Age | Commit message (Collapse) | Author |
|
* Add per host config
* Pass host label when option is enabled
* Test per host enabled
* metrics: scope metrics per loaded config
* doc and linter
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* inject the custom registry into the admin handler
Co-Authored-By: Dave Henderson <[email protected]>
* remove `TODO` comment
* fixes
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* refactor to delay metrics admin handler provision
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Hussam Almarzooq <[email protected]>
Co-authored-by: Dave Henderson <[email protected]>
|
|
* caddy adapt for listen_protocols
* adapt listen_socket
* allow multiple listen sockets for port ranges and readd socket fd listen logic
* readd logic to start servers according to listener protocols
* gofmt
* adapt caddytest
* gosec
* fmt and rename listen to listenWithSocket
* fmt and rename listen to listenWithSocket
* more consistent error msg
* non unix listenReusableWithSocketFile
* remove unused func
* doc comment typo
* nonosec
* commit
* doc comments
* more doc comments
* comment was misleading, cardinality did not change
* addressesWithProtocols
* update test
* fd/ and fdgram/
* rm addr
* actually write...
* i guess we doin' "skip": now
* wrong var in placeholder
* wrong var in placeholder II
* update param name in comment
* dont save nil file pointers
* windows
* key -> parsedKey
* osx
* multiple default_bind with protocols
* check for h1 and h2 listener netw
|
|
* chore: Use slices package where possible
* More, mostly using ContainsFunc
* Even more slice operations
|
|
|
|
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades
* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME
* Fix go.mod
* caddytls: Fix automation related to managers (fix #6060)
* Fix typo (appease linter)
* Fix HTTP validation with ZeroSSL API
|
|
* Making eTags a header not a trailer
* Checked the write
* Fixed typo
* Corrected comment
* Added sync Pool
* Changed control flow of buffer reset / putting and changed error code
* Switched from interface{} to any in bufferPool
|
|
|
|
Co-authored-by: Matt Holt <[email protected]>
|
|
|
|
|
|
Separate currentCtxMu to protect currentCtx, and a new
rawCfgMu to protect rawCfg and synchronize loads.
|
|
* caddytls: Don't purge cert cache on config reload
* Update CertMagic
This actually avoids reloading managed certs from storage
when already in the cache, d'oh.
* Fix bug; re-implement HasCertificateForSubject
* Update go.mod: CertMagic tag
|
|
|
|
|
|
same way it is set in modules/caddytls/tls.go
|
|
certmagic.New takes a template and returns pointer to the new config.
GetConfigForCert later must return a pointer to the new config not the
template.
fixes #5162
|
|
* admin: use replacer on listen address
* admin: consolidate replacer logic
|
|
* core: Refactor, improve listener logic
Deprecate:
- caddy.Listen
- caddy.ListenTimeout
- caddy.ListenPacket
Prefer caddy.NetworkAddress.Listen() instead.
Change:
- caddy.ListenQUIC (hopefully to remove later)
- caddy.ListenerFunc signature (add context and ListenConfig)
- Don't emit Alt-Svc header advertising h3 over HTTP/3
- Use quic.ListenEarly instead of quic.ListenEarlyAddr; this gives us
more flexibility (e.g. possibility of HTTP/3 over UDS) but also
introduces a new issue:
https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608
- Unlink unix socket before and after use
* Appease the linter
* Keep ListenAll
|
|
Also simplify the notify package quite a bit.
Also move stop notification into better place.
Add ability to send status or error.
|
|
Fixes #4954
Co-authored-by: Matthew Holt <[email protected]>
|
|
|
|
|
|
* expect quoted etags
* admin: Minor refactor of etag facilities
Co-authored-by: Matthew Holt <[email protected]>
|
|
* admin: support ETags
* support etags
Co-authored-by: Matt Holt <[email protected]>
|
|
Includes several breaking changes; code base updated accordingly.
