Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Go to file
Matthew Holt fbd6560976
fileserver: Only redirect if filename not rewritten (fix #4205)
This is the more correct implementation of  23dadc0d86 (#4179)... I think. This commit effectively undoes the revert in 8848df9c5d, but with corrections to the logic.

We *do* need to use the original request path (the path the browser knows) for redirects, since they are external, and rewrites are only internal.

However, if the path was rewritten to a non-canonical path, we should not redirect to canonicalize that, since rewrites are intentional by the site owner. Canonicalizing the path involves modifying only the suffix (base element, or filename) of the path. Thus, if a rewrite involves only the prefix (like how handle_path strips a path prefix), then we can (hopefully!) safely redirect using the original URI since the filename was not rewritten.

So basically, if rewrites modify the filename, we should not canonicalize those requests. If rewrites only modify another part of the path (commonly a prefix), we should be OK to redirect.
2021-06-17 09:55:49 -06:00
.github Expand and clarify security policy 2021-06-14 14:00:43 -06:00
caddyconfig httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198) 2021-06-09 14:35:09 -06:00
caddytest reverseproxy: Adjust test related to #4201 2021-06-15 15:02:22 -06:00
cmd cmd: upgrade: inherit the permissions of the original executable (#4160) 2021-05-11 16:11:27 -06:00
modules fileserver: Only redirect if filename not rewritten (fix #4205) 2021-06-17 09:55:49 -06:00
notify notify: Send all sd_notify signals from main caddy process (#4060) 2021-04-05 14:01:20 -06:00
.gitignore .gitignore: add IDE files (#4087) 2021-03-29 10:54:38 -06:00
.golangci.yml ci: Use golangci's github action for linting (#3794) 2020-11-22 14:50:29 -07:00
.goreleaser.yml Update .goreleaser.yml 2021-05-24 16:21:53 -06:00
admin_test.go admin: POST /... expands and appends all array elements 2019-12-17 10:11:45 -07:00
admin.go admin: Replace admin cert cache when reloading (fix #4184) 2021-06-05 11:47:44 -06:00
AUTHORS Add authors file 2019-06-30 16:06:24 -06:00
caddy_test.go core: Add support for d duration unit (#3323) 2020-05-11 16:41:11 -06:00
caddy.go notify: Send all sd_notify signals from main caddy process (#4060) 2021-04-05 14:01:20 -06:00
context_test.go core: Add godoc examples for LoadModule 2019-12-10 14:06:35 -07:00
context.go caddytls: Implement remote IP connection matcher (#4123) 2021-04-30 10:14:52 -06:00
duration_fuzz.go ci: fuzz: add 4 more fuzzing targets (#4105) 2021-04-08 11:45:19 -06:00
go.mod go.mod: Use CertMagic v0.14.0 (fix #4191) 2021-06-12 14:44:32 -06:00
go.sum go.mod: Use CertMagic v0.14.0 (fix #4191) 2021-06-12 14:44:32 -06:00
LICENSE Add license 2019-06-30 16:07:58 -06:00
listeners_fuzz.go ci: fuzz: switch engine from libfuzzer to native go-fuzz (#3194) 2020-03-26 18:20:34 -06:00
listeners_test.go admin: Always enforce Host header checks 2020-04-10 17:31:38 -06:00
listeners.go caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998) 2021-02-16 14:05:31 -07:00
logging.go go.mod: Migrate to golang.org/x/term (#4073) 2021-03-29 12:39:08 -06:00
metrics.go metrics: use buildinfo collector from new collectors pkg (#4187) 2021-06-04 00:19:16 -04:00
modules_test.go Couple of minor fixes, update readme 2019-12-31 22:51:55 -07:00
modules.go doc: Improve comment 2020-04-17 12:03:57 -06:00
README.md Update docs; commit setcap.sh 2021-02-24 11:55:56 -07:00
replacer_fuzz.go ci: fuzz: switch engine from libfuzzer to native go-fuzz (#3194) 2020-03-26 18:20:34 -06:00
replacer_test.go Keep type information with placeholders until replacements happen 2020-03-30 11:49:53 -06:00
replacer.go caddyfile: Fix import replacing unrelated placeholders (#4129) 2021-04-22 18:29:04 -06:00
sigtrap_nonposix.go Standardize exit codes and improve shutdown handling; update gitignore 2019-07-12 10:07:11 -06:00
sigtrap_posix.go sigtrap_posix: add missing comma to SIGTERM info (#4078) 2021-03-29 11:04:22 -06:00
sigtrap.go admin: Identity management, remote admin, config loaders (#3994) 2021-01-27 16:16:04 -07:00
storage.go pki: Add trust subcommand to install root cert (closes #3204) 2020-03-31 17:56:36 -06:00
usagepool.go Minor cleanups 2019-11-15 12:47:38 -07:00

Caddy

a project


Every site on HTTPS

Caddy is an extensible server platform that uses TLS by default.


