Mohammed Al Sahaf
5b48f784ae
ci: don't run s390x tests on PRs of forks ( #3494 )
...
* ci: don't run s390x tests on PRs of forks
* ci: check if fork by matchinging name from event against name of repo
2020-06-12 19:51:04 +00:00
Chris Ortman
d84a5d8427
httpcaddyfile: New acme_eab
option ( #3492 )
...
* Adds global options for external account bindings
* Maybe other people use ctags too?
* Use nested block to configure external account
* go format files
* Restore acme_ca directive in test file
* Change Caddyfile config syntax for acme_eab
* Update test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-12 13:37:56 -06:00
Mohammed Al Sahaf
7da32f493a
ci: skip s390x tests on forks ( #3493 )
2020-06-12 18:03:29 +00:00
Matthew Holt
cb0d9838cb
go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab)
2020-06-12 11:52:12 -06:00
Matthew Holt
d81a69ef16
Merge branch 'eab-fix'
2020-06-12 11:49:45 -06:00
Mohammed Al Sahaf
99dcc10f31
ci: add CI on s390x ( #3463 )
...
* ci: lay out foundation for s390x tests
* ci: uncomment the s390x test script & replace placeholders with real values
* ci: amend the s390x test job name to be more consistent with others
2020-06-12 17:11:46 +00:00
Wynn Wolf Arbor
fa4cdde7d8
fastcgi: Make sure splitPos handles empty SplitPath correctly ( #3491 )
...
In commit f2ce81c
, support for multiple path splitters was added. The
type of SplitPath changed from string to []string, and splitPos was
changed to loop through all values in SplitPath.
Before that commit, if SplitPath was empty, strings.Index returned 0 and
PATH_INFO was set correctly in buildEnv.
Currently, however, splitPos returns -1 for empty values of SplitPath,
behaving as if a split position could not be found at all. PATH_INFO is
then never set in buildEnv and remains empty.
Restore the old behaviour by explicitly checking whether SplitPath is
empty and returning 0 in splitPos.
Closes #3490
2020-06-12 10:07:59 -06:00
Matthew Holt
d55c3b31eb
caddyhttp: Add client cert SAN placeholders
2020-06-11 16:19:07 -06:00
Matthew Holt
6d03fb48f9
caddytls: Don't decode HMAC
...
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
2020-06-11 15:33:27 -06:00
Matthew Holt
b3bff13f7d
reverseproxy: Close websocket conn if req context cancels
...
This is a recent patch in the Go standard library
2020-06-11 15:25:26 -06:00
Francis Lavoie
7211101c52
ci: Fix gemfury upload condition, move triggers to publish event ( #3483 )
2020-06-08 12:21:20 -06:00
Mohammed Al Sahaf
90dba172cb
ci: fix an oopsie in the release script ( #3482 )
2020-06-08 11:10:28 -06:00
Matthew Holt
4b10ae5ce6
reverseproxy: Add Caddyfile support for ClientCertificateAutomate
2020-06-08 10:30:26 -06:00
NWHirschfeld
1dfb11486e
httpcaddyfile: Add client_auth options to tls directive ( #3335 )
...
* reading client certificate config from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update caddyconfig/httpcaddyfile/builtins.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* added adapt test for parsing client certificate configuration from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update modules/caddytls/connpolicy.go
* Make review adjustments
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-05 12:19:36 -06:00
Matthew Holt
11a132d48b
caddytls: Configurable cache size limit
2020-06-05 11:14:39 -06:00
Matthew Holt
9dafa63933
go.mod: Update dependencies
2020-06-05 11:14:09 -06:00
Francis Lavoie
21c1da101c
ci: Disable publishing .deb on beta tags ( #3473 )
2020-06-05 10:23:15 -06:00
Matthew Holt
7a99835dab
reverseproxy: Enable changing only the status code ( close #2920 )
2020-06-04 12:06:38 -06:00
Matthew Holt
7b0962ba4d
caddyhttp: Default to error status if found in context
...
This is just a convenience if using a static_response handler in an
error route, by setting the default status code to the same one as
the error status.
2020-06-04 10:32:01 -06:00
Matthew Holt
2d1f7b9da8
caddyhttp: Auto-redirects from all bind addresses ( fix #3443 )
2020-06-03 10:56:26 -06:00
Matthew Holt
a285fe4129
caddypki: Add 'acme_server' Caddyfile directive
2020-06-03 09:59:36 -06:00
Matthew Holt
97e61c16a3
httpcaddyfile: Sort site blocks with wildcards last ( fix #3410 )
2020-06-03 09:35:13 -06:00
Matthew Holt
83551edf3e
cmd: Only stop admin server on signal if it exists ( fix #3470 )
2020-06-03 07:31:31 -06:00
Matthew Holt
e18c373064
caddytls: Actually use configured test CA
2020-06-02 11:13:44 -06:00
Matt Holt
9a7756c6e4
caddyauth: Cache basicauth results ( fixes #3462 ) ( #3465 )
...
Cache capacity is currently hard-coded at 1000 with random eviction.
It is enabled by default from Caddyfile configurations because I assume
this is the most common preference.
