Matthew Holt
8e75ae2495
Only consume HTTP challenge for names we are solving for ( closes #549 )
...
If another ACME client is trying to solve a challenge for a name not
being served by Caddy on the same machine where Caddy is running, the
HTTP challenge will be consumed by Caddy rather than allowing the owner
to use the Caddyfile to proxy the challenge.
With this change, we only consume requests for HTTP challenges for
hostnames that we recognize. Before doing the challenge, we add the
name to a set, and when seeing if we should proxy the challenge, we
first check the path of course to see if it is an HTTP challenge;
if it is, we then check that set to see if the hostname is in the
set. Only if it is, do we consume it.
Otherwise, the request is treated like any other, allowing the owner
to configure a proxy for such requests to another ACME client.
2016-08-10 22:13:06 -06:00
Carter
d56ac28bec
Using a LimitReader and fixed test and log format.
2016-08-10 22:43:26 -04:00
Carter
3fd8218f67
refactor and added test
2016-08-10 11:04:37 -04:00
Carter
d06c15cae6
Set the request body to a new ReadCloser
2016-08-10 10:36:16 -04:00
Carter
59b1e8b0bc
Now logging the request body
...
Logging the request body if the Content-Type is application/json or
application/xml
2016-08-10 10:04:57 -04:00
Daniel van Dorp
dbd76f7a57
dist/init/linux-sysvinit: process @weingart's feedback ( #1008 )
...
* dist/init/linux-sysvinit: use kill -0 to test process status
* dist/init/linux-sysvinit: use service (as root) instead of /etc/init.d/
2016-08-09 22:29:13 -06:00
Matthew Holt
e081d8b5c2
Maintainence routine deletes old (expired) OCSP staple files
2016-08-09 16:46:51 -06:00
Matthew Holt
8eefeb6788
Begin improved OCSP stapling by persisting staple to disk
2016-08-09 16:12:22 -06:00
Abiola Ibrahim
5fb3c504c9
Merge pull request #1017 from shawnps/patch-2
...
fix typo
2016-08-09 09:18:41 +01:00
Shawn Smith
0f04f2fd44
fix typo
2016-08-09 14:57:17 +09:00
Matthew Holt
ce8b1dfe94
Warn upon use of proxy_header
2016-08-08 13:48:13 -06:00
elcore
4b3c532573
Use P384 for TestUser (privateKey) ( #1009 )
2016-08-08 11:13:10 -06:00
Carter
4d76ccb1c4
Rounding the latency in certain scenarios ( #1005 )
...
* Rounding the latency in certain scenarios
* run gofmt
2016-08-08 10:14:53 -06:00
Simon Lightfoot
de7bf4f241
Enable downloading of protected content. See issue #979 ( #980 )
...
* Fix for stripping of 'Content-Disposition' and other headers from 'X-Accel-Redirect' redirect scripts.
* Added test case for header manipulation of redirect response.
2016-08-07 23:16:33 -06:00
Stavros Korokithakis
681c95a749
Add default "Restricted" realm to HTTP Basic auth ( #1007 )
...
* Add default "Restricted" realm to HTTP Basic auth
* Add tests for the Basic auth realm
2016-08-07 07:50:36 -06:00
elcore
e5a8927635
Allow just one TLS Protocol (Caddyfile) ( #1004 )
...
* Allow just one TLS Protocol
* Fix typo
2016-08-06 15:00:54 -06:00
Matthew Holt
2019eec5a5
Fix lint warnings; group methods for same type together
2016-08-06 14:46:52 -06:00
Matthew Holt
33d1033928
Add link to clean code guidelines for reference
2016-08-06 14:43:31 -06:00
Matthew Holt
0d8b95334f
Use Let's Encrypt's permalink to subscriber agreement
2016-08-06 14:42:00 -06:00
Matthew Holt
ee615371a8
Export staticfiles.Redirect for convenience in preserving query string
2016-08-06 14:40:58 -06:00
Nimi Wariboko Jr
4c6082df64
Merge pull request #987 from nemothekid/proxy/single-webconn
...
Proxy: Single WebSocket connection
2016-08-05 16:59:38 -07:00
Nimi Wariboko Jr
8898066455
Merge branch 'master' into proxy/single-webconn
2016-08-05 16:57:54 -07:00
Nimi Wariboko Jr
fffc1bed73
Merge pull request #984 from nemothekid/proxy/keepalive-directive
...
