Commit Graph

819 Commits

Author SHA1 Message Date
Francis Lavoie
85375861f6
caddyhttp: Fix vars_regexp matcher with placeholders (#5408)
Changed to match the `vars` matcher's logic for handling placeholders
2023-03-02 09:01:54 -07:00
Emily Lange
941eae5f61
reverseproxy: allow specifying ip version for dynamic a upstream (#5401)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-02-27 17:23:09 +00:00
Francis Lavoie
960150bb03
caddyfile: Implement heredoc support (#5385) 2023-02-26 00:34:27 +00:00
Francis Lavoie
9e6919550b
cmd: Expand cobra support, add short flags (#5379)
* cmd: Expand cobra support

* Convert commands to cobra, add short flags

* Fix version command typo

Co-authored-by: Emily Lange <git@indeednotjames.com>

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Emily Lange <git@indeednotjames.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-24 16:09:12 -07:00
Mohammed Al Sahaf
e3909cc385
reverseproxy: refactor HTTP transport layer (#5369)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2023-02-24 19:54:04 +00:00
Francis Lavoie
5ded580444
cmd: Adjust documentation for commands (#5377) 2023-02-16 09:14:07 -07:00
Matt Holt
4b119a475f
reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
* reverseproxy: Don't buffer chunked requests (fix #5366)

Mostly reverts 845bc4d50b (#5289)

Adds warning for unsafe config.

Deprecates unsafe properties in favor of simpler, safer designed ones.

* Update modules/caddyhttp/reverseproxy/caddyfile.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Update modules/caddyhttp/reverseproxy/reverseproxy.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Update modules/caddyhttp/reverseproxy/reverseproxy.go

Co-authored-by: Y.Horie <u5.horie@gmail.com>

* Remove unused code

---------

Co-authored-by: Y.Horie <u5.horie@gmail.com>
2023-02-11 17:25:29 -07:00
Francis Lavoie
90798f3eea
go.mod: Upgrade various dependencies (#5362)
* chore: Upgrade various dependencies

* Support CEL file matcher with no args

* Document `http.request.orig_uri.path.*`, reorder placeholders in docs

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-08 17:49:17 +00:00
Steffen Brüheim
536c28d4dc
core: Support Windows absolute paths for UDS proxy upstreams (#5114)
* added some tests for parseUpstreamDialAddress

Test 4 fails because it produces "[[::1]]:80" instead of "[::1]:80"

* support absolute windows path in unix reverse proxy address

* make IsUnixNetwork public, support +h2c and reuse it
* add new tests
2023-02-08 10:05:09 -07:00
WeidiDeng
c77a6bea66
reverseproxy: Log status code and byte count for websockets (#5140)
* log response size for websocket request

* record size when using hijack bufio.Writer
2023-02-06 16:14:59 -07:00
Francis Lavoie
12bcbe2c49
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources

* Add request to the IPRangeSource interface
2023-02-06 12:44:11 -07:00
Y.Horie
8d3a1b8bcb
caddyauth: Use singleflight for basic auth (#5344)
* caddyauth: Add singleflight for basic auth

* Fixes #5338
* it occurred the thunder herd problem like this https://medium.com/@mhrlife/avoid-duplicate-requests-while-filling-cache-98c687879f59

* Update modules/caddyhttp/caddyauth/basicauth.go

Fix comment

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-02-06 18:29:03 +00:00
Francis Lavoie
e62b5fb586
chore: Build with Go 1.20, keep minimum at 1.18 for now (#5353) 2023-02-06 11:29:20 -05:00
Francis Lavoie
201b9b41f9
chore: Fix warning "range variable captured by func literal" (#5348) 2023-01-31 03:07:57 -05:00
Y.Horie
e9d95ab29f
reverseproxy: Add flag to short command to disable redirects (#5330)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Fixes undefined
2023-01-25 09:40:08 -05:00
David Frickert
962310204f
tracing: Support placeholders in span name (#5329)
Fixes https://github.com/caddyserver/caddy/issues/5171
2023-01-25 02:26:44 -05:00
Francis Lavoie
223cbe3d0b
caddyhttp: Add server-level trusted_proxies config (#5103) 2023-01-10 00:08:23 -05:00
Y.Horie
845bc4d50b
reverseproxy: Fix hanging for Transfer-Encoding: chunked (#5289)
* Fixes #5236
* enable request body buffering in reverse proxy
  when the request header has Transfer-Encoding: chunked
2023-01-09 00:13:34 -07:00
Emily Lange
e450a7377b
reverseproxy: Don't enable auto-https when --from flag is http (#5269) 2023-01-06 15:42:07 -05:00
Matt Holt
d74f6fd967
reverseproxy: Set origreq in active health check (#5284)
* reverseproxy: Set origreq in active health check

