Commit Graph

1215 Commits

Author SHA1 Message Date
Matthew Holt
c827a71d5d Version 0.8.2 2016-02-25 10:26:42 -07:00
Matthew Holt
2ecc837020 templates: .Truncate can truncate from end of string if length is negative 2016-02-24 20:32:26 -07:00
Matthew Holt
c37ad7f677 Only write error message/page if body not already written (fixes #567)
Based on work started in, and replaces, #614
2016-02-24 19:50:46 -07:00
Matthew Holt
737c7c4372 fastcgi: Only perform extra copy if necessary; added tests 2016-02-24 16:42:01 -07:00
Matt Holt
367397dbd6 Merge pull request #623 from xlab/f/docflags
markdown: Implement .DocFlags and tests
2016-02-24 14:45:22 -07:00
Matt Holt
a2dbfdc10e Merge pull request #636 from humboldtux/fastcgi-cl
fastcgi: Explicitly set Content-Length (fixes #626)
2016-02-24 14:39:15 -07:00
Benoit Benedetti
ef5f9c771d FastCGI: Explicitly set Content-Length #626 2016-02-24 22:11:07 +01:00
Matthew Holt
05957b4965 gzip: Implement http.Hijacker (fixes #635) 2016-02-24 12:23:50 -07:00
Matt Holt
72fcdec8d8 Merge pull request #627 from ax-nathan/master
rewrite: Allow status to be 2xx or 4xx.
2016-02-24 11:01:54 -07:00
Nathan Probst
f4bb43781c Remove unneeded Regexp from tests. 2016-02-24 10:28:06 -07:00
Matt Holt
197297b0d7 Merge pull request #628 from elcore/master
tls: Add SHA384 ciphers
2016-02-23 15:14:24 -07:00
elcore
a541eb7899 Adding new cipher suites 2016-02-23 21:23:13 +00:00
Nathan Probst
2ea6c95ac4 Allow rewrite status codes to be 2xx and 4xx. 2016-02-22 15:30:55 -07:00
Maxim Kupriianov
c7674e2060 Implement .DocFlags directive and tests. It holds all the boolean-typed front matter values. 2016-02-22 13:53:47 +03:00
Matt Holt
c12847e5ba Merge pull request #620 from humboldtux/recorder
middleware: Export ResponseRecorder and add a couple getter methods
2016-02-20 15:17:45 -07:00
Benoit Benedetti
bec130a563 Recorder: Exporting ResponseRecorder #614 2016-02-20 23:10:04 +01:00
Matthew Holt
09b7ce6c93 Try to get Go 1.6 on appveyor 2016-02-19 18:07:48 -07:00
Matt Holt
b860be01bb Merge pull request #615 from 1lann/master
errors: Set missing Content-Type for plaintext error messages
2016-02-19 14:52:43 -07:00
Matthew Holt
f7b5187bf3 server: Add "Referer" to log entry when host not found 2016-02-19 13:34:54 -07:00
Matthew Holt
09a7af8cae https: Wait as long as possible to create ACME client at startup (fixes #617) 2016-02-19 10:33:01 -07:00
Jason Chu
5f2670fdde Fix missing Content-Type for certain errors
And corrected an error in a copy and pasted comment
2016-02-20 00:42:17 +08:00
Matthew Holt
ecf913e58d Update change log 2016-02-18 20:57:38 -07:00
Matthew Holt
d05f89294e https: Minor refactoring and some new tests 2016-02-18 20:33:15 -07:00
Matthew Holt
1ef7f3c4b1 Remove path scoping for middleware slice
It was implemented for almost a year but we'll probably never use it, especially since we'll match more than the path in the future.
2016-02-17 18:11:03 -07:00
Matthew Holt
f25ae8230f Move to Go 1.6 and set CGO_ENABLED=0 in tests 2016-02-17 16:08:25 -07:00
Matthew Holt
1cfd960f3c Bug fixes and other improvements to TLS functions
Now attempt to staple OCSP even for certs that don't have an existing staple (issue #605). "tls off" short-circuits tls setup function. Now we call getEmail() when setting up an acme.Client that does renewals, rather than making a new account with empty email address. Check certificate expiry every 12 hours, and OCSP every hour.
2016-02-15 23:39:04 -07:00
Matt Holt
2dba44327a Merge pull request #600 from jacobhands/betterlogging
Rotate process log
2016-02-14 23:32:50 -07:00
Matthew Holt
cae9f7de9c gofmt -s; fix misspellings and lint; Go 1.5.3 in Travis CI 2016-02-14 00:10:57 -07:00
Matthew Holt
a11e14aca8 Fix HTTPS config for empty/no Caddyfile
This fixes a regression introduced in recent commits that enabled TLS on the default ":2015" config. This fix is possible because On-Demand TLS is no longer implicit; it must be explicitly enabled by the user by setting a maximum number of certificates to issue.
2016-02-12 13:04:24 -07:00
Jacob Hands
dc63e50172 Use rotating log files 2016-02-12 08:30:47 -06:00
Matthew Holt
04c7c442c5 https: Only create ACMEClient if it's actually going to be used
Otherwise it tries to create an account and stuff at first start, even without a Caddyfile or when serving localhost.
2016-02-11 16:20:59 -07:00
Matthew Holt
7bd2adf0dc Fix edge case related to reloaded configs and ACME challenge
If Caddy is running but not listening on port 80, reloading Caddy with a new Caddyfile that needs to obtain a TLS cert from the CA would fail, because it was just assumed that, if reloading, port 80 as already in use. That is not always the case, so we scan the servers to see if one of them is listening on port 80, and we configure the ACME client accordingly. Kind of a hack... but it works.
2016-02-11 15:37:51 -07:00
Matthew Holt
1fe39e4633 Additional mitigation for on-demand TLS
After 10 certificates are issued, no new certificate requests are allowed for 10 minutes after a successful issuance.
2016-02-11 14:27:57 -07:00
Matthew Holt
216a617249 tls: Some bug fixes, basic rate limiting, max_certs setting 2016-02-11 13:48:52 -07:00
Matthew Holt
d25a3e95e4 Merge branch 'master' into getcertificate 2016-02-11 00:06:23 -07:00
Matthew Holt
11103bd8d6 Major refactor of all HTTPS/TLS/ACME code
Biggest change is no longer using standard library's tls.Config.getCertificate function to get a certificate during TLS handshake. Implemented our own cache which can be changed dynamically at runtime, even during TLS handshakes. As such, restarts are no longer required after certificate renewals or OCSP updates.

