aboutsummaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-06-18noottesting-updatesa
2024-06-18Merge branch 'caddytest-2' of github.com:elee1766/caddy into caddytest-2a
2024-06-18noota
2024-06-18Merge branch 'master' into caddytest-2a
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18noota
2024-06-18caddyhttp: Convert IDNs to ASCII when provisioning Host matcherMatthew Holt
2024-06-15reverseproxy: add Max-Age option to sticky cookie (#6398)Jason Yuan
* reverseproxy: add Max-Age option to sticky cookie * Update selectionpolicies.go Co-authored-by: Francis Lavoie <[email protected]> * Update selectionpolicies.go Co-authored-by: Francis Lavoie <[email protected]> --------- Co-authored-by: Francis Lavoie <[email protected]>
2024-06-14caddyfile: Pass blocks to `import` for snippets (#6130)a
* a * a * a * a * a * a
2024-06-12logging: set file mode when the file already exist (#6391)Ririsoft
101d3e7 introduced a configuration option to set the log file mode. This option was not taken into account if the file already exists, making users having to delete their logs to have new logs created with the right mode.
2024-06-10logging: Customizable zap cores (#6381)Omar Ramadan
2024-06-10go.mod: update tscert package (#6384)Will Norris
The latest tscert allows callers to provide a custom http.Transport for calling Tailscale's local API. Updates tailscale/caddy-tailscale#66
2024-06-08logging: fix file mode configuration parsing (#6383)Ririsoft
Commit 101d3e7 introduced file mode setting, but was missing a JSON Marshaller so that CaddyFile can be converted to JSON safely.
2024-06-07caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380)Andreas Kohn
2024-06-06core: Split `run` into a public `ProvisionContext` and a private method (#6378)Andreas Kohn
* Split `run` into a public `BuildContext` and a private part `BuildContext` can be used to set up a caddy context from a config, but not start any listeners or active components: The returned context has the configured apps provisioned, but otherwise is inert. This is EXPERIMENTAL: Minimally it's missing documentation and the example for how this can be used to run unit tests. * Use the config from the context The config passed into `BuildContext` can be nil, in which case `BuildContext` will just make one up that works. In either case that will end up in the finished context. * Rename `BuildContext` to `ProvisionContext` to better match the function * Hide the `replaceAdminServer` parts The admin server is a global thing, and in the envisioned use case for `ProvisionContext` shouldn't actually exist. Hide this detail in a private `provisionContext` instead, and only expose it publicly with `replaceAdminServer` set to `false`. This should reduce foot-shooting potential further; in addition the documentation comment now clearly spells out that the exact interface and implementation details of `ProvisionContext` are experimental and subject to change.
2024-06-06logging: Customize log file permissions (#6314)Ririsoft
Adding a "mode" option to overwrite the default logfile permissions. Default remains "0600" which is the one currently used by lumberjack.
2024-06-06events: Getters for event info (close #6377)Matthew Holt
2024-06-06ci: add version key for .goreleaser.yml (#6376)Mohammed Al Sahaf
Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-06-05cmd: remove zealous check of Caddyfile auto-detection (#6370)Mohammed Al Sahaf
* cmd: remove zealous check of Caddyfile auto-detection * add test case * remove redundant check, add comment * one more case
2024-06-04caddyhttp: Add test cases to corpus (#6374)Matt Holt
* caddyhttp: Add test case to corpus * One more test case * Clean up stray comment * More tests
2024-06-04Make it possible to configure the `DisableStorageCheck` setting for ↵Andreas Kohn
certmagic (#6368) See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
2024-06-02cmd: fix regression in auto-detect of Caddyfile (#6362)v2.8.4Mohammed Al Sahaf
* cmd: fix regression in auto-detect of Caddyfile Signed-off-by: Mohammed Al Sahaf <[email protected]> * fix typo Co-authored-by: Git'Fellow <[email protected]> * add tests * address review comments --------- Signed-off-by: Mohammed Al Sahaf <[email protected]> Co-authored-by: Git'Fellow <[email protected]>
2024-06-02cmd: fix auto-detetction of .caddyfile extension (#6356)v2.8.3v2.8.2Mohammed Al Sahaf
* cmd: fix auto-detetction of .caddyfile extension Signed-off-by: Mohammed Al Sahaf <[email protected]> * move conditions around and add clarifying comment Signed-off-by: Mohammed Al Sahaf <[email protected]> * reject ambiguous config file name Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
