mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-26 05:33:49 +03:00
Merge branch 'master' into interface-network-type
This commit is contained in:
commit
abdeadfdf4
108 changed files with 3614 additions and 1368 deletions
51
.github/workflows/ci.yml
vendored
51
.github/workflows/ci.yml
vendored
|
@ -23,18 +23,18 @@ jobs:
|
|||
- mac
|
||||
- windows
|
||||
go:
|
||||
- '1.21'
|
||||
- '1.22'
|
||||
- '1.23'
|
||||
|
||||
include:
|
||||
# Set the minimum Go patch version for the given Go minor
|
||||
# Usable via ${{ matrix.GO_SEMVER }}
|
||||
- go: '1.21'
|
||||
GO_SEMVER: '~1.21.0'
|
||||
|
||||
- go: '1.22'
|
||||
GO_SEMVER: '~1.22.3'
|
||||
|
||||
- go: '1.23'
|
||||
GO_SEMVER: '~1.23.0'
|
||||
|
||||
# Set some variables per OS, usable via ${{ matrix.VAR }}
|
||||
# OS_LABEL: the VM label from GitHub Actions (see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories)
|
||||
# CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing
|
||||
|
@ -156,13 +156,35 @@ jobs:
|
|||
# short sha is enough?
|
||||
short_sha=$(git rev-parse --short HEAD)
|
||||
|
||||
# To shorten the following lines
|
||||
ssh_opts="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
||||
ssh_host="$CI_USER@ci-s390x.caddyserver.com"
|
||||
|
||||
# The environment is fresh, so there's no point in keeping accepting and adding the key.
|
||||
rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . "$CI_USER"@ci-s390x.caddyserver.com:/var/tmp/"$short_sha"
|
||||
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t "$CI_USER"@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; go version; go env; printf "\n\n";CGO_ENABLED=0 go test -p 1 -tags nobadger -v ./..."
|
||||
rsync -arz -e "ssh $ssh_opts" --progress --delete --exclude '.git' . "$ssh_host":/var/tmp/"$short_sha"
|
||||
ssh $ssh_opts -t "$ssh_host" bash <<EOF
|
||||
cd /var/tmp/$short_sha
|
||||
go version
|
||||
go env
|
||||
printf "\n\n"
|
||||
retries=3
|
||||
exit_code=0
|
||||
while ((retries > 0)); do
|
||||
CGO_ENABLED=0 go test -p 1 -tags nobadger -v ./...
|
||||
exit_code=$?
|
||||
if ((exit_code == 0)); then
|
||||
break
|
||||
fi
|
||||
echo "\n\nTest failed: \$exit_code, retrying..."
|
||||
((retries--))
|
||||
done
|
||||
echo "Remote exit code: \$exit_code"
|
||||
exit \$exit_code
|
||||
EOF
|
||||
test_result=$?
|
||||
|
||||
# There's no need leaving the files around
|
||||
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$CI_USER"@ci-s390x.caddyserver.com "rm -rf /var/tmp/'$short_sha'"
|
||||
ssh $ssh_opts "$ssh_host" "rm -rf /var/tmp/'$short_sha'"
|
||||
|
||||
echo "Test exit code: $test_result"
|
||||
exit $test_result
|
||||
|
@ -180,3 +202,18 @@ jobs:
|
|||
with:
|
||||
version: latest
|
||||
args: check
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: "~1.23"
|
||||
check-latest: true
|
||||
- name: Install xcaddy
|
||||
run: |
|
||||
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
|
||||
xcaddy version
|
||||
- uses: goreleaser/goreleaser-action@v6
|
||||
with:
|
||||
version: latest
|
||||
args: build --single-target --snapshot
|
||||
env:
|
||||
TAG: "master"
|
||||
|
|
4
.github/workflows/cross-build.yml
vendored
4
.github/workflows/cross-build.yml
vendored
|
@ -28,6 +28,7 @@ jobs:
|
|||
- 'netbsd'
|
||||
go:
|
||||
- '1.22'
|
||||
- '1.23'
|
||||
|
||||
include:
|
||||
# Set the minimum Go patch version for the given Go minor
|
||||
|
@ -35,6 +36,9 @@ jobs:
|
|||
- go: '1.22'
|
||||
GO_SEMVER: '~1.22.3'
|
||||
|
||||
- go: '1.23'
|
||||
GO_SEMVER: '~1.23.0'
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
steps:
|
||||
|
|
6
.github/workflows/lint.yml
vendored
6
.github/workflows/lint.yml
vendored
|
@ -43,13 +43,13 @@ jobs:
|
|||
- uses: actions/checkout@v4
|
||||
- uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: '~1.22.3'
|
||||
go-version: '~1.23'
|
||||
check-latest: true
|
||||
|
||||
- name: golangci-lint
|
||||
uses: golangci/golangci-lint-action@v6
|
||||
with:
|
||||
version: v1.55
|
||||
version: latest
|
||||
|
||||
# Windows times out frequently after about 5m50s if we don't set a longer timeout.
|
||||
args: --timeout 10m
|
||||
|
@ -63,5 +63,5 @@ jobs:
|
|||
- name: govulncheck
|
||||
uses: golang/govulncheck-action@v1
|
||||
with:
|
||||
go-version-input: '~1.22.3'
|
||||
go-version-input: '~1.23.0'
|
||||
check-latest: true
|
||||
|
|
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
@ -13,13 +13,13 @@ jobs:
|
|||
os:
|
||||
- ubuntu-latest
|
||||
go:
|
||||
- '1.22'
|
||||
- '1.23'
|
||||
|
||||
include:
|
||||
# Set the minimum Go patch version for the given Go minor
|
||||
# Usable via ${{ matrix.GO_SEMVER }}
|
||||
- go: '1.22'
|
||||
GO_SEMVER: '~1.22.3'
|
||||
- go: '1.23'
|
||||
GO_SEMVER: '~1.23.0'
|
||||
|
||||
runs-on: ${{ matrix.os }}
|
||||
# https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233
|
||||
|
@ -104,6 +104,10 @@ jobs:
|
|||
uses: anchore/sbom-action/download-syft@main
|
||||
- name: Syft version
|
||||
run: syft version
|
||||
- name: Install xcaddy
|
||||
run: |
|
||||
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
|
||||
xcaddy version
|
||||
# GoReleaser will take care of publishing those artifacts into the release
|
||||
- name: Run GoReleaser
|
||||
uses: goreleaser/goreleaser-action@v6
|
||||
|
|
|
@ -35,7 +35,6 @@ linters:
|
|||
- errcheck
|
||||
- errname
|
||||
- exhaustive
|
||||
- exportloopref
|
||||
- gci
|
||||
- gofmt
|
||||
- goimports
|
||||
|
@ -145,6 +144,9 @@ output:
|
|||
|
||||
issues:
|
||||
exclude-rules:
|
||||
- text: 'G115' # TODO: Either we should fix the issues or nuke the linter if it's bad
|
||||
linters:
|
||||
- gosec
|
||||
# we aren't calling unknown URL
|
||||
- text: 'G107' # G107: Url provided to HTTP request as taint input
|
||||
linters:
|
||||
|
@ -169,6 +171,12 @@ issues:
|
|||
- path: modules/logging/filters.go
|
||||
linters:
|
||||
- dupl
|
||||
- path: modules/caddyhttp/matchers.go
|
||||
linters:
|
||||
- dupl
|
||||
- path: modules/caddyhttp/vars.go
|
||||
linters:
|
||||
- dupl
|
||||
- path: _test\.go
|
||||
linters:
|
||||
- errcheck
|
||||
|
|
|
@ -12,6 +12,9 @@ before:
|
|||
- mkdir -p caddy-build
|
||||
- cp cmd/caddy/main.go caddy-build/main.go
|
||||
- /bin/sh -c 'cd ./caddy-build && go mod init caddy'
|
||||
# prepare syso files for windows embedding
|
||||
- /bin/sh -c 'for a in amd64 arm arm64; do XCADDY_SKIP_BUILD=1 GOOS=windows GOARCH=$a xcaddy build {{.Env.TAG}}; done'
|
||||
- /bin/sh -c 'mv /tmp/buildenv_*/*.syso caddy-build'
|
||||
# GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env
|
||||
# so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate
|
||||
- go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod
|
||||
|
@ -31,7 +34,6 @@ builds:
|
|||
- env:
|
||||
- CGO_ENABLED=0
|
||||
- GO111MODULE=on
|
||||
main: main.go
|
||||
dir: ./caddy-build
|
||||
binary: caddy
|
||||
goos:
|
||||
|
|
|
@ -87,7 +87,7 @@ See [our online documentation](https://caddyserver.com/docs/install) for other i
|
|||
|
||||
Requirements:
|
||||
|
||||
- [Go 1.21 or newer](https://golang.org/dl/)
|
||||
- [Go 1.22.3 or newer](https://golang.org/dl/)
|
||||
|
||||
### For development
|
||||
|
||||
|
|
34
admin.go
34
admin.go
|
@ -34,6 +34,7 @@ import (
|
|||
"os"
|
||||
"path"
|
||||
"regexp"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
|
@ -213,7 +214,7 @@ type AdminPermissions struct {
|
|||
|
||||
// newAdminHandler reads admin's config and returns an http.Handler suitable
|
||||
// for use in an admin endpoint server, which will be listening on listenAddr.
