Commit Graph

1143 Commits

Author SHA1 Message Date
Mohammed Al Sahaf
27bc16abed
fileserver: add export-template sub-command to file-server (#5630) 2023-07-13 15:54:48 -06:00
Matt Holt
0e2c7e1d35
caddytls: Reuse certificate cache through reloads (#5623)
* caddytls: Don't purge cert cache on config reload

* Update CertMagic

This actually avoids reloading managed certs from storage
when already in the cache, d'oh.

* Fix bug; re-implement HasCertificateForSubject

* Update go.mod: CertMagic tag
2023-07-11 19:10:58 +00:00
Matthew Holt
5dec11f2a0
reverseproxy: Pointer receiver
This avoids copying the Upstream, which has an atomically-accessed value
in it.
2023-07-08 13:42:51 -06:00
Matthew Holt
66114cb155
caddyhttp: Trim dot/space only on Windows (fix #5613)
Follow-up to #2917. Path matcher needs to trim dots and spaces but only
on Windows.
2023-07-08 13:42:13 -06:00
Francis Lavoie
7a69ae7571
reverseproxy: Honor tls_except_port for active health checks (#5591) 2023-06-22 16:20:30 -06:00
Saber Haj Rabiee
361946eb0c
reverseproxy: weighted_round_robin load balancing policy (#5579)
* added weighted round robin algorithm to load balancer

* added an adapt integration test for wrr and fixed a typo

* changed args format to Caddyfile args convention

* added provisioner and validator for wrr

* simplified the code and improved doc
2023-06-20 11:42:58 -06:00
mmm444
424ae0f420
reverseproxy: Experimental streaming timeouts (#5567)
* reverseproxy: WIP streaming timeouts

* More verbose logging by using the child logger

* reverseproxy: Implement streaming timeouts

* reverseproxy: Refactor cleanup

* reverseproxy: Avoid **time.Timer

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-06-19 15:54:43 -06:00
guangwu
4548b7de8e
chore: remove refs of deprecated io/ioutil (#5576) 2023-06-16 21:27:57 -06:00
Francis Lavoie
3b19aa2b5a
headers: Allow > to defer shortcut for replacements (#5574) 2023-06-15 17:18:55 -06:00
Dominik Roos
6a41b62e70
caddyhttp: Support custom network for HTTP/3 (#5573)
Allow registering a custom network mapping for HTTP/3. This is useful
if the original network for HTTP/1.1 and HTTP/2 is not a standard `unix`,
`tcp4`, or `tcp6` network. To keep backwards compatibility, we fall back
to `udp` if the original network is not registered in the mapping.

Fixes #5555
2023-06-13 19:33:39 -06:00
Corin Langosch
2ddb717144
reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569) 2023-06-12 09:35:22 -06:00
365cent
56af1ceb32
fileserver: browse: Better grid layout (#5564)
* feat: better implementation of grid layout

* fix: vertical alignment
2023-06-05 07:39:57 +00:00
Matthew Holt
4ba03c9d38
caddytls: Clarify some JSON config docs 2023-06-04 22:15:50 -06:00
kassienull
31d75acc9c
templates: Add readFile action that does not evaluate templates (#5553)
* Create an includeRaw template function to include a file without parsing it as a template.

Some formatting fixes

* Rename to readFile, various docs adjustments

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-05-26 10:16:28 -06:00
Matt Holt
5bd9c49042
fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550) 2023-05-22 14:17:15 -06:00
pistasjis
cdd3884b32
fileserver: browse: minor tweaks for grid view, dark mode (#5545)
* Make grid entries take up full width on mobile and fix breadcrumb color issue in dark mode

Signed-off-by: Pistasj <odyssey346@disroot.org>

* Do mholt's suggestions

Signed-off-by: Pistasj <odyssey346@disroot.org>

---------

Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-20 17:23:17 -06:00
Charles Duffy
2615c9c524
fileserver: Only set Etag if not already set (fix #5546) (#5547) 2023-05-20 17:21:43 -06:00
pistasjis
5336bc0fb6
fileserver: Fix file browser breadcrumb font (#5543)
Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-19 11:08:47 -06:00
WeidiDeng
29452647d8
caddyhttp: Fix h3 shutdown (#5541)
* swap h3server close and listener close, avoid quic-listener not closing