2024-06-02caddyhttp: properly sanitize requests for root path (#6360)Will Norris
SanitizePathJoin protects against directory traversal attacks by checking for requests whose URL path look like they are trying to request something other than a local file, and returns the root directory in those cases. The method is also careful to ensure that requests which contain a trailing slash include a trailing slash in the returned value. However, for requests that contain only a slash (requests for the root path), the IsLocal check returns early before the matching trailing slash is re-added. This change updates SanitizePathJoin to only perform the filepath.IsLocal check if the cleaned request URL path is non-empty. --- This change also updates the existing SanitizePathJoin tests to use filepath.FromSlash rather than filepath.Join. This makes the expected value a little easier to read, but also has the advantage of not being processed by filepath.Clean like filepath.Join is. This means that the exact expect value will be compared, not the result of first cleaning it. Fixes #6352
2024-06-01I'm so tired of typosMatthew Holt
2024-06-01caddytls: Implement certmagic.RenewalInfoGetterMatthew Holt
Fixes ARI errors reported here: https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
2024-06-02build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)dependabot[bot]
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-30caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)v2.8.1Francis Lavoie
2024-05-30core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)Anton Kovalenko
appDataDir components should be searchable (u+x) when they are created, or else Caddy is unable to start with an empty HOME.
2024-05-27acmeserver: Add `sign_with_root` for Caddyfile (#6345)v2.8.0Ranveer Avhad
* Added sign_with_root option available in the Caddyfile * Added tests for sign_with_root to validate the adapted JSON config
2024-05-23caddyfile: Reject global request matchers earlier (#6339)Francis Lavoie
2024-05-22core: Fix bug in AppIfConfigured (fix #6336)Matthew Holt
2024-05-21fix a typo (#6333)a
2024-05-20autohttps: Move log WARN to INFO, reduce confusion (#6185)v2.8.0-rc.1Francis Lavoie
* autohttps: Move log WARN to INFO, reduce confusion * Change implicit condition back to WARN --------- Co-authored-by: Matthew Holt <[email protected]>
2024-05-20reverseproxy: Support HTTP/3 transport to backend (#6312)Matt Holt
Closes #5086
2024-05-20context: AppIfConfigured returns error; consider not-yet-provisioned modules ↵Francis Lavoie
(#6292) * context: Add new `AppStrict()` method to avoid instantiating empty apps * Rename AppStrict -> AppIfConfigured --------- Co-authored-by: Matthew Holt <[email protected]>
2024-05-20Fix lint error about deprecated method in smallstep/certificates/authorityMatthew Holt
2024-05-20go.mod: Upgrade dependenciesMatthew Holt
2024-05-20caddytls: fix permission requirement with AutomationPolicy (#6328)Will Norris
Certificate automation has permission modules that are designed to prevent inappropriate issuance of unbounded or wildcard certificates. When an explicit cert manager is used, no additional permission should be necessary. For example, this should be a valid caddyfile: https:// { tls { get_certificate tailscale } respond OK } This is accomplished when provisioning an AutomationPolicy by tracking whether there were explicit managers configured directly on the policy (in the ManagersRaw field). Only when a number of potentially unsafe conditions are present AND no explicit cert managers are configured is an error returned. The problem arises from the fact that ctx.LoadModule deletes the raw bytes after loading in order to save memory. The first time an AutomationPolicy is provisioned, the ManagersRaw field is populated, and everything is fine. An AutomationPolicy with no subjects is treated as a special "catch-all" policy. App.createAutomationPolicies ensures that this catch-all policy has an ACME issuer, and then calls its Provision method again because it may have changed. This second time Provision is called, ManagesRaw is no longer populated, and the permission check fails because it appears as though the policy has no explicit managers. Address this by storing a new boolean on AutomationPolicy recording whether it had explicit cert managers configured on it. Also fix an inverted boolean check on this value when setting failClosed. Updates #6060 Updates #6229 Updates #6327 Signed-off-by: Will Norris <[email protected]>
2024-05-18caddytls: remove ClientHelloSNICtxKey (#6326)Will Norris