Age | Commit message (Collapse) | Author |
|
* Add per host config
* Pass host label when option is enabled
* Test per host enabled
* metrics: scope metrics per loaded config
* doc and linter
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* inject the custom registry into the admin handler
Co-Authored-By: Dave Henderson <[email protected]>
* remove `TODO` comment
* fixes
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* refactor to delay metrics admin handler provision
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Hussam Almarzooq <[email protected]>
Co-authored-by: Dave Henderson <[email protected]>
|
|
* Allow specifying multiple `auto_https` options
* Implement `auto_https prefer_wildcard` option
* Adapt tests, add mock DNS module for config testing
* Rebase fix
|
|
* caddy adapt for listen_protocols
* adapt listen_socket
* allow multiple listen sockets for port ranges and readd socket fd listen logic
* readd logic to start servers according to listener protocols
* gofmt
* adapt caddytest
* gosec
* fmt and rename listen to listenWithSocket
* fmt and rename listen to listenWithSocket
* more consistent error msg
* non unix listenReusableWithSocketFile
* remove unused func
* doc comment typo
* nonosec
* commit
* doc comments
* more doc comments
* comment was misleading, cardinality did not change
* addressesWithProtocols
* update test
* fd/ and fdgram/
* rm addr
* actually write...
* i guess we doin' "skip": now
* wrong var in placeholder
* wrong var in placeholder II
* update param name in comment
* dont save nil file pointers
* windows
* key -> parsedKey
* osx
* multiple default_bind with protocols
* check for h1 and h2 listener netw
|
|
* fileserver: add `sort` options
* fix: test
* fileserver: check options in `Provison`
* fileserver: more obvious err alerts in sort options
* fileserver: move `sort` to `browse`
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
* reverseproxy: allow user to define source address
Closes #6503
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* reverse_proxy: caddyfile support for local_address
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* error: run `error` (msg) through replacer
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* fix integration test
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* Add an option to specify the body used for active health checks
* Replacer on request body
|
|
Co-authored-by: Kanashimia <[email protected]>
|
|
* fileserver: add `sort` options
* fix: test
* fileserver: check options in `Provison`
* fileserver: more obvious err alerts in sort options
|
|
* Add Caddyfile support of setting active health check request method
* Add integration test for active health check request method
|
|
|
|
* a
* a
* a
* a
* a
* a
|
|
|
|
* Added sign_with_root option available in the Caddyfile
* Added tests for sign_with_root to validate the adapted JSON config
|
|
* caddytest: normalize the JSON config
|
|
* feat: add generic response interceptors
* fix: cs
* rename intercept
* add some docs
* @francislavoie review (first round)
* Update modules/caddyhttp/intercept/intercept.go
Co-authored-by: Francis Lavoie <[email protected]>
* shorthands: ir to resp
* mark exported symbols as experimental
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* Fix typos
* Revert
* Revert to "htlm"
* fix indentations
|
|
|
|
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: Mohammed Al Sahaf <[email protected]>
|
|
|
|
(#6249)
|
|
* caddyfile: Populate regexp matcher names by default
* Some lint cleanup that my VSCode complained about
* Pass down matcher name through expression matcher
* Compat with #6113: fix adapt test, set both styles in replacer
|
|
* caddyhttp: Support multiple logger names per host
* Lint
* Add adapt test
* Implement "string or array" parsing, keep original `logger_names`
* Rewrite adapter test to be more representative of the usecase
|
|
|
|
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades
* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME
* Fix go.mod
* caddytls: Fix automation related to managers (fix #6060)
* Fix typo (appease linter)
* Fix HTTP validation with ZeroSSL API
|
|
|
|
* added new modular ca providers to caddy tls HttpTransport
* reverse-proxy, httptransport: added tests and caddyfile support for ca module
---------
Co-authored-by: Mohammed Al Sahaf <[email protected]>
|
|
* caddyhttp: add `http.request.local{,.host,.port}` placeholder
This is the counterpart of `http.request.remote{,.host,.port}`.
`http.request.remote` operates on the remote client's address, while
`http.request.local` operates on the address the connection arrived on.
Take the following example:
- Caddy serving on `203.0.113.1:80`
- Client on `203.0.113.2`
`http.request.remote.host` would return `203.0.113.2` (client IP)
`http.request.local.host` would return `203.0.113.1` (server IP)
`http.request.local.port` would return `80` (server port)
I find this helpful for debugging setups with multiple servers and/or
multiple network paths (multiple IPs, AnyIP, Anycast).