* fix typo
2023-05-19 10:00:00 -06:00
Matthew Holt
bd34cb6b4e fileserver: More filetypes for browse icons 2023-05-19 09:59:44 -06:00
pistasjis
2d236ead3e
fileserver: Fix file browser footer in grid mode (#5536)
* Fix file browser footer in grid

Signed-off-by: Odyssey <odyssey346@disroot.org>

* Fix file browser footer while in grid mode

Signed-off-by: Pistasj <odyssey346@disroot.org>

* Do mholt's suggestions

Signed-off-by: Odyssey <odyssey346@disroot.org>

---------

Signed-off-by: Odyssey <odyssey346@disroot.org>
Signed-off-by: Pistasj <odyssey346@disroot.org>
2023-05-19 09:51:21 -06:00
Francis Lavoie
cbf16f6d9e
caddyhttp: Implement named routes, invoke directive (#5107)
* caddyhttp: Implement named routes, `invoke` directive

* gofmt

* Add experimental marker

* Adjust route compile comments
2023-05-16 15:27:52 +00:00
Tran Phong
13a37688dc
rewrite: use escaped path, fix #5278 (#5504)
* use escaped path while rewriting

Signed-off-by: TP-O <letranphong2k1@gmail.com>

* restore line break

---------

Signed-off-by: TP-O <letranphong2k1@gmail.com>
2023-05-16 09:16:07 -06:00
Francis Lavoie
e8352aef38
headers: Add > Caddyfile shortcut for enabling defer (#5535) 2023-05-16 01:18:13 -04:00
Francis Lavoie
75b690d248
reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile

* Add clarifying comment
2023-05-15 12:14:50 -06:00
Matt Holt
52d7335c2b
fileserver: Use EscapedPath for browse (#5534)
* fileserver: Use EscapedPath for browse

Fix #5143

* Fixes if filter element is not present

* Remove extraneous line
2023-05-15 10:48:05 -06:00
Matt Holt
96919acc9d
caddyhttp: Refactor cert Managers (fix #5415) (#5533) 2023-05-15 10:47:30 -06:00
Matt Holt
a02ecb0f88
caddytls: Check for nil ALPN; close #5470 (#5473)
* Check for nil ALPN; close #5470

* Apply patch

* Actually I want to try this
2023-05-13 07:09:20 -06:00
jjiang-stripe
cfc85ae8ca
caddyhttp: Add a getter for Server.name (#5531) 2023-05-11 10:34:05 -06:00
Matt Holt
faf0399e80
caddytls: Configurable fallback SNI (#5527)
* Initial implementation of fallback_sni

* Apply upstream patch
2023-05-10 14:29:29 -06:00
Francis Lavoie
b19946f6af
reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
When only a single request has the least amount of requests, there's no need to compute a random number, because the modulo of 1 will always be 0 anyways.
2023-05-05 20:53:48 -06:00
Francis Lavoie
335cd2e8a4
reverseproxy: Fix active health check header canonicalization, refactor (#5446) 2023-05-05 15:19:22 -06:00
Francis Lavoie
48598e1f2a
reverseproxy: Add fallback for some policies, instead of always random (#5488) 2023-05-05 15:08:10 -06:00
Matthew Holt
cdce452edc
logging: Actually honor the SoftStart parameter 2023-05-04 16:30:34 -06:00
Matthew Holt
f3e8b9d95f
logging: Soft start for net writer (close #5520)
If enabled and there is an error when opening the net writer, ignore the
error and report it along with subsequent logs to stderr.
2023-05-04 16:29:03 -06:00
eanavitarte
c8032867b1
fastcgi: Fix capture_stderr (#5515) 2023-05-04 00:40:49 +00:00
Francis Lavoie
3f20a7c9f3
acmeserver: Configurable resolvers, fix smallstep deprecations (#5500)
* acmeserver: Configurable `resolvers`, fix smallstep deprecations

* Improve default net/port

* Update proxy resolvers parsing to use the new function

* Update listeners.go

Co-authored-by: itsxaos <33079230+itsxaos@users.noreply.github.com>

---------

Co-authored-by: itsxaos <33079230+itsxaos@users.noreply.github.com>
2023-05-03 17:07:22 +00:00
Dave Henderson
f0e3981774
logging: Add traceID field to access logs when tracing is active (#5507)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-04-27 02:46:41 +00:00
Kévin Dunglas
1c9ea0113d
caddyhttp: Impl ResponseWriter.Unwrap(), prep for Go 1.20's ResponseController (#5509)
* feat: add support for ResponseWriter.Unwrap()

