github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-17 02:04:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
04fb9fe87f
caddy/caddyconfig/httpcaddyfile/builtins.go

1078 lines
30 KiB
Go
Raw Normal View History

Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
// Copyright 2015 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package httpcaddyfile
import (
"fmt"
"html"
"net/http"
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
"reflect"
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
"strconv"
httpcaddyfile: Get rid of 'tls off' parameter; probably not useful
2020-01-23 00:24:49 +08:00
"strings"
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
"time"
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
ci: use gci linter (#5708) * use gofmput to format code * use gci to format imports * reconfigure gci * linter autofixes * rearrange imports a little * export GOOS=windows golangci-lint run ./... --fix
2023-08-14 23:41:15 +08:00
"github.com/caddyserver/certmagic"
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
"github.com/mholt/acmez/v2/acme"
ci: use gci linter (#5708) * use gofmput to format code * use gci to format imports * reconfigure gci * linter autofixes * rearrange imports a little * export GOOS=windows golangci-lint run ./... --fix
2023-08-14 23:41:15 +08:00
"go.uber.org/zap/zapcore"
v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924) This commit goes a long way toward making automated documentation of Caddy config and Caddy modules possible. It's a broad, sweeping change, but mostly internal. It allows us to automatically generate docs for all Caddy modules (including future third-party ones) and make them viewable on a web page; it also doubles as godoc comments. As such, this commit makes significant progress in migrating the docs from our temporary wiki page toward our new website which is still under construction. With this change, all host modules will use ctx.LoadModule() and pass in both the struct pointer and the field name as a string. This allows the reflect package to read the struct tag from that field so that it can get the necessary information like the module namespace and the inline key. This has the nice side-effect of unifying the code and documentation. It also simplifies module loading, and handles several variations on field types for raw module fields (i.e. variations on json.RawMessage, such as arrays and maps). I also renamed ModuleInfo.Name -> ModuleInfo.ID, to make it clear that the ID is the "full name" which includes both the module namespace and the name. This clarity is helpful when describing module hierarchy. As of this change, Caddy modules are no longer an experimental design. I think the architecture is good enough to go forward.
2019-12-11 04:36:46 +08:00
"github.com/caddyserver/caddy/v2"
Fix SIV where /v2 was missing from caddyfile adapter work (#2721)
2019-08-23 02:26:48 +08:00
"github.com/caddyserver/caddy/v2/caddyconfig"
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
Fix SIV where /v2 was missing from caddyfile adapter work (#2721)
2019-08-23 02:26:48 +08:00
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
"github.com/caddyserver/caddy/v2/modules/caddytls"
)
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
func init() {
RegisterDirective("bind", parseBind)
RegisterDirective("tls", parseTLS)
filesystem: Globally declared filesystems, `fs` directive (#5833)
2024-01-14 04:12:43 +08:00
RegisterHandlerDirective("fs", parseFilesystem)
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
RegisterDirective("root", parseRoot)
httpcaddyfile: Add 'vars' directive See discussion in #4650
2022-03-23 00:47:21 +08:00
RegisterHandlerDirective("vars", parseVars)
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
RegisterHandlerDirective("redir", parseRedir)
httpcaddyfile: static_response -> respond; minor cleanups
2019-09-17 01:04:18 +08:00
RegisterHandlerDirective("respond", parseRespond)
caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983) * caddyhttp: Implement handler abort; new 'abort' directive (close #3871) * Move abort directive ordering; clean up redirects Seems logical for the end-all of handlers to go at the... end. The Connection header no longer needs to be set there, since Close is true, and the static_response handler now does that.
2021-01-29 03:54:55 +08:00
RegisterHandlerDirective("abort", parseAbort)
httpcaddyfile: Add `error` directive for the existing handler (#4034) * httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-13 04:25:49 +08:00
RegisterHandlerDirective("error", parseError)
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
RegisterHandlerDirective("route", parseRoute)
httpcaddyfile: Treat no matchers as 0-len path matchers (fix #3100) + a couple other minor changes from linter
2020-02-29 04:38:12 +08:00
RegisterHandlerDirective("handle", parseHandle)
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
RegisterDirective("handle_errors", parseHandleErrors)
caddyhttp: Implement named routes, `invoke` directive (#5107) * caddyhttp: Implement named routes, `invoke` directive * gofmt * Add experimental marker * Adjust route compile comments
2023-05-16 23:27:52 +08:00
RegisterHandlerDirective("invoke", parseInvoke)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
RegisterDirective("log", parseLog)
logging: Implement `log_append` handler (#6066) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-06 08:03:59 +08:00
RegisterHandlerDirective("skip_log", parseLogSkip)
RegisterHandlerDirective("log_skip", parseLogSkip)
logging: Add support for additional logger filters other than hostname (#6082) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 21:31:44 +08:00
RegisterHandlerDirective("log_name", parseLogName)
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
}
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
// parseBind parses the bind directive. Syntax:
//
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// bind <addresses...>
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
func parseBind(h Helper) ([]ConfigValue, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
return []ConfigValue{{Class: "bind", Value: h.RemainingArgs()}}, nil
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
httpcaddyfile: Get rid of 'tls off' parameter; probably not useful
2020-01-23 00:24:49 +08:00
// parseTLS parses the tls directive. Syntax:
//
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// tls [<email>|internal]|[<cert_file> <key_file>] {
// protocols <min> [<max>]
// ciphers <cipher_suites...>
// curves <curves...>
// client_auth {
// mode [request|require|verify_if_given|require_and_verify]
chore: add warn logs when using deprecated fields (#6276)
2024-04-28 03:51:00 +08:00
// trust_pool <module_name> [...]
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// trusted_leaf_cert <base64_der>
// trusted_leaf_cert_file <filename>
// }
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
// alpn <values...>
// load <paths...>
// ca <acme_ca_endpoint>
// ca_root <pem_file>
// key_type [ed25519|p256|p384|rsa2048|rsa4096]
// dns <provider_name> [...]