|
||||
func (admin *AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) adminHandler {
|
||||
func (admin *AdminConfig) newAdminHandler(addr NetworkAddress, remote bool, ctx Context) adminHandler {
|
||||
muxWrap := adminHandler{mux: http.NewServeMux()}
|
||||
|
||||
// secure the local or remote endpoint respectively
|
||||
|
@ -269,7 +270,6 @@ func (admin *AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) admi
|
|||
// register third-party module endpoints
|
||||
for _, m := range GetModules("admin.api") {
|
||||
router := m.New().(AdminRouter)
|
||||
handlerLabel := m.ID.Name()
|
||||
for _, route := range router.Routes() {
|
||||
addRoute(route.Pattern, handlerLabel, route.Handler)
|
||||
}
|
||||
|
@ -312,7 +312,7 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []*url.URL {
|
|||
}
|
||||
if admin.Origins == nil {
|
||||
if addr.isLoopback() {
|
||||
if addr.IsUnixNetwork() {
|
||||
if addr.IsUnixNetwork() || addr.IsFdNetwork() {
|
||||
// RFC 2616, Section 14.26:
|
||||
// "A client MUST include a Host header field in all HTTP/1.1 request
|
||||
// messages. If the requested URI does not include an Internet host
|
||||
|
@ -350,7 +350,7 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []*url.URL {
|
|||
uniqueOrigins[net.JoinHostPort("127.0.0.1", addr.port())] = struct{}{}
|
||||
}
|
||||
}
|
||||
if !addr.IsUnixNetwork() {
|
||||
if !addr.IsUnixNetwork() && !addr.IsFdNetwork() {
|
||||
uniqueOrigins[addr.JoinHostPort(0)] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
@ -381,7 +381,9 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []*url.URL {
|
|||
// for the admin endpoint exists in cfg, a default one is used, so
|
||||
// that there is always an admin server (unless it is explicitly
|
||||
// configured to be disabled).
|
||||
func replaceLocalAdminServer(cfg *Config) error {
|
||||
// Critically note that some elements and functionality of the context
|
||||
// may not be ready, e.g. storage. Tread carefully.
|
||||
func replaceLocalAdminServer(cfg *Config, ctx Context) error {
|
||||
// always* be sure to close down the old admin endpoint
|
||||
// as gracefully as possible, even if the new one is
|
||||
// disabled -- careful to use reference to the current
|
||||
|
@ -423,7 +425,7 @@ func replaceLocalAdminServer(cfg *Config) error {
|
|||
return err
|
||||
}
|
||||
|
||||
handler := cfg.Admin.newAdminHandler(addr, false)
|
||||
handler := cfg.Admin.newAdminHandler(addr, false, ctx)
|
||||
|
||||
ln, err := addr.Listen(context.TODO(), 0, net.ListenConfig{})
|
||||
if err != nil {
|
||||
|
@ -544,7 +546,7 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error {
|
|||
|
||||
// make the HTTP handler but disable Host/Origin enforcement
|
||||
// because we are using TLS authentication instead
|
||||
handler := cfg.Admin.newAdminHandler(addr, true)
|
||||
handler := cfg.Admin.newAdminHandler(addr, true, ctx)
|
||||
|
||||
// create client certificate pool for TLS mutual auth, and extract public keys
|
||||
// so that we can enforce access controls at the application layer
|
||||
|
@ -675,13 +677,7 @@ func (remote RemoteAdmin) enforceAccessControls(r *http.Request) error {
|
|||
// key recognized; make sure its HTTP request is permitted
|
||||
for _, accessPerm := range adminAccess.Permissions {
|
||||
// verify method
|
||||
methodFound := accessPerm.Methods == nil
|
||||
for _, method := range accessPerm.Methods {
|
||||
if method == r.Method {
|
||||
methodFound = true
|
||||
break
|
||||
}
|
||||
}
|
||||
methodFound := accessPerm.Methods == nil || slices.Contains(accessPerm.Methods, r.Method)
|
||||
if !methodFound {
|
||||
return APIError{
|
||||
HTTPStatus: http.StatusForbidden,
|
||||
|
@ -877,13 +873,9 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er
|
|||
// a trustworthy/expected value. This helps to mitigate DNS
|
||||
// rebinding attacks.
|
||||
func (h adminHandler) checkHost(r *http.Request) error {
|
||||
var allowed bool
|
||||
for _, allowedOrigin := range h.allowedOrigins {
|
||||
if r.Host == allowedOrigin.Host {
|
||||
allowed = true
|
||||
break
|
||||
}
|
||||
}
|
||||
allowed := slices.ContainsFunc(h.allowedOrigins, func(u *url.URL) bool {
|
||||
return r.Host == u.Host
|
||||
})
|
||||
if !allowed {
|
||||
return APIError{
|
||||
HTTPStatus: http.StatusForbidden,
|
||||
|
|
9
caddy.go
9
caddy.go
|
@ -399,6 +399,7 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error {
|
|||
func run(newCfg *Config, start bool) (Context, error) {
|
||||
ctx, err := provisionContext(newCfg, start)
|
||||
if err != nil {
|
||||
globalMetrics.configSuccess.Set(0)
|
||||
return ctx, err
|
||||
}
|
||||
|
||||
|
@ -410,6 +411,7 @@ func run(newCfg *Config, start bool) (Context, error) {
|
|||
// some of the other apps at runtime
|
||||
err = ctx.cfg.Admin.provisionAdminRouters(ctx)
|
||||
if err != nil {
|
||||
globalMetrics.configSuccess.Set(0)
|
||||
return ctx, err
|
||||
}
|
||||
|
||||
|
@ -435,9 +437,11 @@ func run(newCfg *Config, start bool) (Context, error) {
|
|||
return nil
|
||||
}()
|
||||
if err != nil {
|
||||
globalMetrics.configSuccess.Set(0)
|
||||
return ctx, err
|
||||
}
|
||||
|
||||
globalMetrics.configSuccess.Set(1)
|
||||
globalMetrics.configSuccessTime.SetToCurrentTime()
|
||||
// now that the user's config is running, finish setting up anything else,
|
||||
// such as remote admin endpoint, config loader, etc.
|
||||
return ctx, finishSettingUp(ctx, ctx.cfg)
|
||||
|
@ -471,6 +475,7 @@ func provisionContext(newCfg *Config, replaceAdminServer bool) (Context, error)
|
|||
ctx, cancel := NewContext(Context{Context: context.Background(), cfg: newCfg})
|
||||
defer func() {
|
||||
if err != nil {
|
||||
globalMetrics.configSuccess.Set(0)
|
||||
// if there were any errors during startup,
|
||||
// we should cancel the new context we created
|
||||
// since the associated config won't be used;
|
||||
|
@ -497,7 +502,7 @@ func provisionContext(newCfg *Config, replaceAdminServer bool) (Context, error)
|
|||
|
||||
// start the admin endpoint (and stop any prior one)
|
||||
if replaceAdminServer {
|
||||
err = replaceLocalAdminServer(newCfg)
|
||||
err = replaceLocalAdminServer(newCfg, ctx)
|
||||
if err != nil {
|
||||
return ctx, fmt.Errorf("starting caddy administration endpoint: %v", err)
|
||||
}
|
||||
|
|
|
@ -415,7 +415,7 @@ func (d *Dispenser) EOFErr() error {
|
|||
|
||||
// Err generates a custom parse-time error with a message of msg.
|
||||
func (d *Dispenser) Err(msg string) error {
|
||||
return d.Errf(msg)
|
||||
return d.WrapErr(errors.New(msg))
|
||||
}
|
||||
|
||||
// Errf is like Err, but for formatted error messages
|
||||
|
|
|
@ -16,6 +16,7 @@ package caddyfile
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"slices"
|
||||
)
|
||||
|
||||
type adjacency map[string][]string
|
||||
|
@ -91,12 +92,7 @@ func (i *importGraph) areConnected(from, to string) bool {
|
|||
if !ok {
|
||||
return false
|
||||
}
|
||||
for _, v := range al {
|
||||
if v == to {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.Contains(al, to)
|
||||
}
|
||||
|
||||
func (i *importGraph) willCycle(from, to string) bool {
|
||||
|
|
|
@ -264,9 +264,14 @@ func (p *parser) addresses() error {
|
|||
return p.Errf("Site addresses cannot contain a comma ',': '%s' - put a space after the comma to separate site addresses", value)
|
||||
}
|
||||
|
||||
// After the above, a comma surrounded by spaces would result
|
||||
// in an empty token which we should ignore
|
||||
if value != "" {
|
||||
// Add the token as a site address
|
||||
token.Text = value
|
||||
p.block.Keys = append(p.block.Keys, token)
|
||||
}
|
||||
}
|
||||
|
||||
// Advance token and possibly break out of loop or return error
|
||||
hasNext := p.Next()
|
||||
|
|
|
@ -555,6 +555,10 @@ func TestParseAll(t *testing.T) {
|
|||
{"localhost:1234", "http://host2"},
|
||||
}},
|
||||
|
||||
{`foo.example.com , example.com`, false, [][]string{
|
||||
{"foo.example.com", "example.com"},
|
||||
}},
|
||||
|
||||
{`localhost:1234, http://host2,`, true, [][]string{}},
|
||||
|
||||
{`http://host1.com, http://host2.com {
|
||||
|
@ -614,8 +618,8 @@ func TestParseAll(t *testing.T) {
|
|||
}
|
||||
for j, block := range blocks {
|
||||
if len(block.Keys) != len(test.keys[j]) {
|
||||
t.Errorf("Test %d: Expected %d keys in block %d, got %d",
|
||||
i, len(test.keys[j]), j, len(block.Keys))
|
||||
t.Errorf("Test %d: Expected %d keys in block %d, got %d: %v",
|
||||
i, len(test.keys[j]), j, len(block.Keys), block.Keys)
|
||||
continue
|
||||
}
|
||||
for k, addr := range block.GetKeysText() {
|
||||
|
|
|
@ -77,10 +77,15 @@ import (
|
|||
// repetition may be undesirable, so call consolidateAddrMappings() to map
|
||||
// multiple addresses to the same lists of server blocks (a many:many mapping).
|
||||
// (Doing this is essentially a map-reduce technique.)
