CHANGES 0.11 (May 10, 2018) - Built with Go 1.10.2 - Integrated optional telemetry client - proxy: Fixed file descriptor leak 0.10.14 (April 19, 2018) - tls: Fix error handling bug when obtaining certificates 0.10.13 (April 18, 2018) - New third-party plugin: supervisor - Updated QUIC - proxy: Fix transparent pass-thru of X-Forwarded-For - proxy: Configurable timeout to upstream - rewrite: Now supports regular expressions on single-line - tls: StrictHostMatching mode to prevent client auth bypass - tls: Disable client auth when using QUIC - tls: Require same client auth cert pools per hostname - tls: Prevent On-Demand TLS directory traversal - tls: Fix empty files when using ACME fails to obtain cert - Fixed test broken by 1.1.1.1 resolving - Improved Caddyfile parser robustness by fuzzing 0.10.12 (March 27, 2018) - Switch to Let's Encrypt ACMEv2 production endpoint - Support for automated wildcard certificates - Support distributed solving of HTTP-01 challenge - New {labelN}, {tls_cipher}, and {tls_version} placeholders - Curly braces can now be escaped when not used as placeholders - New third-party plugin: geoip - Updated QUIC - fastcgi: Add SSL_CIPHER and SSL_PROTOCOL environment variables - log: New 'except' subdirective to exempt paths from logging - startup/shutdown: Removed in favor of 'on' - tls: Default minimum version is TLS 1.2 - tls: Revert to fallback cert if no cert matches SNI - tls: New 'wildcard' subdirective to force automated wildcard cert - Several significant bug fixes and improvements! 0.10.11 (February 20, 2018) - Built with Go 1.10 - Reusable snippets for the Caddyfile - Updated QUIC - Auto-HTTPS certificates may be shared by multiple instances - Expand globbed values in -conf flag - Swap behavior of SIGTERM and SIGQUIT; ignore SIGHUP - 9 new DNS provider plugins for the ACME DNS challenge - New placeholder for {HTTPS redirects for sites with wildcard labels - proxy: Fix 'without' subdirective - A few other minor bug fixes and improvements 0.10 (April 20, 2017) - Built on Go 1.8.1 - HTTPS interception detection - Updated QUIC - SIGUSR1 (reload) now works with QUIC servers - New 'push' directive for HTTP/2 server push - New 'index' directive to change the names of index files - New -http-port and -https-port flags to change protocol ports - New -disable-http-challenge and -disable-tls-sni-challenge flags - New event hook plugin type - New listener middleware plugin type - New placeholders for cookie, query, and rewritten URI values - basicauth: Ability to customize realm - browse: Default template now sorts by name with directories first - errors, log: Roll all logs by default - errors, log: Ability to write to remote syslog - errors, log: Standardized, simplified directive syntax - log: Patched common log format by adding missing "-" - proxy: New 'max_conns' setting to limit connections to upstreams - proxy: New 'first' load balancing policy for first available host - proxy: Health checks respect Host and insecure_skip_verify settings - templates: New .RandomString action to add random padding to page - timeouts: Disabled default HTTP timeouts - tls: Settings now apply per-site rather than for entire listener - tls: New 'alpn' setting to disable either HTTP/2 or HTTP/1.1 on per-site basis - tls: Added curve X25519 - tls: Added ChaCha20-Poly1305 cipher suites - tls: Renamed muststaple to must_staple - tls: Setting max_certs obtains certs during handshakes for all hostnames - Dozens of miscellaneous bug fixes and improvements - New website - New build infrastructure - New deployment system 0.9.5 (January 24, 2017) - New -validate flag to only check a Caddyfile, then exit - New {when_iso} placeholder for timestamp ISO 8601 in UTC - New {rewrite_path} and {rewrite_path_escaped} placeholders - New 'timeouts' directive to configure or disable HTTP timeouts - HTTP-level timeouts enabled by default - basicauth: Authorization header stripped upon successful login - browse: Added textbox to filter listing in default template - browse: Sanitize file names and links in default template - browse: Ensure active Caddyfile is hidden regardless of cwd - fastcgi: New 'root' property, mainly for use with containers - markdown: Apply some front matter fields as tags - proxy: Fixed HTTP/2 upstream to backend; honors -http CLI flag - proxy: Fixed websockets over HTTPS - proxy: Reduced memory usage and improved performance - proxy: Added support for HTTP trailers - tls: Fixed deadlock that affected some background renewals - Several other smaller