Commit Graph

1950 Commits

Author SHA1 Message Date
Emily
22927e278d
core: Add optional unix socket file permissions (#4741)
* core: Add optional unix socket file permissions

This commit also changes the default unix socket file permissions to `u=w,g=,o=` (octal: `0200`).
It used to default to the shell's umask (usually `u=rwx,g=rx,o=rx`, octal: `0755`).

`/run/caddy.sock` -> `/run/caddy.sock` with `0200` default perms
`/run/caddy.sock|0222` -> `/run/caddy.sock` with `0222` perms

`|` instead of `:` is used as a separator, to account for the `:` in Windows drive letters (e.g. `C:\absolute\path.sock`)

Fun fact:
The old unix(7) man page (pre Jun 2016) stated a socket needs both read and write perms.
Turns out, only write perms are needed.
Corrected in 7578ea2f85
Despite this, most implementations still default to read+write to this date.

* Add cases with Windows paths to test

* Require write perms for the owning user
2023-06-23 14:49:41 -06:00
Francis Lavoie
7a69ae7571
reverseproxy: Honor tls_except_port for active health checks (#5591) 2023-06-22 16:20:30 -06:00
Matthew Holt
2b2addebb8
Appease linter 2023-06-21 17:59:54 -06:00
Matthew Holt
9563666bfb
Fix compile on Windows, hopefully 2023-06-21 17:47:23 -06:00
Matthew Holt
806341e089
core: Properly preserve unix sockets (fix #5568) 2023-06-21 17:16:01 -06:00
Matthew Holt
0468508e92 go.mod: Upgrade CertMagic for hotfix 2023-06-21 13:25:38 -06:00
Matthew Holt
415d1e7b6f go.mod: Upgrade some dependencies 2023-06-21 13:25:38 -06:00
Omer Demirok
1a36b06cd4
chore: upgrade otel (#5586) 2023-06-21 11:46:42 -06:00
Marten Seemann
398c12ae9b
go.mod: Update quic-go to v0.36.0 (#5584) 2023-06-21 06:56:12 -04:00
Saber Haj Rabiee
361946eb0c
reverseproxy: weighted_round_robin load balancing policy (#5579)
* added weighted round robin algorithm to load balancer

* added an adapt integration test for wrr and fixed a typo

* changed args format to Caddyfile args convention

* added provisioner and validator for wrr

* simplified the code and improved doc
2023-06-20 11:42:58 -06:00
mmm444
424ae0f420
reverseproxy: Experimental streaming timeouts (#5567)
* reverseproxy: WIP streaming timeouts

* More verbose logging by using the child logger

* reverseproxy: Implement streaming timeouts

* reverseproxy: Refactor cleanup

* reverseproxy: Avoid **time.Timer

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-06-19 15:54:43 -06:00
guangwu
4548b7de8e
chore: remove refs of deprecated io/ioutil (#5576) 2023-06-16 21:27:57 -06:00
Francis Lavoie
3b19aa2b5a
headers: Allow > to defer shortcut for replacements (#5574) 2023-06-15 17:18:55 -06:00
Dominik Roos
6a41b62e70
caddyhttp: Support custom network for HTTP/3 (#5573)
Allow registering a custom network mapping for HTTP/3. This is useful
if the original network for HTTP/1.1 and HTTP/2 is not a standard `unix`,
`tcp4`, or `tcp6` network. To keep backwards compatibility, we fall back
to `udp` if the original network is not registered in the mapping.

Fixes #5555
2023-06-13 19:33:39 -06:00
Corin Langosch
2ddb717144
reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569) 2023-06-12 09:35:22 -06:00
365cent
56af1ceb32
fileserver: browse: Better grid layout (#5564)
* feat: better implementation of grid layout

* fix: vertical alignment
2023-06-05 07:39:57 +00:00
Matthew Holt
4ba03c9d38
caddytls: Clarify some JSON config docs 2023-06-04 22:15:50 -06:00
Cass C
078f130a51
cmd: Implement storage import/export (#5532)
* cmd: Implement 'storage import' and 'storage export' CLI commands.

These commands use the certmagic.Storage interface. In particular,
storage implementations should ensure that their List() functions
correctly enumerate all keys when called with an empty prefix and
recursive == true. Also, Stat() calls on keys holding values instead
of nested keys are expected to set KeyInfo.IsTerminal = true.

* remove errors.Join
2023-06-02 13:04:31 -06:00
Matthew Holt
9c180a5988
go.mod: Upgrade quic-go to 0.35.1 2023-06-01 11:28:33 -06:00
Marten Seemann
467b7e3a9c
update quic-go to v0.35.0 (#5560) 2023-05-30 05:41:57 -04:00
kassienull
31d75acc9c
templates: Add readFile action that does not evaluate templates (#5553)
* Create an includeRaw template function to include a file without parsing it as a template.

Some formatting fixes

* Rename to readFile, various docs adjustments

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-05-26 10:16:28 -06:00
WeidiDeng
9cde715525
caddyfile: Track import name instead of modifying filename (#5540)
* Merge branch 'master' into import_file_stack

* remove space in log key
2023-05-25 13:05:00 -06:00
Jonathan Davies
942fbb37ec
core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
to balance load between threads.
2023-05-23 10:56:00 -06:00
WeidiDeng
cee4441cb1
caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
* fix variadic placeholder in imported file which also imports

* fix tests.