|
||||
func (st *ServerType) mapAddressToServerBlocks(originalServerBlocks []serverBlock,
|
||||
func (st *ServerType) mapAddressToProtocolToServerBlocks(originalServerBlocks []serverBlock,
|
||||
options map[string]any,
|
||||
) (map[string][]serverBlock, error) {
|
||||
sbmap := make(map[string][]serverBlock)
|
||||
) (map[string]map[string][]serverBlock, error) {
|
||||
addrToProtocolToServerBlocks := map[string]map[string][]serverBlock{}
|
||||
|
||||
type keyWithParsedKey struct {
|
||||
key caddyfile.Token
|
||||
parsedKey Address
|
||||
}
|
||||
|
||||
for i, sblock := range originalServerBlocks {
|
||||
// within a server block, we need to map all the listener addresses
|
||||
|
@ -88,27 +93,48 @@ func (st *ServerType) mapAddressToServerBlocks(originalServerBlocks []serverBloc
|
|||
// will be served by them; this has the effect of treating each
|
||||
// key of a server block as its own, but without having to repeat its
|
||||
// contents in cases where multiple keys really can be served together
|
||||
addrToKeys := make(map[string][]caddyfile.Token)
|
||||
addrToProtocolToKeyWithParsedKeys := map[string]map[string][]keyWithParsedKey{}
|
||||
for j, key := range sblock.block.Keys {
|
||||
parsedKey, err := ParseAddress(key.Text)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing key: %v", err)
|
||||
}
|
||||
parsedKey = parsedKey.Normalize()
|
||||
|
||||
// a key can have multiple listener addresses if there are multiple
|
||||
// arguments to the 'bind' directive (although they will all have
|
||||
// the same port, since the port is defined by the key or is implicit
|
||||
// through automatic HTTPS)
|
||||
addrs, err := st.listenerAddrsForServerBlockKey(sblock, key.Text, options)
|
||||
listeners, err := st.listenersForServerBlockAddress(sblock, parsedKey, options)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("server block %d, key %d (%s): determining listener address: %v", i, j, key.Text, err)
|
||||
}
|
||||
|
||||
// associate this key with each listener address it is served on
|
||||
for _, addr := range addrs {
|
||||
addrToKeys[addr] = append(addrToKeys[addr], key)
|
||||
// associate this key with its protocols and each listener address served with them
|
||||
kwpk := keyWithParsedKey{key, parsedKey}
|
||||
for addr, protocols := range listeners {
|
||||
protocolToKeyWithParsedKeys, ok := addrToProtocolToKeyWithParsedKeys[addr]
|
||||
if !ok {
|
||||
protocolToKeyWithParsedKeys = map[string][]keyWithParsedKey{}
|
||||
addrToProtocolToKeyWithParsedKeys[addr] = protocolToKeyWithParsedKeys
|
||||
}
|
||||
|
||||
// an empty protocol indicates the default, a nil or empty value in the ListenProtocols array
|
||||
if len(protocols) == 0 {
|
||||
protocols[""] = struct{}{}
|
||||
}
|
||||
for prot := range protocols {
|
||||
protocolToKeyWithParsedKeys[prot] = append(
|
||||
protocolToKeyWithParsedKeys[prot],
|
||||
kwpk)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// make a slice of the map keys so we can iterate in sorted order
|
||||
addrs := make([]string, 0, len(addrToKeys))
|
||||
for k := range addrToKeys {
|
||||
addrs = append(addrs, k)
|
||||
addrs := make([]string, 0, len(addrToProtocolToKeyWithParsedKeys))
|
||||
for addr := range addrToProtocolToKeyWithParsedKeys {
|
||||
addrs = append(addrs, addr)
|
||||
}
|
||||
sort.Strings(addrs)
|
||||
|
||||
|
@ -118,85 +144,132 @@ func (st *ServerType) mapAddressToServerBlocks(originalServerBlocks []serverBloc
|
|||
// server block are only the ones which use the address; but
|
||||
// the contents (tokens) are of course the same
|
||||
for _, addr := range addrs {
|
||||
keys := addrToKeys[addr]
|
||||
// parse keys so that we only have to do it once
|
||||
parsedKeys := make([]Address, 0, len(keys))
|
||||
for _, key := range keys {
|
||||
addr, err := ParseAddress(key.Text)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing key '%s': %v", key.Text, err)
|
||||
protocolToKeyWithParsedKeys := addrToProtocolToKeyWithParsedKeys[addr]
|
||||
|
||||
prots := make([]string, 0, len(protocolToKeyWithParsedKeys))
|
||||
for prot := range protocolToKeyWithParsedKeys {
|
||||
prots = append(prots, prot)
|
||||
}
|
||||
parsedKeys = append(parsedKeys, addr.Normalize())
|
||||
sort.Strings(prots)
|
||||
|
||||
protocolToServerBlocks, ok := addrToProtocolToServerBlocks[addr]
|
||||
if !ok {
|
||||
protocolToServerBlocks = map[string][]serverBlock{}
|
||||
addrToProtocolToServerBlocks[addr] = protocolToServerBlocks
|
||||
}
|
||||
sbmap[addr] = append(sbmap[addr], serverBlock{
|
||||
|
||||
for _, prot := range prots {
|
||||
keyWithParsedKeys := protocolToKeyWithParsedKeys[prot]
|
||||
|
||||
keys := make([]caddyfile.Token, len(keyWithParsedKeys))
|
||||
parsedKeys := make([]Address, len(keyWithParsedKeys))
|
||||
|
||||
for k, keyWithParsedKey := range keyWithParsedKeys {
|
||||
keys[k] = keyWithParsedKey.key
|
||||
parsedKeys[k] = keyWithParsedKey.parsedKey
|
||||
}
|
||||
|
||||
protocolToServerBlocks[prot] = append(protocolToServerBlocks[prot], serverBlock{
|
||||
block: caddyfile.ServerBlock{
|
||||
Keys: keys,
|
||||
Segments: sblock.block.Segments,
|
||||
},
|
||||
pile: sblock.pile,
|
||||
keys: parsedKeys,
|
||||
parsedKeys: parsedKeys,
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return sbmap, nil
|
||||
return addrToProtocolToServerBlocks, nil
|
||||
}
|
||||
|
||||
// consolidateAddrMappings eliminates repetition of identical server blocks in a mapping of
|
||||
// single listener addresses to lists of server blocks. Since multiple addresses may serve
|
||||
// identical sites (server block contents), this function turns a 1:many mapping into a
|
||||
// many:many mapping. Server block contents (tokens) must be exactly identical so that
|
||||
// reflect.DeepEqual returns true in order for the addresses to be combined. Identical
|
||||
// entries are deleted from the addrToServerBlocks map. Essentially, each pairing (each
|
||||
// single listener addresses to protocols to lists of server blocks. Since multiple addresses
|
||||
// may serve multiple protocols to identical sites (server block contents), this function turns
|
||||
// a 1:many mapping into a many:many mapping. Server block contents (tokens) must be
|
||||
// exactly identical so that reflect.DeepEqual returns true in order for the addresses to be combined.
|
||||
// Identical entries are deleted from the addrToServerBlocks map. Essentially, each pairing (each
|
||||
// association from multiple addresses to multiple server blocks; i.e. each element of
|
||||
// the returned slice) becomes a server definition in the output JSON.
|
||||
func (st *ServerType) consolidateAddrMappings(addrToServerBlocks map[string][]serverBlock) []sbAddrAssociation {
|
||||
sbaddrs := make([]sbAddrAssociation, 0, len(addrToServerBlocks))
|
||||
for addr, sblocks := range addrToServerBlocks {
|
||||
// we start with knowing that at least this address
|
||||
// maps to these server blocks
|
||||
a := sbAddrAssociation{
|
||||
addresses: []string{addr},
|
||||
serverBlocks: sblocks,
|
||||
func (st *ServerType) consolidateAddrMappings(addrToProtocolToServerBlocks map[string]map[string][]serverBlock) []sbAddrAssociation {
|
||||
sbaddrs := make([]sbAddrAssociation, 0, len(addrToProtocolToServerBlocks))
|
||||
|
||||
addrs := make([]string, 0, len(addrToProtocolToServerBlocks))
|
||||
for addr := range addrToProtocolToServerBlocks {
|
||||
addrs = append(addrs, addr)
|
||||
}
|
||||
sort.Strings(addrs)
|
||||
|
||||
for _, addr := range addrs {
|
||||
protocolToServerBlocks := addrToProtocolToServerBlocks[addr]
|
||||
|
||||
prots := make([]string, 0, len(protocolToServerBlocks))
|
||||
for prot := range protocolToServerBlocks {
|
||||
prots = append(prots, prot)
|
||||
}
|
||||
sort.Strings(prots)
|
||||
|
||||
for _, prot := range prots {
|
||||
serverBlocks := protocolToServerBlocks[prot]
|
||||
|
||||
// now find other addresses that map to identical
|
||||
// server blocks and add them to our list of
|
||||
// addresses, while removing them from the map
|
||||
for otherAddr, otherSblocks := range addrToServerBlocks {
|
||||
if addr == otherAddr {
|
||||
continue
|
||||
}
|
||||
if reflect.DeepEqual(sblocks, otherSblocks) {
|
||||
a.addresses = append(a.addresses, otherAddr)
|
||||
delete(addrToServerBlocks, otherAddr)
|
||||
}
|
||||
}
|
||||
sort.Strings(a.addresses)
|
||||
// server blocks and add them to our map of listener
|
||||
// addresses and protocols, while removing them from
|
||||
// the original map
|
||||
listeners := map[string]map[string]struct{}{}
|
||||
|
||||
sbaddrs = append(sbaddrs, a)
|
||||
for otherAddr, otherProtocolToServerBlocks := range addrToProtocolToServerBlocks {
|
||||
for otherProt, otherServerBlocks := range otherProtocolToServerBlocks {
|
||||
if addr == otherAddr && prot == otherProt || reflect.DeepEqual(serverBlocks, otherServerBlocks) {
|
||||
listener, ok := listeners[otherAddr]
|
||||
if !ok {
|
||||
listener = map[string]struct{}{}
|
||||
listeners[otherAddr] = listener
|
||||
}
|
||||
listener[otherProt] = struct{}{}
|
||||
delete(otherProtocolToServerBlocks, otherProt)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// sort them by their first address (we know there will always be at least one)
|
||||
// to avoid problems with non-deterministic ordering (makes tests flaky)
|
||||
sort.Slice(sbaddrs, func(i, j int) bool {
|
||||
return sbaddrs[i].addresses[0] < sbaddrs[j].addresses[0]
|
||||
addresses := make([]string, 0, len(listeners))
|
||||
for lnAddr := range listeners {
|
||||
addresses = append(addresses, lnAddr)
|
||||
}
|
||||
sort.Strings(addresses)
|
||||
|
||||
addressesWithProtocols := make([]addressWithProtocols, 0, len(listeners))
|
||||
|
||||
for _, lnAddr := range addresses {
|
||||
lnProts := listeners[lnAddr]
|
||||
prots := make([]string, 0, len(lnProts))
|
||||
for prot := range lnProts {
|
||||
prots = append(prots, prot)
|
||||
}
|
||||
sort.Strings(prots)
|
||||
|
||||
addressesWithProtocols = append(addressesWithProtocols, addressWithProtocols{
|
||||
address: lnAddr,
|
||||
protocols: prots,
|
||||
})
|
||||
}
|
||||
|
||||
sbaddrs = append(sbaddrs, sbAddrAssociation{
|
||||
addressesWithProtocols: addressesWithProtocols,
|
||||
serverBlocks: serverBlocks,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
return sbaddrs
|
||||
}
|
||||
|
||||
// listenerAddrsForServerBlockKey essentially converts the Caddyfile
|
||||
// site addresses to Caddy listener addresses for each server block.
