Age | Commit message (Collapse) | Author |
|
|
|
ref: https://github.com/caddyserver/caddy/issues/6551
|
|
* Add placeholder http.reverse_proxy.lb.retries
* Renamed placeholder to http.reverse_proxy.retries
|
|
* fileserver: add `sort` options
* fix: test
* fileserver: check options in `Provison`
* fileserver: more obvious err alerts in sort options
* fileserver: move `sort` to `browse`
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
* Prevents serializing the caddy request if log level is not debug.
* Extracts message to const.
|
|
* prepare syso files for windows embedding
* don't specify main so version info will be embedded correctly
---------
Co-authored-by: Mohammed Al Sahaf <[email protected]>
|
|
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.
A consequence of this is that by default Caddy will enable support
for P-384 and P-521.
This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.
Cf #6540
|
|
* chore: build and test with Go 1.23
* ci: bump golangci-lint to v1.60
* fix: make properly wrap errors
* ci: remove Go 1.21
|
|
* reverseproxy: allow user to define source address
Closes #6503
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* reverse_proxy: caddyfile support for local_address
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* error: run `error` (msg) through replacer
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* fix integration test
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
Fixes Typo in Docs
|
|
Co-authored-by: Francis Lavoie <[email protected]>
|
|
Most of the errors that can be seen here are write errors due to clients
aborting the request from their side. Often seen ones include:
* writing: ... write: broken pipe
* writing: ... connection timed out
* writing: http2: stream closed
* writing: timeout...
* writing: h3 error...
Most of these errors are beyond of the control of caddy on the client side,
probably nothing can be done on the server side. It still warrants
researching when these errors occur very often, so a change in level from
error to warn is better here to not polute the logs with errors in the
normal case.
|
|
* Add an option to specify the body used for active health checks
* Replacer on request body
|
|
|
|
Co-authored-by: Mohammed Al Sahaf <[email protected]>
|
|
|
|
The context may have no replacer
|
|
|
|
|
|
Co-authored-by: Kanashimia <[email protected]>
|
|
* Runtime placeholders for caddytls matchers (1/3):
- remove IPs validation in UnmarshalCaddyfile
* Runtime placeholders for caddytls matchers (2/3):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddytls matchers (3/3):
- add placeholder replacement for other strings
* Runtime placeholders for caddyhttp matchers (1/1):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddyhttp/caddytls matchers:
- move PrivateRandesCIDR under internal
|
|
|
|
* fileserver: add `sort` options
* fix: test
* fileserver: check options in `Provison`
* fileserver: more obvious err alerts in sort options
|
|
(#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support
* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
|
|
|
|
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* Caddyfile support for TLS custom certificate selection policy
* Caddyfile support for TLS connection policy
|
|
* Caddyfile support for TLS handshake matchers:
- caddytls.MatchLocalIP
- caddytls.MatchRemoteIP
- caddytls.MatchServerName
* Caddyfile support for TLS handshake matchers:
- fix imports order
Co-authored-by: Francis Lavoie <[email protected]>
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
|
|
* Add health_upstream
Signed-off-by: Dylan Schultz <[email protected]>
* Add health_upstream to caddyfile parsing
* Add Active Upstream case for health checks
* Update ignore health port comment
Signed-off-by: Dylan Schultz <[email protected]>
* Update Upstream json doc
Signed-off-by: Dylan Schultz <[email protected]>
* Update modules/caddyhttp/reverseproxy/healthchecks.go
Co-authored-by: Francis Lavoie <[email protected]>
* Use error rather than log for health_port override
Signed-off-by: Dylan Schultz <[email protected]>
* Add comment about port being ignore if using upstream
Signed-off-by: Dylan Schultz <[email protected]>
---------
Signed-off-by: Dylan Schultz <[email protected]>
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* Add Caddyfile support of setting active health check request method
* Add integration test for active health check request method
|
|
* Add option to set which HTTP method to use for active health checks
* Default Method to GET if not set
|
|
(#6450)
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
* fileserver: Exclude symlink target size from total, show arrow on size
* Keep both totals
* Linter doesn't like my spelling :(
* Stop parallelizing tests for now
* Update modules/caddyhttp/fileserver/browse.html
* Minor renamings
---------
Co-authored-by: Matthew Holt <[email protected]>
|
|
* Remove 'strict-dynamic' + block-all-mixed-content
* CSP: remove 'unsafe-inline' from script-src
|
|
* browse: add Content-Security-Policy w/ nonce
* Add backward-compat values to script-src
* Remove dummy "#" href from layout anchors
|
|
|
|
when proxying (#6427)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying
See RFC 8470: https://httpwg.org/specs/rfc8470.html
Thanks to Michael Wedl (@MWedl) at the University of Applied Sciences St. Poelten for reporting this.
* Don't return value for {remote} placeholder in early data
* Add Caddyfile support
|
|
* fix: don't compress already compressed fonts
* fix: remove WOFF
|
|
|
|
|
|
|
|
* Removed newline characters from precomputed etags
* Update modules/caddyhttp/fileserver/staticfiles.go
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
|
|
* reverseproxy: add Max-Age option to sticky cookie
* Update selectionpolicies.go
Co-authored-by: Francis Lavoie <[email protected]>
* Update selectionpolicies.go
Co-authored-by: Francis Lavoie <[email protected]>
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* a
* a
* a
* a
* a
* a
|
|
101d3e7 introduced a configuration option to set the log file mode.
This option was not taken into account if the file already exists,
making users having to delete their logs to have new logs created
with the right mode.
|