// propagation_delay <duration>
// propagation_timeout <duration>
// resolvers <dns_servers...>
// dns_ttl <duration>
// dns_challenge_override_domain <domain>
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// on_demand
tls: add reuse_private_keys (#6025)
2024-01-10 07:00:31 +08:00
// reuse_private_keys
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
// eab <key_id> <mac_key>
// issuer <module_name> [...]
// get_certificate <module_name> [...]
// insecure_secrets_log <log_file>
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// }
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
func parseTLS(h Helper) ([]ConfigValue, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
cp := new(caddytls.ConnectionPolicy)
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
var fileLoader caddytls.FileLoader
var folderLoader caddytls.FolderLoader
caddytls: Refactor certificate selection policies (close #1575) Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-02 10:49:35 +08:00
var certSelector caddytls.CustomCertSelectionPolicy
v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125) * pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-14 01:06:08 +08:00
var acmeIssuer *caddytls.ACMEIssuer
caddytls: add 'key_type' subdirective (#3956) * caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
2021-01-07 03:02:58 +08:00
var keyType string
v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125) * pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-14 01:06:08 +08:00
var internalIssuer *caddytls.InternalIssuer
caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-17 02:05:55 +08:00
var issuers []certmagic.Issuer
go.mod: Upgrade CertMagic to v0.16.0 Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-26 01:28:54 +08:00
var certManagers []certmagic.Manager
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
var onDemand bool
tls: add reuse_private_keys (#6025)
2024-01-10 07:00:31 +08:00
var reusePrivateKeys bool
httpcaddyfile: Add acme_ca and email global options Also add ability to access options from individual unmarshalers through the Helper values
2019-09-30 23:11:30 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
firstLine := h.RemainingArgs()
switch len(firstLine) {
case 0:
case 1:
if firstLine[0] == "internal" {
internalIssuer = new(caddytls.InternalIssuer)
} else if !strings.Contains(firstLine[0], "@") {
return nil, h.Err("single argument must either be 'internal' or an email address")
} else {
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
acmeIssuer = &caddytls.ACMEIssuer{
Email: firstLine[0],
httpcaddyfile: remove certificate tags from global state (#3111) * remove the certificate tag tracking from global state * refactored helper state, added log counter * moved state initialisation close to where it is used. * added helper state comment
2020-03-05 00:58:49 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
}
httpcaddyfile: remove certificate tags from global state (#3111) * remove the certificate tag tracking from global state * refactored helper state, added log counter * moved state initialisation close to where it is used. * added helper state comment
2020-03-05 00:58:49 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case 2:
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
// file certificate loader
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
certFilename := firstLine[0]
keyFilename := firstLine[1]
// tag this certificate so if multiple certs match, specifically
// this one that the user has provided will be used, see #2588:
// https://github.com/caddyserver/caddy/issues/2588 ... but we
// must be careful about how we do this; being careless will
// lead to failed handshakes
//
// we need to remember which cert files we've seen, since we
// must load each cert only once; otherwise, they each get a
// different tag... since a cert loaded twice has the same
// bytes, it will overwrite the first one in the cache, and
// only the last cert (and its tag) will survive, so any conn
// policy that is looking for any tag other than the last one
// to be loaded won't find it, and TLS handshakes will fail
// (see end of issue #3004)
//
// tlsCertTags maps certificate filenames to their tag.
// This is used to remember which tag is used for each
// certificate files, since we need to avoid loading
// the same certificate files more than once, overwriting
// previous tags
tlsCertTags, ok := h.State["tlsCertTags"].(map[string]string)
if !ok {
tlsCertTags = make(map[string]string)
h.State["tlsCertTags"] = tlsCertTags
}
caddytls: Refactor certificate selection policies (close #1575) Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-02 10:49:35 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
tag, ok := tlsCertTags[certFilename]
if !ok {
// haven't seen this cert file yet, let's give it a tag
// and add a loader for it
tag = fmt.Sprintf("cert%d", len(tlsCertTags))
fileLoader = append(fileLoader, caddytls.CertKeyFilePair{
Certificate: certFilename,
Key: keyFilename,
Tags: []string{tag},
})
// remember this for next time we see this cert file
tlsCertTags[certFilename] = tag
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
certSelector.AnyTag = append(certSelector.AnyTag, tag)
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
default:
return nil, h.ArgErr()
}
var hasBlock bool
for h.NextBlock(0) {
hasBlock = true
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
switch h.Val() {
case "protocols":
args := h.RemainingArgs()
if len(args) == 0 {
return nil, h.Errf("protocols requires one or two arguments")
}
if len(args) > 0 {
if _, ok := caddytls.SupportedProtocols[args[0]]; !ok {
return nil, h.Errf("wrong protocol name or protocol not supported: '%s'", args[0])
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cp.ProtocolMin = args[0]
}
if len(args) > 1 {
if _, ok := caddytls.SupportedProtocols[args[1]]; !ok {
return nil, h.Errf("wrong protocol name or protocol not supported: '%s'", args[1])
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cp.ProtocolMax = args[1]
}
case "ciphers":
for h.NextArg() {
if !caddytls.CipherSuiteNameSupported(h.Val()) {
return nil, h.Errf("wrong cipher suite name or cipher suite not supported: '%s'", h.Val())
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cp.CipherSuites = append(cp.CipherSuites, h.Val())
}
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "curves":
for h.NextArg() {
if _, ok := caddytls.SupportedCurves[h.Val()]; !ok {
return nil, h.Errf("Wrong curve name or curve not supported: '%s'", h.Val())
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cp.Curves = append(cp.Curves, h.Val())
}
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "client_auth":
cp.ClientAuthentication = &caddytls.ClientAuthentication{}
tls: modularize trusted CA providers (#5784) * tls: modularize client authentication trusted CA * add `omitempty` to `CARaw` * docs * initial caddyfile support * revert anything related to leaf cert validation The certs are used differently than the CA pool flow * complete caddyfile unmarshalling implementation * Caddyfile syntax documentation * enhance caddyfile parsing and documentation Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> * add client_auth caddyfile tests * add caddyfile unmarshalling tests * fix and add missed adapt tests * fix rebase issue --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-25 16:44:41 +08:00
if err := cp.ClientAuthentication.UnmarshalCaddyfile(h.NewFromNextSegment()); err != nil {
return nil, err
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
}
case "alpn":
args := h.RemainingArgs()
if len(args) == 0 {
return nil, h.ArgErr()
}
cp.ALPN = args
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "load":
folderLoader = append(folderLoader, h.RemainingArgs()...)
