aboutsummaryrefslogtreecommitdiffhomepage
path: root/caddyconfig/httpcaddyfile/builtins.go
AgeCommit message (Collapse)Author
24 hourshttpcaddyfile: Implement experimental `force_automate` option (#6712)HEADmasterFrancis Lavoie
6 daysgo.mod: Upgrade ACMEz to v3; and upgrade CertMagicMatthew Holt
2024-11-11httpcaddyfile: Implement log `sampling` config (#6682)Nikolai K
* Allow log sampling configuration from Caddyfile * Add log sampling adapt tests
2024-09-30core: Implement socket activation listeners (#6573)Aaron Paterson
* caddy adapt for listen_protocols * adapt listen_socket * allow multiple listen sockets for port ranges and readd socket fd listen logic * readd logic to start servers according to listener protocols * gofmt * adapt caddytest * gosec * fmt and rename listen to listenWithSocket * fmt and rename listen to listenWithSocket * more consistent error msg * non unix listenReusableWithSocketFile * remove unused func * doc comment typo * nonosec * commit * doc comments * more doc comments * comment was misleading, cardinality did not change * addressesWithProtocols * update test * fd/ and fdgram/ * rm addr * actually write... * i guess we doin' "skip": now * wrong var in placeholder * wrong var in placeholder II * update param name in comment * dont save nil file pointers * windows * key -> parsedKey * osx * multiple default_bind with protocols * check for h1 and h2 listener netw
2024-06-10logging: Customizable zap cores (#6381)Omar Ramadan
2024-05-11logging: Add support for additional logger filters other than hostname (#6082)Aziz Rmadi
Co-authored-by: Francis Lavoie <[email protected]>
2024-04-27chore: add warn logs when using deprecated fields (#6276)Mohammed Al Sahaf
2024-04-13caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)Matt Holt
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-03-05logging: Implement `log_append` handler (#6066)Francis Lavoie
* logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <[email protected]>
2024-01-25tls: modularize trusted CA providers (#5784)Mohammed Al Sahaf
* tls: modularize client authentication trusted CA * add `omitempty` to `CARaw` * docs * initial caddyfile support * revert anything related to leaf cert validation The certs are used differently than the CA pool flow * complete caddyfile unmarshalling implementation * Caddyfile syntax documentation * enhance caddyfile parsing and documentation Apply suggestions from code review Co-authored-by: Francis Lavoie <[email protected]> * add client_auth caddyfile tests * add caddyfile unmarshalling tests * fix and add missed adapt tests * fix rebase issue --------- Co-authored-by: Francis Lavoie <[email protected]>
2024-01-23caddyfile: Normalize & flatten all unmarshalers (#6037)Francis Lavoie
2024-01-16httpcaddyfile: Add optional status code argument to `handle_errors` ↵Aziz Rmadi
directive (#5965) Co-authored-by: Aziz Rmadi <[email protected]>
2024-01-15httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting ↵Francis Lavoie
matcher (#5844)
2024-01-13filesystem: Globally declared filesystems, `fs` directive (#5833)a
2024-01-10httpcaddyfile: Fix redir <to> html (#6001)Subhaditya Nath
2024-01-09httpcaddyfile: Support client auth verifiers (#6022)Zach Galvin
* Added verifier case Update author * Update verifier to match struct tag * gci run
2024-01-09tls: add reuse_private_keys (#6025)Rithvik Vibhu
2023-12-20httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)Francis Lavoie
2023-08-20caddyfile: Adjust error formatting (#5765)Francis Lavoie
2023-08-14ci: use gci linter (#5708)Jacob Gadikian
* use gofmput to format code * use gci to format imports * reconfigure gci * linter autofixes * rearrange imports a little * export GOOS=windows golangci-lint run ./... --fix
2023-08-02httpcaddyfile: Allow `hostnames` & logger name overrides for log directive ↵Francis Lavoie
(#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-05-16caddyhttp: Implement named routes, `invoke` directive (#5107)v2.7.0-beta.1Francis Lavoie
* caddyhttp: Implement named routes, `invoke` directive * gofmt * Add experimental marker * Adjust route compile comments
2023-01-18httpcaddyfile: Fix `handle` grouping inside `route` (#5315)WeidiDeng
Co-authored-by: Francis Lavoie <[email protected]>
2023-01-06caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)Yannick Ihmels
2022-10-05logging: Fix `skip_hosts` with wildcards (#5102)Francis Lavoie
Fix #4859
2022-09-16caddyhttp: Support TLS key logging for debugging (#4808)David Manouchehri
* Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <[email protected]>