bugs squashed and improvements made 0.9.4 (December 21, 2016) - Updated QUIC - New maxrequestbody directive to limit size of request body - New {latency_ms} placeholder for latency always in ms - Serve statically compressed .gz and .br files - fastcgi: Support for multiple backends with basic load balancing - proxy: Fixed handling of encoded 'without' paths - proxy: Preserve trailing slash if present in request - proxy: Fix HTTP/2 upstreams - templates: New .Files action to list files in a directory - templates: .Include can now pass arguments to included file - tls: Added ability to customize preferred curves - tls: Added support for Must-Staple on managed certificates - tls: Fixed subtle edge case bug with TLS-SNI challenge - Lots of minor fixes and improvements 0.9.3 (September 28, 2016) - Updated QUIC to newer version - import: Glob pattern matching 0 files is no longer an error - fastcgi: Fixed persistent connections (disabled by default) - fastcgi: Configurable connection pool size parameter - proxy: Improved failover load balancing logic - proxy: Avoids duplicating header fields that would be confusing - proxy: New try_duration and try_interval parameters - proxy: Fix for IP hash policy when downed hosts come back up - Several other bug fixes and new tests 0.9.2 (September 20, 2016) - New -catimeout option to customize ACME CA HTTP timeout - import: Fix nested import absolute/relative paths - log: Fix multiple log outputs - proxy: Fix for keepalive in certain cases - tls: Fix for PreferServerCipherSuites - Numerous other bug fixes and internal improvements 0.9.1 (August 17, 2016) - New {request_body} placeholder to log request body - {remote} placeholder no longer uses X-Forwarded-For header - {latency} placeholder rounds to nice looking number - Add support for ratelimit plugin - basicauth: Declaring realm named "Restricted" - errors: Define catch-all/default error page with * character - header: More control to add, set, or remove headers - proxy: New keepalive setting to help accommodate busy servers - proxy: New load balancing policy ip_hash - proxy: Fixed WebSocket connections - proxy: Fixed broken header logic - proxy: Reuse existing connection for Upgrade requests - proxy: Support for basic auth from header or upstream address - templates: New .Env action to access environment variables - tls: OCSP staples persisted to disk - tls: ACME challenges honor bind directive - tls: Fix default protocol version (minimum TLS 1.1) - tls: Consume challenge requests only for names Caddy is solving for - tls: The protocol syntax allows just one value if desired - tls: Scoped max_certs limit to site instead of global maximum - Many other bug fixes and minor enhancements 0.9 (July 18, 2016) - New core - New experimental QUIC support with -quic flag (HTTPS only) - New -type option to specify other server types - Moved ~/.caddy/letsencrypt to ~/.caddy/acme and reorganized assets - Moved caddy package to top level folder, and pushed main to subfolder - New {request} placeholder to dump entire request (without body) - New {hostonly} placeholder for only hostname portion of host value - Site addresses can have paths - Site addresses can make some use of wildcards in domains - Renamed -directives flag to -plugins - Restarting no longer requires spawning a new process - Removed -restart option - fastcgi: Env variables now support placeholders - import: Import paths now relative to Caddyfile, not current working dir - markdown: Overhauled; removed site generation features - proxy: More control of headers; deprecating proxy_header subdirective - proxy: Specify multiple upstreams with optional port ranges - proxy: New preset 'transparent' to simplify common pass-thru headers - proxy: Chooses longest matching path; order declared is irrelevant - redir: Added if and if_op subdirectives to make conditional redirects - rewrite: Support for if_op to change how conditions are evaluated - tls: Generate self-signed certificates in memory - tls: Support for ACME DNS challenge with 10 providers - tls: Support for TLS-SNI challenge during restarts - Various bug fixes and enhancements 0.8.3 (April 26, 2016) - Built with Go 1.6.2 - New pprof middleware for exposing process profiling endpoints - New expvar middleware for exposing memory/GC performance - New -restart option to force in-process restarts on Unix systems - Only fail to start if managed certificate is expired (issue #642) - Toggle case-sensitive path matching with environment variable - File server now adds