mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-29 12:16:16 +08:00
466 lines
20 KiB
Plaintext
466 lines
20 KiB
Plaintext
CHANGES
|
|
|
|
0.10.11 (February 20, 2018)
|
|
- Built with Go 1.10
|
|
- Reusable snippets for the Caddyfile
|
|
- Updated QUIC
|
|
- Auto-HTTPS certificates may be shared by multiple instances
|
|
- Expand globbed values in -conf flag
|
|
- Swap behavior of SIGTERM and SIGQUIT; ignore SIGHUP
|
|
- 9 new DNS provider plugins for the ACME DNS challenge
|
|
- New placeholder for {<Response-Header} values
|
|
- basicauth: Username put in {user} placeholder
|
|
- fastcgi: GET requests can now send a body
|
|
- proxy: Service discovery with DNS SRV load balancing
|
|
- request_id: Allow reusing request ID from header field
|
|
- tls: Improved efficiency of many certificates and reloads
|
|
- tls: Raise error if conflicting TLS configurations collide
|
|
- tls: Raise TLS alert if SNI used and no cert matched
|
|
- tls: Reject OCSP responses that expire after the certificate
|
|
- tls: Clients can use SNI to request a specific certificate
|
|
- tls: Add option for backend to approve on-demand certificate
|
|
- tls: Synchronize maintenance of shared, managed certificates
|
|
- Numerous fabulous bug fixes
|
|
|
|
|
|
0.10.10 (October 9, 2017)
|
|
- Built with Go 1.9.1
|
|
- Removed Caddy-Sponsors header
|
|
- New 'on' directive that deprecates 'startup' and 'shutdown'
|
|
- Changed CASE_SENSITIVE_PATH default to false
|
|
- fastcgi: Support for SRV upstreams
|
|
- redir: Rules with if statements are not checked for duplicates
|
|
- Several minor bug fixes
|
|
|
|
|
|
0.10.9 (September 12, 2017)
|
|
- EULA bundled with official binaries
|
|
- Caddy-Sponsors header to indicate personal-use license
|
|
- proxy: Support for QUIC backends
|
|
- templates: Write proper status code if proxied
|
|
- tls: Fix bug related to cert renewals
|
|
|
|
|
|
0.10.8 (September 8, 2017)
|
|
- NACL compilation support
|
|
- Merge multiple consecutive slashes when comparing paths
|
|
- A few other bug fixes
|
|
|
|
|
|
0.10.7 (August 25, 2017)
|
|
- Built with Go 1.9
|
|
- New 3rd-party plugin directives: jekyll, awses, forwardproxy
|
|
- Different exit codes
|
|
- Plan 9 support
|
|
- Graceful binary upgrades with SIGUSR2
|
|
- internal: Support X-Accel-Redir without paths to protect
|
|
- templates: Can execute templates loaded by other middleware
|
|
- A few really good bug fixes
|
|
|
|
|
|
0.10.6 (July 28, 2017)
|
|
- fastcgi: Fix runtime error for 32-bit and ARM architectures
|
|
|
|
|
|
0.10.5 (July 27, 2017)
|
|
- Renamed requestid directive to request_id
|
|
- Set default idle timeout of 5 minutes
|
|
- New 3rd-party plugin directives: cache, nobots, webdav
|
|
- New Unix timestamp placeholder {when_unix}
|
|
- Improved MITM detection on iOS clients
|
|
- errors, log: Fix log rolling parsing
|
|
- gzip: Convert any ETag header to weak etag
|
|
- fastcgi: Reverted persistent connections (issue #1736)
|
|
- proxy: Added header loaded balancing policy
|
|
- proxy: Fix hang on chunked WebSockets (e.g. with HomeAssistant)
|
|
- Several other bug fixes and minor internal improvements
|
|
|
|
|
|
0.10.4 (June 28, 2017)
|
|
- Vendor all dependencies
|
|
- Improve MITM detection, add experimental Tor browser support
|
|
- New requestid directive to add request IDs to each request
|
|
- New HTTP plugins supported: authz, grpc, gopkg, reauth, restic
|
|
- browse: Refreshed default UI and added symlink indicators
|
|
- errors, log: Added rotate_compress directive to compress rolled logs
|
|
- markdown: Template files loaded at each request instead of just once
|
|
- proxy: Allow multiple Server header fields on downstream response
|
|