* cherry-pick Francis' code
2023-04-26 19:44:01 -04:00
Y.Horie
2b04e09fa7
reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
Co-authored-by: Dávid Szabó <david.szabo97@gmail.com>
2023-04-25 09:59:26 -06:00
cui fliter
3443a8a056
fix some comments (#5508)
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-04-25 09:54:42 -06:00
Stéphane Mourey
2943c41884
templates: Add fileStat function (#5497)
* Add isDir template function

* Update modules/caddyhttp/templates/tplcontext.go

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* Fix funcIsDir return value on error

* Fix funcIsDir return false when root file system not specified

* Add stat function, remove isDir function

* Remove isDir function (really)

* Rename stat to fileStat

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-04-24 10:36:37 -06:00
Francis Lavoie
53b6fab125
caddyfile: Stricter parsing, error for brace on new line (#5505) 2023-04-20 18:43:51 +00:00
Francis Lavoie
b301a3df70
celmatcher: Implement pkix.Name conversion to string (#5492) 2023-04-19 11:55:22 -04:00
Francis Lavoie
4636109ce1
reverseproxy: Remove deprecated lookup_srv (#5396) 2023-04-10 20:08:40 +00:00
WeidiDeng
d8d87a378f
caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
* Serve http2 when listener wrapper doesn't return *tls.Conn

* close conn when h2server serveConn returns

* merge from upstream

* rebase from latest

* run New and Closed ConnState hook for h2 conns

* go fmt

* fix lint

* Add comments

* reorder import
2023-04-10 17:05:02 +00:00
Francis Lavoie
f8b59e77f8
reverseproxy: Add query and client_ip_hash lb policies (#5468) 2023-04-04 03:31:47 +00:00
Kid
f9bd2d3e92
fileserver: Add color-scheme meta tag (#5475) 2023-04-02 22:44:21 -04:00
Corin Langosch
b6fe5d4b41
proxyprotocol: Add PROXY protocol support to reverse_proxy, add HTTP listener wrapper (#5424)
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-03-31 17:44:53 -04:00
Francis Lavoie
66e571e687
reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-03-31 15:46:29 -04:00
Francis Lavoie
2b3046de36
caddyhttp: Log request body bytes read (#5461) 2023-03-27 22:40:15 +00:00
Mohammed Al Sahaf
1aef807c71
log: Make sink logs encodable (#5441)
* log: make `sink` encodable

* deduplicate logger fields

* extract common fields into `BaseLog` and embed it into `SinkLog`

* amend godoc on `BaseLog` and `SinkLog`

* minor style change

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-03-27 21:41:24 +00:00
Francis Lavoie
e16a886814
caddytls: Eval replacer on automation policy subjects (#5459)
Also renamed the field to SubjectsRaw, which can be considered a breaking change but I don't expect this to affect much.
2023-03-27 21:16:22 +00:00
黑墨水鱼
dd86171d67
headers: Support deleting all headers as first op (#5464)
* Delete all existing fields when fieldName is `*`

* Rearrange deletion before addition in headers

* Revert "Rearrange deletion before addition in headers"

This reverts commit 1b50eeeccc92ccd660c7896d8283c7d9e5d1fcb0.

* Treat deleting all headers as a special case

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-03-27 21:05:18 +00:00
Francis Lavoie
10b265d252
reverseproxy: Header up/down support for CLI command (#5460) 2023-03-27 20:35:31 +00:00
Francis Lavoie
05e9974570
caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* caddyhttp: Determine real client IP if trusted proxies configured

* Support customizing client IP header

* Implement client_ip matcher, deprecate remote_ip's forwarded option
2023-03-27 20:22:59 +00:00
Matt Holt
0cc49c053f
caddytls: Zero out throttle window first (#5443)
* caddytls: Zero out throttle window first