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "ca":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
acmeIssuer.CA = arg[0]
caddytls: add 'key_type' subdirective (#3956) * caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
2021-01-07 03:02:58 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "key_type":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
keyType = arg[0]
caddytls: Replace lego with acmez (#3621) * Replace lego with acmez; upgrade CertMagic * Update integration test
2020-07-31 05:18:14 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "eab":
arg := h.RemainingArgs()
if len(arg) != 2 {
return nil, h.ArgErr()
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
acmeIssuer.ExternalAccount = &acme.EAB{
KeyID: arg[0],
MACKey: arg[1],
}
caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633) * caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer <name> ... } Or, alternatively, as a tls subdirective: tls { issuer <name> ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2020-08-11 22:58:06 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "issuer":
if !h.NextArg() {
return nil, h.ArgErr()
}
modName := h.Val()
modID := "tls.issuance." + modName
unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID)
if err != nil {
return nil, err
}
issuer, ok := unm.(certmagic.Issuer)
if !ok {
return nil, h.Errf("module %s (%T) is not a certmagic.Issuer", modID, unm)
}
issuers = append(issuers, issuer)
caddytls: Support external certificate Managers (like Tailscale) (#4541) Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-02-18 06:40:34 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "get_certificate":
if !h.NextArg() {
return nil, h.ArgErr()
}
modName := h.Val()
modID := "tls.get_certificate." + modName
unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID)
if err != nil {
return nil, err
}
certManager, ok := unm.(certmagic.Manager)
if !ok {
return nil, h.Errf("module %s (%T) is not a certmagic.CertificateManager", modID, unm)
}
certManagers = append(certManagers, certManager)
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "dns":
if !h.NextArg() {
return nil, h.ArgErr()
}
provName := h.Val()
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
modID := "dns.providers." + provName
unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID)
if err != nil {
return nil, err
}
acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, h.warnings)
httpcaddyfile: Add resolvers subdir of tls (close #4008) Allows conveniently setting the resolvers for the DNS challenge using a TLS subdirective, which applies to default issuers, rather than having to explicitly define the issuers and overwrite the defaults.
2021-02-03 14:07:50 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "resolvers":
args := h.RemainingArgs()
if len(args) == 0 {
return nil, h.ArgErr()
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
acmeIssuer.Challenges.DNS.Resolvers = args
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "propagation_delay":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
delayStr := arg[0]
delay, err := caddy.ParseDuration(delayStr)
if err != nil {
return nil, h.Errf("invalid propagation_delay duration %s: %v", delayStr, err)
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
acmeIssuer.Challenges.DNS.PropagationDelay = caddy.Duration(delay)
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "propagation_timeout":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
timeoutStr := arg[0]
var timeout time.Duration
if timeoutStr == "-1" {
timeout = time.Duration(-1)
} else {
var err error
timeout, err = caddy.ParseDuration(timeoutStr)
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
if err != nil {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
return nil, h.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err)
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
acmeIssuer.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout)
caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287)
2023-01-07 03:44:00 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "dns_ttl":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
ttlStr := arg[0]
ttl, err := caddy.ParseDuration(ttlStr)
if err != nil {
return nil, h.Errf("invalid dns_ttl duration %s: %v", ttlStr, err)
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
acmeIssuer.Challenges.DNS.TTL = caddy.Duration(ttl)
caddytls: dns_challenge_override_domain for challenge delegation (#4596) * Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-09 03:03:43 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "dns_challenge_override_domain":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
if acmeIssuer.Challenges == nil {
acmeIssuer.Challenges = new(caddytls.ChallengesConfig)
}
if acmeIssuer.Challenges.DNS == nil {
acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig)
}
acmeIssuer.Challenges.DNS.OverrideDomain = arg[0]
httpcaddyfile: Add support for DNS challenge solvers Configuration via the Caddyfile requires use of env variables, but an upstream issue is currently blocking that: https://github.com/go-acme/lego/issues/1054 Providers will need to be retrofitted upstream in order to support env var configuration.