- Added lots of context arguments
- Use fs.ErrNotExist
- Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
|
|
(see discussion in #4603)
|
|
Also fix ineffectual assignment (unrelated)
|
|
* admin: Implement /pki/certificates/<id> API
* pki: Lower "skip_install_trust" log level to INFO
See https://github.com/caddyserver/caddy/issues/4058#issuecomment-976132935
It's not necessary to warn about this, because this was an option explicitly configured by the user. Still useful to log, but we don't need to be so loud about it.
* cmd: Export functions needed for PKI app, return API response to caller
* pki: Rewrite `caddy trust` command to use new admin endpoint instead
* pki: Rewrite `caddy untrust` command to support using admin endpoint
* Refactor cmd and pki packages for determining admin API endpoint
|
|
And improve/clarify docs about this feature
See #4577
|
|
|
|
Using URLs seems a little cleaner and more correct
cf: https://caddy.community/t/protect-admin-endpoint/15114
(This used to work. Something must have changed recently.)
|
|
|
|
|
|
|
|
* Synchronize server assignment/references to avoid data race
* only hold lock during var reassignment
|
|
* feat: implement a simple timer to pull config
mostly referenced to the issue
re #4106
* Update admin.go
use `caddy.Duration`
Co-authored-by: Matt Holt <[email protected]>
* Update caddy.go
Co-authored-by: Matt Holt <[email protected]>
* Update admin.go
Co-authored-by: Francis Lavoie <[email protected]>
* fix: sync load config when no pull interval provided
try not to make break change
* fix: change PullInterval to LoadInterval
* fix: change pull_interval to load_interval
* Update caddy.go
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
Fix regression from ab80ff4fd2911afc394b9dbceeb9f71c7a0b7ec1 (probably a mistake when rebasing)
See https://caddy.community/t/id-selector-is-not-working-after-upgrade-to-2-4-0/12513?u=matt
|
|
Initial sd_notify support was added in #3963, but that sent signals from
both cmdRun and cmdReload. This approach has two drawbacks:
- Reloads initiated via the API do not send signals.
- The signals are sent from different processes, which requires the
`NotifyAccess=exec` directive in the unit file.
This change moves the NotifyReloading and NotifyReadiness invocations to
Load, which address both of those drawbacks. It also adds a
complimentary NotifyStopping method which is invoked from handleStop.
All the notify methods are defined in a notify package to avoid an
import loop.
|
|
This commits dds 3 separate, but very related features:
1. Automated server identity management
How do you know you're connecting to the server you think you are? How do you know the server connecting to you is the server instance you think it is? Mutually-authenticated TLS (mTLS) answers both of these questions. Using TLS to authenticate requires a public/private key pair (and the peer must trust the certificate you present to it).
Fortunately, Caddy is really good at managing certificates by now. We tap into that power to make it possible for Caddy to obtain and renew its own identity credentials, or in other words, a certificate that can be used for both server verification when clients connect to it, and client verification when it connects to other servers. Its associated private key is essentially its identity, and TLS takes care of possession proofs.
This configuration is simply a list of identifiers and an optional list of custom certificate issuers. Identifiers are things like IP addresses or DNS names that can be used to access the Caddy instance. The default issuers are ZeroSSL and Let's Encrypt, but these are public CAs, so they won't issue certs for private identifiers. Caddy will simply manage credentials for these, which other parts of Caddy can use, for example: remote administration or dynamic config loading (described below).
2. Remote administration over secure connection
This feature adds generic remote admin functionality that is safe to expose on a public interface.
- The "remote" (or "secure") endpoint is optional. It does not affect the standard/local/plaintext endpoint.
- It's the same as the [API endpoint on localhost:2019](https://caddyserver.com/docs/api), but over TLS.
- TLS cannot be disabled on this endpoint.
- TLS mutual auth is required, and cannot be disabled.
- The server's certificate _must_ be obtained and renewed via automated means, such as ACME. It cannot be manually loaded.
- The TLS server takes care of verifying the client.
- The admin handler takes care of application-layer permissions (methods and paths that each client is allowed to use).\
- Sensible defaults are still WIP.
- Config fields subject to change/renaming.