* Don't error for on-demand 

Fixes b97c76fb47

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-03-20 12:06:00 -06:00
Trea Hauet
2182270a2c
reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
Fixes: https://github.com/caddyserver/caddy/issues/5420
2023-03-16 11:42:16 -06:00
Matthew Holt
a7af7c486e
caddytls: Allow on-demand w/o ask for internal-only 2023-03-14 10:29:27 -06:00
Matthew Holt
b97c76fb47
caddytls: Require 'ask' endpoint for on-demand TLS 2023-03-14 10:02:44 -06:00
Matt Holt
6cc3cbbc69
fileserver: New file browse template (#5427)
* fileserver: New file browse template

* Redo extension/icon logic; minor color tweaks

* Fine-tune image display
2023-03-10 18:19:31 +00:00
Chris Reeves
b420561737
tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-03-09 09:02:35 -07:00
WeidiDeng
b3f0cea2c3
encode: flush status code when hijacked. (#5419) 2023-03-06 09:13:48 -07:00
esell
94d41a9d86
fileserver: Remove trailing slash on fs filenames (#5417) 2023-03-03 14:45:17 -07:00
Matt Holt
99d47050e9
core: Eliminate unnecessary shutdown delay on Unix (#5413)
* core: Eliminate unnecessary shutdown delay on Unix

Fix #5393, alternate to #5405

* Comments, cleanup, adjust logs

* Fix build constraint
2023-03-03 04:00:18 +00:00
Francis Lavoie
85375861f6
caddyhttp: Fix vars_regexp matcher with placeholders (#5408)
Changed to match the `vars` matcher's logic for handling placeholders
2023-03-02 09:01:54 -07:00
Francis Lavoie
f6bab8ba85
context: Rename func to AppIfConfigured (#5397) 2023-02-27 18:58:27 +00:00
Emily Lange
941eae5f61
reverseproxy: allow specifying ip version for dynamic a upstream (#5401)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-02-27 17:23:09 +00:00
Francis Lavoie
960150bb03
caddyfile: Implement heredoc support (#5385) 2023-02-26 00:34:27 +00:00
Francis Lavoie
9e6919550b
cmd: Expand cobra support, add short flags (#5379)
* cmd: Expand cobra support

* Convert commands to cobra, add short flags

* Fix version command typo

Co-authored-by: Emily Lange <git@indeednotjames.com>

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Emily Lange <git@indeednotjames.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-24 16:09:12 -07:00
Mohammed Al Sahaf
e3909cc385
reverseproxy: refactor HTTP transport layer (#5369)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2023-02-24 19:54:04 +00:00
Francis Lavoie
be53e432fc
caddytls: Relax the warning for on-demand (#5384) 2023-02-22 11:41:01 -07:00
Francis Lavoie
5ded580444
cmd: Adjust documentation for commands (#5377) 2023-02-16 09:14:07 -07:00
Matt Holt
4b119a475f
reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
* reverseproxy: Don't buffer chunked requests (fix #5366)

Mostly reverts 845bc4d50b (#5289)

Adds warning for unsafe config.

Deprecates unsafe properties in favor of simpler, safer designed ones.

* Update modules/caddyhttp/reverseproxy/caddyfile.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Update modules/caddyhttp/reverseproxy/reverseproxy.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Update modules/caddyhttp/reverseproxy/reverseproxy.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Remove unused code

---------

Co-authored-by: Y.Horie <u5.horie@gmail.com>
2023-02-11 17:25:29 -07:00
Francis Lavoie
90798f3eea
go.mod: Upgrade various dependencies (#5362)
* chore: Upgrade various dependencies

* Support CEL file matcher with no args

* Document `http.request.orig_uri.path.*`, reorder placeholders in docs

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-08 17:49:17 +00:00
Steffen Brüheim
536c28d4dc
core: Support Windows absolute paths for UDS proxy upstreams (#5114)
* added some tests for parseUpstreamDialAddress

Test 4 fails because it produces "[[::1]]:80" instead of "[::1]:80"

* support absolute windows path in unix reverse proxy address

* make IsUnixNetwork public, support +h2c and reuse it
* add new tests
2023-02-08 10:05:09 -07:00
WeidiDeng
c77a6bea66
reverseproxy: Log status code and byte count for websockets (#5140)
* log response size for websocket request

* record size when using hijack bufio.Writer
2023-02-06 16:14:59 -07:00
Francis Lavoie
12bcbe2c49
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources

