Knowing whether Caddy is running in a container is super-useful for
debugging and troubleshooting, as well as for making development-time
decisions, because Docker is one of the top contributors to our
user support burden.
Thanks to Eldin for helping to test it.
* Enabled configurable Timeout for the proxy directive
* Added Test for reverse for proxy timeout
* Removed Duplication in proxy constructors
* Remove indirection from multiple constructors and refactor into one
* Fix inconsistent error message and refactor dialer initialization
* caddyfile: More robust parsing for 'import' (fixes#2096)
The fix for hanging involves limiting the number of wildcards in an
import pattern to just 1. Otherwise some patterns can expand to the
entire disk.
The other fix requires that the end string for an environment variable
expansion come after the start string.
* caddyfile: Fix more fuzzing errors
- Introduce StrictHostMatching mode for sites that require clientauth
- Error if QUIC is enabled whilst TLS clientauth is configured
(Our QUIC implementation does not yet support TLS clientauth, but
maybe it will in the future - fixes#2095)
- Error if one but not all TLS configs for the same hostname have a
different ClientAuth CA pool
* proof of concept
* Initial implementation with debug code
* Tidy up debug code
* remove unneeded import
* removed extra line
* Move ShouldLog function to rule entry Logger type
* add tests for ShouldLog
* Added tests for log exceptions
* Fix logic
* fix govet fail for test
* Updates requested for code clarity
* Update requested for style
* log: Minor style tweaks to logic of log exceptions
An attempt to future-proof older Caddy instances so that they won't
keep trying to send telemetry to endpoints that just simply aren't
going to be available
* caddy: Purge event hooks after USR1 reload
* caddy: Remove event hook purge logging
* caddy: Remove deleteEventHook
* caddy: use old event hooks in case of an unsuccessful restart
* caddy: implement restoreEventHooks
Also add SSL_PROTOCOL and SSL_CIPHER env vars for fastcgi.
* Implement placeholders for ssl_protocol and ssl_cipher
* gofmt
* goimports
* Housekeeping and implement as {tls_protocol} and {tls_cipher}
* tls: Fall back to certificate keyed by empty name (fixes#2035)
This should only happen for sites defined with an empty hostname (like
":8080") and which are using self-signed certificates or some other
funky self-managed certificate. But that certificate should arguably
be used for all incoming SNI names.
* tls: Revert to serving any certificate if no match, regardless of SNI
Also fix self-signed certs to include IP addresses in their name
if they are configured to serve an IP address
* Remove tests which are now irrelevant (behavior reverted)
It would be good to revisit this in the future.