2020-06-01 23:56:47 -06:00
Francis Lavoie
fdf2a77feb
caddyfile: Add args on imports ( #3423 )
...
* caddyfile: Add support for args on imports
* caddyfile: Add more import args tests
2020-06-01 10:43:06 -06:00
Georges Haidar
a496308f6e
httpcaddyfile: Let modules add listener wrappers ( #3397 )
...
* httpcaddyfile: allow modules to customize listener wrappers
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-01 09:50:00 -06:00
Matthew Holt
d5d7fb5954
go.mod: Update dependencies
2020-06-01 09:31:08 -06:00
Matt Holt
996af0915d
cmd: Support admin endpoint on unix socket ( #3320 )
2020-05-29 14:21:55 -06:00
Matthew Holt
6c051cd27d
caddyconfig: Minor internal and godoc tweaks
2020-05-29 11:49:25 -06:00
Matt Holt
9415feca7c
logging: Net writer redials if write fails ( #3453 )
...
* logging: Net writer redials if write fails
https://caddy.community/t/v2-log-output-net-does-not-reconnect-after-lost-connection/8386?u=matt
* Only replace connection if redial succeeds
* Fix error handling
2020-05-28 10:40:14 -06:00
Matthew Holt
881b826fb5
reverseproxy: Pool copy buffers (minor optimization)
2020-05-27 11:42:19 -06:00
Matthew Holt
538ddb8587
reverseproxy: Enable response interception ( #1447 , #2920 )
...
It's a raw, low-level implementation for now, but it's very flexible.
More sugar-coating can be added after error handling is more developed.
2020-05-27 10:17:45 -06:00
Francis Lavoie
69b5643130
chore: Fix typo in dispenser.go ( #3456 )
2020-05-27 08:13:57 -06:00
Matthew Holt
e5bbed1046
caddyhttp: Refactor header matching
...
This allows response matchers to benefit from the same matching logic
as the request header matchers (mainly prefix/suffix wildcards).
2020-05-26 17:35:27 -06:00
Matthew Holt
294910c68c
caddyhttp: Add client.public_key(_sha256) placeholders
2020-05-26 15:52:53 -06:00
Francis Lavoie
8c5d00b2bc
httpcaddyfile: New handle_path
directive ( #3281 )
...
* caddyconfig: WIP implementation of handle_path
* caddyconfig: Complete the implementation - h.NewRoute was key
* caddyconfig: Add handle_path integration test
* caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-26 15:27:51 -06:00
Rui Lopes
aa20878887
cmd: file-server: add --access-log flag ( #3454 )
2020-05-26 15:04:04 -06:00
Francis Lavoie
c1e5c09294
reverseproxy: Improve error message when using scheme+placeholder ( #3393 )
...
* reverseproxy: Improve error message when using scheme+placeholder
* reverseproxy: Simplify error message
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-26 14:13:15 -06:00
Francis Lavoie
ffc125d6f5
caddyfile: Move NewTestDispenser into non-test file ( #3439 )
2020-05-26 13:45:22 -06:00
AndyBan
22055c5e0f
reverseproxy: Fix https active health checks #3450 ( #3451 )
2020-05-26 12:40:57 -06:00
Mohammed Al Sahaf
dfe802aed3
chore: forego the use of deprecated cel func NewIdent in favor of NewVar ( #3444 )
2020-05-25 03:59:38 +00:00
Mohammed Al Sahaf
7a365af5df
chore: simplify goreleaser flow, add bash completions to .deb ( #3436 )
2020-05-22 15:13:31 -04:00
Matthew Holt
0cbf467b3f
caddyhttp: Add time.now placeholder and update cel-go ( closes #2594 )
2020-05-21 18:19:01 -06:00
Francis Lavoie
bb67e19d7b
cmd: hash-password: Fix broken terminal state on SIGINT ( #3416 )
...
* caddyauth: Fix hash-password broken terminal state on SIGINT
* caddycmd: Move TrapSignals calls to only subcommands that run long
2020-05-21 13:09:49 -06:00
Matthew Holt
1dc4ec2d77
admin: Disallow websockets
...
No currently-known exploit here, just being conservative
2020-05-21 12:29:19 -06:00
Matt Holt
452d4726f7
Update SECURITY.md
2020-05-20 14:24:47 -06:00
Matthew Holt
2a8a198568
reverseproxy: Don't overwrite existing X-Forwarded-Proto header
...
Correct behavior is not well defined because this is a non-standard
header field. This could be a "hop-by-hop" field much like
X-Forwarded-For is, but even our X-Forwarded-For implementation
preserves prior entries. Or, it could be best to preserve the original
value from the first hop, representing the protocol as facing the
client.
Let's try it the other way for a bit and see how it goes.
See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
2020-05-20 11:33:17 -06:00
Francis Lavoie
cc8fb488d3
httpcaddyfile: Improve error on matcher declared outside site block ( #3431 )
2020-05-20 10:37:48 -06:00
Francis Lavoie
fae064262d
httpcaddyfile: Add auto_https
global option ( #3284 )
2020-05-19 16:59:51 -06:00