2020-02-09 07:52:54 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "ca_root":
arg := h.RemainingArgs()
if len(arg) != 1 {
return nil, h.ArgErr()
}
if acmeIssuer == nil {
acmeIssuer = new(caddytls.ACMEIssuer)
}
acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, arg[0])
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "on_demand":
if h.NextArg() {
return nil, h.ArgErr()
}
onDemand = true
tls: add reuse_private_keys (#6025)
2024-01-10 07:00:31 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "reuse_private_keys":
if h.NextArg() {
return nil, h.ArgErr()
}
reusePrivateKeys = true
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "insecure_secrets_log":
if !h.NextArg() {
return nil, h.ArgErr()
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cp.InsecureSecretsLog = h.Val()
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
default:
return nil, h.Errf("unknown subdirective: %s", h.Val())
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
}
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// a naked tls directive is not allowed
if len(firstLine) == 0 && !hasBlock {
return nil, h.ArgErr()
}
v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125) * pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-14 01:06:08 +08:00
// begin building the final config values
ci: Use golangci's github action for linting (#3794) * ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-23 05:50:29 +08:00
configVals := []ConfigValue{}
v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125) * pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-14 01:06:08 +08:00
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
// certificate loaders
if len(fileLoader) > 0 {
configVals = append(configVals, ConfigValue{
caddyconfig: Minor internal and godoc tweaks
2020-05-30 01:49:21 +08:00
Class: "tls.cert_loader",
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
Value: fileLoader,
})
}
if len(folderLoader) > 0 {
configVals = append(configVals, ConfigValue{
caddyconfig: Minor internal and godoc tweaks
2020-05-30 01:49:21 +08:00
Class: "tls.cert_loader",
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
Value: folderLoader,
})
}
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
// some tls subdirectives are shortcuts that implicitly configure issuers, and the
// user can also configure issuers explicitly using the issuer subdirective; the
// logic to support both would likely be complex, or at least unintuitive
caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-17 02:05:55 +08:00
if len(issuers) > 0 && (acmeIssuer != nil || internalIssuer != nil) {
return nil, h.Err("cannot mix issuer subdirective (explicit issuers) with other issuer-specific subdirectives (implicit issuers)")
v2: Implement 'pki' app powered by Smallstep for localhost certificates (#3125) * pki: Initial commit of PKI app (WIP) (see #2502 and #3021) * pki: Ability to use root/intermediates, and sign with root * pki: Fix benign misnamings left over from copy+paste * pki: Only install root if not already trusted * Make HTTPS port the default; all names use auto-HTTPS; bug fixes * Fix build - what happened to our CI tests?? * Fix go.mod
2020-03-14 01:06:08 +08:00
}
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
if acmeIssuer != nil && internalIssuer != nil {
return nil, h.Err("cannot create both ACME and internal certificate issuers")
caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-17 02:05:55 +08:00
}
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
// now we should either have: explicitly-created issuers, or an implicitly-created
// ACME or internal issuer, or no issuers at all
switch {
case len(issuers) > 0:
for _, issuer := range issuers {
configVals = append(configVals, ConfigValue{
Class: "tls.cert_issuer",
Value: issuer,
})
}
case acmeIssuer != nil:
// implicit ACME issuers (from various subdirectives) - use defaults; there might be more than one
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
defaultIssuers := caddytls.DefaultIssuers(acmeIssuer.Email)
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
// if an ACME CA endpoint was set, the user expects to use that specific one,
// not any others that may be defaults, so replace all defaults with that ACME CA
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
if acmeIssuer.CA != "" {
defaultIssuers = []certmagic.Issuer{acmeIssuer}
}
for _, issuer := range defaultIssuers {
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades * caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME * Fix go.mod * caddytls: Fix automation related to managers (fix #6060) * Fix typo (appease linter) * Fix HTTP validation with ZeroSSL API
2024-04-14 09:31:43 +08:00
// apply settings from the implicitly-configured ACMEIssuer to any
// default ACMEIssuers, but preserve each default issuer's CA endpoint,
// because, for example, if you configure the DNS challenge, it should
// apply to any of the default ACMEIssuers, but you don't want to trample
// out their unique CA endpoints
if iss, ok := issuer.(*caddytls.ACMEIssuer); ok && iss != nil {
acmeCopy := *acmeIssuer
acmeCopy.CA = iss.CA
issuer = &acmeCopy
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
}
configVals = append(configVals, ConfigValue{
Class: "tls.cert_issuer",
Value: issuer,
})
}
case internalIssuer != nil:
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
configVals = append(configVals, ConfigValue{
Refactor for CertMagic v0.10; prepare for PKI app This is a breaking change primarily in two areas: - Storage paths for certificates have changed - Slight changes to JSON config parameters Huge improvements in this commit, to be detailed more in the release notes. The upcoming PKI app will be powered by Smallstep libraries.
2020-03-07 14:15:25 +08:00
Class: "tls.cert_issuer",
caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod
2020-11-17 02:05:55 +08:00
Value: internalIssuer,
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
})
}
httpcaddyfile: Fix default issuers when email provided If `tls <email>` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8
2021-02-03 07:17:26 +08:00
// certificate key type
caddytls: add 'key_type' subdirective (#3956) * caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test
2021-01-07 03:02:58 +08:00
if keyType != "" {
configVals = append(configVals, ConfigValue{
Class: "tls.key_type",
Value: keyType,
})
}
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
// on-demand TLS
if onDemand {
configVals = append(configVals, ConfigValue{
Class: "tls.on_demand",
Value: true,
})
}
caddytls: Support external certificate Managers (like Tailscale) (#4541) Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie <lavofr@gmail.com> * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-02-18 06:40:34 +08:00
for _, certManager := range certManagers {
configVals = append(configVals, ConfigValue{
Class: "tls.cert_manager",
Value: certManager,
})
}
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
tls: add reuse_private_keys (#6025)
2024-01-10 07:00:31 +08:00
// reuse private keys TLS
if reusePrivateKeys {
configVals = append(configVals, ConfigValue{
Class: "tls.reuse_private_keys",
Value: true,
})
}
caddytls: Refactor certificate selection policies (close #1575) Certificate selection used to be a module, but this seems unnecessary, especially since the built-in CustomSelectionPolicy allows quite complex selection logic on a number of fields in certs. If we need to extend that logic, we can, but I don't think there are SO many possibilities that we need modules. This update also allows certificate selection to choose between multiple matching certs based on client compatibility and makes a number of other improvements in the default cert selection logic, both here and in the latest CertMagic. The hardest part of this was the conn policy consolidation logic (Caddyfile only, of course). We have to merge connection policies that we can easily combine, because if two certs are manually loaded in a Caddyfile site block, that produces two connection policies, and each cert is tagged with a different tag, meaning only the first would ever be selected. So given the same matchers, we can merge the two, but this required improving the Tag selection logic to support multiple tags to choose from, hence "tags" changed to "any_tag" or "all_tags" (but we use any_tag in our Caddyfile logic). Combining conn policies with conflicting settings is impossible, so that should return an error if two policies with the exact same matchers have non-empty settings that are not the same (the one exception being any_tag which we can merge because the logic for them is to OR them). It was a bit complicated. It seems to work in numerous tests I've conducted, but we'll see how it pans out in the release candidates.