|
||||
func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key string,
|
||||
// listenersForServerBlockAddress essentially converts the Caddyfile site addresses to a map from
|
||||
// Caddy listener addresses and the protocols to serve them with to the parsed address for each server block.
|
||||
func (st *ServerType) listenersForServerBlockAddress(sblock serverBlock, addr Address,
|
||||
options map[string]any,
|
||||
) ([]string, error) {
|
||||
addr, err := ParseAddress(key)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing key: %v", err)
|
||||
}
|
||||
addr = addr.Normalize()
|
||||
|
||||
) (map[string]map[string]struct{}, error) {
|
||||
switch addr.Scheme {
|
||||
case "wss":
|
||||
return nil, fmt.Errorf("the scheme wss:// is only supported in browsers; use https:// instead")
|
||||
|
@ -230,55 +303,54 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str
|
|||
|
||||
// error if scheme and port combination violate convention
|
||||
if (addr.Scheme == "http" && lnPort == httpsPort) || (addr.Scheme == "https" && lnPort == httpPort) {
|
||||
return nil, fmt.Errorf("[%s] scheme and port violate convention", key)
|
||||
return nil, fmt.Errorf("[%s] scheme and port violate convention", addr.String())
|
||||
}
|
||||
|
||||
// the bind directive specifies hosts (and potentially network), but is optional
|
||||
lnHosts := make([]string, 0, len(sblock.pile["bind"]))
|
||||
// the bind directive specifies hosts (and potentially network), and the protocols to serve them with, but is optional
|
||||
lnCfgVals := make([]addressesWithProtocols, 0, len(sblock.pile["bind"]))
|
||||
for _, cfgVal := range sblock.pile["bind"] {
|
||||
lnHosts = append(lnHosts, cfgVal.Value.([]string)...)
|
||||
if val, ok := cfgVal.Value.(addressesWithProtocols); ok {
|
||||
lnCfgVals = append(lnCfgVals, val)
|
||||
}
|
||||
}
|
||||
if len(lnCfgVals) == 0 {
|
||||
if defaultBindValues, ok := options["default_bind"].([]ConfigValue); ok {
|
||||
for _, defaultBindValue := range defaultBindValues {
|
||||
lnCfgVals = append(lnCfgVals, defaultBindValue.Value.(addressesWithProtocols))
|
||||
}
|
||||
if len(lnHosts) == 0 {
|
||||
if defaultBind, ok := options["default_bind"].([]string); ok {
|
||||
lnHosts = defaultBind
|
||||
} else {
|
||||
lnHosts = []string{""}
|
||||
lnCfgVals = []addressesWithProtocols{{
|
||||
addresses: []string{""},
|
||||
protocols: nil,
|
||||
}}
|
||||
}
|
||||
}
|
||||
|
||||
// use a map to prevent duplication
|
||||
listeners := make(map[string]struct{})
|
||||
for _, lnHost := range lnHosts {
|
||||
// normally we would simply append the port,
|
||||
// but if lnHost is IPv6, we need to ensure it
|
||||
// is enclosed in [ ]; net.JoinHostPort does
|
||||
// this for us, but lnHost might also have a
|
||||
// network type in front (e.g. "tcp/") leading
|
||||
// to "[tcp/::1]" which causes parsing failures
|
||||
// later; what we need is "tcp/[::1]", so we have
|
||||
// to split the network and host, then re-combine
|
||||
network, host, ok := strings.Cut(lnHost, "/")
|
||||
if !ok {
|
||||
host = network
|
||||
network = ""
|
||||
}
|
||||
host = strings.Trim(host, "[]") // IPv6
|
||||
networkAddr := caddy.JoinNetworkAddress(network, host, lnPort)
|
||||
addr, err := caddy.ParseNetworkAddress(networkAddr)
|
||||
listeners := map[string]map[string]struct{}{}
|
||||
for _, lnCfgVal := range lnCfgVals {
|
||||
for _, lnHost := range lnCfgVal.addresses {
|
||||
networkAddr, err := caddy.ParseNetworkAddressFromHostPort(lnHost, lnPort)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing network address: %v", err)
|
||||
}
|
||||
listeners[addr.String()] = struct{}{}
|
||||
if _, ok := listeners[addr.String()]; !ok {
|
||||
listeners[networkAddr.String()] = map[string]struct{}{}
|
||||
}
|
||||
for _, protocol := range lnCfgVal.protocols {
|
||||
listeners[networkAddr.String()][protocol] = struct{}{}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// now turn map into list
|
||||
listenersList := make([]string, 0, len(listeners))
|
||||
for lnStr := range listeners {
|
||||
listenersList = append(listenersList, lnStr)
|
||||
return listeners, nil
|
||||
}
|
||||
sort.Strings(listenersList)
|
||||
|
||||
return listenersList, nil
|
||||
// addressesWithProtocols associates a list of listen addresses
|
||||
// with a list of protocols to serve them with
|
||||
type addressesWithProtocols struct {
|
||||
addresses []string
|
||||
protocols []string
|
||||
}
|
||||
|
||||
// Address represents a site address. It contains
|
||||
|
|
|
@ -56,10 +56,30 @@ func init() {
|
|||
|
||||
// parseBind parses the bind directive. Syntax:
|
||||
//
|
||||
// bind <addresses...>
|
||||
// bind <addresses...> [{
|
||||
// protocols [h1|h2|h2c|h3] [...]
|
||||
// }]
|
||||
func parseBind(h Helper) ([]ConfigValue, error) {
|
||||
h.Next() // consume directive name
|
||||
return []ConfigValue{{Class: "bind", Value: h.RemainingArgs()}}, nil
|
||||
var addresses, protocols []string
|
||||
addresses = h.RemainingArgs()
|
||||
|
||||
for h.NextBlock(0) {
|
||||
switch h.Val() {
|
||||
case "protocols":
|
||||
protocols = h.RemainingArgs()
|
||||
if len(protocols) == 0 {
|
||||
return nil, h.Errf("protocols requires one or more arguments")
|
||||
}
|
||||
default:
|
||||
return nil, h.Errf("unknown subdirective: %s", h.Val())
|
||||
}
|
||||
}
|
||||
|
||||
return []ConfigValue{{Class: "bind", Value: addressesWithProtocols{
|
||||
addresses: addresses,
|
||||
protocols: protocols,
|
||||
}}}, nil
|
||||
}
|
||||
|
||||
// parseTLS parses the tls directive. Syntax:
|
||||
|
|
|
@ -17,6 +17,7 @@ package httpcaddyfile
|
|||
import (
|
||||
"encoding/json"
|
||||
"net"
|
||||
"slices"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -100,17 +101,6 @@ var defaultDirectiveOrder = []string{
|
|||
// plugins or by the user via the "order" global option.
|
||||
var directiveOrder = defaultDirectiveOrder
|
||||
|
||||
// directiveIsOrdered returns true if dir is
|
||||
// a known, ordered (sorted) directive.
|
||||
func directiveIsOrdered(dir string) bool {
|
||||
for _, d := range directiveOrder {
|
||||
if d == dir {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// RegisterDirective registers a unique directive dir with an
|
||||
// associated unmarshaling (setup) function. When directive dir
|
||||
// is encountered in a Caddyfile, setupFunc will be called to
|
||||
|
@ -161,7 +151,7 @@ func RegisterHandlerDirective(dir string, setupFunc UnmarshalHandlerFunc) {
|
|||
// EXPERIMENTAL: This API may change or be removed.
|
||||
func RegisterDirectiveOrder(dir string, position Positional, standardDir string) {
|
||||
// check if directive was already ordered
|
||||
if directiveIsOrdered(dir) {
|
||||
if slices.Contains(directiveOrder, dir) {
|
||||
panic("directive '" + dir + "' already ordered")
|
||||
}
|
||||
|
||||
|
@ -172,12 +162,7 @@ func RegisterDirectiveOrder(dir string, position Positional, standardDir string)
|
|||
// check if directive exists in standard distribution, since
|
||||
// we can't allow plugins to depend on one another; we can't
|
||||
// guarantee the order that plugins are loaded in.
