Commit Graph

1325 Commits

Author SHA1 Message Date
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 (#6526)
Some checks failed
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Has been cancelled
Lint / govulncheck (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Has been cancelled
Tests / test (s390x on IBM Z) (push) Has been cancelled
Tests / goreleaser-check (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, aix) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, linux) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, windows) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, aix) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, darwin) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, illumos) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, linux) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, solaris) (push) Has been cancelled
Cross-Build / build (~1.23.0, 1.23, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
* chore: build and test with Go 1.23

* ci: bump golangci-lint to v1.60

* fix: make properly wrap errors

* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
4ade967005
reverseproxy: allow user to define source address (#6504)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
* reverseproxy: allow user to define source address

Closes #6503

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reverse_proxy: caddyfile support for local_address

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 19:52:05 +00:00
Mohammed Al Sahaf
8af646730b
caddyhttp: run error (msg) through replacer (#6536)
* error: run `error` (msg) through replacer

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* fix integration test

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 11:32:44 -06:00
Cuckoo Chickoo
098897bdea
chore: Fix a typo (#6534)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
Fixes Typo in Docs
2024-08-22 13:15:58 +03:00
Jens-Uwe Mager
2bb2ecc549
reverseproxy: Change errors writing the response to warning. (#6532)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Most of the errors that can be seen here are write errors due to clients
aborting the request from their side. Often seen ones include:

	* writing: ... write: broken pipe
	* writing: ... connection timed out
	* writing: http2: stream closed
	* writing: timeout...
	* writing: h3 error...

Most of these errors are beyond of the control of caddy on the client side,
probably nothing can be done on the server side. It still warrants
researching when these errors occur very often, so a change in level from
error to warn is better here to not polute the logs with errors in the
normal case.
2024-08-21 11:39:20 -06:00
Jesper Brix Rosenkilde
54a0c8f948
reverseproxy: Active health checks request body option (#6520)
Some checks failed
Lint / govulncheck (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
Tests / test (s390x on IBM Z) (push) Has been cancelled
Tests / goreleaser-check (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, aix) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, linux) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (ubuntu-latest, linux) (push) Has been cancelled
* Add an option to specify the body used for active health checks

* Replacer on request body
2024-08-19 10:55:55 -06:00
vnxme
3a48b03369
Move PrivateRangesCIDR() back: add a pass-through function (#6514)
Some checks are pending
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Waiting to run
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Waiting to run
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Waiting to run
Tests / test (s390x on IBM Z) (push) Waiting to run
Tests / goreleaser-check (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, aix) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, linux) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Waiting to run
Cross-Build / build (~1.22.3, 1.22, windows) (push) Waiting to run
Lint / lint (macos-14, mac) (push) Waiting to run
Lint / lint (ubuntu-latest, linux) (push) Waiting to run
Lint / lint (windows-latest, windows) (push) Waiting to run
Lint / govulncheck (push) Waiting to run
2024-08-12 05:47:05 -04:00
vnxme
7cf8376e63
matchers: fix a regression in #6480 (#6510)
The context may have no replacer
2024-08-12 10:01:09 +03:00
WeidiDeng
21af88fefc
reverseproxy: Disable keep alive for h2c requests (#6343)
Some checks failed
Lint / lint (windows-latest, windows) (push) Has been cancelled
Lint / govulncheck (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.21.0, macos-14, 0, 1.21, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.21.0, ubuntu-latest, 0, 1.21, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.21.0, windows-latest, True, 1.21, windows) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Has been cancelled
Tests / test (s390x on IBM Z) (push) Has been cancelled
Tests / goreleaser-check (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, aix) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, darwin) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, illumos) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, linux) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, solaris) (push) Has been cancelled
Cross-Build / build (~1.22.3, 1.22, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (ubuntu-latest, linux) (push) Has been cancelled
2024-08-08 06:53:30 -06:00
vnxme
59cbb2c83a
caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* Runtime placeholders for caddytls matchers (1/3):

- remove IPs validation in UnmarshalCaddyfile

* Runtime placeholders for caddytls matchers (2/3):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddytls matchers (3/3):

