aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddyhttp/reverseproxy/caddyfile.go
AgeCommit message (Collapse)Author
2024-04-12reverseproxy: Implement modular CA provider for TLS transport (#6065)Aziz Rmadi
* added new modular ca providers to caddy tls HttpTransport * reverse-proxy, httptransport: added tests and caddyfile support for ca module --------- Co-authored-by: Mohammed Al Sahaf <[email protected]>
2024-03-21caddyhttp: Allow `header` replacement with empty string (#6163)Francis Lavoie
2024-03-20reverseproxy: configurable active health_passes and health_fails (#6154)Sam Ottenhoff
* reverseproxy: active health check allows configurable health_passes and health_fails * Need to reset counters after recovery * rename methods to be more clear that these are coming from active health checks * do not export methods
2024-03-18reverseproxy: Configurable forward proxy URL (#6114)Justin Angel
Co-authored-by: WeidiDeng <[email protected]>
2024-01-23caddyfile: Normalize & flatten all unmarshalers (#6037)Francis Lavoie
2024-01-13reverseproxy: Add `tls_curves` option to HTTP transport (#5851)Bas Westerbaan
2023-10-11reverseproxy: Add more debug logs (#5793)Matt Holt
* reverseproxy: Add more debug logs This makes debug logging very noisy when reverse proxying, but I guess that's the point. This has shown to be useful in troubleshooting infrastructure issues. * Update modules/caddyhttp/reverseproxy/streaming.go Co-authored-by: Francis Lavoie <[email protected]> * Update modules/caddyhttp/reverseproxy/streaming.go Co-authored-by: Francis Lavoie <[email protected]> * Add opt-in `trace_logs` option * Rename to VerboseLogs --------- Co-authored-by: Francis Lavoie <[email protected]>
2023-10-11reverseproxy: Replace health header placeholders (#5861)Francis Lavoie
2023-10-11reverseproxy: fix parsing Caddyfile fails for unlimited request/response ↵Fred Cox
buffers (#5828)
2023-08-19httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)Karun Agarwal
Co-authored-by: Mohammed Al Sahaf <[email protected]> Co-authored-by: Francis Lavoie <[email protected]>
2023-08-14ci: use gci linter (#5708)Jacob Gadikian
* use gofmput to format code * use gci to format imports * reconfigure gci * linter autofixes * rearrange imports a little * export GOOS=windows golangci-lint run ./... --fix
2023-08-07ci: Use gofumpt to format code (#5707)Jacob Gadikian
2023-08-05reverseproxy: do not parse upstream address too early if it contains ↵Mohammed Al Sahaf
replaceble parts (#5695) * reverseproxy: do not parse upstream address too early if it contains replaceble parts * remove unused method * cleanup * accommodate partially replaceable port
2023-07-25reverseproxy: Export ipVersions type (#5648)Omar Ramadan
allows AUpstreams to be instantiated externally
2023-06-19reverseproxy: Experimental streaming timeouts (#5567)mmm444
* reverseproxy: WIP streaming timeouts * More verbose logging by using the child logger * reverseproxy: Implement streaming timeouts * reverseproxy: Refactor cleanup * reverseproxy: Avoid **time.Timer --------- Co-authored-by: Francis Lavoie <[email protected]>
2023-05-15reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile ↵Francis Lavoie
(#5494) * reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile * Add clarifying comment
2023-04-20caddyfile: Stricter parsing, error for brace on new line (#5505)Francis Lavoie
2023-04-10reverseproxy: Remove deprecated `lookup_srv` (#5396)Francis Lavoie
2023-03-31proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP ↵Corin Langosch
listener wrapper (#5424) Co-authored-by: WeidiDeng <[email protected]> Co-authored-by: Francis Lavoie <[email protected]>
2023-02-27reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)Emily Lange
Co-authored-by: Francis Lavoie <[email protected]>
2023-02-11reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)Matt Holt
* reverseproxy: Don't buffer chunked requests (fix #5366) Mostly reverts 845bc4d50b437995d574819850206e4b3db4040d (#5289) Adds warning for unsafe config. Deprecates unsafe properties in favor of simpler, safer designed ones. * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Y.Horie <[email protected]> * Update modules/caddyhttp/reverseproxy/reverseproxy.go Co-authored-by: Y.Horie <[email protected]> * Update modules/caddyhttp/reverseproxy/reverseproxy.go Co-authored-by: Y.Horie <[email protected]> * Remove unused code --------- Co-authored-by: Y.Horie <[email protected]>