|
||||
foundStandardDir := false
|
||||
for _, d := range defaultDirectiveOrder {
|
||||
if d == standardDir {
|
||||
foundStandardDir = true
|
||||
}
|
||||
}
|
||||
foundStandardDir := slices.Contains(defaultDirectiveOrder, standardDir)
|
||||
if !foundStandardDir {
|
||||
panic("the 3rd argument '" + standardDir + "' must be a directive that exists in the standard distribution of Caddy")
|
||||
}
|
||||
|
@ -533,7 +518,7 @@ func sortRoutes(routes []ConfigValue) {
|
|||
type serverBlock struct {
|
||||
block caddyfile.ServerBlock
|
||||
pile map[string][]ConfigValue // config values obtained from directives
|
||||
keys []Address
|
||||
parsedKeys []Address
|
||||
}
|
||||
|
||||
// hostsFromKeys returns a list of all the non-empty hostnames found in
|
||||
|
@ -550,7 +535,7 @@ type serverBlock struct {
|
|||
func (sb serverBlock) hostsFromKeys(loggerMode bool) []string {
|
||||
// ensure each entry in our list is unique
|
||||
hostMap := make(map[string]struct{})
|
||||
for _, addr := range sb.keys {
|
||||
for _, addr := range sb.parsedKeys {
|
||||
if addr.Host == "" {
|
||||
if !loggerMode {
|
||||
// server block contains a key like ":443", i.e. the host portion
|
||||
|
@ -582,7 +567,7 @@ func (sb serverBlock) hostsFromKeys(loggerMode bool) []string {
|
|||
func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string {
|
||||
// ensure each entry in our list is unique
|
||||
hostMap := make(map[string]struct{})
|
||||
for _, addr := range sb.keys {
|
||||
for _, addr := range sb.parsedKeys {
|
||||
if addr.Host == "" {
|
||||
continue
|
||||
}
|
||||
|
@ -603,23 +588,17 @@ func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string {
|
|||
// hasHostCatchAllKey returns true if sb has a key that
|
||||
// omits a host portion, i.e. it "catches all" hosts.
|
||||
func (sb serverBlock) hasHostCatchAllKey() bool {
|
||||
for _, addr := range sb.keys {
|
||||
if addr.Host == "" {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(sb.parsedKeys, func(addr Address) bool {
|
||||
return addr.Host == ""
|
||||
})
|
||||
}
|
||||
|
||||
// isAllHTTP returns true if all sb keys explicitly specify
|
||||
// the http:// scheme
|
||||
func (sb serverBlock) isAllHTTP() bool {
|
||||
for _, addr := range sb.keys {
|
||||
if addr.Scheme != "http" {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
return !slices.ContainsFunc(sb.parsedKeys, func(addr Address) bool {
|
||||
return addr.Scheme != "http"
|
||||
})
|
||||
}
|
||||
|
||||
// Positional are the supported modes for ordering directives.
|
||||
|
|
|
@ -78,7 +78,7 @@ func TestHostsFromKeys(t *testing.T) {
|
|||
[]string{"example.com:2015"},
|
||||
},
|
||||
} {
|
||||
sb := serverBlock{keys: tc.keys}
|
||||
sb := serverBlock{parsedKeys: tc.keys}
|
||||
|
||||
// test in normal mode
|
||||
actual := sb.hostsFromKeys(false)
|
||||
|
|
|
@ -171,7 +171,7 @@ func (st ServerType) Setup(
|
|||
}
|
||||
|
||||
// map
|
||||
sbmap, err := st.mapAddressToServerBlocks(originalServerBlocks, options)
|
||||
sbmap, err := st.mapAddressToProtocolToServerBlocks(originalServerBlocks, options)
|
||||
if err != nil {
|
||||
return nil, warnings, err
|
||||
}
|
||||
|
@ -402,6 +402,20 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options
|
|||
options[opt] = append(existingOpts, logOpts...)
|
||||
continue
|
||||
}
|
||||
// Also fold multiple "default_bind" options together into an
|
||||
// array so that server blocks can have multiple binds by default.
|
||||
if opt == "default_bind" {
|
||||
existingOpts, ok := options[opt].([]ConfigValue)
|
||||
if !ok {
|
||||
existingOpts = []ConfigValue{}
|
||||
}
|
||||
defaultBindOpts, ok := val.([]ConfigValue)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unexpected type from 'default_bind' global options: %T", val)
|
||||
}
|
||||
options[opt] = append(existingOpts, defaultBindOpts...)
|
||||
continue
|
||||
}
|
||||
|
||||
options[opt] = val
|
||||
}
|
||||
|
@ -520,8 +534,8 @@ func (st *ServerType) serversFromPairings(
|
|||
if hsp, ok := options["https_port"].(int); ok {
|
||||
httpsPort = strconv.Itoa(hsp)
|
||||
}
|
||||
autoHTTPS := "on"
|
||||
if ah, ok := options["auto_https"].(string); ok {
|
||||
autoHTTPS := []string{}
|
||||
if ah, ok := options["auto_https"].([]string); ok {
|
||||
autoHTTPS = ah
|
||||
}
|
||||
|
||||
|
@ -536,29 +550,81 @@ func (st *ServerType) serversFromPairings(
|
|||
if k == j {
|
||||
continue
|
||||
}
|
||||
if sliceContains(sblock2.block.GetKeysText(), key) {
|
||||
if slices.Contains(sblock2.block.GetKeysText(), key) {
|
||||
return nil, fmt.Errorf("ambiguous site definition: %s", key)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var (
|
||||
addresses []string
|
||||
protocols [][]string
|
||||
)
|
||||
|
||||
for _, addressWithProtocols := range p.addressesWithProtocols {
|
||||
addresses = append(addresses, addressWithProtocols.address)
|
||||
protocols = append(protocols, addressWithProtocols.protocols)
|
||||
}
|
||||
|
||||
srv := &caddyhttp.Server{
|
||||
Listen: p.addresses,
|
||||
Listen: addresses,
|
||||
ListenProtocols: protocols,
|
||||
}
|
||||
|
||||
// remove srv.ListenProtocols[j] if it only contains the default protocols
|
||||
for j, lnProtocols := range srv.ListenProtocols {
|
||||
srv.ListenProtocols[j] = nil
|
||||
for _, lnProtocol := range lnProtocols {
|
||||
if lnProtocol != "" {
|
||||
srv.ListenProtocols[j] = lnProtocols
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// remove srv.ListenProtocols if it only contains the default protocols for all listen addresses
|
||||
listenProtocols := srv.ListenProtocols
|
||||
srv.ListenProtocols = nil
|
||||
for _, lnProtocols := range listenProtocols {
|
||||
if lnProtocols != nil {
|
||||
srv.ListenProtocols = listenProtocols
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// handle the auto_https global option
|
||||
if autoHTTPS != "on" {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
switch autoHTTPS {
|
||||
for _, val := range autoHTTPS {
|
||||
switch val {
|
||||
case "off":
|
||||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
srv.AutoHTTPS.Disabled = true
|
||||
|
||||
case "disable_redirects":
|
||||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
srv.AutoHTTPS.DisableRedir = true
|
||||
|
||||
case "disable_certs":
|
||||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
srv.AutoHTTPS.DisableCerts = true
|
||||
|
||||
case "ignore_loaded_certs":
|
||||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
srv.AutoHTTPS.IgnoreLoadedCerts = true
|
||||
|
||||
case "prefer_wildcard":
|
||||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
srv.AutoHTTPS.PreferWildcard = true
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -566,7 +632,7 @@ func (st *ServerType) serversFromPairings(
|
|||
// See ParseAddress() where parsing should later reject paths
|
||||
// See https://github.com/caddyserver/caddy/pull/4728 for a full explanation
|
||||
for _, sblock := range p.serverBlocks {
|
||||
for _, addr := range sblock.keys {
|
||||
for _, addr := range sblock.parsedKeys {
|
||||
if addr.Path != "" {
|
||||
caddy.Log().Named("caddyfile").Warn("Using a path in a site address is deprecated; please use the 'handle' directive instead", zap.String("address", addr.String()))
|
||||
}
|
||||
|
@ -584,7 +650,7 @@ func (st *ServerType) serversFromPairings(
|
|||
var iLongestPath, jLongestPath string
|
||||
var iLongestHost, jLongestHost string
|
||||
var iWildcardHost, jWildcardHost bool
|
||||
for _, addr := range p.serverBlocks[i].keys {
|
||||
for _, addr := range p.serverBlocks[i].parsedKeys {
|
||||
if strings.Contains(addr.Host, "*") || addr.Host == "" {
|
||||
iWildcardHost = true
|
||||
}
|
||||
|
@ -595,7 +661,7 @@ func (st *ServerType) serversFromPairings(
|
|||
iLongestPath = addr.Path
|
||||
}
|
||||
}
|
||||
for _, addr := range p.serverBlocks[j].keys {
|
||||
for _, addr := range p.serverBlocks[j].parsedKeys {
|
||||
if strings.Contains(addr.Host, "*") || addr.Host == "" {
|
||||
jWildcardHost = true
|
||||
}
|
||||
|
@ -627,7 +693,7 @@ func (st *ServerType) serversFromPairings(
|
|||
})
|
||||
|
||||
var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool
|
||||
autoHTTPSWillAddConnPolicy := autoHTTPS != "off"
|
||||
autoHTTPSWillAddConnPolicy := srv.AutoHTTPS == nil || !srv.AutoHTTPS.Disabled
|
||||
|
||||
// if needed, the ServerLogConfig is initialized beforehand so
|
||||
// that all server blocks can populate it with data, even when not
|
||||
|
@ -711,7 +777,14 @@ func (st *ServerType) serversFromPairings(