2020-04-02 10:49:35 +08:00
// custom certificate selection
if len(certSelector.AnyTag) > 0 {
cp.CertSelection = &certSelector
}
httpcaddyfile: Many tls-related improvements including on-demand support Holy heck this was complicated
2020-03-18 11:00:45 +08:00
// connection policy -- always add one, to ensure that TLS
// is enabled, because this directive was used (this is
// needed, for instance, when a site block has a key of
// just ":5000" - i.e. no hostname, and only on-demand TLS
// is enabled)
configVals = append(configVals, ConfigValue{
Class: "tls.connection_policy",
Value: cp,
})
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
return configVals, nil
}
httpcaddyfile: Simplify 'root' directive parsing I must have written that one before the helper function `RegisterHandlerDirective`.
2020-03-21 02:50:36 +08:00
// parseRoot parses the root directive. Syntax:
//
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// root [<matcher>] <path>
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
func parseRoot(h Helper) ([]ConfigValue, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
// count the tokens to determine what to do
argsCount := h.CountRemainingArgs()
if argsCount == 0 {
return nil, h.Errf("too few arguments; must have at least a root path")
}
if argsCount > 2 {
return nil, h.Errf("too many arguments; should only be a matcher and a path")
}
// with only one arg, assume it's a root path with no matcher token
if argsCount == 1 {
httpcaddyfile: Fix little typo (Next -> NextArg)
2020-03-23 13:13:08 +08:00
if !h.NextArg() {
httpcaddyfile: Simplify 'root' directive parsing I must have written that one before the helper function `RegisterHandlerDirective`.
2020-03-21 02:50:36 +08:00
return nil, h.ArgErr()
}
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
return h.NewRoute(nil, caddyhttp.VarsMiddleware{"root": h.Val()}), nil
}
// parse the matcher token into a matcher set
userMatcherSet, err := h.ExtractMatcherSet()
if err != nil {
return nil, err
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name again, matcher parsing does a reset
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
// advance to the root path
if !h.NextArg() {
return nil, h.ArgErr()
httpcaddyfile: Simplify 'root' directive parsing I must have written that one before the helper function `RegisterHandlerDirective`.
2020-03-21 02:50:36 +08:00
}
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
2024-01-16 00:57:08 +08:00
// make the route with the matcher
return h.NewRoute(userMatcherSet, caddyhttp.VarsMiddleware{"root": h.Val()}), nil
httpcaddyfile: Simplify 'root' directive parsing I must have written that one before the helper function `RegisterHandlerDirective`.
2020-03-21 02:50:36 +08:00
}
filesystem: Globally declared filesystems, `fs` directive (#5833)
2024-01-14 04:12:43 +08:00
// parseFilesystem parses the fs directive. Syntax:
//
// fs <filesystem>
func parseFilesystem(h Helper) (caddyhttp.MiddlewareHandler, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
if !h.NextArg() {
return nil, h.ArgErr()
filesystem: Globally declared filesystems, `fs` directive (#5833)
2024-01-14 04:12:43 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if h.NextArg() {
return nil, h.ArgErr()
}
return caddyhttp.VarsMiddleware{"fs": h.Val()}, nil
filesystem: Globally declared filesystems, `fs` directive (#5833)
2024-01-14 04:12:43 +08:00
}
httpcaddyfile: Add 'vars' directive See discussion in #4650
2022-03-23 00:47:21 +08:00
// parseVars parses the vars directive. See its UnmarshalCaddyfile method for syntax.
func parseVars(h Helper) (caddyhttp.MiddlewareHandler, error) {
v := new(caddyhttp.VarsMiddleware)
err := v.UnmarshalCaddyfile(h.Dispenser)
return v, err
}
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
// parseRedir parses the redir directive. Syntax:
//
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
// redir [<matcher>] <to> [<code>]
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
//
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
// <code> can be "permanent" for 301, "temporary" for 302 (default),
// a placeholder, or any number in the 3xx range or 401. The special
// code "html" can be used to redirect only browser clients (will
// respond with HTTP 200 and no Location header; redirect is performed
// with JS and a meta tag).
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
if !h.NextArg() {
return nil, h.ArgErr()
}
to := h.Val()
var code string
if h.NextArg() {
code = h.Val()
}
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
var body string
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
var hdr http.Header
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
switch code {
case "permanent":
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
code = "301"
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
case "temporary", "":
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
code = "302"
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
case "html":
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
// Script tag comes first since that will better imitate a redirect in the browser's
// history, but the meta tag is a fallback for most non-JS clients.
const metaRedir = `<!DOCTYPE html>
<html>
<head>
<title>Redirecting...</title>
<script>window.location.replace("%s");</script>
<meta http-equiv="refresh" content="0; URL='%s'">
</head>
<body>Redirecting to <a href="%s">%s</a>...</body>
</html>
`
safeTo := html.EscapeString(to)
body = fmt.Sprintf(metaRedir, safeTo, safeTo, safeTo, safeTo)
httpcaddyfile: Fix redir <to> html (#6001)
2024-01-10 20:24:47 +08:00
hdr = http.Header{"Content-Type": []string{"text/html; charset=utf-8"}}
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
code = "200" // don't redirect non-browser clients
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
default:
reverseproxy: Support performing pre-check requests (#4739)
2022-05-06 22:50:26 +08:00
// Allow placeholders for the code
if strings.HasPrefix(code, "{") {
break
}
// Try to validate as an integer otherwise
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
codeInt, err := strconv.Atoi(code)
if err != nil {
return nil, h.Errf("Not a supported redir code type or not valid integer: '%s'", code)
}
reverseproxy: Support performing pre-check requests (#4739)
2022-05-06 22:50:26 +08:00
// Sometimes, a 401 with Location header is desirable because
// requests made with XHR will "eat" the 3xx redirect; so if
// the intent was to redirect to an auth page, a 3xx won't
// work. Responding with 401 allows JS code to read the
// Location header and do a window.location redirect manually.
