* caddytls: Change clustering to be a plugin to the caddytls package
Should resolve the failure in
https://github.com/coredns/coredns/pull/2541.
This change is breaking to clustering plugin developers (not Caddy
users), but logical, since only the caddytls package uses CertMagic
directly (the httpserver package also uses it, but only because it also
uses the caddytls plugin); and it is early enough that no clustering
plugins really exist yet.
This will also require a change of devportal
so that it looks for a different registration function, which has moved
to the caddytls package.
* Remove unused variable
* caddyhttp: Fix test (adjust plugin counting)
* ummmm, remove extra line break
somehow VS Code didn't fmt on save... weird.
By using option ca_certificates in proxy block it is possible now to select
CA against which backend certificates shall be checked.
Resolves#1550
Co-authored-by: Danny Navarro <navdgo@gmail.com>
Execute an OPTIONS call and make sure we receive a valid response
independently of the provided username or password as the
authentication step is ignored
* Do not authenticate OPTIONS calls
* Add test for OPTIONS call
Implement `{when_iso_local}` placeholder
This implements the `{when_iso_local}` placeholder. This is like the
`{when_iso}` placeholder but the output is in the current timezone
rather than UTC.
Resolves#2362
All code relating to a caddytls.Config and setting it up from the
Caddyfile is still intact; only the certificate management-related
code was removed into a separate package.
I don't expect this to build in CI successfully; updating dependencies
and vendor is coming next.
I've also removed the ad-hoc, half-baked storage plugins that we need
to finish making first-class Caddy plugins (they were never documented
anyway). The new certmagic package has a much better storage interface,
and we can finally move toward making a new storage plugin type, but
it shouldn't be configurable in the Caddyfile, I think, since it doesn't
make sense for a Caddy instance to use more than one storage config...
We also have the option of eliminating DNS provider plugins and just
shipping all of lego's DNS providers by using a lego package (the
caddytls/setup.go file has a comment describing how) -- but it doubles
Caddy's binary size by 100% from about 19 MB to around 40 MB...!
* tls: Add support for the tls-alpn-01 challenge
Also updates lego/acme to latest on master.
TODO: This implementation of the tls-alpn challenge is not yet solvable
in a distributed Caddy cluster like the http challenge is.
* build: Allow building with the race detector
* tls: Support distributed solving of the TLS-ALPN-01 challenge
* Update vendor and add a todo in MITM checker
* Adding {when_unix_ms} requests placeholder (unix timestamp with a milliseconds precision)
* Add an 499 HTTP status code on user's cancel request as NGINX doing (instead of 502 Bad Gateway status with 'Context canceled' message)
* 499 HTTP status code was added as constant CustomStatusContextCancelled = 499
* Updates the existing proxy and reverse proxy tests to include a new fallback delay value
* Adds a new fallback_delay sub-directive to the proxy directive and uses it in the creation of single host reverse proxies
* new template action: TLS protocol version
* new template action: use caddytls.GetSupportedProtocolName
Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
* Fix 502 errors for requests without headers
* Add unexported roundRobinPolicier
We have to preserve state for fallback mode of Header policy, so
it's required to save state in some variable
* Adding TLS client cert placeholders
* Use function to get the peer certificate
* Changing SHA1 to SHA256
* Use UTC instead of GMT
* Adding tests
* Adding getters for Protocol and Cipher
Current Caddy code used a combination of CSS styles that
some mainstream browsers (e.g. Firefox) do not support well:
"td:first-child { width: 100%; }" together with
"td:last-child { padding-right: 5%; }".
The old approach was three columns with:
- "Name": 100% width, 5% padding left
- "Size": minimal width
- "Modified": minimal width, 5% padding right
Now the new approach is five columns with:
- <Dummy>: 5% width
- "Name": 80% width
- "Size": minimal width
- "Modified": minimal width
- <Dummy>: 5% width
