Commit Graph

999 Commits

Author SHA1 Message Date
Matthew Holt
d00824f4a6
fileserver: Improve Vary handling (#5849) 2024-04-19 13:43:13 -06:00
Mohammed Al Sahaf
c6673ad4d8
staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) 2024-04-18 20:31:00 +00:00
Matthew Holt
9ab09433de
encode: Slight fix for the previous commit 2024-04-17 19:59:10 -06:00
Matthew Holt
3067074d9c
encode: Improve Etag handling (fix #5849)
We also improve Last-Modified handling in the file server.
Both changes should be more compliant with RFC 9110.
2024-04-17 19:12:03 -06:00
Francis Lavoie
9cd472c031
caddyfile: Populate regexp matcher names by default (#6145)
* caddyfile: Populate regexp matcher names by default

* Some lint cleanup that my VSCode complained about

* Pass down matcher name through expression matcher

* Compat with #6113: fix adapt test, set both styles in replacer
2024-04-17 12:19:14 -06:00
WeidiDeng
e0daa39cd3
caddyhttp: record num. bytes read when response writer is hijacked (#6173)
* record the number of bytes read when response writer is hijacked

* record body size when not nil
2024-04-17 15:00:37 +00:00
Francis Lavoie
70953e873a
caddyhttp: Support multiple logger names per host (#6088)
* caddyhttp: Support multiple logger names per host

* Lint

* Add adapt test

* Implement "string or array" parsing, keep original `logger_names`

* Rewrite adapter test to be more representative of the usecase
2024-04-16 22:26:18 +00:00
coderwander
eafc875ea9
chore: fix some typos in comments (#6243) 2024-04-16 04:10:11 +00:00
dev-polymer
03e0a010d1
encode: Configurable compression level for zstd (#6140)
* Add zstd compression level support

* Refactored zstd levels to string arguments

fastest, default, better, best

* Add comment with list of all available levels

* Corrected data types for config

---------

Co-authored-by: Evgeny Blinov <e.a.blinov@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-16 00:21:52 +00:00
WeidiDeng
b40cacf5ce
reverseproxy: Wait for both ends of websocket to close (#6175) 2024-04-15 11:37:37 -06:00
Matt Holt
81413caea2
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades

* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME

* Fix go.mod

* caddytls: Fix automation related to managers (fix #6060)

* Fix typo (appease linter)

* Fix HTTP validation with ZeroSSL API
2024-04-13 21:31:43 -04:00
Aziz Rmadi
567d96c624
fileserver: read etags from precomputed files (#6222) 2024-04-13 06:49:55 -04:00
Matthew Holt
5d8b45c9fb
fileserver: Escape # and ? in img src (fix #6237) 2024-04-12 15:59:59 -06:00
Aziz Rmadi
0b381eb766
reverseproxy: Implement modular CA provider for TLS transport (#6065)
* added new modular ca providers to caddy tls HttpTransport

* reverse-proxy, httptransport: added tests and caddyfile support for ca module

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-04-12 07:19:14 -06:00
Matthew Holt
83ef61de10
caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) 2024-04-12 06:04:47 -06:00
Hugues Lismonde
654a3bb090
caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) 2024-04-10 08:38:10 -06:00
Francis Lavoie
1c4a807667
chore: Upgrade some dependencies (#6221) 2024-04-04 18:27:52 -04:00
kylosus
45132c5b24
caddyhttp: Add plaintext response to file_server browse (#6093)
* Added plaintext support to file_server browser

This commit is twofold: First it adds a new optional
field, `return_type`, to `browser` for setting the
default format of the returned index (html, json or plaintext).
This is used when the `Accept` header is set to `/*`.

Second, it adds a preliminary `text/plain`
support to the `file_server` browser that
returns a text representation of the file
system, when an `Accept: text/plain` header
is present, with the behavior discussed above.

* Added more details and better formatting to plaintext browser

* Replaced returnType conditions with a switch statement

* Simplify

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-01 18:12:40 +00:00
reallylowest
e0bf179c1a
modules: fix some typo in conments (#6206)
Signed-off-by: reallylowest <sunjinping@outlook.com>
2024-03-30 02:45:42 +00:00
Matthew Holt
7b48ce0e7e
caddyhttp: Replace sensitive headers with REDACTED (close #5669) 2024-03-29 14:42:20 -06:00
WeidiDeng
924010cd3d
caddyhttp: close quic connections when server closes (#6202)
* close quic connections when server closes

* fix lint

* add comment about CloseGracefully
2024-03-29 11:51:46 -06:00
Hayder
74949fb091
reverseproxy: Use xxhash instead of fnv32 for LB (#6203)
* Added Faster Non-cryptographic Hash Function for Load Balancing

* Ran golangci-lint

* Updated hash version and hash return type
2024-03-29 10:56:18 -06:00
Emily
ddb1d2c2b1
caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
* caddyhttp: add `http.request.local{,.host,.port}` placeholder

This is the counterpart of `http.request.remote{,.host,.port}`.

`http.request.remote` operates on the remote client's address, while
`http.request.local` operates on the address the connection arrived on.

Take the following example:

- Caddy serving on `203.0.113.1:80`
- Client on `203.0.113.2`

`http.request.remote.host` would return `203.0.113.2` (client IP)

`http.request.local.host` would return `203.0.113.1` (server IP)
`http.request.local.port` would return `80` (server port)

I find this helpful for debugging setups with multiple servers and/or
multiple network paths (multiple IPs, AnyIP, Anycast).