- proxy: Perform health checks by body substring
|
|
- rewrite,redir: Added 'not_starts_with' and 'not_ends_with' operators
|
|
- tls: New ca subdirective to specify CA endpoint per-site
|
|
- Several bug fixes
|
|
|
|
|
|
0.10.3 (May 19, 2017)
|
|
- Replace 'maxrequestbody' directive with 'limits' directive
|
|
- proxy: Configurable port for health check
|
|
- proxy: New load balance policy: uri_hash
|
|
- templates: Renamed .Push context action to .AddLink
|
|
- tls: Allow narrower certificate renewal window at startup (#1680)
|
|
- tls: Prefer ChaCha20 if hardware does not have AES-NI
|
|
|
|
|
|
0.10.2 (May 2, 2017)
|
|
- Hot fix for rule paths of "/" so that they match every request
|
|
- fastcgi: Match request paths that don't start with "/" even if rule does
|
|
|
|
|
|
0.10.1 (May 1, 2017)
|
|
- Reduced memory usage for gzip, templates, and MITM detection
|
|
- Fixed automatic HTTP->HTTPS redirects for sites with wildcard labels
|
|
- proxy: Fix 'without' subdirective
|
|
- A few other minor bug fixes and improvements
|
|
|
|
|
|
0.10 (April 20, 2017)
|
|
- Built on Go 1.8.1
|
|
- HTTPS interception detection
|
|
- Updated QUIC
|
|
- SIGUSR1 (reload) now works with QUIC servers
|
|
- New 'push' directive for HTTP/2 server push
|
|
- New 'index' directive to change the names of index files
|
|
- New -http-port and -https-port flags to change protocol ports
|
|
- New -disable-http-challenge and -disable-tls-sni-challenge flags
|
|
- New event hook plugin type
|
|
- New listener middleware plugin type
|
|
- New placeholders for cookie, query, and rewritten URI values
|
|
- basicauth: Ability to customize realm
|
|
- browse: Default template now sorts by name with directories first
|
|
- errors, log: Roll all logs by default
|
|
- errors, log: Ability to write to remote syslog
|
|
- errors, log: Standardized, simplified directive syntax
|
|
- log: Patched common log format by adding missing "-"
|
|
- proxy: New 'max_conns' setting to limit connections to upstreams
|
|
- proxy: New 'first' load balancing policy for first available host
|
|
- proxy: Health checks respect Host and insecure_skip_verify settings
|
|
- templates: New .RandomString action to add random padding to page
|
|
- timeouts: Disabled default HTTP timeouts
|
|
- tls: Settings now apply per-site rather than for entire listener
|
|
- tls: New 'alpn' setting to disable either HTTP/2 or HTTP/1.1 on per-site basis
|
|
- tls: Added curve X25519
|
|
- tls: Added ChaCha20-Poly1305 cipher suites
|
|
- tls: Renamed muststaple to must_staple
|
|
- tls: Setting max_certs obtains certs during handshakes for all hostnames
|
|
- Dozens of miscellaneous bug fixes and improvements
|
|
- New website
|
|
- New build infrastructure
|
|
- New deployment system
|
|
|
|
|
|
0.9.5 (January 24, 2017)
|
|
- New -validate flag to only check a Caddyfile, then exit
|
|
- New {when_iso} placeholder for timestamp ISO 8601 in UTC
|
|
- New {rewrite_path} and {rewrite_path_escaped} placeholders
|
|
- New 'timeouts' directive to configure or disable HTTP timeouts
|
|
- HTTP-level timeouts enabled by default
|
|
- basicauth: Authorization header stripped upon successful login
|
|
- browse: Added textbox to filter listing in default template
|
|
- browse: Sanitize file names and links in default template
|
|
- browse: Ensure active Caddyfile is hidden regardless of cwd
|
|
- fastcgi: New 'root' property, mainly for use with containers
|
|
- markdown: Apply some front matter fields as <meta> tags
|
|
- proxy: Fixed HTTP/2 upstream to backend; honors -http CLI flag
|
|
- proxy: Fixed websockets over HTTPS
|
|
- proxy: Reduced memory usage and improved performance
|
|
- proxy: Added support for HTTP trailers
|
|
