summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2017-01-24Version 0.9.5v0.9.5Matthew Holt
2017-01-24New 'timeouts' directive to configure timeouts; default timeouts enabled (#1368)Matt Holt
2017-01-23Godoc comment; report -validate results to stdout tooMatthew Holt
2017-01-23browse: Sanitize file names and links in default templateMatthew Holt
Thanks to Kevin Froman (@beardog108) for the responsible heads up.
2017-01-23Introduce new Replacer fields {rewrite_path}, {rewrite_path_escaped}; issue ↵Toby Allen
#1185 (#1364) * Fix #1185 * Return normal path if no rewrite has happened * Revert change, not required * Updated tests
2017-01-23Minor test cleanupMatthew Holt
2017-01-23Ensure active Caddyfile, if in site, is hidden no matter the cwdMatthew Holt
2017-01-23proxy: use a new context for the outgoing request (#1358)Tw
* proxy: use a new context for the outgoing request fix issue #1345 Signed-off-by: Tw <[email protected]> * proxy: add test for canceling the request Signed-off-by: Tw <[email protected]>
2017-01-23Merge pull request #1356 from mholt/fix_hijackMatt Holt
proxy: Fixed #1352: invalid use of the HTTP hijacker
2017-01-22Generate meta elements from prelude items description and keywords (#1335)Peer Beckmann
* Generate meta elements from useful front matters. Limited to the default template and specific elements. * Rerun gofmt * Add "keywords" and remove "language" to/from the list of meta tags. * Add a simple positive list test for the meta tag generation. * Move the meta tag list to a var at the begin of the file. Seperate the Meta tags from the other front matters: - Don't override user settings with name `meta` - Cleaner Code. * Remove the uneccessary `[:]` in the []Bytes to String casting. @mholt was right ;) * One minor refinement. Combining two statements.
2017-01-21tls: Always stop and report cert renewal error if operator is presentMatthew Holt
2017-01-21Merge pull request #1366 from mholt/tls-sni-renew-fixMatt Holt
tls: Fix background certificate renewals that use TLS-SNI challenge
2017-01-21tls: Fix background certificate renewals that use TLS-SNI challengeMatthew Holt
The loop which performs renewals in the background obtains a read lock on the certificate cache map, so that it can be safely iterated. Before this fix, it would obtain the renewals in the read lock. This has been fine, except that the TLS-SNI challenge, when invoked after Caddy has already started, requires adding a certificate to the cache. Doing this requires an exclusive write lock. But it cannot obtain a write lock because a read lock is obtained higher in the stack, while the loop iterates. In other words, it's a deadlock. I was able to reproduce this issue consistently locally, after jumping through many hoops to force a renewal in a short time that bypasses Let's Encrypt's authz caching. I was also able to verify that by queuing renewals (like we do deletions and OCSP updates), lock contention is relieved and the deadlock is avoided. This only affects background renewals where the TLS-SNI(-01) challenge are used. Users report seeing strange errors in the logs after this happens ("tls: client offered an unsupported, maximum protocol version of 301"), but I was not able to reproduce these locally. I was also not able to reproduce the leak of sockets which are left in CLOSE_WAIT. I am not sure if those are symptoms of running in production on Linux and are related to this bug, or not. Either way, this is an important fix. I do not yet know the ripple effects this will have on other symptoms we've been chasing. But it definitely resolves a deadlock during renewals.
2017-01-18proxy: fix TestReverseProxy failure on go tip (#1360)Tw
Because of this commit(6e36811c37399d60cbce587b7c48e611009c5aec) on go tip, it will probe the request's body to determine whether to use chunked transfer encoding which trailers depend on it. So we just offer a non empty body to make trailers work. fix issue #1359 Signed-off-by: Tw <[email protected]>
2017-01-17Add root option to fastcgi directive (#1337)Mike Pastore
2017-01-17proxy: Fixed #1352: invalid use of the HTTP hijackerLeonard Hecker
2017-01-14Add {whenISO} to record timestamp in ISO 8601 format in UTC. (#1353)M-A
* Add {whenISO} to record timestamp in ISO 8601 format in UTC. ISO 8601 is the standard time format and is easy to parse. This change assumes users desiring ISO 8016 generally prefer UTC for simplicity. This results in {whenISO} to be significantly shorter than {when}: {when} = "02/Jan/2006:15:04:05 +0000" {whenISO} = "2006-01-02T15:04:12Z" Add unit test to verify both, as there was no unit test for {when}. * Rename {whenISO} to {when_iso}
2017-01-14Add StartupHooks to Plugins (#1330)Henrique Dias
* Update run.go * Update plugins.go * Update plugins.go * Update run.go * typo * Update plugins.go * Update plugins.go * Requested changes by @mholt
2017-01-13Add a cli parameter to -validate a Caddyfile. Issue #1328 (#1344)Toby Allen
* Allow -validate flag to validate caddyfile and return * Ensure logging without -log flag * Changes to validate seperatly to Starup func * Removed change to Start signature. Created function to ValidateCaddyfile * comment and tidyup * ValidateandExecuteDirectives with justValidate option * remove debugging code * Tidy up comments * additional parameter added to calls to mustLogFataf * ValidateAndExecuteDirectives needs to only return err
2017-01-11Merge pull request #1314 from mholt/unbuffered_proxyMatt Holt
proxy: Unbuffered request optimization
2017-01-11proxy: Added TestReverseProxyLargeBody test caseLeonard Hecker
This test ensures that the optimizations in 8048e9c are actually effective.
