summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2024-05-27acmeserver: Add `sign_with_root` for Caddyfile (#6345)v2.8.0Ranveer Avhad
* Added sign_with_root option available in the Caddyfile * Added tests for sign_with_root to validate the adapted JSON config
2024-05-23caddyfile: Reject global request matchers earlier (#6339)Francis Lavoie
2024-05-22core: Fix bug in AppIfConfigured (fix #6336)Matthew Holt
2024-05-21fix a typo (#6333)a
2024-05-20autohttps: Move log WARN to INFO, reduce confusion (#6185)v2.8.0-rc.1Francis Lavoie
* autohttps: Move log WARN to INFO, reduce confusion * Change implicit condition back to WARN --------- Co-authored-by: Matthew Holt <[email protected]>
2024-05-20reverseproxy: Support HTTP/3 transport to backend (#6312)Matt Holt
Closes #5086
2024-05-20context: AppIfConfigured returns error; consider not-yet-provisioned modules ↵Francis Lavoie
(#6292) * context: Add new `AppStrict()` method to avoid instantiating empty apps * Rename AppStrict -> AppIfConfigured --------- Co-authored-by: Matthew Holt <[email protected]>
2024-05-20Fix lint error about deprecated method in smallstep/certificates/authorityMatthew Holt
2024-05-20go.mod: Upgrade dependenciesMatthew Holt
2024-05-20caddytls: fix permission requirement with AutomationPolicy (#6328)Will Norris
Certificate automation has permission modules that are designed to prevent inappropriate issuance of unbounded or wildcard certificates. When an explicit cert manager is used, no additional permission should be necessary. For example, this should be a valid caddyfile: https:// { tls { get_certificate tailscale } respond OK } This is accomplished when provisioning an AutomationPolicy by tracking whether there were explicit managers configured directly on the policy (in the ManagersRaw field). Only when a number of potentially unsafe conditions are present AND no explicit cert managers are configured is an error returned. The problem arises from the fact that ctx.LoadModule deletes the raw bytes after loading in order to save memory. The first time an AutomationPolicy is provisioned, the ManagersRaw field is populated, and everything is fine. An AutomationPolicy with no subjects is treated as a special "catch-all" policy. App.createAutomationPolicies ensures that this catch-all policy has an ACME issuer, and then calls its Provision method again because it may have changed. This second time Provision is called, ManagesRaw is no longer populated, and the permission check fails because it appears as though the policy has no explicit managers. Address this by storing a new boolean on AutomationPolicy recording whether it had explicit cert managers configured on it. Also fix an inverted boolean check on this value when setting failClosed. Updates #6060 Updates #6229 Updates #6327 Signed-off-by: Will Norris <[email protected]>
2024-05-18caddytls: remove ClientHelloSNICtxKey (#6326)Will Norris
2024-05-18caddyhttp: Trace individual middleware handlers (#6313)Matt Holt
* caddyhttp: Trace individual middleware handlers * Fix typo
2024-05-18templates: Add `pathEscape` template function and use it in file browser (#6278)deneb
* use url.PathEscape in file-server browse template - add `pathEscape` to c.tpl.Funcs, using `url.PathEscape` - use `pathEscape` in browse.html in place of `replace` * document `pathEscape` * Remove unnecessary pipe of img src to `html`
2024-05-18caddytls: set server name in context (#6324)Will Norris
Set the requested server name in a context value for CertGetter implementations to use. Pass ctx to tscert.GetCertificateWithContext. Signed-off-by: Will Norris <[email protected]>
2024-05-15chore: downgrade minimum Go version in go.mod (#6318)Mohammed Al Sahaf
* chore: downgrade minimum Go version in go.mod * Upgrade certmagic and zerossl --------- Co-authored-by: Matthew Holt <[email protected]>
2024-05-14caddytest: normalize the JSON config (#6316)Mohammed Al Sahaf
* caddytest: normalize the JSON config
2024-05-13caddyhttp: New experimental handler for intercepting responses (#6232)Kévin Dunglas
* feat: add generic response interceptors * fix: cs * rename intercept * add some docs * @francislavoie review (first round) * Update modules/caddyhttp/intercept/intercept.go Co-authored-by: Francis Lavoie <[email protected]> * shorthands: ir to resp * mark exported symbols as experimental --------- Co-authored-by: Francis Lavoie <[email protected]>