2023-01-10caddyhttp: Add server-level `trusted_proxies` config (#5103)Francis Lavoie
2022-09-29reverseproxy: Parse humanized byte size (fix #5095)Matthew Holt
2022-08-25reverseproxy: Multiple dynamic upstreamsMatthew Holt
This allows users to, for example, get upstreams from multiple SRV endpoints in order (such as primary and secondary clusters). Also, gofmt went to town on the comments, sigh
2022-07-23reverseproxy: Implement read & write timeouts for HTTP transport (#4905)Matt Holt
2022-07-13reverseproxy: Implement retry count, alternative to try_duration (#4756)Francis Lavoie
* reverseproxy: Implement retry count, alternative to try_duration * Add Caddyfile support for `retry_match` * Refactor to deduplicate matcher parsing logic * Fix lint
2022-07-08reverseproxy: Adjust new TLS Caddyfile directive names (#4872)Francis Lavoie
2022-06-20reverseproxy: Skip TLS for certain configured ports (#4843)Kiss Károly Pál
* Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt <[email protected]> * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt <[email protected]>
2022-06-10reverseproxy: Add renegotiation param in TLS client (#4784)Yaacov Akiba Slama
* Add renegotiation option in reverseproxy tls client * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt <[email protected]>
2022-05-06reverseproxy: Support performing pre-check requests (#4739)Francis Lavoie
2022-05-02reverseproxy: Fix Caddyfile support for `replace_status` (#4754)Francis Lavoie
2022-04-25httpcaddyfile: Deprecate paths in site addresses; use zap logs (#4728)Francis Lavoie
2022-03-13chore: Comment fixes (#4634)Francis Lavoie
2022-03-09reverseproxy: copy_response and copy_response_headers for handle_response ↵v2.5.0-beta.1Francis Lavoie
routes (#4391) * reverseproxy: New `copy_response` handler for `handle_response` routes Followup to #4298 and #4388. This adds a new `copy_response` handler which may only be used in `reverse_proxy`'s `handle_response` routes, which can be used to actually copy the proxy response downstream. Previously, if `handle_response` was used (with routes, not the status code mode), it was impossible to use the upstream's response body at all, because we would always close the body, expecting the routes to write a new body from scratch. To implement this, I had to refactor `h.reverseProxy()` to move all the code that came after the `HandleResponse` loop into a new function. This new function `h.finalizeResponse()` takes care of preparing the response by removing extra headers, dealing with trailers, then copying the headers and body downstream. Since basically what we want `copy_response` to do is invoke `h.finalizeResponse()` at a configurable point in time, we need to pass down the proxy handler, the response, and some other state via a new `req.WithContext(ctx)`. Wrapping a new context is pretty much the only way we have to jump a few layers in the HTTP middleware chain and let a handler pick up this information. Feels a bit dirty, but it works. Also fixed a bug with the `http.reverse_proxy.upstream.duration` placeholder, it always had the same duration as `http.reverse_proxy.upstream.latency`, but the former was meant to be the time taken for the roundtrip _plus_ copying/writing the response. * Delete the "Content-Length" header if we aren't copying Fixes a bug where the Content-Length will mismatch the actual bytes written if we skipped copying the response, so we get a message like this when using curl: ``` curl: (18) transfer closed with 18 bytes remaining to read ``` To replicate: ``` { admin off debug } :8881 { reverse_proxy 127.0.0.1:8882 { @200 status 200 handle_response @200 { header Foo bar } } } :8882 { header Content-Type application/json respond `{"hello": "world"}` 200 } ``` * Implement `copy_response_headers`, with include/exclude list support * Apply suggestions from code review Co-authored-by: Matt Holt <[email protected]>
2022-03-06reverseproxy: Dynamic upstreams (with SRV and A/AAAA support) (#4470)Matt Holt