// see https://stackoverflow.com/a/2573589/846934
// see https://github.com/oauth2-proxy/oauth2-proxy/issues/1522
if codeInt < 300 || (codeInt > 399 && codeInt != 401) {
return nil, h.Errf("Redir code not in the 3xx range or 401: '%v'", codeInt)
caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests
2021-01-29 03:59:50 +08:00
}
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
// don't redirect non-browser clients
if code != "200" {
hdr = http.Header{"Location": []string{to}}
}
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
return caddyhttp.StaticResponse{
StatusCode: caddyhttp.WeakString(code),
httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940.
2022-08-10 01:11:52 +08:00
Headers: hdr,
Refactor Caddyfile adapter and module registration Use piles from which to draw config values. Module values can return their name, so now we can do two-way mapping from value to name and name to value; whereas before we could only map name to value. This was problematic with the Caddyfile adapter since it receives values and needs to know the name to put in the config.
2019-08-22 00:46:35 +08:00
Body: body,
}, nil
Implement config adapters and beginning of Caddyfile adapter Along with several other changes, such as renaming caddyhttp.ServerRoute to caddyhttp.Route, exporting some types that were not exported before, and tweaking the caddytls TLS values to be more consistent. Notably, we also now disable automatic cert management for names which already have a cert (manually) loaded into the cache. These names no longer need to be specified in the "skip_certificates" field of the automatic HTTPS config, because they will be skipped automatically.
2019-08-10 02:05:47 +08:00
}
httpcaddyfile: static_response -> respond; minor cleanups
2019-09-17 01:04:18 +08:00
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
// parseRespond parses the respond directive.
httpcaddyfile: static_response -> respond; minor cleanups
2019-09-17 01:04:18 +08:00
func parseRespond(h Helper) (caddyhttp.MiddlewareHandler, error) {
sr := new(caddyhttp.StaticResponse)
err := sr.UnmarshalCaddyfile(h.Dispenser)
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
return sr, err
httpcaddyfile: static_response -> respond; minor cleanups
2019-09-17 01:04:18 +08:00
}
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983) * caddyhttp: Implement handler abort; new 'abort' directive (close #3871) * Move abort directive ordering; clean up redirects Seems logical for the end-all of handlers to go at the... end. The Connection header no longer needs to be set there, since Close is true, and the static_response handler now does that.
2021-01-29 03:54:55 +08:00
// parseAbort parses the abort directive.
func parseAbort(h Helper) (caddyhttp.MiddlewareHandler, error) {
h.Next() // consume directive
for h.Next() || h.NextBlock(0) {
return nil, h.ArgErr()
}
return &caddyhttp.StaticResponse{Abort: true}, nil
}
httpcaddyfile: Add `error` directive for the existing handler (#4034) * httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-13 04:25:49 +08:00
// parseError parses the error directive.
func parseError(h Helper) (caddyhttp.MiddlewareHandler, error) {
se := new(caddyhttp.StaticError)
err := se.UnmarshalCaddyfile(h.Dispenser)
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
return se, err
httpcaddyfile: Add `error` directive for the existing handler (#4034) * httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-13 04:25:49 +08:00
}
httpcaddyfile: Update directive docs; put root after rewrite
2020-01-23 00:32:38 +08:00
// parseRoute parses the route directive.
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) {
httpcaddyfile: Allow named matchers in `route` blocks (#3632)
2020-08-06 03:42:29 +08:00
allResults, err := parseSegmentAsConfig(h)
if err != nil {
return nil, err
}
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
httpcaddyfile: Allow named matchers in `route` blocks (#3632)
2020-08-06 03:42:29 +08:00
for _, result := range allResults {
httpcaddyfile: Fix `handle` grouping inside `route` (#5315) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-01-19 05:04:41 +08:00
switch result.Value.(type) {
case caddyhttp.Route, caddyhttp.Subroute:
httpcaddyfile: Allow named matchers in `route` blocks (#3632)
2020-08-06 03:42:29 +08:00
default:
return nil, h.Errf("%s directive returned something other than an HTTP route or subroute: %#v (only handler directives can be used in routes)", result.directive, result.Value)
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
}
}
httpcaddyfile: Fix `handle` grouping inside `route` (#5315) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-01-19 05:04:41 +08:00
return buildSubroute(allResults, h.groupCounter, false)
v2: Implement Caddyfile enhancements (breaking changes) (#2960) * http: path matcher: exact match by default; substring matches (#2959) This is a breaking change. * caddyfile: Change "matcher" directive to "@matcher" syntax (#2959) * cmd: Assume caddyfile adapter for config files named Caddyfile * Sub-sort handlers by path matcher length (#2959) Caddyfile-generated subroutes have handlers, which are sorted first by directive order (this is unchanged), but within directives we now sort by specificity of path matcher in descending order (longest path first, assuming that longest path is most specific). This only applies if there is only one matcher set, and the path matcher in that set has only one path in it. Path matchers with two or more paths are not sorted like this; and routes with more than one matcher set are not sorted like this either, since specificity is difficult or impossible to infer correctly. This is a special case, but definitely a very common one, as a lot of routing decisions are based on paths. * caddyfile: New 'route' directive for appearance-order handling (#2959) * caddyfile: Make rewrite directives mutually exclusive (#2959) This applies only to rewrites in the top-level subroute created by the HTTP caddyfile.