Co-authored-by: networkException <[email protected]>
* caddyhttp: add unit test for `http.request.local{,.host,.port}`
* caddyhttp: add integration test for `http.request.local.port`
* caddyhttp: fix `http.request.local.host` placeholder handling with unix sockets
The implementation matches the one of `http.request.remote.host` now and
returns the unix socket path (just like `http.request.local` already did)
instead of an empty string.
---------
Co-authored-by: networkException <[email protected]>
|
|
* Implemented query replace oeration
* Modified replace operation to use regexes in caddyfile
* Added more tests to uri query operations
|
|
* reverseproxy: active health check allows configurable health_passes and health_fails
* Need to reset counters after recovery
* rename methods to be more clear that these are coming from active health checks
* do not export methods
|
|
* Implemented basic uri query operations
* Added support for query operations block
* Applied Replacer on all query keys and values
* Implemented rename query key opration
* Rewrite struct: Changed QueryOperations field to Query and comments cleanup
* Cleaned up comments, changed the order of operations and added more tests
* Changed order of fields in queryOps struct to match the operations order
|
|
* logging: Implement `extra_log` handler
* Rename to `log_append`
* Rename `skip_log` to `log_skip`
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
Co-authored-by: Matt Holt <[email protected]>
|
|
* logging: Implement `add` encoder
* Allow flatter config structure for `filter` & `add`
* Rename to append
* govulncheck was unhappy
|
|
|
|
pluggable (#6050)
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module
* Added leaf loaders modules: file, folder, pem aand storage
* Cleaned implementation of leaf cert loader modules
* Added tests for leaf certs file and folder loaders
* cmd: fix the output of the `Usage` section (#6138)
* core: OnExit hooks (#6128)
* core: OnExit callbacks
* core: Process-global OnExit callbacks
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added more leaf certificate loaders tests and cleaned up code
* Modified leaf cert loaders json field names and cleaned up storage loader comment
* Update modules/caddytls/leaffileloader.go
* Update LeafStorageLoader certificates field name
* Upgraded protobuf version
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Matt Holt <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* caddytls: verifier: caddyfile: re-add Caddyfile support
* appease the linter
* caddytls: client_auth: verifier: change namespace to `tls.client_auth.verifier`
|
|
* acmeserver: support specifying the allowed challenge types
* add caddyfile adapt tests
* acmeserver: add `policy` field to define allow/deny rules
* allow `omitempty` to work
* add caddyfile support for `policy`
* remove "uri domain" policy
* fmt the files
* add docs
* do not support `CommonName`; the field is deprecated
* r/DNSDomains/Domains/g
* Caddyfile docs
* add tests
* move `Policy` to top of file
|
|
|
|
benchmarks. (#6103)
|
|
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
* acmeserver: support specifying the allowed challenge types
* add caddyfile adapt tests
* introduce basic acme_server test
* skip acme test on unsuitable environments
* skip integration tests of ACME
* documentation
* add negative-scenario test for mismatched allowed challenges
* a bit more docs
* fix tests for ACME challenges
* appease the linter
* skip ACME tests on s390x
* enable ACME challenge tests on all machines
* Apply suggestions from code review
Co-authored-by: Matt Holt <[email protected]>
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
* caddytls: Make on-demand 'ask' permission modular
This makes the 'ask' endpoint a module, which means that developers can
write custom plugins for granting permission for on-demand certificates.
Kicking myself that we didn't do it this way at the beginning, but who coulda known...
* Lint
* Error on conflicting config
* Fix bad merge
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* tls: modularize client authentication trusted CA
* add `omitempty` to `CARaw`
* docs
* initial caddyfile support
* revert anything related to leaf cert validation
The certs are used differently than the CA pool flow
* complete caddyfile unmarshalling implementation
* Caddyfile syntax documentation
* enhance caddyfile parsing and documentation
Apply suggestions from code review
Co-authored-by: Francis Lavoie <[email protected]>
* add client_auth caddyfile tests
* add caddyfile unmarshalling tests
* fix and add missed adapt tests
* fix rebase issue
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
Co-authored-by: Kévin Dunglas <[email protected]>
|
|
|