* skip replacing args when imported token may be part of a snippet
2023-05-22 15:36:55 -06:00
Matt Holt
5bd9c49042
fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550) 2023-05-22 14:17:15 -06:00
pistasjis
cdd3884b32
fileserver: browse: minor tweaks for grid view, dark mode (#5545)
* Make grid entries take up full width on mobile and fix breadcrumb color issue in dark mode

Signed-off-by: Pistasj <odyssey346@disroot.org>

* Do mholt's suggestions

Signed-off-by: Pistasj <odyssey346@disroot.org>

---------

Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-20 17:23:17 -06:00
Charles Duffy
2615c9c524
fileserver: Only set Etag if not already set (fix #5546) (#5547) 2023-05-20 17:21:43 -06:00
pistasjis
5336bc0fb6
fileserver: Fix file browser breadcrumb font (#5543)
Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-19 11:08:47 -06:00
WeidiDeng
29452647d8
caddyhttp: Fix h3 shutdown (#5541)
* swap h3server close and listener close, avoid quic-listener not closing

* fix typo
2023-05-19 10:00:00 -06:00
Matthew Holt
bd34cb6b4e fileserver: More filetypes for browse icons 2023-05-19 09:59:44 -06:00
pistasjis
2d236ead3e
fileserver: Fix file browser footer in grid mode (#5536)
* Fix file browser footer in grid

Signed-off-by: Odyssey <odyssey346@disroot.org>

* Fix file browser footer while in grid mode

Signed-off-by: Pistasj <odyssey346@disroot.org>

* Do mholt's suggestions

Signed-off-by: Odyssey <odyssey346@disroot.org>

---------

Signed-off-by: Odyssey <odyssey346@disroot.org>
Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-19 09:51:21 -06:00
Matthew Holt
38cb587e0f
cmd: Avoid spammy log messages (fix #5538)
I forgot there are two calls to LoadConfig() here that needed replacing.
2023-05-17 16:13:15 -06:00
Matthew Holt
ca14b6edd9
httpcaddyfile: Sort Caddyfile slice
Makes list deterministic. See #5538
2023-05-17 13:50:32 -06:00
Francis Lavoie
cbf16f6d9e
caddyhttp: Implement named routes, invoke directive (#5107)
* caddyhttp: Implement named routes, `invoke` directive

* gofmt

* Add experimental marker

* Adjust route compile comments
2023-05-16 15:27:52 +00:00
Tran Phong
13a37688dc
rewrite: use escaped path, fix #5278 (#5504)
* use escaped path while rewriting

Signed-off-by: TP-O <letranphong2k1@gmail.com>

* restore line break

---------

Signed-off-by: TP-O <letranphong2k1@gmail.com>
2023-05-16 09:16:07 -06:00
Francis Lavoie
e8352aef38
headers: Add > Caddyfile shortcut for enabling defer (#5535) 2023-05-16 01:18:13 -04:00
Matthew Holt
36546cd8b9
go.mod: Upgrade several dependencies 2023-05-15 16:56:27 -06:00
Francis Lavoie
75b690d248
reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile

* Add clarifying comment
2023-05-15 12:14:50 -06:00
Matt Holt
52d7335c2b
fileserver: Use EscapedPath for browse (#5534)
* fileserver: Use EscapedPath for browse

Fix #5143

* Fixes if filter element is not present

* Remove extraneous line
2023-05-15 10:48:05 -06:00
Matt Holt
96919acc9d
caddyhttp: Refactor cert Managers (fix #5415) (#5533) 2023-05-15 10:47:30 -06:00
Matthew Holt
e96aafe1ca
Slightly more helpful error message 2023-05-13 08:04:42 -06:00
Matt Holt
a02ecb0f88
caddytls: Check for nil ALPN; close #5470 (#5473)
* Check for nil ALPN; close #5470

* Apply patch

* Actually I want to try this
2023-05-13 07:09:20 -06:00
Matthew Holt
5ebb7d496d
cmd: Reduce spammy logs from --watch 2023-05-12 11:04:02 -06:00
jjiang-stripe
cfc85ae8ca
caddyhttp: Add a getter for Server.name (#5531) 2023-05-11 10:34:05 -06:00
Matt Holt
faf0399e80
caddytls: Configurable fallback SNI (#5527)
* Initial implementation of fallback_sni

* Apply upstream patch
2023-05-10 14:29:29 -06:00
WeidiDeng
808b05c3b4
caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
* fix http3 outdated certificates after config reload

* delegate quic tls GetConfigForClient to another struct.

* change type and method names
fix lint

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-05-10 14:25:09 -06:00
Matthew Holt
12b2f22092
Add doc comment about changing admin endpoint 2023-05-09 20:05:27 -06:00
Yehonatan Ezron
571fc034d3
feature: watch include directory (#5521)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-05-08 22:49:16 +00:00
Mohammed Al Sahaf
bef1a739db
chore: remove deprecated linters (#5525) 2023-05-08 13:47:33 -06:00
Matthew Holt
0de6064c3b
go.mod: Upgrade CertMagic again 2023-05-07 23:40:30 -06:00