Commit Graph

1819 Commits

Author SHA1 Message Date
Aziz Rmadi
cbbd1df904
core: Always make AppDataDir for InstanceID (#5976) 2023-12-13 07:39:10 -07:00
Benjamin Marwell
7d919af01b
chore: cross-build for AIX (#5971) 2023-12-11 12:55:04 +00:00
Matt Holt
4a09cf0dc0
caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Log out remote addr to detect abuse

* caddytls: Sync distributed storage cleaning

* Handle errors

* Update certmagic to fix tiny bug

* Split off port when logging remote IP

* Upgrade CertMagic
2023-12-07 11:00:02 -07:00
Andreas Kohn
b24ae63ea6
caddytls: Context to DecisionFunc (#5923)
See https://github.com/caddyserver/certmagic/pull/255
2023-12-07 10:40:13 -07:00
Mohammed Al Sahaf
4173e2c77a
tls: accept placeholders in string values of certificate loaders (#5963)
* tls: loader: accept placeholders in string values

* appease the linter
2023-12-04 09:23:15 -07:00
Matt Holt
18f34290d2
templates: Offically make templates extensible (#5939)
* templates: Offically make templates extensible

This supercedes #4757 (and #4568) by making template extensions
configurable.

The previous implementation was never documented AFAIK and had only
1 consumer, which I'll notify as a courtesy.

* templates: Add 'maybe' function for optional components

* Try to fix lint error
2023-11-28 09:39:14 -07:00
WeidiDeng
22eecdb90c
http2 uses new round-robin scheduler (#5946) 2023-11-24 01:54:27 +00:00
WeidiDeng
4de2c1c65e
panic when reading from backend failed to propagate stream error (#5952) 2023-11-23 03:18:18 -05:00
dlorenc
878d491834
chore: Bump otel to v1.21.0. (#5949)
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
2023-11-22 17:02:13 +03:00
WeidiDeng
96f638eaad
httpredirectlistener: Only set read limit for when request is HTTP (#5917) 2023-11-20 12:31:36 +00:00
Matthew Holt
7e52db8280
fileserver: Add .m4v for browse template icon 2023-11-14 13:39:57 -07:00
Mohammed Al Sahaf
3b3d678714
Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) 2023-11-01 13:17:02 -04:00
WeidiDeng
ee358550e4
go.mod: update quic-go version to v0.40.0 (#5922) 2023-10-31 14:05:34 -04:00
Marten Seemann
3f55efcfde
update quic-go to v0.39.3 (#5918) 2023-10-27 07:52:12 -04:00
WeidiDeng
f71d779009
chore: Fix usage pool comment (#5916) 2023-10-25 23:05:20 -04:00
Mohammed Al Sahaf
d949caf459
test: acmeserver: add smoke test for the ACME server directory (#5914) 2023-10-24 13:59:53 -04:00
Mariano Cano
ac0ad4da84
Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.

Fixes #5911

Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
2023-10-23 21:02:11 -04:00
Francis Lavoie
4c10a05431
caddyhttp: Adjust scheme placeholder docs (#5910) 2023-10-22 17:47:16 -04:00
Matthew Holt
fe2a02bf7a
go.mod: Upgrade quic-go to v0.39.1 2023-10-20 15:23:35 -06:00
Ethan Brown (Domino)
9fc55a9792
go.mod: CVE-2023-45142 Update opentelemetry (#5908) 2023-10-20 21:15:48 +00:00
Francis Lavoie
4e8245df0b
templates: Delete headers on httpError to reset to clean slate (#5905) 2023-10-18 16:43:14 -06:00
Francis Lavoie
ac1f20b9e4
httpcaddyfile: Remove port from logger names (#5881)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-16 23:57:03 -06:00
Matt Holt
174c19a953
core: Apply SO_REUSEPORT to UDP sockets (#5725)
* core: Apply SO_REUSEPORT to UDP sockets

For some reason, 10 months ago when I implemented SO_REUSEPORT
for TCP, I didn't realize, or forgot, that it can be used for UDP too. It is a
much better solution than using deadline hacks to reuse a socket, at
least for TCP.

Then https://github.com/mholt/caddy-l4/issues/132 was posted,
in which we see that UDP servers never actually stopped when the
L4 app was stopped. I verified this using this command:

    $ nc -u 127.0.0.1 55353

combined with POSTing configs to the /load admin endpoint (which
alternated between an echo server and a proxy server so I could tell
which config was being used).

I refactored the code to use SO_REUSEPORT for UDP, but of course
we still need graceful reloads on all platforms, not just Unix, so I
also implemented a deadline hack similar to what we used for
TCP before. That implementation for TCP was not perfect, possibly
having a logical (not data) race condition; but for UDP so far it
seems to be working. Verified the same way I verified that SO_REUSEPORT
works.

I think this code is slightly cleaner and I'm fairly confident this code
is effective.

* Check error

* Fix return

* Fix var name

* implement Unwrap interface and clean up

* move unix packet conn to platform specific file

* implement Unwrap for unix packet conn

* Move sharedPacketConn into proper file

* Fix Windows

* move sharedPacketConn and fakeClosePacketConn to proper file

---------

Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2023-10-16 22:17:32 -06:00
Harish Shan
c8559c4485
caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* Use sync.Pool to reduce lengthReader allocations

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>

* Add defer putLengthReader to prevent leak

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>

* Cleanup in putLengthReader

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-10-16 14:42:01 -06:00
Thanmay Nath
24b0ecc310
cmd: Add newline character to version string in CLI output (#5895) 2023-10-16 09:58:32 -06:00
WeidiDeng
7c82e265da
core: quic listener will manage the underlying socket by itself (#5749)
* core: quic listener will manage the underlying socket by itself.