- add placeholder replacement for other strings

* Runtime placeholders for caddyhttp matchers (1/1):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddyhttp/caddytls matchers:

- move PrivateRandesCIDR under internal
2024-08-07 11:02:23 -06:00
WeidiDeng
a8b0dfa8da
go.mod: update quic-go package (#6498) 2024-08-06 22:08:32 -06:00
lollipopkit🏳️‍⚧️
b198678174
browse: Customizable default sort options (#6468)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options
2024-08-05 08:27:45 -06:00
Prakhar Awasthi
840094ac65
proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support

* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-08-03 19:51:50 +03:00
WeidiDeng
976469ca0d
encode: flush already compressed data from the encoder (#6471) 2024-07-27 17:46:56 -06:00
vnxme
3579815a6c
caddytls: Caddyfile support for TLS conn and cert sel policies (#6462)
* Caddyfile support for TLS custom certificate selection policy

* Caddyfile support for TLS connection policy
2024-07-24 11:01:06 -06:00
vnxme
61fe152c60
caddytls: Caddyfile support for TLS handshake matchers (#6461)
* Caddyfile support for TLS handshake matchers:

- caddytls.MatchLocalIP
- caddytls.MatchRemoteIP
- caddytls.MatchServerName

* Caddyfile support for TLS handshake matchers:

- fix imports order

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-24 09:26:09 -06:00
Matthew Holt
806f5b1117
reverseproxy: Fix panic when using header-related flags (fix #6464) 2024-07-18 21:31:07 -06:00
schultzie
b2492f8567
reverseproxy: add health_upstream subdirective (#6451)
* Add health_upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add health_upstream to caddyfile parsing

* Add Active Upstream case for health checks

* Update ignore health port comment

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update Upstream json doc

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update modules/caddyhttp/reverseproxy/healthchecks.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Use error rather than log for health_port override

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add comment about port being ignore if using upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

---------

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-15 17:00:12 +00:00
Jesper Brix Rosenkilde
07c863637d
reverseproxy: Caddyfile support for health_method (#6454)
* Add Caddyfile support of setting active health check request method

* Add integration test for active health check request method
2024-07-12 17:01:58 -04:00
Jesper Brix Rosenkilde
dc2a5d5c52
reverseproxy: Configurable method for active health checks (#6453)
* Add option to set which HTTP method to use for active health checks

* Default Method to GET if not set
2024-07-11 09:24:13 -04:00
schultzie
4943a4fc52
reverseproxy: Add placeholder for networkAddr in active health check headers (#6450)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-09 18:08:25 +00:00
Aziz Rmadi
630c62b313
fixed bug in resolving ip version in dynamic upstreams (#6448) 2024-07-09 03:06:30 -04:00
Francis Lavoie
9338741ca7
browse: Exclude symlink target size from total, show arrow on size (#6412)
* fileserver: Exclude symlink target size from total, show arrow on size

* Keep both totals

* Linter doesn't like my spelling :(

* Stop parallelizing tests for now

* Update modules/caddyhttp/fileserver/browse.html

* Minor renamings

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-07-07 07:01:07 -06:00
Steffen Busch
88c7e53da5
browse: fix Content-Security-Policy warnings in Firefox (#6443)
* Remove 'strict-dynamic' + block-all-mixed-content

* CSP: remove 'unsafe-inline' from script-src
2024-07-07 06:56:47 -06:00
Steffen Busch
4ef360745d
browse: add Content-Security-Policy w/ nonce (#6425)
* browse: add Content-Security-Policy w/ nonce

* Add backward-compat values to script-src

* Remove dummy "#" href from layout anchors
2024-07-06 10:46:08 -06:00
Francis Lavoie
7142d7c1e4
reverseproxy: Add placeholder for host in active health check headers (#6440) 2024-07-06 10:43:19 -06:00
Matt Holt
c3fb5f4d3f
caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying (#6427)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying

See RFC 8470: https://httpwg.org/specs/rfc8470.html

Thanks to Michael Wedl (@MWedl)  at the University of Applied Sciences St. Poelten for reporting this.