2020-01-10 05:00:32 +08:00
}
httpcaddyfile: Fix nested blocks; add handle directive; refactor The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-17 08:08:52 +08:00
func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) {
httpcaddyfile: New `handle_path` directive (#3281) * caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-27 05:27:51 +08:00
return ParseSegmentAsSubroute(h)
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
}
httpcaddyfile: Fix nested blocks; add handle directive; refactor The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-17 08:08:52 +08:00
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
func parseHandleErrors(h Helper) ([]ConfigValue, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) Co-authored-by: Aziz Rmadi <azizrmadi@Azizs-MacBook-Air.local>
2024-01-16 14:24:17 +08:00
expression := ""
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
args := h.RemainingArgs()
httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) Co-authored-by: Aziz Rmadi <azizrmadi@Azizs-MacBook-Air.local>
2024-01-16 14:24:17 +08:00
if len(args) > 0 {
codes := []string{}
for _, val := range args {
if len(val) != 3 {
return nil, h.Errf("bad status value '%s'", val)
}
if strings.HasSuffix(val, "xx") {
val = val[:1]
_, err := strconv.Atoi(val)
if err != nil {
return nil, h.Errf("bad status value '%s': %v", val, err)
}
if expression != "" {
expression += " || "
}
expression += fmt.Sprintf("{http.error.status_code} >= %s00 && {http.error.status_code} <= %s99", val, val)
continue
}
_, err := strconv.Atoi(val)
if err != nil {
return nil, h.Errf("bad status value '%s': %v", val, err)
}
codes = append(codes, val)
}
if len(codes) > 0 {
if expression != "" {
expression += " || "
}
expression += "{http.error.status_code} in [" + strings.Join(codes, ", ") + "]"
}
// Reset cursor position to get ready for ParseSegmentAsSubroute
h.Reset()
h.Next()
h.RemainingArgs()
h.Prev()
} else {
// If no arguments present reset the cursor position to get ready for ParseSegmentAsSubroute
h.Prev()
}
handler, err := ParseSegmentAsSubroute(h)
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
if err != nil {
return nil, err
httpcaddyfile: Fix nested blocks; add handle directive; refactor The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-17 08:08:52 +08:00
}
httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) Co-authored-by: Aziz Rmadi <azizrmadi@Azizs-MacBook-Air.local>
2024-01-16 14:24:17 +08:00
subroute, ok := handler.(*caddyhttp.Subroute)
if !ok {
return nil, h.Errf("segment was not parsed as a subroute")
}
if expression != "" {
statusMatcher := caddy.ModuleMap{
"expression": h.JSON(caddyhttp.MatchExpression{Expr: expression}),
}
for i := range subroute.Routes {
subroute.Routes[i].MatcherSetsRaw = []caddy.ModuleMap{statusMatcher}
}
}
httpcaddyfile: 'handle_errors' directive Not sure I love the name of the directive; might change it later.
2020-02-17 13:24:20 +08:00
return []ConfigValue{
{
Class: "error_route",
Value: subroute,
},
}, nil
httpcaddyfile: Fix nested blocks; add handle directive; refactor The fix that was initially put forth in #2971 was good, but only for up to one layer of nesting. The real problem was that we forgot to increment nesting when already inside a block if we saw another open curly brace that opens another block (dispenser.go L157-158). The new 'handle' directive allows HTTP Caddyfiles to be designed more like nginx location blocks if the user prefers. Inside a handle block, directives are still ordered just like they are outside of them, but handler blocks at a given level of nesting are mutually exclusive. This work benefitted from some refactoring and cleanup.
2020-01-17 08:08:52 +08:00
}
caddyfile: tls: Tag manual certificates (#2588) This ensure that if there are multiple certs that match a particular ServerName or other parameter, then specifically the one the user provided in the Caddyfile will be used.
2020-02-07 03:55:26 +08:00
caddyhttp: Implement named routes, `invoke` directive (#5107) * caddyhttp: Implement named routes, `invoke` directive * gofmt * Add experimental marker * Adjust route compile comments
2023-05-16 23:27:52 +08:00
// parseInvoke parses the invoke directive.
func parseInvoke(h Helper) (caddyhttp.MiddlewareHandler, error) {
h.Next() // consume directive
if !h.NextArg() {
return nil, h.ArgErr()
}
for h.Next() || h.NextBlock(0) {
return nil, h.ArgErr()
}
// remember that we're invoking this name
// to populate the server with these named routes
if h.State[namedRouteKey] == nil {
h.State[namedRouteKey] = map[string]struct{}{}
}
h.State[namedRouteKey].(map[string]struct{})[h.Val()] = struct{}{}
// return the handler
return &caddyhttp.Invoke{Name: h.Val()}, nil
}
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
// parseLog parses the log directive. Syntax:
//
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
// log <logger_name> {
// hostnames <hostnames...>
caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-17 04:05:37 +08:00
// output <writer_module> ...
// format <encoder_module> ...
// level <level>
// }
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
func parseLog(h Helper) ([]ConfigValue, error) {
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
return parseLogHelper(h, nil)
}
// parseLogHelper is used both for the parseLog directive within Server Blocks,
// as well as the global "log" option for configuring loggers at the global
// level. The parseAsGlobalOption parameter is used to distinguish any differing logic
// between the two.
func parseLogHelper(h Helper, globalLogNames map[string]struct{}) ([]ConfigValue, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume option name
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
// When the globalLogNames parameter is passed in, we make
// modifications to the parsing behavior.
parseAsGlobalOption := globalLogNames != nil
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
var configValues []ConfigValue
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// Logic below expects that a name is always present when a
// global option is being parsed; or an optional override
// is supported for access logs.
var logName string
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if parseAsGlobalOption {
if h.NextArg() {
logName = h.Val()
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// Only a single argument is supported.
if h.NextArg() {
return nil, h.ArgErr()
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
}
} else {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// If there is no log name specified, we
// reference the default logger. See the
// setupNewDefault function in the logging
// package for where this is configured.
logName = caddy.DefaultLoggerName
}
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// Verify this name is unused.