* format code

* rename sharedQUICTLSConfig to sharedQUICState, and it will now manage the number of active requests

* add comment

* strict unwrap type

* fix unwrap

* remove comment
2023-10-16 09:28:15 -06:00
Francis Lavoie
0900844c81
templates: Clarify include args docs, add .ClientIP (#5898) 2023-10-15 20:58:46 -04:00
Francis Lavoie
7984e6f6fd
httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) 2023-10-14 14:23:50 -06:00
Mohammed Al Sahaf
d70608b656
cmd: upgrade: resolve symlink of the executable (#5891) 2023-10-13 17:19:22 -04:00
WeidiDeng
1f60328e17
caddyfile: Fix variadic placeholder false positive when token contains : (#5883) 2023-10-13 02:28:20 -04:00
Norman Soetbeer
0e204b730a
admin: Respond with 4xx on non-existing config path (#5870)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-11 20:24:29 +00:00
Francis Lavoie
fae195ac7e
ci: Force the Go version for govulncheck (#5879) 2023-10-11 20:09:02 +00:00
Forza
130f6d1f83
fileserver: Set canonical URL on browse template (#5867)
* Browse.html: Add canonical URL and home-link

When contents are equal, but maybe just a sort order is different, it is good to add `<link rel="canonical" href="base-path/" />`. This helps search engines propeely index the page.

I also added a link to the home page with the name of `{{.Host}}` just above the bread crumbs to make the page clearer.

https://paste.tnonline.net/files/28Wun5CQZiqA_Screenshot_20231007_134435_Opera.png

* Update browse.html
2023-10-11 13:47:38 -06:00
Bas Westerbaan
289934f3d1
tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)
… when compiled with cfgo (https://github.com/cloudflare/go).
2023-10-11 13:45:37 -06:00
Matt Holt
3a3182fba3
reverseproxy: Add more debug logs (#5793)
* reverseproxy: Add more debug logs

This makes debug logging very noisy when reverse proxying, but I guess
that's the point.

This has shown to be useful in troubleshooting infrastructure issues.

* Update modules/caddyhttp/reverseproxy/streaming.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Update modules/caddyhttp/reverseproxy/streaming.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Add opt-in `trace_logs` option

* Rename to VerboseLogs

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-10-11 13:36:20 -06:00
Francis Lavoie
e8b8d4a8cd
reverseproxy: Fix least_conn policy regression (#5862) 2023-10-11 16:04:28 +00:00
Francis Lavoie
a8586b05aa
reverseproxy: Add logging for dynamic A upstreams (#5857) 2023-10-11 09:50:44 -06:00
Francis Lavoie
05dbe1c171
reverseproxy: Replace health header placeholders (#5861) 2023-10-11 09:50:28 -06:00
Francis Lavoie
33d8d2c6b5
httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
* httpcaddyfile: Sort TLS SNI matcher, for deterministic adapt output

* Update caddyconfig/httpcaddyfile/httptype.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-11 09:47:07 -06:00
Francis Lavoie
9c419f1e1a
cmd: Fix exiting with custom status code, add caddy -v (#5874)
* Simplify variables for commands

* Add --envfile support for adapt command

* Carry custom status code for commands to os.Exit()

* cmd: add `-v` and `--version` to root caddy command

* Add `--envfile` to `caddy environ`, extract flag parsing to func

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-10-11 09:46:18 -06:00
Fred Cox
b245ecd325
reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) 2023-10-11 04:42:40 -04:00
Francis Lavoie
2a6859a5e4
reverseproxy: Fix retries on "upstreams unavailable" error (#5841) 2023-10-10 22:07:20 +00:00
Đỗ Trọng Hải
df99502977
httpcaddyfile: Enable TLS for catch-all site if tls directive is specified (#5808) 2023-10-10 21:46:39 +00:00
Christoph
e0aaefab80
encode: Add application/wasm* to the default content types (#5869) 2023-10-10 21:18:37 +00:00
Kévin Dunglas
fa5a579b60
fileserver: Add command shortcuts -l and -a (#5854) 2023-10-10 20:57:18 +00:00
Matthew Holt
88b4fbf244
go.mod: Upgrade dependencies incl. x/net/http
Possibly important for the HTTP/2 Rapid Reset issue.
2023-10-10 12:01:20 -06:00
Thanmay Nath
5653c36bc2
templates: Add dummy RemoteAddr to httpInclude request, proxy compatibility (#5845)
* Enhancement: Allow X-Forwarded-For Header in httpInclude Virtual Requests

The goal of this enhancement is to modify the funcHTTPInclude function in the Caddy codebase to include the X-Forwarded-For header in the virtual request. This change will enable reverse proxies to set the X-Forwarded-For header, ensuring that the client's IP address is correctly provided to the target endpoint. This modification is essential for applications that depend on the X-Forwarded-For header for various functionalities, such as authentication, logging, or content customization.

* Updated tplcontext.go - set `virtReq.RemoteAddr = "127.0.0.1"`

i have made the suggested changes

* Apply suggestions from code review

* Update modules/caddyhttp/templates/tplcontext.go

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-10-07 20:47:34 +00:00
Patrick Koenig
4feac4d83c
reverseproxy: Allow fallthrough for response handlers without routes (#5780) 2023-10-05 23:15:26 -04:00
Kévin Dunglas
82c356f254
fix: caddytest.AssertResponseCode error message (#5853) 2023-10-02 20:55:09 +00:00
dependabot[bot]
1405683c2b
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 00:34:43 +00:00