Fix #5281

* Oops; dereference Request
2023-01-06 15:06:38 -05:00
Matthew Holt
4e9ad50f65
fileserver: Add a couple test cases
With placeholders
2023-01-04 11:07:27 -07:00
darkweak
dac7cacd4d
encode: Respect Cache-Control no-transform (#5257)
* encode: respect Cache-Control HTTP header no-transform

* encode: switch to strings.Contains
2022-12-20 13:26:53 -07:00
Matthew Holt
fac35db9dc
go.mod: Update quic-go to v0.31.0
And fix a comment typo
2022-12-08 08:55:04 -07:00
Alban Lecocq
d4a7d89f56
reverseproxy: Improve hostByHashing distribution (#5229)
* If upstreams are all using same host but with different ports
ie:
foobar:4001
foobar:4002
foobar:4003
...
Because fnv-1a has not a good enough avalanche effect
Then the hostByHashing result is not well balanced over
all upstreams

As last byte FNV input tend to affect few bits, the idea is to change
the concatenation order between the key and the upstream strings
So the upstream last byte have more impact on hash diffusion
2022-12-05 11:28:12 -07:00
Matthew Holt
ae77a56ac8
Clarify some docs 2022-11-30 16:03:31 -07:00
Francis Lavoie
ee7c92ec9b
reverseproxy: Mask the WS close message when we're the client (#5199)
* reverseproxy: Mask the WS close message when we're the client

* weakrand

* Bump golangci-lint version so path ignores work on Windows

* gofmt

* ugh, gofmt everything, I guess
2022-11-14 09:38:02 -07:00
Alexander Graf
087f126cf4
caddyhttp: Canonicalize header field names (#5176) 2022-10-29 16:35:44 -04:00
XYenon
ed503118dd
caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161) 2022-10-24 11:57:50 -06:00
Matt Holt
a3ae146cbd
fileserver: Reject non-GET/HEAD requests (close #5166) (#5167)
* fileserver: Reject non-GET/HEAD requests (close #5166)

* Set Allow header according to RFC 9110 10.2.1
2022-10-24 10:23:57 -06:00
Matt Holt
4bf6cb4199
fileserver: Reject ADS and short name paths; trim trailing dots and spaces on Windows (#5148)
* fileserver: Reject ADS and short name paths

* caddyhttp: Trim trailing space and dot on Windows

Windows ignores trailing dots and spaces in filenames.

* Fix test

* Adjust path filters

* Revert Windows test

* Actually revert the test

* Just check for colons
2022-10-18 21:55:25 -06:00
Scott Mebberson
72e7edda1f
map: Clarified how destination values should be formatted (#5156) 2022-10-18 18:14:53 -06:00
Francis Lavoie
1cd594963e
docs: Fix templates documentation, stray newline breaks godoc (#5149) 2022-10-16 12:25:44 -04:00
Matt Holt
6bad878a22
httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off

* Try removing this check altogether...

* Refine test timeouts slightly, sigh

* caddyhttp: Assume udp for unrecognized network type

Seems like the reasonable thing to do if a plugin registers its own
network type.

* Add comment to document my lack of knowledge

* Clean up and prepare to merge

Add comments to try to explain what happened
2022-10-13 11:30:57 -06:00
Matt Holt
3e1fd2a8d4
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)

* Correct boolean logic (oops)
2022-10-12 09:27:08 -06:00
Abdussamet Koçak
33f60da9f2
fileserver: stop listing dir when request context is cancelled (#5131)
Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished.