We also allow loading multiple certificates and keys per host, even by specifying a directory (tls got a new 'load' command for that).

Renamed the letsencrypt package to https in a gradual effort to become more generic; and https is more fitting for what the package does now.

There are still some known bugs, e.g. reloading where a new certificate is required but port 80 isn't currently listening, will cause the challenge to fail. There's still plenty of cleanup to do and tests to write. It is especially confusing right now how we enable "on-demand" TLS during setup and keep track of that. But this change should basically work so far.
2016-02-11 00:06:05 -07:00
Matt Holt
f1ba7fa343 Merge pull request #467 from eiszfuchs/feature/proxy-socket
proxy: Support unix sockets
2016-02-10 11:52:57 -07:00
eiszfuchs
7091a2090b created http.Transport and tests for unix sockets 2016-02-10 19:45:31 +01:00
Matt Holt
57ffe5a619 Merge pull request #591 from Barberrrry/master
fastcgi: New function DialWithDialer to create FCGIClient with custom Dialer.
2016-02-10 09:06:29 -07:00
Vadim Petrov
b1208d3fdf New function DialWithDialer to create FCGIClient with custom Dialer. 2016-02-10 18:03:43 +03:00
Matt Holt
b089d14b67 Merge pull request #548 from captncraig/register
Making directives externally registerable
2016-02-05 10:10:10 -07:00
Craig Peterson
e72fc20c78 making directives externally registerable 2016-02-05 10:03:20 -07:00
Matt Holt
5b7e0361dd Merge pull request #573 from miekg/markdown-directive
templates: Add .Markdown directive
2016-02-04 13:59:34 -07:00
Miek Gieben
86f36bdb61 Add .Markdown directive
This allows any template to use:
{{.Markdown "filename"}} which will convert the markdown contents
of filename to HTML and then include the HTML in the template.
2016-02-04 20:54:19 +00:00
Matt Holt
3278106421 Merge pull request #572 from miekg/markdown-def-lists
markdown: enable definition lists
2016-02-04 10:20:17 -07:00
Matt Holt
f9b8e31ad7 Merge pull request #571 from incon/log-remote-host
When the requested host is not found, log the remote host.
2016-02-04 07:42:05 -07:00
Miek Gieben
fbdfc979ec Markdown: enable definition lists 2016-02-04 11:21:44 +00:00
David Darrell
2acaf2fa6f Move logic to split the port to only happen when the host is not found. 2016-02-04 16:17:10 +08:00
David Darrell
f4fcfa8793 When the requested host is not found log the remote host. 2016-02-04 12:46:24 +08:00
Matt Holt
79db939259 Merge pull request #551 from denquixote/acmehandlehost
letsencrypt: properly retrieve hostname from request.
2016-02-01 09:23:03 -07:00