* Don't return value for {remote} placeholder in early data

* Add Caddyfile support
2024-07-05 10:46:20 -06:00
Kévin Dunglas
15d986e1c9
encode: Don't compress already-compressed fonts (#6432)
* fix: don't compress already compressed fonts

* fix: remove WOFF
2024-07-04 14:57:13 -06:00
klaxa
f350e001b6
reverseproxy: Only log host is up status on change (fixes #6415) (#6419) 2024-07-03 19:05:52 +00:00
Kévin Dunglas
0287009ee5
intercept: fix http.intercept.header.* placeholder (#6429) 2024-07-03 08:43:13 -06:00
Matthew Holt
f8861ca16b
reverseproxy: Wire up TLS options for H3 transport 2024-06-28 12:15:41 -06:00
Aziz Rmadi
c2ccf8690f
fileserver: Remove newline characters from precomputed etags (#6394)
* Removed newline characters from precomputed etags

* Update modules/caddyhttp/fileserver/staticfiles.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-06-19 13:27:10 +00:00
Matthew Holt
99dcdf7e42 caddyhttp: Convert IDNs to ASCII when provisioning Host matcher 2024-06-18 14:44:05 -06:00
Jason Yuan
fab6375a8b
reverseproxy: add Max-Age option to sticky cookie (#6398)
* reverseproxy: add Max-Age option to sticky cookie

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-06-15 07:50:31 -06:00
Ririsoft
8e0d3e1ec5
logging: set file mode when the file already exist (#6391)
101d3e7 introduced a configuration option to set the log file mode.
This option was not taken into account if the file already exists,
making users having to delete their logs to have new logs created
with the right mode.
2024-06-12 15:17:46 -06:00
Omar Ramadan
d85cc2ec10
logging: Customizable zap cores (#6381) 2024-06-10 09:03:24 -06:00
Ririsoft
0bc27e5fb1
logging: fix file mode configuration parsing (#6383)
Commit 101d3e7 introduced file mode setting,
but was missing a JSON Marshaller so that
CaddyFile can be converted to JSON safely.
2024-06-08 11:34:18 -06:00
Andreas Kohn
9be4f194e0
caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380) 2024-06-07 07:25:36 -06:00
Ririsoft
101d3e7407
logging: Customize log file permissions (#6314)
Adding a "mode" option to overwrite the default logfile permissions.
Default remains "0600" which is the one currently used by lumberjack.
2024-06-06 08:33:34 -06:00
Matthew Holt
3f1add6c9f
events: Getters for event info (close #6377) 2024-06-06 07:11:28 -06:00
Matt Holt
198f4385d2
caddyhttp: Add test cases to corpus (#6374)
* caddyhttp: Add test case to corpus

* One more test case

* Clean up stray comment

* More tests
2024-06-04 14:23:55 -06:00
Andreas Kohn
e7ecc7ede2
Make it possible to configure the DisableStorageCheck setting for certmagic (#6368)
See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
2024-06-04 07:00:15 -06:00
Will Norris
f8a2c60297
caddyhttp: properly sanitize requests for root path (#6360)
SanitizePathJoin protects against directory traversal attacks by
checking for requests whose URL path look like they are trying to
request something other than a local file, and returns the root
directory in those cases.

The method is also careful to ensure that requests which contain a
trailing slash include a trailing slash in the returned value.  However,
for requests that contain only a slash (requests for the root path), the
IsLocal check returns early before the matching trailing slash is
re-added.

This change updates SanitizePathJoin to only perform the
filepath.IsLocal check if the cleaned request URL path is non-empty.

---

This change also updates the existing SanitizePathJoin tests to use
filepath.FromSlash rather than filepath.Join. This makes the expected
value a little easier to read, but also has the advantage of not being
processed by filepath.Clean like filepath.Join is. This means that the
exact expect value will be compared, not the result of first cleaning
it.