* Add request to the IPRangeSource interface
2023-02-06 12:44:11 -07:00
Y.Horie
8d3a1b8bcb
caddyauth: Use singleflight for basic auth (#5344)
* caddyauth: Add singleflight for basic auth

* Fixes #5338
* it occurred the thunder herd problem like this https://medium.com/@mhrlife/avoid-duplicate-requests-while-filling-cache-98c687879f59

* Update modules/caddyhttp/caddyauth/basicauth.go

Fix comment

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-06 18:29:03 +00:00
Francis Lavoie
e62b5fb586
chore: Build with Go 1.20, keep minimum at 1.18 for now (#5353) 2023-02-06 11:29:20 -05:00
Francis Lavoie
201b9b41f9
chore: Fix warning "range variable captured by func literal" (#5348) 2023-01-31 03:07:57 -05:00
Matthew Holt
0a3efd1641
caddytls: Debug log for ask endpoint 2023-01-30 09:30:53 -07:00
Y.Horie
e9d95ab29f
reverseproxy: Add flag to short command to disable redirects (#5330)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Fixes undefined
2023-01-25 09:40:08 -05:00
David Frickert
962310204f
tracing: Support placeholders in span name (#5329)
Fixes https://github.com/caddyserver/caddy/issues/5171
2023-01-25 02:26:44 -05:00
Francis Lavoie
223cbe3d0b
caddyhttp: Add server-level trusted_proxies config (#5103) 2023-01-10 00:08:23 -05:00
Y.Horie
845bc4d50b
reverseproxy: Fix hanging for Transfer-Encoding: chunked (#5289)
* Fixes #5236
* enable request body buffering in reverse proxy
  when the request header has Transfer-Encoding: chunked
2023-01-09 00:13:34 -07:00
Emily Lange
e450a7377b
reverseproxy: Don't enable auto-https when --from flag is http (#5269) 2023-01-06 15:42:07 -05:00
Matt Holt
d74f6fd967
reverseproxy: Set origreq in active health check (#5284)
* reverseproxy: Set origreq in active health check

Fix #5281

* Oops; dereference Request
2023-01-06 15:06:38 -05:00
Yannick Ihmels
55035d327a
caddytls: Add dns_ttl config, improve Caddyfile tls options (#5287) 2023-01-06 14:44:00 -05:00
Matthew Holt
4e9ad50f65
fileserver: Add a couple test cases
With placeholders
2023-01-04 11:07:27 -07:00
darkweak
dac7cacd4d
encode: Respect Cache-Control no-transform (#5257)
* encode: respect Cache-Control HTTP header no-transform

* encode: switch to strings.Contains
2022-12-20 13:26:53 -07:00
Matthew Holt
fac35db9dc
go.mod: Update quic-go to v0.31.0
And fix a comment typo
2022-12-08 08:55:04 -07:00
Kyle McCullough
bfaf2a8201
acme_server: Configurable default lifetime for issued certificates (#5232)
* acme_server: add certificate lifetime configuration option

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

* pki: allow intermediate cert lifetime to be configured

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
2022-12-06 00:12:26 -07:00
Alban Lecocq
d4a7d89f56
reverseproxy: Improve hostByHashing distribution (#5229)
* If upstreams are all using same host but with different ports
ie:
foobar:4001
foobar:4002
foobar:4003
...
Because fnv-1a has not a good enough avalanche effect
Then the hostByHashing result is not well balanced over
all upstreams

As last byte FNV input tend to affect few bits, the idea is to change
the concatenation order between the key and the upstream strings
So the upstream last byte have more impact on hash diffusion
2022-12-05 11:28:12 -07:00
Matthew Holt
ae77a56ac8
Clarify some docs 2022-11-30 16:03:31 -07:00
Mariano Cano
6f8fe01da1
caddypki: Use go.step.sm/crypto to generate the PKI (#5217)
This commit replaces the use of github.com/smallstep/cli to generate the
root and intermediate certificates and uses go.step.sm/crypto instead.