3. Dyanmic config loading at startup
Since this feature was planned in tandem with remote admin, and depends on its changes, I am combining them into one PR.
Dynamic config loading is where you tell Caddy how to load its config, and then it loads and runs that. First, it will load the config you give it (and persist that so it can be optionally resumed later). Then, it will try pulling its _actual_ config using the module you've specified (dynamically loaded configs are _not_ persisted to storage, since resuming them doesn't make sense).
This PR comes with a standard config loader module called `caddy.config_loaders.http`.
Caddyfile config for all of this can probably be added later.
COMMITS:
* admin: Secure socket for remote management
Functional, but still WIP.
Optional secure socket for the admin endpoint is designed
for remote management, i.e. to be exposed on a public
port. It enforces TLS mutual authentication which cannot
be disabled. The default port for this is :2021. The server
certificate cannot be specified manually, it MUST be
obtained from a certificate issuer (i.e. ACME).
More polish and sensible defaults are still in development.
Also cleaned up and consolidated the code related to
quitting the process.
* Happy lint
* Implement dynamic config loading; HTTP config loader module
This allows Caddy to load a dynamic config when it starts.
Dynamically-loaded configs are intentionally not persisted to storage.
Includes an implementation of the standard config loader, HTTPLoader.
Can be used to download configs over HTTP(S).
* Refactor and cleanup; prevent recursive config pulls
Identity management is now separated from remote administration.
There is no need to enable remote administration if all you want is identity
management, but you will need to configure identity management
if you want remote administration.
* Fix lint warnings
* Rename identities->identifiers for consistency
|
|
* ci: Use golangci's github action for linting
Signed-off-by: Dave Henderson <[email protected]>
* Fix most of the staticcheck lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the prealloc lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the misspell lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the varcheck lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the errcheck lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the bodyclose lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the deadcode lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the unused lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the gosec lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the gosimple lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the ineffassign lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Fix the staticcheck lint errors
Signed-off-by: Dave Henderson <[email protected]>
* Revert the misspell change, use a neutral English
Signed-off-by: Dave Henderson <[email protected]>
* Remove broken golangci-lint CI job
Signed-off-by: Dave Henderson <[email protected]>
* Re-add errantly-removed weakrand initialization
Signed-off-by: Dave Henderson <[email protected]>
* don't break the loop and return
* Removing extra handling for null rootKey
* unignore RegisterModule/RegisterAdapter
Co-authored-by: Mohammed Al Sahaf <[email protected]>
* single-line log message
Co-authored-by: Matt Holt <[email protected]>
* Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged
Signed-off-by: Dave Henderson <[email protected]>
* Revert ticker change, ignore it instead
Signed-off-by: Dave Henderson <[email protected]>
* Ignore some of the write errors
Signed-off-by: Dave Henderson <[email protected]>
* Remove blank line
Signed-off-by: Dave Henderson <[email protected]>
* Use lifetime
Signed-off-by: Dave Henderson <[email protected]>
* close immediately
Co-authored-by: Matt Holt <[email protected]>
* Preallocate configVals
Signed-off-by: Dave Henderson <[email protected]>
* Update modules/caddytls/distributedstek/distributedstek.go
Co-authored-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
|
|
* admin: lower log level to Debug for /metrics requests
Signed-off-by: Dave Henderson <[email protected]>
* Apply suggestions from code review
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
|
|
* metrics: Always track method label in uppercase
Signed-off-by: Dave Henderson <[email protected]>
* Just use strings.ToUpper for clarity
Signed-off-by: Dave Henderson <[email protected]>
|
|
Signed-off-by: Dave Henderson <[email protected]>
|
|
* fix 2 possible bugs
* handle unhandled errors
|
|
No currently-known exploit here, just being conservative
|
|
|
|
|
|
To clarify, listening on wildcard interfaces is NOT the default and
should only be done under certain circumstances and when you know
what you're doing. Emits a warning in the log.
Fixes https://github.com/caddyserver/caddy-docker/issues/71
|
|
With a simple heuristic for loopback addresses, we can enable this by
default without adding unnecessary inconvenience.
|