|
|||
}
|
||||
}
|
||||
|
||||
for _, addr := range sblock.keys {
|
||||
wildcardHosts := []string{}
|
||||
for _, addr := range sblock.parsedKeys {
|
||||
if strings.HasPrefix(addr.Host, "*.") {
|
||||
wildcardHosts = append(wildcardHosts, addr.Host[2:])
|
||||
}
|
||||
}
|
||||
|
||||
for _, addr := range sblock.parsedKeys {
|
||||
// if server only uses HTTP port, auto-HTTPS will not apply
|
||||
if listenersUseAnyPortOtherThan(srv.Listen, httpPort) {
|
||||
// exclude any hosts that were defined explicitly with "http://"
|
||||
|
@ -720,12 +793,24 @@ func (st *ServerType) serversFromPairings(
|
|||
if srv.AutoHTTPS == nil {
|
||||
srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig)
|
||||
}
|
||||
if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) {
|
||||
if !slices.Contains(srv.AutoHTTPS.Skip, addr.Host) {
|
||||
srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If prefer wildcard is enabled, then we add hosts that are
|
||||
// already covered by the wildcard to the skip list
|
||||
if srv.AutoHTTPS != nil && srv.AutoHTTPS.PreferWildcard && addr.Scheme == "https" {
|
||||
baseDomain := addr.Host
|
||||
if idx := strings.Index(baseDomain, "."); idx != -1 {
|
||||
baseDomain = baseDomain[idx+1:]
|
||||
}
|
||||
if !strings.HasPrefix(addr.Host, "*.") && slices.Contains(wildcardHosts, baseDomain) {
|
||||
srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host)
|
||||
}
|
||||
}
|
||||
|
||||
// If TLS is specified as directive, it will also result in 1 or more connection policy being created
|
||||
// Thus, catch-all address with non-standard port, e.g. :8443, can have TLS enabled without
|
||||
// specifying prefix "https://"
|
||||
|
@ -734,7 +819,7 @@ func (st *ServerType) serversFromPairings(
|
|||
// https://caddy.community/t/making-sense-of-auto-https-and-why-disabling-it-still-serves-https-instead-of-http/9761
|
||||
createdTLSConnPolicies, ok := sblock.pile["tls.connection_policy"]
|
||||
hasTLSEnabled := (ok && len(createdTLSConnPolicies) > 0) ||
|
||||
(addr.Host != "" && srv.AutoHTTPS != nil && !sliceContains(srv.AutoHTTPS.Skip, addr.Host))
|
||||
(addr.Host != "" && srv.AutoHTTPS != nil && !slices.Contains(srv.AutoHTTPS.Skip, addr.Host))
|
||||
|
||||
// we'll need to remember if the address qualifies for auto-HTTPS, so we
|
||||
// can add a TLS conn policy if necessary
|
||||
|
@ -873,7 +958,10 @@ func (st *ServerType) serversFromPairings(
|
|||
if addressQualifiesForTLS &&
|
||||
!hasCatchAllTLSConnPolicy &&
|
||||
(len(srv.TLSConnPolicies) > 0 || !autoHTTPSWillAddConnPolicy || defaultSNI != "" || fallbackSNI != "") {
|
||||
srv.TLSConnPolicies = append(srv.TLSConnPolicies, &caddytls.ConnectionPolicy{DefaultSNI: defaultSNI, FallbackSNI: fallbackSNI})
|
||||
srv.TLSConnPolicies = append(srv.TLSConnPolicies, &caddytls.ConnectionPolicy{
|
||||
DefaultSNI: defaultSNI,
|
||||
FallbackSNI: fallbackSNI,
|
||||
})
|
||||
}
|
||||
|
||||
// tidy things up a bit
|
||||
|
@ -886,8 +974,7 @@ func (st *ServerType) serversFromPairings(
|
|||
servers[fmt.Sprintf("srv%d", i)] = srv
|
||||
}
|
||||
|
||||
err := applyServerOptions(servers, options, warnings)
|
||||
if err != nil {
|
||||
if err := applyServerOptions(servers, options, warnings); err != nil {
|
||||
return nil, fmt.Errorf("applying global server options: %v", err)
|
||||
}
|
||||
|
||||
|
@ -932,7 +1019,7 @@ func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock,
|
|||
}
|
||||
|
||||
for _, sblock := range serverBlocks {
|
||||
for _, addr := range sblock.keys {
|
||||
for _, addr := range sblock.parsedKeys {
|
||||
if addr.Scheme == "http" || addr.Port == httpPort {
|
||||
if err := checkAndSetHTTP(addr); err != nil {
|
||||
return err
|
||||
|
@ -1061,7 +1148,7 @@ func consolidateConnPolicies(cps caddytls.ConnectionPolicies) (caddytls.Connecti
|
|||
} else if cps[i].CertSelection != nil && cps[j].CertSelection != nil {
|
||||
// if both have one, then combine AnyTag
|
||||
for _, tag := range cps[j].CertSelection.AnyTag {
|
||||
if !sliceContains(cps[i].CertSelection.AnyTag, tag) {
|
||||
if !slices.Contains(cps[i].CertSelection.AnyTag, tag) {
|
||||
cps[i].CertSelection.AnyTag = append(cps[i].CertSelection.AnyTag, tag)
|
||||
}
|
||||
}
|
||||
|
@ -1144,7 +1231,7 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList,
|
|||
func buildSubroute(routes []ConfigValue, groupCounter counter, needsSorting bool) (*caddyhttp.Subroute, error) {
|
||||
if needsSorting {
|
||||
for _, val := range routes {
|
||||
if !directiveIsOrdered(val.directive) {
|
||||
if !slices.Contains(directiveOrder, val.directive) {
|
||||
return nil, fmt.Errorf("directive '%s' is not an ordered HTTP handler, so it cannot be used here - try placing within a route block or using the order global option", val.directive)
|
||||
}
|
||||
}
|
||||
|
@ -1322,7 +1409,7 @@ func (st *ServerType) compileEncodedMatcherSets(sblock serverBlock) ([]caddy.Mod
|
|||
var matcherPairs []*hostPathPair
|
||||
|
||||
var catchAllHosts bool
|
||||
for _, addr := range sblock.keys {
|
||||
for _, addr := range sblock.parsedKeys {
|
||||
// choose a matcher pair that should be shared by this
|
||||
// server block; if none exists yet, create one
|
||||
var chosenMatcherPair *hostPathPair
|
||||
|
@ -1354,19 +1441,10 @@ func (st *ServerType) compileEncodedMatcherSets(sblock serverBlock) ([]caddy.Mod
|
|||
|
||||
// add this server block's keys to the matcher
|
||||
// pair if it doesn't already exist
|
||||
if addr.Host != "" {
|
||||
var found bool
|
||||
for _, h := range chosenMatcherPair.hostm {
|
||||
if h == addr.Host {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !found {
|
||||
if addr.Host != "" && !slices.Contains(chosenMatcherPair.hostm, addr.Host) {
|
||||
chosenMatcherPair.hostm = append(chosenMatcherPair.hostm, addr.Host)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// iterate each pairing of host and path matchers and
|
||||
// put them into a map for JSON encoding
|
||||
|
@ -1540,16 +1618,6 @@ func tryDuration(val any, warnings *[]caddyconfig.Warning) caddy.Duration {
|
|||
return durationVal
|
||||
}
|
||||
|
||||
// sliceContains returns true if needle is in haystack.
|
||||
func sliceContains(haystack []string, needle string) bool {
|
||||
for _, s := range haystack {
|
||||
if s == needle {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// listenersUseAnyPortOtherThan returns true if there are any
|
||||
// listeners in addresses that use a port which is not otherPort.
|
||||
// Mostly borrowed from unexported method in caddyhttp package.
|
||||
|
@ -1613,11 +1681,18 @@ type namedCustomLog struct {
|
|||
noHostname bool
|
||||
}
|
||||
|
||||
// addressWithProtocols associates a listen address with
|
||||
// the protocols to serve it with
|
||||
type addressWithProtocols struct {
|
||||
address string
|
||||
protocols []string
|
||||
}
|
||||
|
||||
// sbAddrAssociation is a mapping from a list of
|
||||
// addresses to a list of server blocks that are
|
||||
// served on those addresses.
|
||||
// addresses with protocols, and a list of server
|
||||
// blocks that are served on those addresses.
|
||||
type sbAddrAssociation struct {
|
||||
addresses []string
|
||||
addressesWithProtocols []addressWithProtocols
|
||||
serverBlocks []serverBlock
|
||||
}
|
||||
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
package httpcaddyfile
|
||||
|
||||
import (
|
||||
"slices"
|
||||
"strconv"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
|
@ -30,7 +31,7 @@ func init() {
|
|||
RegisterGlobalOption("debug", parseOptTrue)
|
||||
RegisterGlobalOption("http_port", parseOptHTTPPort)
|
||||
RegisterGlobalOption("https_port", parseOptHTTPSPort)
|
||||
RegisterGlobalOption("default_bind", parseOptStringList)
|
||||
RegisterGlobalOption("default_bind", parseOptDefaultBind)
|
||||
RegisterGlobalOption("grace_period", parseOptDuration)
|
||||
RegisterGlobalOption("shutdown_delay", parseOptDuration)
|
||||
RegisterGlobalOption("default_sni", parseOptSingleString)
|
||||
|
@ -110,17 +111,12 @@ func parseOptOrder(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
}
|
||||
pos := Positional(d.Val())
|
||||
|
||||
newOrder := directiveOrder
|
||||
// if directive already had an order, drop it
|
||||
newOrder := slices.DeleteFunc(directiveOrder, func(d string) bool {
|
||||
return d == dirName
|
||||
})
|
||||
|
||||
// if directive exists, first remove it
|
||||
for i, d := range newOrder {
|
||||
if d == dirName {
|
||||
newOrder = append(newOrder[:i], newOrder[i+1:]...)