- tls: Fixed deadlock that affected some background renewals
|
|
- Several other smaller bugs squashed and improvements made
|
|
|
|
|
|
0.9.4 (December 21, 2016)
|
|
- Updated QUIC
|
|
- New maxrequestbody directive to limit size of request body
|
|
- New {latency_ms} placeholder for latency always in ms
|
|
- Serve statically compressed .gz and .br files
|
|
- fastcgi: Support for multiple backends with basic load balancing
|
|
- proxy: Fixed handling of encoded 'without' paths
|
|
- proxy: Preserve trailing slash if present in request
|
|
- proxy: Fix HTTP/2 upstreams
|
|
- templates: New .Files action to list files in a directory
|
|
- templates: .Include can now pass arguments to included file
|
|
- tls: Added ability to customize preferred curves
|
|
- tls: Added support for Must-Staple on managed certificates
|
|
- tls: Fixed subtle edge case bug with TLS-SNI challenge
|
|
- Lots of minor fixes and improvements
|
|
|
|
|
|
0.9.3 (September 28, 2016)
|
|
- Updated QUIC to newer version
|
|
- import: Glob pattern matching 0 files is no longer an error
|
|
- fastcgi: Fixed persistent connections (disabled by default)
|
|
- fastcgi: Configurable connection pool size parameter
|
|
- proxy: Improved failover load balancing logic
|
|
- proxy: Avoids duplicating header fields that would be confusing
|
|
- proxy: New try_duration and try_interval parameters
|
|
- proxy: Fix for IP hash policy when downed hosts come back up
|
|
- Several other bug fixes and new tests
|
|
|
|
|
|
0.9.2 (September 20, 2016)
|
|
- New -catimeout option to customize ACME CA HTTP timeout
|
|
- import: Fix nested import absolute/relative paths
|
|
- log: Fix multiple log outputs
|
|
- proxy: Fix for keepalive in certain cases
|
|
- tls: Fix for PreferServerCipherSuites
|
|
- Numerous other bug fixes and internal improvements
|
|
|
|
|
|
0.9.1 (August 17, 2016)
|
|
- New {request_body} placeholder to log request body
|
|
- {remote} placeholder no longer uses X-Forwarded-For header
|
|
- {latency} placeholder rounds to nice looking number
|
|
- Add support for ratelimit plugin
|
|
- basicauth: Declaring realm named "Restricted"
|
|
- errors: Define catch-all/default error page with * character
|
|
- header: More control to add, set, or remove headers
|
|
- proxy: New keepalive setting to help accommodate busy servers
|
|
- proxy: New load balancing policy ip_hash
|
|
- proxy: Fixed WebSocket connections
|
|
- proxy: Fixed broken header logic
|
|
- proxy: Reuse existing connection for Upgrade requests
|
|
- proxy: Support for basic auth from header or upstream address
|
|
- templates: New .Env action to access environment variables
|
|
- tls: OCSP staples persisted to disk
|
|
- tls: ACME challenges honor bind directive
|
|
- tls: Fix default protocol version (minimum TLS 1.1)
|
|
- tls: Consume challenge requests only for names Caddy is solving for
|
|
- tls: The protocol syntax allows just one value if desired
|
|
- tls: Scoped max_certs limit to site instead of global maximum
|
|
- Many other bug fixes and minor enhancements
|
|
|
|
|
|
0.9 (July 18, 2016)
|
|
- New core
|
|
- New experimental QUIC support with -quic flag (HTTPS only)
|
|
- New -type option to specify other server types
|
|
- Moved ~/.caddy/letsencrypt to ~/.caddy/acme and reorganized assets
|
|
- Moved caddy package to top level folder, and pushed main to subfolder
|
|
- New {request} placeholder to dump entire request (without body)
|
|
- New {hostonly} placeholder for only hostname portion of host value
|
|
- Site addresses can have paths
|
|
- Site addresses can make some use of wildcards in domains
|
|
- Renamed -directives flag to -plugins
|
|
- Restarting no longer requires spawning a new process
|
|