ETag header for static files - browse: Replace .LinkedPath action with .BreadcrumbMap - fastcgi: New except clause to exclude paths - proxy: New max_conns setting to limit max connections per upstream - proxy: New replaceable value for name of upstream host - templates: New utility actions for dealing with strings - tls: Customize certificate key with key_type (+ECC) - tls: Session ticket keys are now rotated - Many other minor internal improvements and bug fixes 0.8.2 (February 25, 2016) - On-demand TLS can obtain certificates during handshakes - Built with Go 1.6 - Process log (-log) is rotated when it gets large - Managed certificates get renewed 30 days early instead of just 14 - fastcgi: Allow scheme prefix before address - markdown: Support for definition lists - proxy: Allow proxy to insecure HTTPS backends - proxy: Support proxy to unix socket - rewrite: Status code can be 2xx or 4xx - templates: New .Markdown action to interpret included file as Markdown - templates: .Truncate now truncates from end of string when length is negative - tls: Set hard limit for certificates obtained with on-demand TLS - tls: Load certificates from directory - tls: Add SHA384 cipher suites - Multiple bug fixes and internal changes 0.8.1 (January 12, 2016) - Improved OCSP stapling - Better graceful reload when new hosts need certificates from Let's Encrypt - Current pidfile is now deleted when Caddy exits - browse: New default template - gzip: Added min_length setting - import: Support for glob patterns (*) to import multiple files - rewrite: New complex rules with conditions, regex captures, and status code - tls: Removed DES ciphers from default cipher suite list - tls: All supported certificates are OCSP-stapled - tls: Allow custom configuration without specifying certificate and key - tls: No longer allow HTTPS over port 80 - Dozens of bug fixes, improvements, and more tests across the board 0.8 (December 4, 2015) - HTTPS by default via Let's Encrypt (certs & keys are fully managed) - Graceful restarts (on POSIX-compliant systems) - Major internal refactoring to allow use of Caddy as library - New directive 'mime' to customize Content-Type based on file extension - New -accept flag to accept Let's Encrypt SA without prompt - New -email flag to customize default email used for ACME transactions - New -ca flag to customize ACME CA server URL - New -revoke flag to revoke a certificate - New -log flag to enable process log - New -pidfile flag to enable writing pidfile - New -grace flag to customize the graceful shutdown timeout - New support for SIGHUP, SIGTERM, and SIGQUIT signals - browse: Render filenames with multiple whitespace properly - core: Use environment variables in Caddyfile - markdown: Include Last-Modified header in response - markdown: Render tables, strikethrough, and fenced code blocks - proxy: Ability to exclude/ignore paths from proxying - startup, shutdown: Better Windows support - templates: Bug fix for .Host when port is absent - templates: Include Last-Modified header in response - templates: Support for custom delimiters - tls: For non-local hosts, default port is now 443 unless specified - tls: Force-disable HTTPS - tls: Specify Let's Encrypt email address - Many, many more tests and numerous bug fixes and improvements 0.7.6 (September 28, 2015) - Pass in simple Caddyfile as command line arguments - basicauth: Support for legacy htpasswd files - browse: JSON response with file listing - core: Caddyfile as command line argument - errors: Can write full stack trace to HTTP response for debugging - errors, log: Roll log files after certain size or age - proxy: Fix for 32-bit architectures - rewrite: Better compatibility with fastcgi and PHP apps - templates: Added .StripExt and .StripHTML methods - Internal improvements and minor bug fixes 0.7.5 (August 5, 2015) - core: All listeners bind to 0.0.0.0 unless 'bind' directive is used - fastcgi: Set HTTPS env variable if connection is secure - log: Output to system log (except Windows) - markdown: Added dev command to disable caching during development - markdown: Fixed error reporting during initial site generation - markdown: Fixed crash if path does not exist when server starts - markdown: Fixed site generation and link indexing when files change - templates: Added .NowDate for use in date-related functions - Several bug fixes related to startup and shutdown functions 0.7.4 (July 30, 2015) - browse: Sorting preference persisted in cookie - browse: Added index.txt and default.txt to list of