Fixes #6352
2024-06-02 03:40:59 +00:00
Matthew Holt
01308b4bae
I'm so tired of typos 2024-06-01 20:43:35 -06:00
Matthew Holt
b7280e6949 caddytls: Implement certmagic.RenewalInfoGetter
Fixes ARI errors reported here:
https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
2024-06-01 18:02:49 -06:00
Francis Lavoie
40c582ce82
caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350) 2024-05-30 07:32:17 -06:00
Ranveer Avhad
e6f46c8d78
acmeserver: Add sign_with_root for Caddyfile (#6345)
* Added sign_with_root option available in the Caddyfile

* Added tests for sign_with_root to validate the adapted JSON config
2024-05-27 20:06:54 -04:00
a
61917c3443
fix a typo (#6333) 2024-05-21 18:41:41 -04:00
Francis Lavoie
224316eaec
autohttps: Move log WARN to INFO, reduce confusion (#6185)
* autohttps: Move log WARN to INFO, reduce confusion

* Change implicit condition back to WARN

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-05-20 13:14:39 -06:00
Matt Holt
5f6758dab5
reverseproxy: Support HTTP/3 transport to backend (#6312)
Closes #5086
2024-05-20 13:06:43 -06:00
Francis Lavoie
a6a45ff6c5
context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)
* context: Add new `AppStrict()` method to avoid instantiating empty apps

* Rename AppStrict -> AppIfConfigured

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-05-20 11:14:58 -06:00
Matthew Holt
73e094e1dd
Fix lint error about deprecated method in smallstep/certificates/authority 2024-05-20 10:56:25 -06:00
Will Norris
db3e19b7b5
caddytls: fix permission requirement with AutomationPolicy (#6328)
Certificate automation has permission modules that are designed to
prevent inappropriate issuance of unbounded or wildcard certificates.
When an explicit cert manager is used, no additional permission should
be necessary. For example, this should be a valid caddyfile:

    https:// {
      tls {
        get_certificate tailscale
      }
      respond OK
    }

This is accomplished when provisioning an AutomationPolicy by tracking
whether there were explicit managers configured directly on the policy
(in the ManagersRaw field). Only when a number of potentially unsafe
conditions are present AND no explicit cert managers are configured is
an error returned.

The problem arises from the fact that ctx.LoadModule deletes the raw
bytes after loading in order to save memory. The first time an
AutomationPolicy is provisioned, the ManagersRaw field is populated, and
everything is fine.

An AutomationPolicy with no subjects is treated as a special "catch-all"
policy. App.createAutomationPolicies ensures that this catch-all policy
has an ACME issuer, and then calls its Provision method again because it
may have changed. This second time Provision is called, ManagesRaw is no
longer populated, and the permission check fails because it appears as
though the policy has no explicit managers.

Address this by storing a new boolean on AutomationPolicy recording
whether it had explicit cert managers configured on it.

Also fix an inverted boolean check on this value when setting
failClosed.

Updates #6060
Updates #6229
Updates #6327

Signed-off-by: Will Norris <will@tailscale.com>
2024-05-20 09:48:59 -06:00
Will Norris
1fc151faec
caddytls: remove ClientHelloSNICtxKey (#6326) 2024-05-18 22:47:46 -04:00
Matt Holt
9ba999141b
caddyhttp: Trace individual middleware handlers (#6313)
* caddyhttp: Trace individual middleware handlers

* Fix typo
2024-05-18 14:48:42 -06:00
deneb
f98f449f05
templates: Add pathEscape template function and use it in file browser (#6278)
* use url.PathEscape in file-server browse template

- add `pathEscape` to c.tpl.Funcs, using `url.PathEscape`
- use `pathEscape` in browse.html in place of `replace`

* document `pathEscape`

* Remove unnecessary pipe of img src to `html`
2024-05-18 12:55:36 -06:00
Will Norris
e66040a6f0
caddytls: set server name in context (#6324)
Set the requested server name in a context value for CertGetter
implementations to use. Pass ctx to tscert.GetCertificateWithContext.