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// act on the positional
|
||||
// act on the positional; if it's First or Last, we're done right away
|
||||
switch pos {
|
||||
case First:
|
||||
newOrder = append([]string{dirName}, newOrder...)
|
||||
|
@ -129,6 +125,7 @@ func parseOptOrder(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
}
|
||||
directiveOrder = newOrder
|
||||
return newOrder, nil
|
||||
|
||||
case Last:
|
||||
newOrder = append(newOrder, dirName)
|
||||
if d.NextArg() {
|
||||
|
@ -136,8 +133,11 @@ func parseOptOrder(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
}
|
||||
directiveOrder = newOrder
|
||||
return newOrder, nil
|
||||
|
||||
// if it's Before or After, continue
|
||||
case Before:
|
||||
case After:
|
||||
|
||||
default:
|
||||
return nil, d.Errf("unknown positional '%s'", pos)
|
||||
}
|
||||
|
@ -151,17 +151,17 @@ func parseOptOrder(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
return nil, d.ArgErr()
|
||||
}
|
||||
|
||||
// insert directive into proper position
|
||||
for i, d := range newOrder {
|
||||
if d == otherDir {
|
||||
if pos == Before {
|
||||
newOrder = append(newOrder[:i], append([]string{dirName}, newOrder[i:]...)...)
|
||||
} else if pos == After {
|
||||
newOrder = append(newOrder[:i+1], append([]string{dirName}, newOrder[i+1:]...)...)
|
||||
}
|
||||
break
|
||||
// get the position of the target directive
|
||||
targetIndex := slices.Index(newOrder, otherDir)
|
||||
if targetIndex == -1 {
|
||||
return nil, d.Errf("directive '%s' not found", otherDir)
|
||||
}
|
||||
// if we're inserting after, we need to increment the index to go after
|
||||
if pos == After {
|
||||
targetIndex++
|
||||
}
|
||||
// insert the directive into the new order
|
||||
newOrder = slices.Insert(newOrder, targetIndex, dirName)
|
||||
|
||||
directiveOrder = newOrder
|
||||
|
||||
|
@ -284,13 +284,32 @@ func parseOptSingleString(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
return val, nil
|
||||
}
|
||||
|
||||
func parseOptStringList(d *caddyfile.Dispenser, _ any) (any, error) {
|
||||
func parseOptDefaultBind(d *caddyfile.Dispenser, _ any) (any, error) {
|
||||
d.Next() // consume option name
|
||||
val := d.RemainingArgs()
|
||||
if len(val) == 0 {
|
||||
return "", d.ArgErr()
|
||||
|
||||
var addresses, protocols []string
|
||||
addresses = d.RemainingArgs()
|
||||
|
||||
if len(addresses) == 0 {
|
||||
addresses = append(addresses, "")
|
||||
}
|
||||
return val, nil
|
||||
|
||||
for d.NextBlock(0) {
|
||||
switch d.Val() {
|
||||
case "protocols":
|
||||
protocols = d.RemainingArgs()
|
||||
if len(protocols) == 0 {
|
||||
return nil, d.Errf("protocols requires one or more arguments")
|
||||
}
|
||||
default:
|
||||
return nil, d.Errf("unknown subdirective: %s", d.Val())
|
||||
}
|
||||
}
|
||||
|
||||
return []ConfigValue{{Class: "bind", Value: addressesWithProtocols{
|
||||
addresses: addresses,
|
||||
protocols: protocols,
|
||||
}}}, nil
|
||||
}
|
||||
|
||||
func parseOptAdmin(d *caddyfile.Dispenser, _ any) (any, error) {
|
||||
|
@ -375,36 +394,10 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil)
|
||||
|
||||
case "interval":
|
||||
if !d.NextArg() {
|
||||
return nil, d.ArgErr()
|
||||
}
|
||||
dur, err := caddy.ParseDuration(d.Val())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ond == nil {
|
||||
ond = new(caddytls.OnDemandConfig)
|
||||
}
|
||||
if ond.RateLimit == nil {
|
||||
ond.RateLimit = new(caddytls.RateLimit)
|
||||
}
|
||||
ond.RateLimit.Interval = caddy.Duration(dur)
|
||||
return nil, d.Errf("the on_demand_tls 'interval' option is no longer supported, remove it from your config")
|
||||
|
||||
case "burst":
|
||||
if !d.NextArg() {
|
||||
return nil, d.ArgErr()
|
||||
}
|
||||
burst, err := strconv.Atoi(d.Val())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ond == nil {
|
||||
ond = new(caddytls.OnDemandConfig)
|
||||
}
|
||||
if ond.RateLimit == nil {
|
||||
ond.RateLimit = new(caddytls.RateLimit)
|
||||
}
|
||||
ond.RateLimit.Burst = burst
|
||||
return nil, d.Errf("the on_demand_tls 'burst' option is no longer supported, remove it from your config")
|
||||
|
||||
default:
|
||||
return nil, d.Errf("unrecognized parameter '%s'", d.Val())
|
||||
|
@ -433,15 +426,22 @@ func parseOptPersistConfig(d *caddyfile.Dispenser, _ any) (any, error) {
|
|||
|
||||
func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ any) (any, error) {
|
||||
d.Next() // consume option name
|
||||
if !d.Next() {
|
||||
val := d.RemainingArgs()
|
||||
if len(val) == 0 {
|
||||
return "", d.ArgErr()
|
||||
}
|
||||
val := d.Val()
|
||||
if d.Next() {
|
||||
return "", d.ArgErr()
|
||||
for _, v := range val {
|
||||
switch v {
|
||||
case "off":
|
||||
case "disable_redirects":
|
||||
case "disable_certs":
|
||||
case "ignore_loaded_certs":
|
||||
case "prefer_wildcard":
|
||||
break
|
||||
|
||||
default:
|
||||
return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', 'ignore_loaded_certs', or 'prefer_wildcard'")
|
||||
}
|
||||
if val != "off" && val != "disable_redirects" && val != "disable_certs" && val != "ignore_loaded_certs" {
|
||||
return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', or 'ignore_loaded_certs'")
|
||||
}
|
||||
return val, nil
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@ package httpcaddyfile
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"slices"
|
||||
|
||||
"github.com/dustin/go-humanize"
|
||||
|
||||
|
@ -180,7 +181,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
|
|||
if proto != "h1" && proto != "h2" && proto != "h2c" && proto != "h3" {
|
||||
return nil, d.Errf("unknown protocol '%s': expected h1, h2, h2c, or h3", proto)
|
||||
}
|
||||
if sliceContains(serverOpts.Protocols, proto) {
|
||||
if slices.Contains(serverOpts.Protocols, proto) {
|
||||
return nil, d.Errf("protocol %s specified more than once", proto)
|
||||
}
|
||||
serverOpts.Protocols = append(serverOpts.Protocols, proto)
|
||||
|
@ -229,7 +230,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
|
|||
case "client_ip_headers":
|
||||
headers := d.RemainingArgs()
|
||||
for _, header := range headers {
|
||||
if sliceContains(serverOpts.ClientIPHeaders, header) {
|
||||
if slices.Contains(serverOpts.ClientIPHeaders, header) {
|
||||
return nil, d.Errf("client IP header %s specified more than once", header)
|
||||
}
|
||||
serverOpts.ClientIPHeaders = append(serverOpts.ClientIPHeaders, header)
|
||||
|
@ -239,13 +240,13 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) {
|
|||
}
|
||||
|
||||
case "metrics":
|
||||
if d.NextArg() {
|
||||
return nil, d.ArgErr()
|
||||
}
|
||||
if nesting := d.Nesting(); d.NextBlock(nesting) {
|
||||
return nil, d.ArgErr()
|
||||
}
|
||||
serverOpts.Metrics = new(caddyhttp.Metrics)
|
||||
for nesting := d.Nesting(); d.NextBlock(nesting); {
|
||||
switch d.Val() {
|
||||
case "per_host":
|
||||
serverOpts.Metrics.PerHost = true
|
||||
}
|
||||
}
|
||||
|
||||
case "trace":
|
||||
if d.NextArg() {
|
||||
|
@ -288,24 +289,15 @@ func applyServerOptions(
|
|||
|
||||
for key, server := range servers {
|
||||
// find the options that apply to this server
|
||||
opts := func() *serverOptions {
|
||||
for _, entry := range serverOpts {
|
||||
if entry.ListenerAddress == "" {
|
||||
return &entry
|
||||
}
|
||||
for _, listener := range server.Listen {
|
||||
if entry.ListenerAddress == listener {
|
||||
return &entry
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}()
|
||||
optsIndex := slices.IndexFunc(serverOpts, func(s serverOptions) bool {
|
||||
return s.ListenerAddress == "" || slices.Contains(server.Listen, s.ListenerAddress)
|
||||
})
|
||||
|
||||
// if none apply, then move to the next server
|
||||
if opts == nil {
|
||||
if optsIndex == -1 {
|
||||
continue
|
||||
}
|
||||
opts := serverOpts[optsIndex]
|
||||
|
||||
// set all the options
|
||||
server.ListenerWrappersRaw = opts.ListenerWrappersRaw
|
||||
|
|
|
@ -19,6 +19,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"slices"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -44,8 +45,8 @@ func (st ServerType) buildTLSApp(
|
|||
if hp, ok := options["http_port"].(int); ok {
|
||||
httpPort = strconv.Itoa(hp)
|
||||
}
|
||||
autoHTTPS := "on"
|
||||
if ah, ok := options["auto_https"].(string); ok {
|
||||
autoHTTPS := []string{}
|
||||
if ah, ok := options["auto_https"].([]string); ok {
|
||||
autoHTTPS = ah
|
||||
}
|
||||
|
||||
|
@ -53,14 +54,17 @@ func (st ServerType) buildTLSApp(
|
|||
// key, so that they don't get forgotten/omitted by auto-HTTPS
|
||||
// (since they won't appear in route matchers)
|
||||
httpsHostsSharedWithHostlessKey := make(map[string]struct{})
|
||||
if autoHTTPS != "off" {
|
||||
if !slices.Contains(autoHTTPS, "off") {
|
||||
for _, pair := range pairings {
|
||||
for _, sb := range pair.serverBlocks {
|
||||
for _, addr := range sb.keys {
|
||||
if addr.Host == "" {
|
||||
for _, addr := range sb.parsedKeys {
|
||||
if addr.Host != "" {
|
||||
continue
|
||||
}
|
||||
|
||||
// this server block has a hostless key, now
|
||||
