caddy

mirror of https://github.com/caddyserver/caddy.git synced 2025-02-08 15:04:00 +08:00

Author	SHA1	Message	Date
Francis Lavoie	5a4374bea0	fileserver: Preserve query during canonicalization redirect (#6109 ) * fileserver: Preserve query during canonicalization redirect * Clarify that only a path should be passed	2024-03-05 22:51:26 -07:00
Francis Lavoie	0d44e3ecba	logging: Implement `log_append` handler (#6066 ) * logging: Implement `extra_log` handler * Rename to `log_append` * Rename `skip_log` to `log_skip` --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2024-03-05 17:03:59 -07:00
Francis Lavoie	01d5568b20	logging: Implement `append` encoder, allow flatter filters config (#6069 ) * logging: Implement `add` encoder * Allow flatter config structure for `filter` & `add` * Rename to append * govulncheck was unhappy	2024-03-05 16:24:32 -07:00
Francis Lavoie	5ed8689629	vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108 )	2024-03-05 22:25:38 +00:00
Aziz Rmadi	3ae07a73dc	caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050 ) * Made trusted leaf certificates pluggable into the tls.client_auth.leaf module * Added leaf loaders modules: file, folder, pem aand storage * Cleaned implementation of leaf cert loader modules * Added tests for leaf certs file and folder loaders * cmd: fix the output of the `Usage` section (#6138) * core: OnExit hooks (#6128) * core: OnExit callbacks * core: Process-global OnExit callbacks * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Added more leaf certificate loaders tests and cleaned up code * Modified leaf cert loaders json field names and cleaned up storage loader comment * Update modules/caddytls/leaffileloader.go * Update LeafStorageLoader certificates field name * Upgraded protobuf version --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-05 14:55:37 -07:00
Matt Holt	72ce78d9af	reverseproxy: SRV dynamic upstream failover (#5832 ) * Implement grace period, but probably needs sync * Update cached freshness value * D'oh, actually use the grace period * Fix freshness math	2024-03-05 12:08:31 -07:00
Mohammed Al Sahaf	03f703a00e	caddytls: verifier: caddyfile: re-add Caddyfile support (#6127 ) * caddytls: verifier: caddyfile: re-add Caddyfile support * appease the linter * caddytls: client_auth: verifier: change namespace to `tls.client_auth.verifier`	2024-02-26 00:13:48 +03:00
Mohammed Al Sahaf	931656bd68	acmeserver: add policy field to define allow/deny rules (#5796 ) * acmeserver: support specifying the allowed challenge types * add caddyfile adapt tests * acmeserver: add `policy` field to define allow/deny rules * allow `omitempty` to work * add caddyfile support for `policy` * remove "uri domain" policy * fmt the files * add docs * do not support `CommonName`; the field is deprecated * r/DNSDomains/Domains/g * Caddyfile docs * add tests * move `Policy` to top of file	2024-02-24 02:26:00 +03:00
Sam Ottenhoff	da6a569e85	reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115 ) * reverseproxy: cookie should be Secure and SameSite=None when TLS * Update modules/caddyhttp/reverseproxy/selectionpolicies_test.go Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com> --------- Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>	2024-02-23 12:45:58 -07:00
WeidiDeng	53f7035299	reverseproxy: use context.WithoutCancel (#6116 )	2024-02-19 20:25:02 -07:00
Matt Holt	127788807f	caddyhttp: Register post-shutdown callbacks (#5948 )	2024-02-14 21:21:23 -07:00
Francis Lavoie	2c48dda109	caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102 )	2024-02-13 13:45:38 -05:00
Francis Lavoie	30d63648f5	caddyauth: Drop support for `scrypt` (#6091 )	2024-02-12 19:33:54 +00:00