default files - browse: Template files may now use Caddy template actions - markdown: Template files may now use Caddy template actions - markdown: Several bug fixes, especially for large and empty Markdown files - markdown: Generate index pages to link to markdown pages (sitegen only) - markdown: Flatten structure of front matter, changed template variables - redir: Can use variables (placeholders) like log formats can - redir: Catch-all redirects no longer preserve path; use {uri} instead - redir: Syntax supports redirect tables by opening a block - templates: Renamed .Date to .Now and added .Truncate, .Replace actions - Other minor internal improvements and more tests 0.7.3 (July 15, 2015) - errors: Error log now shows timestamp with each entry - gzip: Fixed; Default filtering is by extension; removed MIME type filter - import: Fixed; works inside and outside server blocks - redir: Query string preserved on catch-all redirects - templates: Proper 403 or 404 errors for restricted or missing files 0.7.2 (July 1, 2015) - Custom builds through caddyserver.com - extend Caddy by writing addons - browse: Sort by clicking column heading or using query string - core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0 - errors: Missing error page during parse time is warning, not error - ext: Extension only appended if request path does not end in / - fastcgi: Fix for backend responding without status text - fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875) - git: Removed from core (available as add-on) - gzip: Enable by file path and/or extension - gzip: Customize compression level - log: Fix for missing status in log entry when error unhandled - proxy: Strip prefix from path for proxy to path - redir: Meta tag redirects - templates: Support for nested includes - Internal improvements and more tests 0.7.1 (June 2, 2015) - basicauth: Patched timing vulnerability - proxy: Support for WebSocket backends - tls: Client authentication 0.7 (May 25, 2015) - New directive 'internal' to protect resources with X-Accel-Redirect - New -version flag to show program name and version - core: Fixed escaped backslash characters inside quoted strings - core: Fixed parsing Caddyfile for IPv6 addresses missing ports - core: A notice is shown when non-local address resolves to loopback interface - core: Warns if file descriptor limit is too low for production site (Mac/Linux) - fastcgi: Support for Unix sockets - git: Fixed issue that prevented pulling at designated interval - header: Remove a header field by prefixing field name with "-" - markdown: Simple static site generation - markdown: Support for metadata ("front matter") at beginning of files - rewrite: Experimental support for regular expressions - tls: Customize cipher suites and protocols - tls: Removed RC4 ciphers - Other internal improvements that are not user-facing (more tests, etc.) 0.6 (May 7, 2015) - New directive 'git' to automatically pull changes - New directive 'bind' to override host server binds to - New -root flag to specify root path to default site - Ability to receive config data piped through stdin - core: Warning if root directory doesn't exist at startup - core: Entire process dies if any server fails to start - gzip: Fixed Content-Length value when proxying requests - errors: Error log now includes file and line number of panics - fastcgi: Pass custom environment variables - fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods - fastcgi: Fixed SERVER_SOFTWARE variables - markdown: Support for index files when URL points to a directory - proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies - proxy: Add custom headers - startup/shutdown: Run command in background with '&' at end - templates: Added .tpl and .tmpl as default extensions - templates: Support for index files when URL points to a directory - templates: Changed .RemoteAddr to .IP and stripped out remote port - tls: TLS disabled (with warning) for servers that are explicitly http:// - websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables - Many internal improvements 0.5.1 (April 30, 2015) - Default host is now 0.0.0.0 (wildcard) - New -host and -port flags to override default host and port - core: Support for binding to 0.0.0.0 - core: Graceful error handling during heavy load; proper error responses - errors: Fixed file path handling - errors: Fixed panic due to nil log file - fastcgi: Support for index files - fastcgi: Fix for handling errors that come from responder 0.5 (April 28, 2015) - Initial release