- Removed -restart option
|
|
- fastcgi: Env variables now support placeholders
|
|
- import: Import paths now relative to Caddyfile, not current working dir
|
|
- markdown: Overhauled; removed site generation features
|
|
- proxy: More control of headers; deprecating proxy_header subdirective
|
|
- proxy: Specify multiple upstreams with optional port ranges
|
|
- proxy: New preset 'transparent' to simplify common pass-thru headers
|
|
- proxy: Chooses longest matching path; order declared is irrelevant
|
|
- redir: Added if and if_op subdirectives to make conditional redirects
|
|
- rewrite: Support for if_op to change how conditions are evaluated
|
|
- tls: Generate self-signed certificates in memory
|
|
- tls: Support for ACME DNS challenge with 10 providers
|
|
- tls: Support for TLS-SNI challenge during restarts
|
|
- Various bug fixes and enhancements
|
|
|
|
|
|
0.8.3 (April 26, 2016)
|
|
- Built with Go 1.6.2
|
|
- New pprof middleware for exposing process profiling endpoints
|
|
- New expvar middleware for exposing memory/GC performance
|
|
- New -restart option to force in-process restarts on Unix systems
|
|
- Only fail to start if managed certificate is expired (issue #642)
|
|
- Toggle case-sensitive path matching with environment variable
|
|
- File server now adds ETag header for static files
|
|
- browse: Replace .LinkedPath action with .BreadcrumbMap
|
|
- fastcgi: New except clause to exclude paths
|
|
- proxy: New max_conns setting to limit max connections per upstream
|
|
- proxy: New replaceable value for name of upstream host
|
|
- templates: New utility actions for dealing with strings
|
|
- tls: Customize certificate key with key_type (+ECC)
|
|
- tls: Session ticket keys are now rotated
|
|
- Many other minor internal improvements and bug fixes
|
|
|
|
|
|
0.8.2 (February 25, 2016)
|
|
- On-demand TLS can obtain certificates during handshakes
|
|
- Built with Go 1.6
|
|
- Process log (-log) is rotated when it gets large
|
|
- Managed certificates get renewed 30 days early instead of just 14
|
|
- fastcgi: Allow scheme prefix before address
|
|
- markdown: Support for definition lists
|
|
- proxy: Allow proxy to insecure HTTPS backends
|
|
- proxy: Support proxy to unix socket
|
|
- rewrite: Status code can be 2xx or 4xx
|
|
- templates: New .Markdown action to interpret included file as Markdown
|
|
- templates: .Truncate now truncates from end of string when length is negative
|
|
- tls: Set hard limit for certificates obtained with on-demand TLS
|
|
- tls: Load certificates from directory
|
|
- tls: Add SHA384 cipher suites
|
|
- Multiple bug fixes and internal changes
|
|
|
|
|
|
0.8.1 (January 12, 2016)
|
|
- Improved OCSP stapling
|
|
- Better graceful reload when new hosts need certificates from Let's Encrypt
|
|
- Current pidfile is now deleted when Caddy exits
|
|
- browse: New default template
|
|
- gzip: Added min_length setting
|
|
- import: Support for glob patterns (*) to import multiple files
|
|
- rewrite: New complex rules with conditions, regex captures, and status code
|
|
- tls: Removed DES ciphers from default cipher suite list
|
|
- tls: All supported certificates are OCSP-stapled
|
|
- tls: Allow custom configuration without specifying certificate and key
|
|
- tls: No longer allow HTTPS over port 80
|
|
- Dozens of bug fixes, improvements, and more tests across the board
|
|
|
|
|
|
0.8 (December 4, 2015)
|
|
- HTTPS by default via Let's Encrypt (certs & keys are fully managed)
|
|
- Graceful restarts (on POSIX-compliant systems)
|
|
- Major internal refactoring to allow use of Caddy as library
|
|
- New directive 'mime' to customize Content-Type based on file extension
|
|
- New -accept flag to accept Let's Encrypt SA without prompt