It also upgrades the version of github.com/smallstep/certificates to the
latest version.
2022-11-23 20:47:42 -07:00
Francis Lavoie
ee7c92ec9b
reverseproxy: Mask the WS close message when we're the client (#5199)
* reverseproxy: Mask the WS close message when we're the client

* weakrand

* Bump golangci-lint version so path ignores work on Windows

* gofmt

* ugh, gofmt everything, I guess
2022-11-14 09:38:02 -07:00
Jonathan Garcia
33fdea8f26
caddypki: Prefer user-configured root instead of generating new one (#5189)
instead of generating a new root certificate at the default location
load the certificate from the configuration.
fixes: #5181
2022-11-08 12:13:46 -07:00
Alexander Graf
087f126cf4
caddyhttp: Canonicalize header field names (#5176) 2022-10-29 16:35:44 -04:00
XYenon
ed503118dd
caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161) 2022-10-24 11:57:50 -06:00
Matt Holt
a3ae146cbd
fileserver: Reject non-GET/HEAD requests (close #5166) (#5167)
* fileserver: Reject non-GET/HEAD requests (close #5166)

* Set Allow header according to RFC 9110 10.2.1
2022-10-24 10:23:57 -06:00
Matt Holt
4bf6cb4199
fileserver: Reject ADS and short name paths; trim trailing dots and spaces on Windows (#5148)
* fileserver: Reject ADS and short name paths

* caddyhttp: Trim trailing space and dot on Windows

Windows ignores trailing dots and spaces in filenames.

* Fix test

* Adjust path filters

* Revert Windows test

* Actually revert the test

* Just check for colons
2022-10-18 21:55:25 -06:00
Scott Mebberson
72e7edda1f
map: Clarified how destination values should be formatted (#5156) 2022-10-18 18:14:53 -06:00
Francis Lavoie
1cd594963e
docs: Fix templates documentation, stray newline breaks godoc (#5149) 2022-10-16 12:25:44 -04:00
Matt Holt
6bad878a22
httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off

* Try removing this check altogether...

* Refine test timeouts slightly, sigh

* caddyhttp: Assume udp for unrecognized network type

Seems like the reasonable thing to do if a plugin registers its own
network type.

* Add comment to document my lack of knowledge

* Clean up and prepare to merge

Add comments to try to explain what happened
2022-10-13 11:30:57 -06:00
Matt Holt
3e1fd2a8d4
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)

* Correct boolean logic (oops)
2022-10-12 09:27:08 -06:00
Abdussamet Koçak
33f60da9f2
fileserver: stop listing dir when request context is cancelled (#5131)
Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished.

Closes #5129
2022-10-08 12:56:35 -06:00
Francis Lavoie
99ffe93388
logging: Fix skip_hosts with wildcards (#5102)
Fix #4859
2022-10-05 12:14:13 -06:00
Matthew Holt
e07a267276
caddytest: Revise sleep durations
Attempt to reduce flakiness a bit more

Test suite needs to be rewritten.
2022-10-05 11:40:41 -06:00
Matt Holt
2153a81ec8
forwardauth: Canonicalize header fields (fix #5038) (#5097) 2022-10-05 01:37:01 -04:00
Francis Lavoie
ea58d51907
logging: Perform filtering on arrays of strings (where possible) (#5101)
* logging: Perform filtering on arrays of strings (where possible)

* Add test for ip_mask filter

* Oops, need to continue when it's not an IP

* Test for invalid IPs
2022-10-04 23:21:23 -06:00
Francis Lavoie
9e1d964bd6
logging: Add time_local option to use local time instead of UTC (#5108) 2022-10-05 00:23:14 -04:00
xufanglu
2be56c526c
fileserver: Treat invalid file path as NotFound (#5099)
treat invalid file path as notFound so that PassThru can work
2022-10-04 21:32:40 -06:00
Francis Lavoie
01e192edc9
logging: Better console encoder defaults (#5109)
This is something that has bothered me for a while, so I figured I'd do something about it now since I'm playing in the logging code lately.

The `console` encoder doesn't actually match the defaults that zap's default logger uses. This makes it match better with the rest of the logs when using the `console` encoder alongside somekind of filter, which requires you to configure an encoder to wrap.
2022-10-04 21:18:48 -06:00
iliana etaoin
b1d04f5b39
fileserver: better dark mode visited link contrast (#5105)
PR #4066 added a dark color scheme to the file_server browse template.
PR #4356 later set the links for the `:visited` pseudo-class, but did
not set anything for the dark mode, resulting in poor contrast. I
selected some new colors by feel.