2022-09-15caddyhttp: Add 'skip_log' var to omit request from logs (#4691)Francis Lavoie
* caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <[email protected]>
2022-08-09httpcaddyfile: redir with "html" emits 200, no Location (fix #4940)Matthew Holt
The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-05-06reverseproxy: Support performing pre-check requests (#4739)Francis Lavoie
2022-03-25go.mod: Upgrade CertMagic to v0.16.0Matthew Holt
Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-22httpcaddyfile: Add 'vars' directiveMatthew Holt
See discussion in #4650
2022-03-08caddytls: dns_challenge_override_domain for challenge delegation (#4596)Ran Chen
* Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt <[email protected]>
2022-02-17caddytls: Support external certificate Managers (like Tailscale) (#4541)Matt Holt
Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <[email protected]> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <[email protected]>
2021-09-29Move from deprecated ioutil to os and io packages (#4364)KallyDev
2021-05-02httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)Francis Lavoie
2021-03-12httpcaddyfile: Add `error` directive for the existing handler (#4034)Francis Lavoie
* httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-12caddyconfig: add global option for configuring loggers (#4028)Aaron Taylor
This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-02-02httpcaddyfile: Add resolvers subdir of tls (close #4008)Matthew Holt
Allows conveniently setting the resolvers for the DNS challenge using a TLS subdirective, which applies to default issuers, rather than having to explicitly define the issuers and overwrite the defaults.
2021-02-02httpcaddyfile: Fix default issuers when email providedMatthew Holt
If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-01-28caddyhttp: Fix redir html status code, improve flow (#3987)Tyler Kropp
* Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-28caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)Matt Holt
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) * Move abort directive ordering; clean up redirects Seems logical for the end-all of handlers to go at the... end. The Connection header no longer needs to be set there, since Close is true, and the static_response handler now does that.
2021-01-06caddytls: add 'key_type' subdirective (#3956)Jordi Masip
* caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
2021-01-05caddyfile: Refactor unmarshaling of module tokensMatthew Holt
Eliminates a fair amount of repeated code
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <[email protected]> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the misspell lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the unused lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the gosec lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <[email protected]> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <[email protected]> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <[email protected]> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <[email protected]> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <[email protected]> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <[email protected]> * single-line log message Co-authored-by: Matt Holt <[email protected]> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <[email protected]> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <[email protected]> * Ignore some of the write errors Signed-off-by: Dave Henderson <[email protected]> * Remove blank line Signed-off-by: Dave Henderson <[email protected]> * Use lifetime Signed-off-by: Dave Henderson <[email protected]> * close immediately Co-authored-by: Matt Holt <[email protected]> * Preallocate configVals Signed-off-by: Dave Henderson <[email protected]> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <[email protected]> Co-authored-by: Matt Holt <[email protected]>
2020-11-16caddytls: Support multiple issuers (#3862)Matt Holt
* caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-10-02map: Reimplement; multiple outputs; optimizeMatthew Holt
2020-08-11Update comment and Caddy 1 EOLMatthew Holt
2020-08-11caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633)v2.2.0-rc.1Matt Holt
* caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <[email protected]> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <[email protected]>
2020-08-05httpcaddyfile: Allow named matchers in `route` blocks (#3632)Francis Lavoie
2020-07-30caddytls: Replace lego with acmez (#3621)Matt Holt
* Replace lego with acmez; upgrade CertMagic * Update integration test