|
|
- New -email flag to customize default email used for ACME transactions
|
|
- New -ca flag to customize ACME CA server URL
|
|
- New -revoke flag to revoke a certificate
|
|
- New -log flag to enable process log
|
|
- New -pidfile flag to enable writing pidfile
|
|
- New -grace flag to customize the graceful shutdown timeout
|
|
- New support for SIGHUP, SIGTERM, and SIGQUIT signals
|
|
- browse: Render filenames with multiple whitespace properly
|
|
- core: Use environment variables in Caddyfile
|
|
- markdown: Include Last-Modified header in response
|
|
- markdown: Render tables, strikethrough, and fenced code blocks
|
|
- proxy: Ability to exclude/ignore paths from proxying
|
|
- startup, shutdown: Better Windows support
|
|
- templates: Bug fix for .Host when port is absent
|
|
- templates: Include Last-Modified header in response
|
|
- templates: Support for custom delimiters
|
|
- tls: For non-local hosts, default port is now 443 unless specified
|
|
- tls: Force-disable HTTPS
|
|
- tls: Specify Let's Encrypt email address
|
|
- Many, many more tests and numerous bug fixes and improvements
|
|
|
|
|
|
0.7.6 (September 28, 2015)
|
|
- Pass in simple Caddyfile as command line arguments
|
|
- basicauth: Support for legacy htpasswd files
|
|
- browse: JSON response with file listing
|
|
- core: Caddyfile as command line argument
|
|
- errors: Can write full stack trace to HTTP response for debugging
|
|
- errors, log: Roll log files after certain size or age
|
|
- proxy: Fix for 32-bit architectures
|
|
- rewrite: Better compatibility with fastcgi and PHP apps
|
|
- templates: Added .StripExt and .StripHTML methods
|
|
- Internal improvements and minor bug fixes
|
|
|
|
|
|
0.7.5 (August 5, 2015)
|
|
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
|
|
- fastcgi: Set HTTPS env variable if connection is secure
|
|
- log: Output to system log (except Windows)
|
|
- markdown: Added dev command to disable caching during development
|
|
- markdown: Fixed error reporting during initial site generation
|
|
- markdown: Fixed crash if path does not exist when server starts
|
|
- markdown: Fixed site generation and link indexing when files change
|
|
- templates: Added .NowDate for use in date-related functions
|
|
- Several bug fixes related to startup and shutdown functions
|
|
|
|
|
|
0.7.4 (July 30, 2015)
|
|
- browse: Sorting preference persisted in cookie
|
|
- browse: Added index.txt and default.txt to list of default files
|
|
- browse: Template files may now use Caddy template actions
|
|
- markdown: Template files may now use Caddy template actions
|
|
- markdown: Several bug fixes, especially for large and empty Markdown files
|
|
- markdown: Generate index pages to link to markdown pages (sitegen only)
|
|
- markdown: Flatten structure of front matter, changed template variables
|
|
- redir: Can use variables (placeholders) like log formats can
|
|
- redir: Catch-all redirects no longer preserve path; use {uri} instead
|
|
- redir: Syntax supports redirect tables by opening a block
|
|
- templates: Renamed .Date to .Now and added .Truncate, .Replace actions
|
|
- Other minor internal improvements and more tests
|
|
|
|
|
|
0.7.3 (July 15, 2015)
|
|
- errors: Error log now shows timestamp with each entry
|
|
- gzip: Fixed; Default filtering is by extension; removed MIME type filter
|
|
- import: Fixed; works inside and outside server blocks
|
|
- redir: Query string preserved on catch-all redirects
|
|
- templates: Proper 403 or 404 errors for restricted or missing files
|
|
|
|
|
|
0.7.2 (July 1, 2015)
|
|
- Custom builds through caddyserver.com - extend Caddy by writing addons
|
|
