summaryrefslogtreecommitdiffhomepage
path: root/caddy.go
AgeCommit message (Collapse)Author
2024-03-01core: OnExit hooks (#6128)Matt Holt
* core: OnExit callbacks * core: Process-global OnExit callbacks
2024-01-13filesystem: Globally declared filesystems, `fs` directive (#5833)a
2024-01-02chore: check against errors of `io/fs` instead of `os` (#6011)Mohammed Al Sahaf
* chore: replace `os.ErrNotExist` with `fs.ErrNotExist` * check against permission error from `io/fs` package
2023-12-13core: Always make AppDataDir for InstanceID (#5976)Aziz Rmadi
2023-08-14ci: use gci linter (#5708)Jacob Gadikian
* use gofmput to format code * use gci to format imports * reconfigure gci * linter autofixes * rearrange imports a little * export GOOS=windows golangci-lint run ./... --fix
2023-08-07ci: Use gofumpt to format code (#5707)Jacob Gadikian
2023-07-21core: Refine mutex during reloads (fix #5628) (#5645)Matt Holt
Separate currentCtxMu to protect currentCtx, and a new rawCfgMu to protect rawCfg and synchronize loads.
2023-07-11caddytls: Reuse certificate cache through reloads (#5623)Matt Holt
* caddytls: Don't purge cert cache on config reload * Update CertMagic This actually avoids reloading managed certs from storage when already in the cache, d'oh. * Fix bug; re-implement HasCertificateForSubject * Update go.mod: CertMagic tag
2023-02-22cmd: Strict unmarshal for validate (#5383)Francis Lavoie
2022-12-19cmd: Avoid panic when printing version without build info (#5210)Lukas Vogel
* version: don't panic if read build info doesn't work If `debug.ReadBuildInfo()` doesn't return the build information we should not try to access it. Especially if users only want to build with the `CustomVersion` we should not assume access to `debug.ReadBuildInfo()`. The build environment where this isn't available for me is when building with bazel. * exit early
2022-10-05core: Set version manually via CustomVersion (#5072)Adam Weinberger
* Allow version to be set manually When Caddy is built from a release tarball (as downloaded from GitHub), `caddy version` returns an empty string. This causes confusion for downstream packagers. With this commit, VersionString can be set with eg. go build (...) -ldflags '-X (...).VersionString=v1.2.3' Then the short form version will be "v1.2.3", and the full version string will begin with "v1.2.3 ". * Prefer embedded version, then CustomVersion * Prefer "unknown" for full version over empty Co-authored-by: Matthew Holt <[email protected]>
2022-09-19caddyhttp: Honor grace period in background (#5043)Matt Holt
* caddyhttp: Honor grace period in background This avoids blocking during config reloads. * Don't quit process until servers shut down * Make tests more likely to pass on fast CI (#5045) * caddyhttp: Even faster shutdowns Simultaneously shut down all HTTP servers, rather than one at a time. In practice there usually won't be more than 1 that lingers. But this code ensures that they all Shutdown() in their own goroutine and then we wait for them at the end (if exiting). We also wait for them to start up so we can be fairly confident the shutdowns have begun; i.e. old servers no longer accepting new connections. * Fix comment typo * Pull functions out of loop, for readability
2022-09-15Reject absurdly long duration strings (fix #4175)Matthew Holt
2022-09-02Minor fix of error logMatthew Holt
2022-09-02notify: Don't send ready after error (fix #5003)Matthew Holt
Also simplify the notify package quite a bit. Also move stop notification into better place. Add ability to send status or error.
