check() to prevent useless allocs * fix * fix * fix * fix * restore previous replacer behavior * fix linter
2024-09-13rewrite: Avoid panic on bad arg count for `uri` (#6571)mister-turtle
2024-09-11caddytls: Add sni_regexp matcher (#6569)vnxme
2024-09-03caddyhttp: Make route provisioning idempotent (#6558)Jesper Brix Rosenkilde
ref: https://github.com/caddyserver/caddy/issues/6551
2024-08-30reverse_proxy: add placeholder http.reverse_proxy.retries (#6553)Steffen Busch
* Add placeholder http.reverse_proxy.lb.retries * Renamed placeholder to http.reverse_proxy.retries
2024-08-30fileserver: browse: Configurable default sort (#6502)lollipopkit🏳️‍⚧️
* fileserver: add `sort` options * fix: test * fileserver: check options in `Provison` * fileserver: more obvious err alerts in sort options * fileserver: move `sort` to `browse` --------- Co-authored-by: Matt Holt <[email protected]>
2024-08-30rewrite: Only serialize request if necessary (#6541)Alexander Stecher
* Prevents serializing the caddy request if log level is not debug. * Extracts message to const.
2024-08-29ci: prepare syso files for windows embedding in release (#6406)WeidiDeng
* prepare syso files for windows embedding * don't specify main so version info will be embedded correctly --------- Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-08-27tls: use Go default kex for the moment that include PQC (#6542)Bas Westerbaan
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it. A consequence of this is that by default Caddy will enable support for P-384 and P-521. This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch. Cf #6540
2024-08-23ci: build and test with Go 1.23 (#6526)Kévin Dunglas
* chore: build and test with Go 1.23 * ci: bump golangci-lint to v1.60 * fix: make properly wrap errors * ci: remove Go 1.21
2024-08-22reverseproxy: allow user to define source address (#6504)Mohammed Al Sahaf
* reverseproxy: allow user to define source address Closes #6503 Signed-off-by: Mohammed Al Sahaf <[email protected]> * reverse_proxy: caddyfile support for local_address Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-08-22caddyhttp: run `error` (msg) through replacer (#6536)Mohammed Al Sahaf
* error: run `error` (msg) through replacer Signed-off-by: Mohammed Al Sahaf <[email protected]> * fix integration test Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-08-22chore: Fix a typo (#6534)Cuckoo Chickoo
Fixes Typo in Docs
2024-08-22cmd: Use a factory to create the caddy root command (#6533)a
Co-authored-by: Francis Lavoie <[email protected]>
2024-08-21reverseproxy: Change errors writing the response to warning. (#6532)Jens-Uwe Mager
Most of the errors that can be seen here are write errors due to clients aborting the request from their side. Often seen ones include: * writing: ... write: broken pipe * writing: ... connection timed out * writing: http2: stream closed * writing: timeout... * writing: h3 error... Most of these errors are beyond of the control of caddy on the client side, probably nothing can be done on the server side. It still warrants researching when these errors occur very often, so a change in level from error to warn is better here to not polute the logs with errors in the normal case.
2024-08-19reverseproxy: Active health checks request body option (#6520)Jesper Brix Rosenkilde
* Add an option to specify the body used for active health checks * Replacer on request body
2024-08-18ci: don't exit early on error in remote CI machine (#6519)Mohammed Al Sahaf
2024-08-12cmd: ignore exec.ErrDot when starting caddy in background (#6512)WeidiDeng
Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-08-12Move PrivateRangesCIDR() back: add a pass-through function (#6514)vnxme
2024-08-12matchers: fix a regression in #6480 (#6510)vnxme
The context may have no replacer
2024-08-08reverseproxy: Disable keep alive for h2c requests (#6343)WeidiDeng
2024-08-08go.mod: update update golang/x/net (#6500)WeidiDeng
2024-08-07replacer: `{file.*}` global placeholder strips trailing newline (#6411)Steffen Busch
Co-authored-by: Kanashimia <[email protected]>
2024-08-07caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)vnxme
* Runtime placeholders for caddytls matchers (1/3): - remove IPs validation in UnmarshalCaddyfile * Runtime placeholders for caddytls matchers (2/3): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddytls matchers (3/3): - add placeholder replacement for other strings * Runtime placeholders for caddyhttp matchers (1/1): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddyhttp/caddytls matchers: - move PrivateRandesCIDR under internal
2024-08-06go.mod: update quic-go package (#6498)WeidiDeng
2024-08-05browse: Customizable default sort options (#6468)lollipopkit🏳️‍⚧️
* fileserver: add `sort` options * fix: test * fileserver: check options in `Provison` * fileserver: more obvious err alerts in sort options
2024-08-03proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol ↵Prakhar Awasthi
(#6485) * proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support * proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-07-27encode: flush already compressed data from the encoder (#6471)WeidiDeng
2024-07-27chore: update golangci config (#6479)Mohammed Al Sahaf
Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-07-24caddytls: Caddyfile support for TLS conn and cert sel policies (#6462)vnxme
* Caddyfile support for TLS custom certificate selection policy * Caddyfile support for TLS connection policy