This commit also adds an `a:visited:hover` for both, to go along with
the normal blue hover colors.
2022-10-01 18:14:27 -06:00
Matthew Holt
9873ff9918
caddyhttp: Remote IP prefix placeholders
See https://github.com/mholt/caddy-ratelimit/issues/12
2022-09-30 13:29:33 -06:00
Matt Holt
5e52bbb136
map: Remove infinite recursion check (#5094)
It was not accurate. Placeholders could be used in outputs that are
defined in the same mapping as long as that placeholder does not do the
same.

A more general solution would be to detect it at run-time in the
replacer directly, but that's a bit tedious
and will require allocations I think.

A better implementation of this check could still be done, but I don't
know if it would always be accurate. Could be a "best-effort" thing?
But I've also never heard of an actual case where someone configured
infinite recursion...
2022-09-29 12:46:38 -06:00
Matthew Holt
fcdbc69fab
Fix comment
I apparently read the diff backwards in
2a8c458ffe
2022-09-29 12:38:36 -06:00
Matthew Holt
2a8c458ffe
reverseproxy: Parse humanized byte size (fix #5095) 2022-09-29 12:37:06 -06:00
Matt Holt
e2991eb019
reverseproxy: On 103 don't delete own headers (#5091)
See #5074
2022-09-29 08:19:56 -06:00
Matt Holt
897a38958c
Merge pull request #5076 from caddyserver/fastcgi-redir
fastcgi: Redirect using original URI path (fix #5073) and rewrite: Only trim prefix if matched
2022-09-28 15:22:45 -06:00
Will Norris
61822f129b
caddyhttp: replace placeholders in map defaults (#5081)
This updates the map directive to replace placeholders in default values
in the same way as matched values.
2022-09-28 13:38:20 -06:00
Matt Holt
e3e8aabbcf
core: Refactor and improve listener logic (#5089)
* core: Refactor, improve listener logic

Deprecate:
- caddy.Listen
- caddy.ListenTimeout
- caddy.ListenPacket

Prefer caddy.NetworkAddress.Listen() instead.

Change:
- caddy.ListenQUIC (hopefully to remove later)
- caddy.ListenerFunc signature (add context and ListenConfig)

- Don't emit Alt-Svc header advertising h3 over HTTP/3

- Use quic.ListenEarly instead of quic.ListenEarlyAddr; this gives us
more flexibility (e.g. possibility of HTTP/3 over UDS) but also
introduces a new issue:
https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608

- Unlink unix socket before and after use

* Appease the linter

* Keep ListenAll
2022-09-28 13:35:51 -06:00
Matthew Holt
013b510352
rewrite: Only trim prefix if matched
See #5073
2022-09-28 00:13:12 -06:00
lemmi
d0556929a4
reverseproxy: fix upstream scheme handling in command (#5088)
e338648fed introduced multiple upstream
addresses. A comment notes that mixing schemes isn't supported and
therefore the first valid scheme is supposed to be used.

Fixes setting the first scheme.

fixes #5087
2022-09-27 13:03:30 -06:00
Matthew Holt
7041970059
headers: Support repeated WriteHeader if 1xx (fix #5074) 2022-09-23 17:11:53 -06:00
Matthew Holt
f7c1a51efb
fastcgi: Redirect using original URI path (fix #5073) 2022-09-23 14:36:38 -06:00
Matthew Holt
9206e8a738 Tweak some comments 2022-09-21 12:59:44 -06:00
Matt Holt
1426c97da5
core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063)
* core: Reuse unix sockets

* Don't serve HTTP/3 over unix sockets

This requires upstream support, if even useful

* Don't use unix build tag... yet

* Fix build tag

* Allow ErrNotExist when unlinking socket
2022-09-21 12:55:23 -06:00
WeidiDeng
44ad0cedaf
encode: don't WriteHeader unless called (#5060) 2022-09-21 08:30:42 -06:00
Matthew Holt
beb7dcbf2a
fileserver: Reinstate --debug flag
I think it got lost during a rebase or something
2022-09-20 16:56:02 -06:00
Francis Lavoie
e3d04ff86b
caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051) 2022-09-19 22:11:19 -06:00
Matt Holt
da8b7fe58f
caddyhttp: Honor grace period in background (#5043)
* caddyhttp: Honor grace period in background

This avoids blocking during config reloads.

* Don't quit process until servers shut down

* Make tests more likely to pass on fast CI (#5045)

* caddyhttp: Even faster shutdowns

Simultaneously shut down all HTTP servers, rather than one at a time.