Signed-off-by: Will Norris <will@tailscale.com>
2024-05-18 03:52:19 -06:00
Kévin Dunglas
fb63e2e40c
caddyhttp: New experimental handler for intercepting responses (#6232)
* feat: add generic response interceptors

* fix: cs

* rename intercept

* add some docs

* @francislavoie review (first round)

* Update modules/caddyhttp/intercept/intercept.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* shorthands: ir to resp

* mark exported symbols as experimental

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-13 17:38:18 +00:00
Aziz Rmadi
4356635d12
logging: Add support for additional logger filters other than hostname (#6082)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 13:31:44 +00:00
Matthew Holt
4af38e5ac8
caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) 2024-05-10 15:52:50 -06:00
Matthew Holt
399186abfc
Second half of 6dce493
Not sure how it got unstaged
2024-05-10 15:51:28 -06:00
Matthew Holt
6dce4934f0
caddyhttp: Alter log message when request is unhandled (close #5182) 2024-05-10 15:49:34 -06:00
Viktor Szépe
d7e3a1974b
Fix typos (#6311)
* Fix typos

* Revert

* Revert to "htlm"

* fix indentations
2024-05-10 08:08:54 -06:00
WeidiDeng
e60148ecc3
reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)
* use pointer when loading modules

* change method to pointer type and remove LazyCertPool

* remove lazy pool test

* remove yet another lazy pool test
2024-05-08 19:13:37 -06:00
Matthew Penner
0b5720faa5
tracing: add trace_id var (http.vars.trace_id placeholder) (#6308) 2024-05-08 16:40:40 -06:00
Ali Asgar
b2b29dcd49
reverseproxy: Implement health_follow_redirects (#6302)
* added health_follow_redirect in active health checks

* chore: code format

* chore: refactore reversproxy healthcheck redirect variable name and description of the same

* chore: formatting

* changed reverse proxy health check status code range to be between 200-299

* chore: formatting

---------

Co-authored-by: aliasgar <joancena1268@mail.com>
2024-05-07 08:40:15 -06:00
Florian Apolloner
c97292b255
caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)
* Allow usage of root CA without a key. Fixes #6290

* Update modules/caddypki/crypto.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-05-07 03:38:26 +00:00
Mohammed Al Sahaf
d05d715a00
reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) 2024-05-06 20:02:12 -06:00
Matthew Holt
8d7ac18402
caddytls: Ability to drop connections (close #6294) 2024-05-06 19:59:42 -06:00
Matt Holt
d129ae6aec
caddytls: Evict internal certs from cache based on issuer (#6266)
* caddytls: Evict internal certs from cache based on issuer

During a config reload, we would keep certs in the cache fi they were used  by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.

This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.

* Make sure new TLS app manages configured certs

* Actually make it work
2024-04-30 16:15:54 -06:00
Mohammed Al Sahaf
87c7127c28
chore: add warn logs when using deprecated fields (#6276) 2024-04-27 15:51:00 -04:00
Matthew Holt
2fc620d38d
caddyhttp: Fix linter warning about deprecation 2024-04-27 12:41:17 -06:00
Matthew Holt
a46ff50a1c
go.mod: Upgrade to quic-go v0.43.0 2024-04-27 12:01:30 -06:00
Matthew Holt
cabb5d71c4
fileserver: Set "Vary: Accept-Encoding" header (see #5849) 2024-04-26 19:38:45 -06:00
Matthew Holt
ba5811467a
events: Add debug log 2024-04-26 18:59:08 -06:00
WeidiDeng
1b9042bcdd
reverseproxy: handle buffered data during hijack (#6274) 2024-04-26 09:09:18 -06:00
Mohammed Al Sahaf
c6eb186064
run golangci-lint run --fix --fast (#6270) 2024-04-24 15:17:23 -06:00
clauverjat
76c4cf5a56
caddytls: Option to configure certificate lifetime (#6253)
* Add option to configure certificate lifetime