Proxy: Add keepalive directive to proxy to set MaxIdleConnsPerHost on transport
2016-08-05 16:57:44 -07:00
Nimi Wariboko Jr
824ec6cb95
Merge branch 'master' into proxy/keepalive-directive
2016-08-05 16:20:37 -07:00
Nimi Wariboko Jr
5b5e365295
Instead of treating 0 is a default value, use http.DefaultMaxIdleConnsPerHost
2016-08-05 15:41:32 -07:00
Matt Holt
c6c221b8db
Merge pull request #996 from tw4452852/host_header
...
proxy: add Host header checking
2016-08-05 16:20:06 -06:00
Daniel van Dorp
985049e0c2
Merge pull request #1003 from mholt/sysvinit-fix-setcap
...
dist/init/linux-sysvinit: execute setcap directly
2016-08-05 16:49:24 +02:00
Daniel van Dorp
3a4f8e8d0c
dist/init/linux-sysvinit: execute setcap directly
...
`$(which setcap)` might evaluate to nothing,
and this way the error thrown will be more clear.
If setcap is not available on Debian/Ubuntu,
you can install the package `libcap2-bin`
2016-08-05 16:33:47 +02:00
Daniel van Dorp
f3a3bf6204
dist/init/linux-sysvinit: improve legacy compatibility ( #1002 )
...
* dist/init/linux-sysvinit: pass --oknodo for --start as well
* dist/init/linux-sysvinit: manually rm PIDFILE
Since start-stop-daemon --remove-pidfile is new and not present
everywhere.
2016-08-05 08:15:32 -06:00
Daniel van Dorp
81a3101efe
Merge pull request #1001 from mholt/sysvinit-typo
...
dist/init/linux-sysvinit: fix minor typo in DAEMONOPTS
2016-08-05 14:13:33 +02:00
Daniel van Dorp
22a4b6cde2
dist/init/linux-sysvinit: fix minor typo in DAEMONOPTS
2016-08-05 14:04:30 +02:00
Tw
94c63e42d6
proxy: add Host header checking
...
fix issue #993
Signed-off-by: Tw <tw19881113@gmail.com>
2016-08-04 13:07:20 +08:00
s7v7nislands
c110b27ef5
improve rlimit usage ( #982 )
...
* improve rlimit usage
* fix windows build
* fix code style
2016-08-02 21:01:36 -06:00
Nimi Wariboko Jr
6e9439d22e
Proxy: Fix data race in test.
2016-08-02 12:39:15 -07:00
Nimi Wariboko Jr
f4cdf53761
Proxy: Fix transport defn; cleanup connection.
2016-08-02 12:31:17 -07:00
Matt Holt
89f5b646c3
Merge pull request #978 from krishamoud/master
...
added ip_hash load balancing
2016-08-02 11:25:52 -06:00
Matthew Holt
a24e361761
Enable cgo for CI tests so race detector can run
2016-08-02 10:59:16 -06:00
Matthew Holt
5ac04b91bb
Add -race to CI tests; use Go 1.6.3
2016-08-02 10:55:38 -06:00
elcore
1b1aecb1e6
Merge pull request #989 from tw4452852/tls_race
...
tls: fix TestStandaloneTLSTicketKeyRotation data race
2016-08-02 14:03:14 +02:00
Tw
3d43c5b697
tls: fix TestStandaloneTLSTicketKeyRotation data race
...