2024-05-11httpcaddyfile: Set challenge ports when http_port or https_port are usedMatthew Holt
2024-05-11logging: Add support for additional logger filters other than hostname (#6082)Aziz Rmadi
Co-authored-by: Francis Lavoie <[email protected]>
2024-05-10caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)Matthew Holt
2024-05-10Second half of 6dce493Matthew Holt
Not sure how it got unstaged
2024-05-10caddyhttp: Alter log message when request is unhandled (close #5182)Matthew Holt
2024-05-10chore: Bump Go version in CI (#6310)Francis Lavoie
2024-05-10go.mod: go 1.22.3Matthew Holt
Seeing if this assists with some Go tooling logic
2024-05-10Fix typos (#6311)Viktor Szépe
* Fix typos * Revert * Revert to "htlm" * fix indentations
2024-05-08reverseproxy: Pointer to struct when loading modules; remove LazyCertPool ↵WeidiDeng
(#6307) * use pointer when loading modules * change method to pointer type and remove LazyCertPool * remove lazy pool test * remove yet another lazy pool test
2024-05-08tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)Matthew Penner
2024-05-07go.mod: CertMagic v0.21.0v2.8.0-beta.2Matthew Holt
2024-05-07reverseproxy: Implement health_follow_redirects (#6302)Ali Asgar
* added health_follow_redirect in active health checks * chore: code format * chore: refactore reversproxy healthcheck redirect variable name and description of the same * chore: formatting * changed reverse proxy health check status code range to be between 200-299 * chore: formatting --------- Co-authored-by: aliasgar <[email protected]>
2024-05-07caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)Florian Apolloner
* Allow usage of root CA without a key. Fixes #6290 * Update modules/caddypki/crypto.go --------- Co-authored-by: Matt Holt <[email protected]>
2024-05-06go.mod: Upgrade to quic-go v0.43.1Matthew Holt
2024-05-06reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)Mohammed Al Sahaf
2024-05-06caddytls: Ability to drop connections (close #6294)Matthew Holt
2024-05-02build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)dependabot[bot]
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-01httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)Francis Lavoie
2024-04-30caddytls: Evict internal certs from cache based on issuer (#6266)v2.8.0-beta.1Matt Holt
* caddytls: Evict internal certs from cache based on issuer During a config reload, we would keep certs in the cache fi they were used by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs. This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs. * Make sure new TLS app manages configured certs * Actually make it work
2024-04-27chore: add warn logs when using deprecated fields (#6276)Mohammed Al Sahaf
2024-04-27caddyhttp: Fix linter warning about deprecationMatthew Holt
2024-04-27go.mod: Upgrade to quic-go v0.43.0Matthew Holt
2024-04-26fileserver: Set "Vary: Accept-Encoding" header (see #5849)Matthew Holt
2024-04-26events: Add debug logMatthew Holt
2024-04-26reverseproxy: handle buffered data during hijack (#6274)WeidiDeng
2024-04-24ci: remove `android` and `plan9` from cross-build workflow (#6268)Mohammed Al Sahaf
2024-04-24run `golangci-lint run --fix --fast` (#6270)Mohammed Al Sahaf
2024-04-24caddytls: Option to configure certificate lifetime (#6253)clauverjat
* Add option to configure certificate lifetime * Bump CertMagic dep to latest master commit * Apply suggestions and ran go mod tidy * Update modules/caddytls/acmeissuer.go Co-authored-by: Matt Holt <[email protected]> --------- Co-authored-by: Matt Holt <[email protected]>
2024-04-24replacer: Implement `file.*` global replacements (#5463)Francis Lavoie
Co-authored-by: Matt Holt <[email protected]> Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-04-24caddyhttp: Address some Go 1.20 features (#6252)Matt Holt
Co-authored-by: Francis Lavoie <[email protected]>
2024-04-23Quell linter (false positive)Matthew Holt
2024-04-23reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)Aziz Rmadi
2024-04-23doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)Mohammed Al Sahaf