* reverseproxy: Begin refactor to enable dynamic upstreams Streamed here: https://www.youtube.com/watch?v=hj7yzXb11jU * Implement SRV and A/AAA upstream sources Also get upstreams at every retry loop iteration instead of just once before the loop. See #4442. * Minor tweaks from review * Limit size of upstreams caches * Add doc notes deprecating LookupSRV * Provision dynamic upstreams Still WIP, preparing to preserve health checker functionality * Rejigger health checks Move active health check results into handler-specific Upstreams. Improve documentation regarding health checks and upstreams. * Deprecation notice * Add Caddyfile support, use `caddy.Duration` * Interface guards * Implement custom resolvers, add resolvers to http transport Caddyfile * SRV: fix Caddyfile `name` inline arg, remove proto condition * Use pointer receiver * Add debug logs Co-authored-by: Francis Lavoie <[email protected]>
2022-03-06reverseproxy: Implement trusted proxies for `X-Forwarded-*` headers (#4507)Francis Lavoie
2022-03-05reverseproxy: Refactor dial address parsing, augment command parsing (#4616)Francis Lavoie
2022-03-01reverseproxy: Move status replacement intercept to `replace_status` (#4300)Francis Lavoie
2021-12-17reverseproxy: Fix incorrect `health_headers` Caddyfile parsing (#4485)Francis Lavoie
Fixes #4481
2021-11-24reverseproxy: Adjust defaults, document defaults (#4436)Francis Lavoie
* reverseproxy: Adjust defaults, document defaults Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6. - Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release. - Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost! - Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience. * reverseproxy: Make keepalive interval configurable via Caddyfile * fastcgi: DialTimeout default for fastcgi transport too
2021-08-17logging: Warn for deprecated single_field encoderMatthew Holt
2021-06-15reverseproxy: Fix overwriting of max_idle_conns_per_host (closes #4201)Matthew Holt
Also split the Caddyfile subdirective keepalive_idle_conns into two properties so the conns and conns_per_host can be set separately. This is technically a breaking change, but probably anyone who this breaks already had a broken config anyway, and silently fixing it won't help them fix their configs.
2021-05-02reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)Francis Lavoie
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt <[email protected]> * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé <[email protected]> Co-authored-by: Matt Holt <[email protected]>
2021-03-29reverseproxy: Implement health_uri, deprecate health_path, supports query ↵Francis Lavoie
(#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
2021-03-03reverseproxy: Fix upstreams with placeholders with no port (#4046)Francis Lavoie
2021-02-09reverseproxy: Response buffering & configurable buffer sizeMatthew Holt
Proxy response bodies can now be buffered, and the size of the request body and response body buffer can be limited. Any remaining content that doesn't fit in the buffer will remain on the wire until it can be read; i.e. bodies are not truncated, even if the buffer is not big enough. This fulfills a customer requirement. This was made possible by their sponsorship!
2021-01-05caddyfile: Refactor unmarshaling of module tokensMatthew Holt
Eliminates a fair amount of repeated code
2021-01-04reverseproxy: Caddyfile health check headers, host header support (#3948)yaxin
* reverse_proxy: 1.health check headers can be set through Caddyfile using health_headers directive; 2.health check header host can be set properly * reverse_proxy: replace example with syntax definition inline health_headers directive parse function * bugfix: change caddyfile_adapt testcase file from space to tab * reverseproxy: modify health_header value document as optional and add more test cases
2021-01-04caddyfile: Introduce basic linting and fmt check (#3923)Matt Holt
* caddyfile: Introduce basic linting and fmt check This will help encourage people to keep their Caddyfiles tidy. * Remove unrelated tests I am not sure that testing the output of warnings here is quite the right idea; these tests are just for syntax and parsing success.
2020-11-23reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)Francis Lavoie
* reverseproxy: Add Caddyfile scheme shorthand for h2c * reverseproxy: Use parentheses for condition Co-authored-by: Matt Holt <[email protected]> Co-authored-by: Matt Holt <[email protected]>