Co-authored-by: networkException <git@nwex.de>

* caddyhttp: add unit test for `http.request.local{,.host,.port}`

* caddyhttp: add integration test for `http.request.local.port`

* caddyhttp: fix `http.request.local.host` placeholder handling with unix sockets

The implementation matches the one of `http.request.remote.host` now and
returns the unix socket path (just like `http.request.local` already did)
instead of an empty string.

---------

Co-authored-by: networkException <git@nwex.de>
2024-03-27 21:36:53 +00:00
sellskin
0dd0487eba
chore: remove repetitive word (#6193)
Signed-off-by: sellskin <mydesk@yeah.net>
2024-03-25 09:05:45 -06:00
Aziz Rmadi
db9d167354
Added a null check to avoid segfault on rewrite query ops (#6191) 2024-03-23 01:51:34 -04:00
Aziz Rmadi
29f57faa86
rewrite: uri query replace operation (#6165)
* Implemented query replace oeration

* Modified replace operation to use regexes in caddyfile

* Added more tests to uri query operations
2024-03-22 02:23:42 +00:00
Francis Lavoie
97a56d860a
caddyhttp: Allow header replacement with empty string (#6163) 2024-03-21 17:29:32 +00:00
Francis Lavoie
d13258423d
vars: Make nil values act as empty string instead of "<nil>" (#6174) 2024-03-21 11:21:53 -06:00
Marten Seemann
32f7dd44ae
chore: Update quic-go to v0.42.0 (#6176)
* update quic-go to v0.42.0

* use a rate limiter to control QUIC source address verification

* Lint

* remove deprecated ListenQUIC

* remove number of requests tracking

* increase the number of handshakes before source address verification is needed

* remove references to request counters

* remove deprecated listen*

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
2024-03-21 10:56:10 -06:00
Francis Lavoie
63d597c09d
caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) 2024-03-21 10:54:25 -06:00
Sam Ottenhoff
e65b97f55b
reverseproxy: configurable active health_passes and health_fails (#6154)
* reverseproxy: active health check allows configurable health_passes and health_fails

* Need to reset counters after recovery

* rename methods to be more clear that these are coming from active health checks

* do not export methods
2024-03-20 11:13:35 -06:00
Justin Angel
a9768d2fde
reverseproxy: Configurable forward proxy URL (#6114)
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
2024-03-18 04:07:25 +00:00
jbrown-stripe
52822a41cb
caddyhttp: upgrade to cel v0.20.0 (#6161)
* upgrade to cel v0.20.0

* Attempt to address feedback and fix linter

* Let's try this

* Take that, you linter!

* Oh there's more

---------


Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Tristan Swadell @TristonianJones
2024-03-13 21:32:42 -06:00
WeidiDeng
c93e30454f
caddyhttp: suppress flushing if the response is being buffered (#6150)
* suppress flushing if the response is being buffered

* fix lint

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-11 20:03:20 +00:00
WeidiDeng
1bd598e90c
chore: encode: use FlushError instead of Flush (#6168)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-03-10 23:04:35 -04:00
WeidiDeng
e698ec5139
encode: write status immediately when status code is informational (#6164) 2024-03-10 10:49:49 -04:00
Aziz Rmadi
69290d232d
rewrite: Implement uri query operations (#6120)
* Implemented basic uri query operations

* Added support for query operations block

* Applied Replacer on all query keys and values

* Implemented rename query key opration

* Rewrite struct: Changed QueryOperations field to Query and comments cleanup

* Cleaned up comments, changed the order of operations and added more tests

* Changed order of fields in queryOps struct to match the operations order
2024-03-06 10:08:46 -05:00
huajin tong
277472d081
fix struct names (#6151)
Signed-off-by: thirdkeyword <fliterdashen@gmail.com>
2024-03-06 13:53:03 +00:00
Francis Lavoie
5a4374bea0
fileserver: Preserve query during canonicalization redirect (#6109)
* fileserver: Preserve query during canonicalization redirect

* Clarify that only a path should be passed
2024-03-05 22:51:26 -07:00
Francis Lavoie
0d44e3ecba
logging: Implement log_append handler (#6066)
* logging: Implement `extra_log` handler

* Rename to `log_append`

* Rename `skip_log` to `log_skip`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-05 17:03:59 -07:00
Francis Lavoie
5ed8689629
vars: Allow overriding http.auth.user.id in replacer as a special case (#6108) 2024-03-05 22:25:38 +00:00
Matt Holt
72ce78d9af
reverseproxy: SRV dynamic upstream failover (#5832)
* Implement grace period, but probably needs sync

* Update cached freshness value

* D'oh, actually use the grace period

* Fix freshness math
2024-03-05 12:08:31 -07:00
Sam Ottenhoff
da6a569e85
reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)
* reverseproxy: cookie should be Secure and SameSite=None when TLS

* Update modules/caddyhttp/reverseproxy/selectionpolicies_test.go

Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>

---------

Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
2024-02-23 12:45:58 -07:00
WeidiDeng
53f7035299
reverseproxy: use context.WithoutCancel (#6116) 2024-02-19 20:25:02 -07:00
Matt Holt
127788807f
caddyhttp: Register post-shutdown callbacks (#5948) 2024-02-14 21:21:23 -07:00
Francis Lavoie
2c48dda109
caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) 2024-02-13 13:45:38 -05:00
Francis Lavoie
30d63648f5
caddyauth: Drop support for scrypt (#6091) 2024-02-12 19:33:54 +00:00
Francis Lavoie
f9e11158bc
caddyauth: Rename basicauth to basic_auth (#6092) 2024-02-12 17:34:23 +00:00
Kévin Dunglas
2348ac897a update comment 2024-02-09 09:35:55 +01:00
Kévin Dunglas
d3f23a8eeb improved list 2024-02-09 09:35:55 +01:00