Francis Lavoie	f9e11158bc	caddyauth: Rename `basicauth` to `basic_auth` (#6092 )	2024-02-12 17:34:23 +00:00
Francis Lavoie	91ec75441a	logging: Inline Caddyfile syntax for `ip_mask` filter (#6094 )	2024-02-12 17:15:35 +00:00
Kévin Dunglas	2348ac897a	update comment	2024-02-09 09:35:55 +01:00
Kévin Dunglas	d3f23a8eeb	improved list	2024-02-09 09:35:55 +01:00
Kévin Dunglas	60abd72c7a	fix: add back text/*	2024-02-09 09:35:55 +01:00
Kévin Dunglas	b8f729b88f	fix: add more media types to the compressed by default list	2024-02-09 09:35:55 +01:00
Mohammed Al Sahaf	e1aa862e6a	acmeserver: support specifying the allowed challenge types (#5794 ) * acmeserver: support specifying the allowed challenge types * add caddyfile adapt tests * introduce basic acme_server test * skip acme test on unsuitable environments * skip integration tests of ACME * documentation * add negative-scenario test for mismatched allowed challenges * a bit more docs * fix tests for ACME challenges * appease the linter * skip ACME tests on s390x * enable ACME challenge tests on all machines * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2024-02-08 11:42:03 +03:00
Francis Lavoie	8c2a72ad07	matchers: Drop `forwarded` option from `remote_ip` matcher (#6085 )	2024-02-07 10:09:29 -05:00
Francis Lavoie	bde46211e3	caddyhttp: Test cases for `%2F` and `%252F` (#6084 )	2024-02-07 05:13:17 -05:00
Aziz Rmadi	feb07a7b59	fileserver: Browse can show symlink target if enabled (#5973 ) * Added optional subdirective to browse allowing to reveal symlink paths. * Update modules/caddyhttp/fileserver/browsetplcontext.go --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2024-02-06 04:31:26 +00:00
Matt Holt	57c5b921a4	caddytls: Make on-demand 'ask' permission modular (#6055 ) * caddytls: Make on-demand 'ask' permission modular This makes the 'ask' endpoint a module, which means that developers can write custom plugins for granting permission for on-demand certificates. Kicking myself that we didn't do it this way at the beginning, but who coulda known... * Lint * Error on conflicting config * Fix bad merge --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2024-01-30 16:11:29 -07:00
Marten Seemann	697cc593a1	chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043 ) Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2024-01-25 13:58:19 -05:00
Yolan Romailler	2fe69a828f	chore: enabling a few more linters (#5961 ) Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2024-01-25 15:24:58 +00:00
Mohammed Al Sahaf	e965b111cd	tls: modularize trusted CA providers (#5784 ) * tls: modularize client authentication trusted CA * add `omitempty` to `CARaw` * docs * initial caddyfile support * revert anything related to leaf cert validation The certs are used differently than the CA pool flow * complete caddyfile unmarshalling implementation * Caddyfile syntax documentation * enhance caddyfile parsing and documentation Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> * add client_auth caddyfile tests * add caddyfile unmarshalling tests * fix and add missed adapt tests * fix rebase issue --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2024-01-25 11:44:41 +03:00
Francis Lavoie	b9c40e7111	logging: Automatic `wrap` default for `filter` encoder (#5980 ) Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>	2024-01-25 04:00:22 +00:00
Francis Lavoie	f5344f8cad	caddyhttp: Fix panic when request missing ClientIPVarKey (#6040 )	2024-01-24 00:45:50 +00:00
Francis Lavoie	750d0b8331	caddyfile: Normalize & flatten all unmarshalers (#6037 )	2024-01-23 19:36:59 -05:00
Mohammed Al Sahaf	54823f52bc	cmd: reverseproxy: log: use caddy logger (#6042 )	2024-01-23 10:52:02 -07:00
Aziz Rmadi	ed7e3c906a	matchers: `query` now ANDs multiple keys (#6054 ) Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2024-01-22 02:36:44 +00:00