_, used := globalLogNames[logName]
if used {
return nil, h.Err("duplicate global log option for: " + logName)
httpcaddyfile: Be stricter about `log` syntax (#3419)
2020-05-16 05:57:16 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
globalLogNames[logName] = struct{}{}
} else {
// An optional override of the logger name can be provided;
// otherwise a default will be used, like "log0", "log1", etc.
if h.NextArg() {
logName = h.Val()
httpcaddyfile: Be stricter about `log` syntax (#3419)
2020-05-16 05:57:16 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// Only a single argument is supported.
if h.NextArg() {
return nil, h.ArgErr()
}
}
}
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
cl := new(caddy.CustomLog)
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// allow overriding the current site block's hostnames for this logger;
// this is useful for setting up loggers per subdomain in a site block
// with a wildcard domain
customHostnames := []string{}
logging: Add support for additional logger filters other than hostname (#6082) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 21:31:44 +08:00
noHostname := false
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
for h.NextBlock(0) {
switch h.Val() {
case "hostnames":
if parseAsGlobalOption {
return nil, h.Err("hostnames is not allowed in the log global options")
}
args := h.RemainingArgs()
if len(args) == 0 {
return nil, h.ArgErr()
}
customHostnames = append(customHostnames, args...)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "output":
if !h.NextArg() {
return nil, h.ArgErr()
}
moduleName := h.Val()
// can't use the usual caddyfile.Unmarshaler flow with the
// standard writers because they are in the caddy package
// (because they are the default) and implementing that
// interface there would unfortunately create circular import
var wo caddy.WriterOpener
switch moduleName {
case "stdout":
wo = caddy.StdoutWriter{}
case "stderr":
wo = caddy.StderrWriter{}
case "discard":
wo = caddy.DiscardWriter{}
default:
modID := "caddy.logging.writers." + moduleName
unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
if err != nil {
return nil, err
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
var ok bool
wo, ok = unm.(caddy.WriterOpener)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
if !ok {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
return nil, h.Errf("module %s (%T) is not a WriterOpener", modID, unm)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
}
cl.WriterRaw = caddyconfig.JSONModuleObject(wo, "output", moduleName, h.warnings)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "format":
if !h.NextArg() {
return nil, h.ArgErr()
}
moduleName := h.Val()
moduleID := "caddy.logging.encoders." + moduleName
unm, err := caddyfile.UnmarshalModule(h.Dispenser, moduleID)
if err != nil {
return nil, err
}
enc, ok := unm.(zapcore.Encoder)
if !ok {
return nil, h.Errf("module %s (%T) is not a zapcore.Encoder", moduleID, unm)
}
cl.EncoderRaw = caddyconfig.JSONModuleObject(enc, "format", moduleName, h.warnings)
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "level":
if !h.NextArg() {
return nil, h.ArgErr()
}
cl.Level = h.Val()
if h.NextArg() {
return nil, h.ArgErr()
}
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "include":
if !parseAsGlobalOption {
return nil, h.Err("include is not allowed in the log directive")
}
for h.NextArg() {
cl.Include = append(cl.Include, h.Val())
}
caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log
2021-03-13 04:00:02 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
case "exclude":
if !parseAsGlobalOption {
return nil, h.Err("exclude is not allowed in the log directive")
}
for h.NextArg() {
cl.Exclude = append(cl.Exclude, h.Val())
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
logging: Add support for additional logger filters other than hostname (#6082) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 21:31:44 +08:00
case "no_hostname":
if h.NextArg() {
return nil, h.ArgErr()
}
noHostname = true
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
default:
return nil, h.Errf("unrecognized subdirective: %s", h.Val())
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
}
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
var val namedCustomLog
val.hostnames = customHostnames
logging: Add support for additional logger filters other than hostname (#6082) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 21:31:44 +08:00
val.noHostname = noHostname
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
isEmptyConfig := reflect.DeepEqual(cl, new(caddy.CustomLog))
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
// Skip handling of empty logging configs
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if parseAsGlobalOption {
// Use indicated name for global log options
val.name = logName
} else {
if logName != "" {
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
val.name = logName
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
} else if !isEmptyConfig {
// Construct a log name for server log streams
logCounter, ok := h.State["logCounter"].(int)
if !ok {
logCounter = 0
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
val.name = fmt.Sprintf("log%d", logCounter)
logCounter++
h.State["logCounter"] = logCounter
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * httpcaddyfile: Allow `hostnames` override for log directive * Implement access logger name overrides * Fix panic & default logger clobbering edgecase
2023-08-02 15:13:46 +08:00
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if val.name != "" {
cl.Include = []string{"http.log.access." + val.name}
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
}
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if !isEmptyConfig {
val.log = cl
}
configValues = append(configValues, ConfigValue{
Class: "custom_log",
Value: val,
})
v2: 'log' directive for Caddyfile, and debug mode (#3052) * httpcaddyfile: Begin implementing log directive, and debug mode For now, debug mode just sets the log level for all logs to DEBUG (unless a level is specified explicitly). * httpcaddyfile: Finish 'log' directive Also rename StringEncoder -> SingleFieldEncoder * Fix minor bug in replacer (when vals are empty)
2020-02-26 13:00:33 +08:00
return configValues, nil
}
caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-16 00:05:36 +08:00
logging: Implement `log_append` handler (#6066) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-06 08:03:59 +08:00
// parseLogSkip parses the log_skip directive. Syntax:
caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-16 00:05:36 +08:00
//
logging: Implement `log_append` handler (#6066) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-06 08:03:59 +08:00
// log_skip [<matcher>]
func parseLogSkip(h Helper) (caddyhttp.MiddlewareHandler, error) {
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
h.Next() // consume directive name
logging: Implement `log_append` handler (#6066) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-06 08:03:59 +08:00
// "skip_log" is deprecated, replaced by "log_skip"
if h.Val() == "skip_log" {
caddy.Log().Named("config.adapter.caddyfile").Warn("the 'skip_log' directive is deprecated, please use 'log_skip' instead!")
}
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-24 08:36:59 +08:00
if h.NextArg() {
return nil, h.ArgErr()
caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-16 00:05:36 +08:00
}
logging: Implement `log_append` handler (#6066) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-06 08:03:59 +08:00
return caddyhttp.VarsMiddleware{"log_skip": true}, nil
caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-16 00:05:36 +08:00
}
logging: Add support for additional logger filters other than hostname (#6082) Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 21:31:44 +08:00
// parseLogName parses the log_name directive. Syntax:
//
// log_name <names...>
func parseLogName(h Helper) (caddyhttp.MiddlewareHandler, error) {
h.Next() // consume directive name
return caddyhttp.VarsMiddleware{
caddyhttp.AccessLoggerNameVarKey: h.RemainingArgs(),
}, nil
}
Reference in New Issue Copy Permalink