- browse: Sort by clicking column heading or using query string
|
|
- core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0
|
|
- errors: Missing error page during parse time is warning, not error
|
|
- ext: Extension only appended if request path does not end in /
|
|
- fastcgi: Fix for backend responding without status text
|
|
- fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875)
|
|
- git: Removed from core (available as add-on)
|
|
- gzip: Enable by file path and/or extension
|
|
- gzip: Customize compression level
|
|
- log: Fix for missing status in log entry when error unhandled
|
|
- proxy: Strip prefix from path for proxy to path
|
|
- redir: Meta tag redirects
|
|
- templates: Support for nested includes
|
|
- Internal improvements and more tests
|
|
|
|
|
|
0.7.1 (June 2, 2015)
|
|
- basicauth: Patched timing vulnerability
|
|
- proxy: Support for WebSocket backends
|
|
- tls: Client authentication
|
|
|
|
|
|
0.7 (May 25, 2015)
|
|
- New directive 'internal' to protect resources with X-Accel-Redirect
|
|
- New -version flag to show program name and version
|
|
- core: Fixed escaped backslash characters inside quoted strings
|
|
- core: Fixed parsing Caddyfile for IPv6 addresses missing ports
|
|
- core: A notice is shown when non-local address resolves to loopback interface
|
|
- core: Warns if file descriptor limit is too low for production site (Mac/Linux)
|
|
- fastcgi: Support for Unix sockets
|
|
- git: Fixed issue that prevented pulling at designated interval
|
|
- header: Remove a header field by prefixing field name with "-"
|
|
- markdown: Simple static site generation
|
|
- markdown: Support for metadata ("front matter") at beginning of files
|
|
- rewrite: Experimental support for regular expressions
|
|
- tls: Customize cipher suites and protocols
|
|
- tls: Removed RC4 ciphers
|
|
- Other internal improvements that are not user-facing (more tests, etc.)
|
|
|
|
|
|
0.6 (May 7, 2015)
|
|
- New directive 'git' to automatically pull changes
|
|
- New directive 'bind' to override host server binds to
|
|
- New -root flag to specify root path to default site
|
|
- Ability to receive config data piped through stdin
|
|
- core: Warning if root directory doesn't exist at startup
|
|
- core: Entire process dies if any server fails to start
|
|
- gzip: Fixed Content-Length value when proxying requests
|
|
- errors: Error log now includes file and line number of panics
|
|
- fastcgi: Pass custom environment variables
|
|
- fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods
|
|
- fastcgi: Fixed SERVER_SOFTWARE variables
|
|
- markdown: Support for index files when URL points to a directory
|
|
- proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies
|
|
- proxy: Add custom headers
|
|
- startup/shutdown: Run command in background with '&' at end
|
|
- templates: Added .tpl and .tmpl as default extensions
|
|
- templates: Support for index files when URL points to a directory
|
|
- templates: Changed .RemoteAddr to .IP and stripped out remote port
|
|
- tls: TLS disabled (with warning) for servers that are explicitly http://
|
|
- websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables
|
|
- Many internal improvements
|
|
|
|
|
|
0.5.1 (April 30, 2015)
|
|
- Default host is now 0.0.0.0 (wildcard)
|
|
- New -host and -port flags to override default host and port
|
|
- core: Support for binding to 0.0.0.0
|
|
- core: Graceful error handling during heavy load; proper error responses
|
|
- errors: Fixed file path handling
|
|
- errors: Fixed panic due to nil log file
|
|
- fastcgi: Support for index files
|
|
- fastcgi: Fix for handling errors that come from responder
|
|
|
|
|
|
0.5 (April 28, 2015)
|
|
- Initial release
|