Francis Lavoie	5e2f1b5ced	httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844 )	2024-01-15 09:57:08 -07:00
Francis Lavoie	f3e849e49f	fileserver: Implement caddyfile.Unmarshaler interface (#5850 )	2024-01-13 21:32:44 +00:00
Bas Westerbaan	f658fd05ac	reverseproxy: Add `tls_curves` option to HTTP transport (#5851 )	2024-01-13 20:56:23 +00:00
Nebez Briefkani	cc0c0cf03e	caddyhttp: Security enhancements for client IP parsing (#5805 ) Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2024-01-13 20:46:37 +00:00
a	c839a98ff5	filesystem: Globally declared filesystems, `fs` directive (#5833 )	2024-01-13 20:12:43 +00:00
Rithvik Vibhu	ed41c924cf	tls: add reuse_private_keys (#6025 )	2024-01-09 16:00:31 -07:00
Fred Cox	d9ff7b1872	reverseproxy: Only change Content-Length when full request is buffered (#5830 ) fixes: https://github.com/caddyserver/caddy/issues/5829 Signed-off-by: Fred Cox <mcfedr@gmail.com>	2024-01-09 12:59:30 -07:00
Mohammed Al Sahaf	787f6b257f	chore: check against errors of `io/fs` instead of `os` (#6011 ) * chore: replace `os.ErrNotExist` with `fs.ErrNotExist` * check against permission error from `io/fs` package	2024-01-02 08:48:55 +03:00
networkException	b568a10dd4	caddyhttp: support unix sockets in `caddy respond` command (#6010 ) previously the `caddy respond` command would treat the argument passed to --listen as a TCP socket address, iterating over a possible port range. this patch factors the server creation out into a separate function, allowing this to be reused in case the listen address is a unix network address.	2023-12-31 22:34:00 -05:00
Steffen Busch	8f9ffc587e	fileserver: Add total file size to directory listing (#6003 ) * browse: Add total file size to directory listing * Apply suggestion to remove "in " Co-authored-by: Matt Holt <mholt@users.noreply.github.com> --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2023-12-30 18:47:13 +00:00
Francis Lavoie	3248e4c89f	logging: Add `zap.Option` support (#5944 )	2023-12-18 20:48:34 +00:00
Tim Geoghegan	387545a895	metrics: Record request metrics on HTTP errors (#5979 )	2023-12-15 20:14:00 +00:00
Kévin Dunglas	b16aba5c27	fileserver: Enable compression for command by default (#5855 ) * feat: enable compression for file-server * refactor * const * Update help text * Update modules/caddyhttp/fileserver/command.go --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2023-12-13 20:44:22 -07:00
David DeMoss	362f33daae	fileserver: New --precompressed flag (#5880 ) exposes the file_server precompressed functionality to be used with the file-server command Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2023-12-13 20:26:20 -07:00
Francis Lavoie	3d7d60f7cf	caddyhttp: Add `uuid` to access logs when used (#5859 )	2023-12-13 15:40:15 -07:00
Mohammed Al Sahaf	dc12bd9743	proxyprotocol: use github.com/pires/go-proxyproto (#5915 ) * proxyprotocol: use github.com/pires/go-proxyproto * Fix typo: r/generelly/generally Co-authored-by: Francis Lavoie <lavofr@gmail.com> * add config options for `Deny` CIDR and fallback policy * use `netip` package & trust unix sockets --------- Co-authored-by: Francis Lavoie <lavofr@gmail.com>	2023-12-13 09:07:43 -07:00
Matt Holt	4a09cf0dc0	caddytls: Sync distributed storage cleaning (#5940 ) * caddytls: Log out remote addr to detect abuse * caddytls: Sync distributed storage cleaning * Handle errors * Update certmagic to fix tiny bug * Split off port when logging remote IP * Upgrade CertMagic	2023-12-07 11:00:02 -07:00
Andreas Kohn	b24ae63ea6	caddytls: Context to DecisionFunc (#5923 ) See https://github.com/caddyserver/certmagic/pull/255	2023-12-07 10:40:13 -07:00

1 2 3 4 5 ...

1146 Commits