2022-08-04cmd: Use newly-available version information (#4931)Matt Holt
2022-08-02chore: Bump up to Go 1.19, minimum 1.18 (#4925)Francis Lavoie
2022-08-01caddyhttp: Implement `caddy respond` command (#4870)Matt Holt
2022-07-12admin: expect quoted ETags (#4879)v2.5.2jhwz
* expect quoted etags * admin: Minor refactor of etag facilities Co-authored-by: Matthew Holt <[email protected]>
2022-07-06admin: support ETag on config endpoints (#4579)jhwz
* admin: support ETags * support etags Co-authored-by: Matt Holt <[email protected]>
2022-05-24core: Micro-optim in run() (#4810)Kévin Dunglas
2022-03-25go.mod: Upgrade CertMagic to v0.16.0Matthew Holt
Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-04Appease the linterMatthew Holt
2022-03-03core: Retry dynamic config load if config unchangedMatthew Holt
(see discussion in #4603)
2022-03-03core: Retry dynamic config load if error or no-op (#4603)Matthew Holt
Also fix ineffectual assignment (unrelated)
2022-03-02pki: Implement API endpoints for certs and `caddy trust` (#4443)Francis Lavoie
* admin: Implement /pki/certificates/<id> API * pki: Lower "skip_install_trust" log level to INFO See https://github.com/caddyserver/caddy/issues/4058#issuecomment-976132935 It's not necessary to warn about this, because this was an option explicitly configured by the user. Still useful to log, but we don't need to be so loud about it. * cmd: Export functions needed for PKI app, return API response to caller * pki: Rewrite `caddy trust` command to use new admin endpoint instead * pki: Rewrite `caddy untrust` command to support using admin endpoint * Refactor cmd and pki packages for determining admin API endpoint
2022-03-01core: Config LoadInterval -> LoadDelay for clarityMatthew Holt
And improve/clarify docs about this feature See #4577
2022-03-01core: Revert 7f364c7; simplify dynamic config loadMatthew Holt
Fixes #4577
2022-03-01core: Config load interval only reloads if changed (#4603)Noorain Panjwani
2022-01-04admin, reverseproxy: Stop timers if canceled to avoid goroutine leak (#4482)Денис Телюх
2021-11-16core: Load config at interval instead of just onceMatthew Holt
2021-09-29Move from deprecated ioutil to os and io packages (#4364)KallyDev
2021-07-28admin: Implement load_interval to pull config on a timer (#4246)王清雨
* feat: implement a simple timer to pull config mostly referenced to the issue re #4106 * Update admin.go use `caddy.Duration` Co-authored-by: Matt Holt <[email protected]> * Update caddy.go Co-authored-by: Matt Holt <[email protected]> * Update admin.go Co-authored-by: Francis Lavoie <[email protected]> * fix: sync load config when no pull interval provided try not to make break change * fix: change PullInterval to LoadInterval * fix: change pull_interval to load_interval * Update caddy.go Co-authored-by: Matt Holt <[email protected]> Co-authored-by: Matt Holt <[email protected]> Co-authored-by: Francis Lavoie <[email protected]>
2021-04-05notify: Send all sd_notify signals from main caddy process (#4060)Carl George
Initial sd_notify support was added in #3963, but that sent signals from both cmdRun and cmdReload. This approach has two drawbacks: - Reloads initiated via the API do not send signals. - The signals are sent from different processes, which requires the `NotifyAccess=exec` directive in the unit file. This change moves the NotifyReloading and NotifyReadiness invocations to Load, which address both of those drawbacks. It also adds a complimentary NotifyStopping method which is invoked from handleStop. All the notify methods are defined in a notify package to avoid an import loop.
2021-04-01Use 600 instead of 644 for UUID fileMatthew Holt
Are you happy, linter?
2021-03-30Change os to ioutil for nowMatthew Holt
My editor automatically changed ioutil.ReadFile() to os.ReadFile() in accordance with Go 1.16 changes. I didn't notice this until pushing. But we still have to support Go 1.15 for a little while.
2021-03-30caddy: Add InstanceID() methodMatthew Holt
Caddy can now generate and persist its own instance ID, a UUID that is stored in the data directory. This makes it possible to differentiate it from other instances in a cluster.