* Bump CertMagic dep to latest master commit

* Apply suggestions and ran go mod tidy

* Update modules/caddytls/acmeissuer.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-24 14:35:14 -06:00
Francis Lavoie
797973944f
replacer: Implement file.* global replacements (#5463)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-04-24 16:26:18 -04:00
Matt Holt
6d97d8d87b
caddyhttp: Address some Go 1.20 features (#6252)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-04-24 00:05:57 +00:00
Aziz Rmadi
868af6a062
reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) 2024-04-23 07:12:57 -06:00
Mohammed Al Sahaf
d2668cdbb0
doc: add verifier in ClientAuthentication caddyfile marshaler doc (#6263) 2024-04-23 07:01:54 -06:00
Matthew Holt
6a02999054
caddytls: Add Caddyfile support for on-demand permission module (close #6260) 2024-04-22 15:47:09 -06:00
Matthew Holt
9f97df2275
reverseproxy: Remove long-deprecated buffering properties
They've been deprecated for over a year and we printed warnings during that time.
2024-04-22 15:34:14 -06:00
Matthew Holt
d93e027e01
reverseproxy: Reuse buffered request body even if partially drained
Previous commit only works when the backends don't read any of the body first.
2024-04-22 15:22:50 -06:00
Matthew Holt
613d544a47 reverseproxy: Accept EOF when buffering
Before this change, a read of size (let's say) < 10, into a buffer of size 10, will return EOF because we're using CopyN to limit to the size of the buffer. That resulted in the body being read from later, which should only happen if it couldn't fit in the buffer.

With this change, the body is properly NOT set when it can all fit in the buffer.
2024-04-22 13:12:10 -06:00
Francis Lavoie
726a9a8fde
logging: Fix default access logger (#6251)
* logging: Fix default access logger

* Simplify logic, remove retry without port, reject config with port, docs

* Nil check
2024-04-22 06:33:07 -06:00
Matthew Holt
d00824f4a6
fileserver: Improve Vary handling (#5849) 2024-04-19 13:43:13 -06:00
Mohammed Al Sahaf
c6673ad4d8
staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) 2024-04-18 20:31:00 +00:00
Matthew Holt
9ab09433de
encode: Slight fix for the previous commit 2024-04-17 19:59:10 -06:00
Matthew Holt
3067074d9c
encode: Improve Etag handling (fix #5849)
We also improve Last-Modified handling in the file server.
Both changes should be more compliant with RFC 9110.
2024-04-17 19:12:03 -06:00
Francis Lavoie
9cd472c031
caddyfile: Populate regexp matcher names by default (#6145)
* caddyfile: Populate regexp matcher names by default

* Some lint cleanup that my VSCode complained about

* Pass down matcher name through expression matcher

* Compat with #6113: fix adapt test, set both styles in replacer
2024-04-17 12:19:14 -06:00
WeidiDeng
e0daa39cd3
caddyhttp: record num. bytes read when response writer is hijacked (#6173)
* record the number of bytes read when response writer is hijacked

* record body size when not nil
2024-04-17 15:00:37 +00:00
Francis Lavoie
70953e873a
caddyhttp: Support multiple logger names per host (#6088)
* caddyhttp: Support multiple logger names per host

* Lint

* Add adapt test

* Implement "string or array" parsing, keep original `logger_names`

* Rewrite adapter test to be more representative of the usecase
2024-04-16 22:26:18 +00:00
coderwander
eafc875ea9
chore: fix some typos in comments (#6243) 2024-04-16 04:10:11 +00:00
dev-polymer
03e0a010d1
encode: Configurable compression level for zstd (#6140)
* Add zstd compression level support

* Refactored zstd levels to string arguments

fastest, default, better, best

* Add comment with list of all available levels

* Corrected data types for config

---------

Co-authored-by: Evgeny Blinov <e.a.blinov@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-16 00:21:52 +00:00
Aziz Rmadi
3609a4af75
caddytls: Remove shim code supporting deprecated lego-dns (#6231)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-15 21:26:56 +00:00
Mohammed Al Sahaf
26748d06b4
connection policy: add local_ip matcher (#6074)
* connection policy: add `local_ip`

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-04-15 21:13:24 +03:00
WeidiDeng
b40cacf5ce
reverseproxy: Wait for both ends of websocket to close (#6175) 2024-04-15 11:37:37 -06:00
Matt Holt
81413caea2
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades

* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME

* Fix go.mod

* caddytls: Fix automation related to managers (fix #6060)

* Fix typo (appease linter)

* Fix HTTP validation with ZeroSSL API
2024-04-13 21:31:43 -04:00