In practice there usually won't be more than 1 that lingers. But this
code ensures that they all Shutdown() in their own goroutine
and then we wait for them at the end (if exiting).

We also wait for them to start up so we can be fairly confident the
shutdowns have begun; i.e. old servers no longer
accepting new connections.

* Fix comment typo

* Pull functions out of loop, for readability
2022-09-19 21:54:47 -06:00
Matthew Holt
0950ba4f0b
events: Make event data exported
This could lead to bugs if handlers are not careful, but it is surely
useful. We'll see how it goes, what the feedback is like, etc.
2022-09-19 16:20:58 -06:00
WeidiDeng
c7a6bc5934
caddyhttp: responseRecorder save status in all cases (#5049) 2022-09-17 18:47:53 -06:00
Matthew Holt
00beec2e34
caddyhttp: Fix write header on responseRecorder 2022-09-17 11:28:13 -06:00
Matthew Holt
e43b6d8178 core: Variadic Context.Logger(); soft deprecation
Ideally I'd just remove the parameter to caddy.Context.Logger(), but
this would break most Caddy plugins.

Instead, I'm making it variadic and marking it as partially deprecated.
In the future, I might completely remove the parameter once most
plugins have updated.
2022-09-16 16:55:36 -06:00
WeidiDeng
bffc258732
caddyhttp: Support configuring Server from handler provisioning (#4933)
* configuring http.Server from handlers.

* Minor tweaks

* Run gofmt

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-09-16 14:48:55 -06:00
David Manouchehri
616418281b
caddyhttp: Support TLS key logging for debugging (#4808)
* Add SSL key logging.

* Resolve merge conflict with master

* Add Caddyfile support; various fixes

* Also commit go.mod and go.sum, oops

* Appease linter

* Minor tweaks

* Add doc comment

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-16 14:05:37 -06:00
Matt Holt
74547f5bed
caddyhttp: Make metrics opt-in (#5042)
* caddyhttp: Make metrics opt-in

Related to #4644

* Make configurable in Caddyfile
2022-09-16 13:32:49 -06:00
Matthew Holt
258071d857
caddytls: Debug log on implicit tailscale error (#5041) 2022-09-16 09:42:05 -06:00
Matthew Holt
b6cec37893
caddyhttp: Add --debug flag to commands
file-server and reverse-proxy

This might be useful!
2022-09-15 23:10:16 -06:00
WeidiDeng
48d723c07c
encode: Fix Accept-Ranges header; HEAD requests (#5039)
* fix encode handler header manipulation
also avoid implementing ReadFrom because it breaks when io.Copied to directly

* strconv.Itoa should be tried as a last resort
WriteHeader during Close
2022-09-15 16:05:08 -06:00
Isaac Parker
e338648fed
reverseproxy: Support repeated --to flags in command (#4693)
* feat: Multiple 'to' upstreams in reverse-proxy cmd

* Repeat --to for multiple upstreams, rather than comma-separating in a single flag

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-15 12:35:38 -06:00
Francis Lavoie
9ad0ebc956
caddyhttp: Add 'skip_log' var to omit request from logs (#4691)
* caddyhttp: Implement `skip_log` handler

* Refactor to use vars middleware

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-15 10:05:36 -06:00
Matthew Holt
754fe4f7b4
httpcaddyfile: Fix sorting of repeated directives
Fixes #5037
2022-09-13 13:43:21 -06:00
Matthew Holt
20d487be57
caddyhttp: Very minor optimization to path matcher
If * is in the matcher it will always match so we can just put it first.
2022-09-13 11:26:10 -06:00
Francis Lavoie
61c75f74de
caddyhttp: Explicitly disallow multiple regexp matchers (#5030)
* caddyhttp: Explicitly disallow multiple regexp matchers

Fix #5028

Since the matchers would overwrite eachother, we should error out to tell the user their config doesn't make sense.

* Update modules/caddyhttp/matchers.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-09-13 11:18:37 -06:00
Matthew Holt
d35f618b10
caddytls: Error if placeholder is empty in 'ask'
Fixes #5036
2022-09-13 08:59:03 -06:00
Matthew Holt
076a8b8095
Very minor tweaks 2022-09-08 13:10:40 -06:00