2017-01-11proxy: Added unbuffered request optimizationLeonard Hecker
If only one upstream is defined we don't need to buffer the body. Instead we directly stream the body to the upstream host, which reduces memory usage as well as latency. Furthermore this enables different kinds of HTTP streaming applications like gRPC for instance.
2017-01-10Merge pull request #1343 from bengadbois/add_misspell_travisMatt Holt
Add misspell to travis build
2017-01-10Add misspell to travis buildBen Gadbois
Replace test text with real words so misspell doesn't throw errors
2017-01-10Merge pull request #1342 from bengadbois/fix_misspellingsMatt Holt
Fix small misspellings
2017-01-10Fix small misspellingsBen Gadbois
2017-01-08Merge pull request #1334 from tw4452852/1329Matt Holt
proxy: refactor TestUpstreamHeadersUpdate and TestDownstreamHeadersUpdate
2017-01-09proxy: refactor TestUpstreamHeadersUpdate and TestDownstreamHeadersUpdateTw
Signed-off-by: Tw <[email protected]>
2017-01-07Merge pull request #1325 from mholt/authheaderMatt Holt
basicauth: Remove Authorization header on successful authz (issue #1324)
2017-01-03browse: Simple filter textbox for default templateMatthew Holt
Typing in this box will filter the list of items by name.
2017-01-03basicauth: Remove Authorization header on successful authz (issue #1324)Matthew Holt
If a site owner protects a path with basicauth, no need to use the Authorization header elsewhere upstream, especially since it contains credentials. If this breaks anyone, it means they're double-dipping. It's usually good practice to clear out credentials as soon as they're not needed anymore. (Note that we only clear credentials after they're used, they stay for any other reason.)
2017-01-03Fix position of "filter" in directives (#1323)Gregor Noczinski
* Fix #2 (Replacement doesn't happen - https://github.com/echocat/caddy-filter/issues/2) bug of caddy-filter * Fixed gofmt issue. * Remove comment of reason why we do a reorder
2017-01-01Merge branch 'master' of github.com:mholt/caddyMatthew Holt
2017-01-01Close connection on automatic HTTP->HTTPS redirectsMatthew Holt
2016-12-31Implementing custom PathClean function to allow masking, closes #1298 (#1317)Sawood Alam
* Added path cleanup functions with masking to preserve certain patterns + unit tests, #1298 * Use custom PathClean function instead of path.Clean to apply masks to preserve protocol separator in the path * Indentation corrected in the test data map to pass the lint * Fixing ineffassign of a temporary string variable * Improved variable naming and documentation * Improved variable naming * Added benchmarks and improved variable naming in tests * Removed unnecessary value capture when iterating over a map for keys * A typo correction
2016-12-31Merge pull request #1309 from lhecker/masterMatt Holt
Fixed #1292 and resulting issues from #1300
2016-12-30Post init script guidelinesMatthew Holt
2016-12-30Replace "magic" quotes with regular onesMatthew Holt
2016-12-30proxy: Added support for HTTP trailersLeonard Hecker
2016-12-29proxy: Removed leftover restriction to HTTP/1.1Leonard Hecker
2016-12-28proxy: Fixed support for TLS verification of WebSocket connectionsLeonard Hecker
2016-12-28proxy: Improved handling of bufferPoolLeonard Hecker
2016-12-27Remove pre 0.9 code (#1304)Mateusz Gajewski
* Remove pre 0.9 code * Unused import * gofmtw
2016-12-26Added end-to-end test case for #1292Leonard Hecker
2016-12-26Fixed #1292: Failure to proxy WebSockets over HTTPSLeonard Hecker
This issue was caused by connHijackerTransport trying to record HTTP response headers by "hijacking" the Read() method of the plain net.Conn. This does not simply work over TLS though since this will record the TLS handshake and encrypted data instead of the actual content. This commit fixes the problem by providing an alternative transport.DialTLS which correctly hijacks the overlying tls.Conn instead.
2016-12-26Fixed panic due to 0-length buffers being passed to io.CopyBufferLeonard Hecker
2016-12-26Fixed proxy not respecting the -http2 flagLeonard Hecker
2016-12-23Set listenHost to localhost if empty; fixes test on WindowsMatthew Holt
2016-12-23ACME challenge proxy now accounts for ListenHost (bind); fixes #1296Matthew Holt
2016-12-22Re-align atomic struct field (fixes #1306)Matthew Holt