aboutsummaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-04-26Actually make it worktls-cert-cache-internal-reloadMatthew Holt
2024-04-26Make sure new TLS app manages configured certsMatthew Holt
2024-04-24Merge branch 'master' into tls-cert-cache-internal-reloadMatt Holt
2024-04-24run `golangci-lint run --fix --fast` (#6270)Mohammed Al Sahaf
2024-04-24Merge branch 'master' into tls-cert-cache-internal-reloadMatt Holt
2024-04-24caddytls: Option to configure certificate lifetime (#6253)clauverjat
* Add option to configure certificate lifetime * Bump CertMagic dep to latest master commit * Apply suggestions and ran go mod tidy * Update modules/caddytls/acmeissuer.go Co-authored-by: Matt Holt <[email protected]> --------- Co-authored-by: Matt Holt <[email protected]>
2024-04-24replacer: Implement `file.*` global replacements (#5463)Francis Lavoie
Co-authored-by: Matt Holt <[email protected]> Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-04-24Merge branch 'master' into tls-cert-cache-internal-reloadMatt Holt
2024-04-24caddyhttp: Address some Go 1.20 features (#6252)Matt Holt
Co-authored-by: Francis Lavoie <[email protected]>
2024-04-23Merge branch 'master' into tls-cert-cache-internal-reloadMatt Holt
2024-04-23Quell linter (false positive)Matthew Holt
2024-04-23caddytls: Evict internal certs from cache based on issuerMatthew Holt
During a config reload, we would keep certs in the cache fi they were used by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs. This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.
2024-04-23reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)Aziz Rmadi
2024-04-23doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)Mohammed Al Sahaf
2024-04-22caddytls: Add Caddyfile support for on-demand permission module (close #6260)Matthew Holt
2024-04-22reverseproxy: Remove long-deprecated buffering propertiesMatthew Holt
They've been deprecated for over a year and we printed warnings during that time.
2024-04-22reverseproxy: Reuse buffered request body even if partially drainedMatthew Holt
Previous commit only works when the backends don't read any of the body first.
2024-04-22reverseproxy: Accept EOF when bufferingMatthew Holt
Before this change, a read of size (let's say) < 10, into a buffer of size 10, will return EOF because we're using CopyN to limit to the size of the buffer. That resulted in the body being read from later, which should only happen if it couldn't fit in the buffer. With this change, the body is properly NOT set when it can all fit in the buffer.
2024-04-22logging: Fix default access logger (#6251)Francis Lavoie
* logging: Fix default access logger * Simplify logic, remove retry without port, reject config with port, docs * Nil check
2024-04-19fileserver: Improve Vary handling (#5849)Matthew Holt
2024-04-18cmd: Only validate config is proper JSON if config slice has data (#6250)Mohammed Al Sahaf
* cmd: fix error when running without config * ci: add smoke test
2024-04-18staticresp: Use the evaluated response body for sniffing JSON content-type ↵Mohammed Al Sahaf
(#6249)
2024-04-17encode: Slight fix for the previous commitMatthew Holt
2024-04-17encode: Improve Etag handling (fix #5849)Matthew Holt
We also improve Last-Modified handling in the file server. Both changes should be more compliant with RFC 9110.
2024-04-17httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)Matthew Holt
2024-04-17caddyfile: Populate regexp matcher names by default (#6145)Francis Lavoie
* caddyfile: Populate regexp matcher names by default * Some lint cleanup that my VSCode complained about * Pass down matcher name through expression matcher * Compat with #6113: fix adapt test, set both styles in replacer
2024-04-17caddyhttp: record num. bytes read when response writer is hijacked (#6173)WeidiDeng
* record the number of bytes read when response writer is hijacked * record body size when not nil
2024-04-16caddyhttp: Support multiple logger names per host (#6088)Francis Lavoie
* caddyhttp: Support multiple logger names per host * Lint * Add adapt test * Implement "string or array" parsing, keep original `logger_names` * Rewrite adapter test to be more representative of the usecase
2024-04-16chore: fix some typos in comments (#6243)coderwander
2024-04-16encode: Configurable compression level for zstd (#6140)dev-polymer
* Add zstd compression level support * Refactored zstd levels to string arguments fastest, default, better, best * Add comment with list of all available levels * Corrected data types for config --------- Co-authored-by: Evgeny Blinov <[email protected]> Co-authored-by: Matt Holt <[email protected]>
2024-04-15caddytls: Remove shim code supporting deprecated lego-dns (#6231)Aziz Rmadi
Co-authored-by: Matt Holt <[email protected]>
2024-04-15connection policy: add `local_ip` matcher (#6074)Mohammed Al Sahaf
* connection policy: add `local_ip` Co-authored-by: Matt Holt <[email protected]> --------- Co-authored-by: Matt Holt <[email protected]>
2024-04-15reverseproxy: Wait for both ends of websocket to close (#6175)WeidiDeng
2024-04-13caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)Matt Holt
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-13caddytls: Still provision permission module if ask is specifiedMatthew Holt
Only needed for JSON configs, and only temporarily as the ask property is deprecated and will be removed.
2024-04-13fileserver: read etags from precomputed files (#6222)Aziz Rmadi
2024-04-12fileserver: Escape # and ? in img src (fix #6237)Matthew Holt
2024-04-12reverseproxy: Implement modular CA provider for TLS transport (#6065)Aziz Rmadi
* added new modular ca providers to caddy tls HttpTransport * reverse-proxy, httptransport: added tests and caddyfile support for ca module --------- Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-04-12caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)Matthew Holt
2024-04-11cmd: Fix panic related to config filename (fix #5919)Matthew Holt
2024-04-11cmd: Assume Caddyfile based on filename prefix and suffix (#5919)Omar Hussein
This can be helpful if editors only consider file extensions for certain features. * added special case support for caddyfile suffix, case insensitive * Update cmd/main.go Co-authored-by: Matt Holt <[email protected]> * skip caddyfile adapter for registered file extensions --------- Co-authored-by: Matt Holt <[email protected]>
2024-04-11admin: Make `Etag` a header, not a trailer (#6208)Hayder
* Making eTags a header not a trailer * Checked the write * Fixed typo * Corrected comment * Added sync Pool * Changed control flow of buffer reset / putting and changed error code * Switched from interface{} to any in bufferPool
2024-04-10caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)Hugues Lismonde
2024-04-08caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)danish-mehmood
2024-04-07gitignore: Add rule for caddyfile.go (#6225)Ed Pelc
2024-04-05chore: Fix broken links in README.md (#6223)Hassan Ila
2024-04-04chore: Upgrade some dependencies (#6221)Francis Lavoie
2024-04-01caddyhttp: Add plaintext response to `file_server browse` (#6093)kylosus
* Added plaintext support to file_server browser This commit is twofold: First it adds a new optional field, `return_type`, to `browser` for setting the default format of the returned index (html, json or plaintext). This is used when the `Accept` header is set to `/*`. Second, it adds a preliminary `text/plain` support to the `file_server` browser that returns a text representation of the file system, when an `Accept: text/plain` header is present, with the behavior discussed above. * Added more details and better formatting to plaintext browser * Replaced returnType conditions with a switch statement * Simplify --------- Co-authored-by: Matt Holt <[email protected]>
2024-03-30admin: Use xxhash for etag (#6207)Hayder
2024-03-30modules: fix some typo in conments (#6206)reallylowest
Signed-off-by: reallylowest <[email protected]>