Closes #5129
2022-10-08 12:56:35 -06:00
Francis Lavoie
99ffe93388
logging: Fix skip_hosts with wildcards (#5102)
Fix #4859
2022-10-05 12:14:13 -06:00
Matthew Holt
e07a267276
caddytest: Revise sleep durations
Attempt to reduce flakiness a bit more

Test suite needs to be rewritten.
2022-10-05 11:40:41 -06:00
Matt Holt
2153a81ec8
forwardauth: Canonicalize header fields (fix #5038) (#5097) 2022-10-05 01:37:01 -04:00
xufanglu
2be56c526c
fileserver: Treat invalid file path as NotFound (#5099)
treat invalid file path as notFound so that PassThru can work
2022-10-04 21:32:40 -06:00
iliana etaoin
b1d04f5b39
fileserver: better dark mode visited link contrast (#5105)
PR #4066 added a dark color scheme to the file_server browse template.
PR #4356 later set the links for the `:visited` pseudo-class, but did
not set anything for the dark mode, resulting in poor contrast. I
selected some new colors by feel.

This commit also adds an `a:visited:hover` for both, to go along with
the normal blue hover colors.
2022-10-01 18:14:27 -06:00
Matthew Holt
9873ff9918
caddyhttp: Remote IP prefix placeholders
See https://github.com/mholt/caddy-ratelimit/issues/12
2022-09-30 13:29:33 -06:00
Matt Holt
5e52bbb136
map: Remove infinite recursion check (#5094)
It was not accurate. Placeholders could be used in outputs that are
defined in the same mapping as long as that placeholder does not do the
same.

A more general solution would be to detect it at run-time in the
replacer directly, but that's a bit tedious
and will require allocations I think.

A better implementation of this check could still be done, but I don't
know if it would always be accurate. Could be a "best-effort" thing?
But I've also never heard of an actual case where someone configured
infinite recursion...
2022-09-29 12:46:38 -06:00
Matthew Holt
fcdbc69fab
Fix comment
I apparently read the diff backwards in
2a8c458ffe
2022-09-29 12:38:36 -06:00
Matthew Holt
2a8c458ffe
reverseproxy: Parse humanized byte size (fix #5095) 2022-09-29 12:37:06 -06:00
Matt Holt
e2991eb019
reverseproxy: On 103 don't delete own headers (#5091)
See #5074
2022-09-29 08:19:56 -06:00
Matt Holt
897a38958c
Merge pull request #5076 from caddyserver/fastcgi-redir
fastcgi: Redirect using original URI path (fix #5073) and rewrite: Only trim prefix if matched
2022-09-28 15:22:45 -06:00
Will Norris
61822f129b
caddyhttp: replace placeholders in map defaults (#5081)
This updates the map directive to replace placeholders in default values
in the same way as matched values.
2022-09-28 13:38:20 -06:00
Matt Holt
e3e8aabbcf
core: Refactor and improve listener logic (#5089)
* core: Refactor, improve listener logic

Deprecate:
- caddy.Listen
- caddy.ListenTimeout
- caddy.ListenPacket

Prefer caddy.NetworkAddress.Listen() instead.

Change:
- caddy.ListenQUIC (hopefully to remove later)
- caddy.ListenerFunc signature (add context and ListenConfig)

- Don't emit Alt-Svc header advertising h3 over HTTP/3

- Use quic.ListenEarly instead of quic.ListenEarlyAddr; this gives us
more flexibility (e.g. possibility of HTTP/3 over UDS) but also
introduces a new issue:
https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608

- Unlink unix socket before and after use

* Appease the linter

* Keep ListenAll
2022-09-28 13:35:51 -06:00
Matthew Holt
013b510352
rewrite: Only trim prefix if matched
See #5073
2022-09-28 00:13:12 -06:00
lemmi
d0556929a4
reverseproxy: fix upstream scheme handling in command (#5088)
e338648fed introduced multiple upstream
addresses. A comment notes that mixing schemes isn't supported and
therefore the first valid scheme is supposed to be used.

Fixes setting the first scheme.

fixes #5087
2022-09-27 13:03:30 -06:00