2021-02-24Update docs; commit setcap.shMatthew Holt
2021-02-23core: Initialize logging before adminMatthew Holt
We'll see how this goes. https://caddy.community/t/calling-the-admin-api-from-within-a-route-route-causes-a-deadlock/11319
2021-01-27admin: Identity management, remote admin, config loaders (#3994)Matt Holt
This commits dds 3 separate, but very related features: 1. Automated server identity management How do you know you're connecting to the server you think you are? How do you know the server connecting to you is the server instance you think it is? Mutually-authenticated TLS (mTLS) answers both of these questions. Using TLS to authenticate requires a public/private key pair (and the peer must trust the certificate you present to it). Fortunately, Caddy is really good at managing certificates by now. We tap into that power to make it possible for Caddy to obtain and renew its own identity credentials, or in other words, a certificate that can be used for both server verification when clients connect to it, and client verification when it connects to other servers. Its associated private key is essentially its identity, and TLS takes care of possession proofs. This configuration is simply a list of identifiers and an optional list of custom certificate issuers. Identifiers are things like IP addresses or DNS names that can be used to access the Caddy instance. The default issuers are ZeroSSL and Let's Encrypt, but these are public CAs, so they won't issue certs for private identifiers. Caddy will simply manage credentials for these, which other parts of Caddy can use, for example: remote administration or dynamic config loading (described below). 2. Remote administration over secure connection This feature adds generic remote admin functionality that is safe to expose on a public interface. - The "remote" (or "secure") endpoint is optional. It does not affect the standard/local/plaintext endpoint. - It's the same as the [API endpoint on localhost:2019](https://caddyserver.com/docs/api), but over TLS. - TLS cannot be disabled on this endpoint. - TLS mutual auth is required, and cannot be disabled. - The server's certificate _must_ be obtained and renewed via automated means, such as ACME. It cannot be manually loaded. - The TLS server takes care of verifying the client. - The admin handler takes care of application-layer permissions (methods and paths that each client is allowed to use).\ - Sensible defaults are still WIP. - Config fields subject to change/renaming. 3. Dyanmic config loading at startup Since this feature was planned in tandem with remote admin, and depends on its changes, I am combining them into one PR. Dynamic config loading is where you tell Caddy how to load its config, and then it loads and runs that. First, it will load the config you give it (and persist that so it can be optionally resumed later). Then, it will try pulling its _actual_ config using the module you've specified (dynamically loaded configs are _not_ persisted to storage, since resuming them doesn't make sense). This PR comes with a standard config loader module called `caddy.config_loaders.http`. Caddyfile config for all of this can probably be added later. COMMITS: * admin: Secure socket for remote management Functional, but still WIP. Optional secure socket for the admin endpoint is designed for remote management, i.e. to be exposed on a public port. It enforces TLS mutual authentication which cannot be disabled. The default port for this is :2021. The server certificate cannot be specified manually, it MUST be obtained from a certificate issuer (i.e. ACME). More polish and sensible defaults are still in development. Also cleaned up and consolidated the code related to quitting the process. * Happy lint * Implement dynamic config loading; HTTP config loader module This allows Caddy to load a dynamic config when it starts. Dynamically-loaded configs are intentionally not persisted to storage. Includes an implementation of the standard config loader, HTTPLoader. Can be used to download configs over HTTP(S). * Refactor and cleanup; prevent recursive config pulls Identity management is now separated from remote administration. There is no need to enable remote administration if all you want is identity management, but you will need to configure identity management if you want remote administration. * Fix lint warnings * Rename identities->identifiers for consistency
2020-07-31admin,templates,core: Minor enhancements and error handling (#3607)Bart
* fix 2 possible bugs * handle unhandled errors
2020-05-13cmd: Add pidfile support (closes #3235)Matthew Holt
2020-05-11core: Add support for `d` duration unit (#3323)Francis Lavoie
* caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt <[email protected]>
2020-03-31pki: Add trust subcommand to install root cert (closes #3204)Matthew Holt
2020-03-06Merge branch 'certmagic-refactor' into v2Matthew Holt
2020-03-06Refactor for CertMagic v0.10; prepare for PKI appMatthew Holt
This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-02-27Fix spelling error (#3085)Success Go
2019-12-31Couple of minor fixes, update readmev2.0.0-beta12Matthew Holt
2019-12-31Tune AppConfigDir and docs for Storage moduleMatthew Holt
2019-12-31Config auto-save; run --resume flag; update environ output (close #2903)Matthew Holt
Config auto-saving is on by default and can be disabled. The --environ flag (or environ subcommand) now print more useful information from Caddy and the runtime, including some nifty paths.