@caddyserver on Twitter Caddy Forum
Caddy on Sourcegraph Cloudsmith

Releases · Documentation · Get Help

Menu

Powered by
CertMagic

Features

  • Easy configuration with the Caddyfile
  • Powerful configuration with its native JSON config
  • Dynamic configuration with the JSON API
  • Config adapters if you don't like JSON
  • Automatic HTTPS by default
    • ZeroSSL and Let's Encrypt for public names
    • Fully-managed local CA for internal names & IPs
    • Can coordinate with other Caddy instances in a cluster
    • Multi-issuer fallback
  • Stays up when other servers go down due to TLS/OCSP/certificate-related issues
  • Production-ready after serving trillions of requests and managing millions of TLS certificates
  • Scales to tens of thousands of sites ... and probably more
  • HTTP/1.1, HTTP/2, and experimental HTTP/3 support
  • Highly extensible modular architecture lets Caddy do anything without bloat
  • Runs anywhere with no external dependencies (not even libc)
  • Written in Go, a language with higher memory safety guarantees than other servers
  • Actually fun to use
  • So, so much more to discover

Install

The simplest, cross-platform way is to download from GitHub Releases and place the executable file in your PATH.

For other install options, see https://caddyserver.com/docs/install.

Build from source

Requirements:

For development

Note: These steps will not embed proper version information. For that, please follow the instructions in the next section.

$ git clone "https://github.com/caddyserver/caddy.git"
$ cd caddy/cmd/caddy/
$ go build

When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges for this, you will need to give your new binary permission to do so. On Linux, this can be done easily with: sudo setcap cap_net_bind_service=+ep ./caddy

If you prefer to use go run which only creates temporary binaries, you can still do this with the included setcap.sh like so:

$ go run -exec ./setcap.sh main.go

If you don't want to type your password for setcap, use sudo visudo to edit your sudoers file and allow your user account to run that command without a password, for example:

username ALL=(ALL:ALL) NOPASSWD: /usr/sbin/setcap

replacing username with your actual username. Please be careful and only do this if you know what you are doing! We are only qualified to document how to use Caddy, not Go tooling or your computer, and we are providing these instructions for convenience only; please learn how to use your own computer at your own risk and make any needful adjustments.

With version information and/or plugins

Using our builder tool, xcaddy...

$ xcaddy build

...the following steps are automated:

  1. Create a new folder: mkdir caddy
  2. Change into it: cd caddy
  3. Copy Caddy's main.go into the empty folder. Add imports for any custom plugins you want to add.
  4. Initialize a Go module: go mod init caddy
  5. (Optional) Pin Caddy version: go get github.com/caddyserver/caddy/v2@version replacing version with a git tag, commit, or branch name.
  6. (Optional) Add plugins by adding their import: _ "import/path/here"
  7. Compile: go build

Quick start

The Caddy website has documentation that includes tutorials, quick-start guides, reference, and more.

We recommend that all users -- regardless of experience level -- do our Getting Started guide to become familiar with using Caddy.

If you've only got a minute, the website has several quick-start tutorials to choose from! However, after finishing a quick-start tutorial, please read more documentation to understand how the software works. 🙂

Overview

Caddy is most often used as an HTTPS server, but it is suitable for any long-running Go program. First and foremost, it is a platform to run Go applications. Caddy "apps" are just Go programs that are implemented as Caddy modules. Two apps -- tls and http -- ship standard with Caddy.

Caddy apps instantly benefit from automated documentation, graceful on-line config changes via API, and unification with other Caddy apps.

Although JSON is Caddy's native config language, Caddy can accept input from config adapters which can essentially convert any config format of your choice into JSON: Caddyfile, JSON 5, YAML, TOML, NGINX config, and more.

The primary way to configure Caddy is through its API, but if you prefer config files, the command-line interface supports those too.

Caddy exposes an unprecedented level of control compared to any web server in existence. In Caddy, you are usually setting the actual values of the initialized types in memory that power everything from your HTTP handlers and TLS handshakes to your storage medium. Caddy is also ridiculously extensible, with a powerful plugin system that makes vast improvements over other web servers.

To wield the power of this design, you need to know how the config document is structured. Please see our documentation site for details about Caddy's config structure.

Nearly all of Caddy's configuration is contained in a single config document, rather than being scattered across CLI flags and env variables and a configuration file as with other web servers. This makes managing your server config more straightforward and reduces hidden variables/factors.

Full documentation

Our website has complete documentation:

https://caddyserver.com/docs/

The docs are also open source. You can contribute to them here: https://github.com/caddyserver/website

Getting help

  • We strongly recommend that all professionals or companies using Caddy get a support contract through Ardan Labs before help is needed.

  • A sponsorship goes a long way! If Caddy is benefitting your company, please consider a sponsorship! This not only helps fund full-time work to ensure the longevity of the project, it's also a great look for your company to your customers and potential customers!

  • Individuals can exchange help for free on our community forum at https://caddy.community. Remember that people give help out of their spare time and good will. The best way to get help is to give it first!

Please use our issue tracker only for bug reports and feature requests, i.e. actionable development items (support questions will usually be referred to the forums).

About

The name "Caddy" is trademarked. The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of Stack Holdings GmbH.

Caddy is a project of ZeroSSL, a Stack Holdings company.

Debian package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.