==================
WARNING: DATA RACE
Write at 0x00c42049d300 by goroutine 26:
github.com/mholt/caddy/caddytls.standaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto.go:230 +0x698
Previous read at 0x00c42049d300 by goroutine 25:
github.com/mholt/caddy/caddytls.TestStandaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto_test.go:113 +0x413
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
Goroutine 26 (running) created at:
github.com/mholt/caddy/caddytls.TestStandaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto_test.go:101 +0x2a4
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
Goroutine 25 (running) created at:
testing.(*T).Run()
/home/tw/goroot/src/testing/testing.go:646 +0x52f
testing.RunTests.func1()
/home/tw/goroot/src/testing/testing.go:793 +0xb9
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
testing.RunTests()
/home/tw/goroot/src/testing/testing.go:799 +0x4b5
testing.(*M).Run()
/home/tw/goroot/src/testing/testing.go:743 +0x12f
github.com/mholt/caddy/caddytls.TestMain()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/setup_test.go:27 +0x133
main.main()
github.com/mholt/caddy/caddytls/_test/_testmain.go:116 +0x1b1
==================
==================
WARNING: DATA RACE
Write at 0x00c4204aa6c0 by goroutine 26:
github.com/mholt/caddy/caddytls.TestStandaloneTLSTicketKeyRotation.func2()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto_test.go:93 +0x56
github.com/mholt/caddy/caddytls.standaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto.go:233 +0x638
Previous read at 0x00c4204aa6c0 by goroutine 25:
github.com/mholt/caddy/caddytls.TestStandaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto_test.go:108 +0x391
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
Goroutine 26 (running) created at:
github.com/mholt/caddy/caddytls.TestStandaloneTLSTicketKeyRotation()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/crypto_test.go:101 +0x2a4
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
Goroutine 25 (running) created at:
testing.(*T).Run()
/home/tw/goroot/src/testing/testing.go:646 +0x52f
testing.RunTests.func1()
/home/tw/goroot/src/testing/testing.go:793 +0xb9
testing.tRunner()
/home/tw/goroot/src/testing/testing.go:610 +0xc9
testing.RunTests()
/home/tw/goroot/src/testing/testing.go:799 +0x4b5
testing.(*M).Run()
/home/tw/goroot/src/testing/testing.go:743 +0x12f
github.com/mholt/caddy/caddytls.TestMain()
/home/tw/golib/src/github.com/mholt/caddy/caddytls/setup_test.go:27 +0x133
main.main()
github.com/mholt/caddy/caddytls/_test/_testmain.go:116 +0x1b1
==================
Signed-off-by: Tw <tw19881113@gmail.com>
2016-08-02 15:28:12 +08:00
Nimi Wariboko Jr
d534a2139f
Proxy: When connecting to websocket backend, reuse the connection isntead of starting a new one.
2016-08-01 19:11:31 -07:00
Eric Drechsel
c4e65df262
Proxy: Add a failing test which replicates #763
...
2 websocket connections are made instead of one
2016-08-01 19:09:02 -07:00
Kris Hamoud
88d3dcae42
added ip_hash load balancing
...
updated tests
fixed comment format
fixed formatting, minor logic fix
added newline to EOF
updated logic, fixed tests
added comment
updated formatting
updated test output
fixed typo
2016-08-01 18:50:53 -07:00
Nimi Wariboko Jr
db4cd8ee2d
Proxy: Add keepalive directive to proxy to set MaxIdleConnsPerHost on transport. Fixes #938
2016-08-01 15:54:07 -07:00
Matt Holt
da5b3cfc50
Merge pull request #976 from wjkohnen/h2
...
Re-enable HTTP/2 for Go 1.7.
2016-08-01 15:06:44 -06:00
Matt Holt
372c77da3a
Merge pull request #983 from djvdorp/sysvinit
...
dist/init/linux-sysvinit: caddy for SysVinit
2016-08-01 13:34:07 -06:00
Daniel van Dorp
251c38bfb2
dist/init/linux-sysvinit: caddy for SysVinit
...
In addition to `linux-upstart` and `linux-systemd`, I think this one
might be very useful too.
The script is based on [this script](https://git.devuan.org/fredg/stuffs/blob/master/caddy/init.d/caddy )
by @fredg, found via [Installation du serveur Caddy sous Devuan · Frédéric Galusik](http://galusik.xyz/installation-caddy-server-devuan/#démon:d7570338f345f168f3c50f22e7f8c47c ).
I have modified it into an extended version myself, since I had the need for this.
2016-08-01 20:51:22 +02:00
Matt Holt
ba1bee2b8f
Merge pull request #981 from tw4452852/redir
...
redir: loading block arguments before parsing matcher
2016-08-01 12:36:06 -06:00
Tw
b64894c31e
redir: loading block arguments before parsing matcher
...
fix issue #977
Signed-off-by: Tw <tw19881113@gmail.com>
2016-08-01 14:38:18 +08:00
Wolfgang Johannes Kohnen
d88dd74dec
Re-enable HTTP/2 for Go 1.7.
...
* Since Go 1.7 HTTP/2 support is enabled only if TLSConfig.NextProtos
includes the string "h2".
* see mholt/caddy#975
2016-07-30 18:18:53 +00:00