// go through and add all the hosts to the set
|
||||
for _, otherAddr := range sb.keys {
|
||||
for _, otherAddr := range sb.parsedKeys {
|
||||
if otherAddr.Original == addr.Original {
|
||||
continue
|
||||
}
|
||||
|
@ -73,7 +77,6 @@ func (st ServerType) buildTLSApp(
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// a catch-all automation policy is used as a "default" for all subjects that
|
||||
// don't have custom configuration explicitly associated with them; this
|
||||
|
@ -91,7 +94,11 @@ func (st ServerType) buildTLSApp(
|
|||
|
||||
for _, p := range pairings {
|
||||
// avoid setting up TLS automation policies for a server that is HTTP-only
|
||||
if !listenersUseAnyPortOtherThan(p.addresses, httpPort) {
|
||||
var addresses []string
|
||||
for _, addressWithProtocols := range p.addressesWithProtocols {
|
||||
addresses = append(addresses, addressWithProtocols.address)
|
||||
}
|
||||
if !listenersUseAnyPortOtherThan(addresses, httpPort) {
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -181,8 +188,8 @@ func (st ServerType) buildTLSApp(
|
|||
if acmeIssuer.Challenges.BindHost == "" {
|
||||
// only binding to one host is supported
|
||||
var bindHost string
|
||||
if bindHosts, ok := cfgVal.Value.([]string); ok && len(bindHosts) > 0 {
|
||||
bindHost = bindHosts[0]
|
||||
if asserted, ok := cfgVal.Value.(addressesWithProtocols); ok && len(asserted.addresses) > 0 {
|
||||
bindHost = asserted.addresses[0]
|
||||
}
|
||||
acmeIssuer.Challenges.BindHost = bindHost
|
||||
}
|
||||
|
@ -344,7 +351,7 @@ func (st ServerType) buildTLSApp(
|
|||
internalAP := &caddytls.AutomationPolicy{
|
||||
IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
|
||||
}
|
||||
if autoHTTPS != "off" && autoHTTPS != "disable_certs" {
|
||||
if !slices.Contains(autoHTTPS, "off") && !slices.Contains(autoHTTPS, "disable_certs") {
|
||||
for h := range httpsHostsSharedWithHostlessKey {
|
||||
al = append(al, h)
|
||||
if !certmagic.SubjectQualifiesForPublicCert(h) {
|
||||
|
@ -411,7 +418,10 @@ func (st ServerType) buildTLSApp(
|
|||
}
|
||||
|
||||
// consolidate automation policies that are the exact same
|
||||
tlsApp.Automation.Policies = consolidateAutomationPolicies(tlsApp.Automation.Policies)
|
||||
tlsApp.Automation.Policies = consolidateAutomationPolicies(
|
||||
tlsApp.Automation.Policies,
|
||||
slices.Contains(autoHTTPS, "prefer_wildcard"),
|
||||
)
|
||||
|
||||
// ensure automation policies don't overlap subjects (this should be
|
||||
// an error at provision-time as well, but catch it in the adapt phase
|
||||
|
@ -465,7 +475,7 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]any) e
|
|||
if globalACMECA != nil && acmeIssuer.CA == "" {
|
||||
acmeIssuer.CA = globalACMECA.(string)
|
||||
}
|
||||
if globalACMECARoot != nil && !sliceContains(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) {
|
||||
if globalACMECARoot != nil && !slices.Contains(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) {
|
||||
acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string))
|
||||
}
|
||||
if globalACMEDNS != nil && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil) {
|
||||
|
@ -557,7 +567,7 @@ func newBaseAutomationPolicy(
|
|||
|
||||
// consolidateAutomationPolicies combines automation policies that are the same,
|
||||
// for a cleaner overall output.
|
||||
func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls.AutomationPolicy {
|
||||
func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy, preferWildcard bool) []*caddytls.AutomationPolicy {
|
||||
// sort from most specific to least specific; we depend on this ordering
|
||||
sort.SliceStable(aps, func(i, j int) bool {
|
||||
if automationPolicyIsSubset(aps[i], aps[j]) {
|
||||
|
@ -580,7 +590,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls
|
|||
if !automationPolicyHasAllPublicNames(aps[i]) {
|
||||
// if this automation policy has internal names, we might as well remove it
|
||||
// so auto-https can implicitly use the internal issuer
|
||||
aps = append(aps[:i], aps[i+1:]...)
|
||||
aps = slices.Delete(aps, i, i+1)
|
||||
i--
|
||||
}
|
||||
}
|
||||
|
@ -597,7 +607,7 @@ outer:
|
|||
for j := i + 1; j < len(aps); j++ {
|
||||
// if they're exactly equal in every way, just keep one of them
|
||||
if reflect.DeepEqual(aps[i], aps[j]) {
|
||||
aps = append(aps[:j], aps[j+1:]...)
|
||||
aps = slices.Delete(aps, j, j+1)
|
||||
// must re-evaluate current i against next j; can't skip it!
|
||||
// even if i decrements to -1, will be incremented to 0 immediately
|
||||
i--
|
||||
|
@ -627,21 +637,46 @@ outer:
|
|||
// cause example.com to be served by the less specific policy for
|
||||
// '*.com', which might be different (yes we've seen this happen)
|
||||
if automationPolicyShadows(i, aps) >= j {
|
||||
aps = append(aps[:i], aps[i+1:]...)
|
||||
aps = slices.Delete(aps, i, i+1)
|
||||
i--
|
||||
continue outer
|
||||
}
|
||||
} else {
|
||||
// avoid repeated subjects
|
||||
for _, subj := range aps[j].SubjectsRaw {
|
||||
if !sliceContains(aps[i].SubjectsRaw, subj) {
|
||||
if !slices.Contains(aps[i].SubjectsRaw, subj) {
|
||||
aps[i].SubjectsRaw = append(aps[i].SubjectsRaw, subj)
|
||||
}
|
||||
}
|
||||
aps = append(aps[:j], aps[j+1:]...)
|
||||
aps = slices.Delete(aps, j, j+1)
|
||||
j--
|
||||
}
|
||||
}
|
||||
|
||||
if preferWildcard {
|
||||
// remove subjects from i if they're covered by a wildcard in j
|
||||
iSubjs := aps[i].SubjectsRaw
|
||||
for iSubj := 0; iSubj < len(iSubjs); iSubj++ {
|
||||
for jSubj := range aps[j].SubjectsRaw {
|
||||
if !strings.HasPrefix(aps[j].SubjectsRaw[jSubj], "*.") {
|
||||
continue
|
||||
}
|
||||
if certmagic.MatchWildcard(aps[i].SubjectsRaw[iSubj], aps[j].SubjectsRaw[jSubj]) {
|
||||
iSubjs = slices.Delete(iSubjs, iSubj, iSubj+1)
|
||||
iSubj--
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
aps[i].SubjectsRaw = iSubjs
|
||||
|
||||
// remove i if it has no subjects left
|
||||
if len(aps[i].SubjectsRaw) == 0 {
|
||||
aps = slices.Delete(aps, i, i+1)
|
||||
i--
|
||||
continue outer
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -658,13 +693,9 @@ func automationPolicyIsSubset(a, b *caddytls.AutomationPolicy) bool {
|
|||
return false
|
||||
}
|
||||
for _, aSubj := range a.SubjectsRaw {
|
||||
var inSuperset bool
|
||||
for _, bSubj := range b.SubjectsRaw {
|
||||
if certmagic.MatchWildcard(aSubj, bSubj) {
|
||||
inSuperset = true
|
||||
break
|
||||
}
|
||||
}
|
||||
inSuperset := slices.ContainsFunc(b.SubjectsRaw, func(bSubj string) bool {
|
||||
return certmagic.MatchWildcard(aSubj, bSubj)
|
||||
})
|
||||
if !inSuperset {
|
||||
return false
|
||||
}
|
||||
|
@ -709,12 +740,9 @@ func subjectQualifiesForPublicCert(ap *caddytls.AutomationPolicy, subj string) b
|
|||
// automationPolicyHasAllPublicNames returns true if all the names on the policy
|
||||
// do NOT qualify for public certs OR are tailscale domains.
|
||||
func automationPolicyHasAllPublicNames(ap *caddytls.AutomationPolicy) bool {
|
||||
for _, subj := range ap.SubjectsRaw {
|
||||
if !subjectQualifiesForPublicCert(ap, subj) || isTailscaleDomain(subj) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
return !slices.ContainsFunc(ap.SubjectsRaw, func(i string) bool {
|
||||
return !subjectQualifiesForPublicCert(ap, i) || isTailscaleDomain(i)
|
||||
})
|
||||
}
|
||||
|
||||
func isTailscaleDomain(name string) bool {
|
||||
|
|
|
@ -7,13 +7,13 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
acme.example.com {
|
||||
acme_server {
|
||||
ca internal
|
||||
sign_with_root
|
||||
}
|
||||
}
|
||||
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
|
|
|
@ -0,0 +1,106 @@
|
|||
{
|
||||
auto_https prefer_wildcard
|
||||
}
|
||||
|
||||
*.example.com {
|
||||
tls {
|
||||
dns mock
|
||||
}
|
||||
respond "fallback"
|
||||
}
|
||||
|
||||
foo.example.com {
|
||||
respond "foo"
|
||||
}
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
"http": {
|
||||
"servers": {
|
||||
"srv0": {
|
||||
"listen": [
|
||||
":443"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"foo.example.com"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "foo",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
},
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"*.example.com"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "fallback",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
],
|
||||
"automatic_https": {
|
||||
"prefer_wildcard": true
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"tls": {
|
||||
"automation": {
|
||||
"policies": [
|
||||
{
|
||||
"subjects": [
|
||||
"*.example.com"
|
||||
],
|
||||
"issuers": [
|
||||
{
|
||||
"challenges": {
|
||||
"dns": {
|
||||
"provider": {
|
||||
"name": "mock"
|
||||
}
|
||||
}
|
||||
},
|
||||
"module": "acme"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,142 @@
|
|||
{
|
||||
auto_https disable_redirects
|
||||
admin off
|
||||
}
|
||||
|
||||
http://localhost {
|
||||
bind fd/{env.CADDY_HTTP_FD} {
|
||||
protocols h1
|
||||
}
|
||||
log
|
||||
respond "Hello, HTTP!"
|
||||
}
|
||||
|
||||
https://localhost {
|
||||
bind fd/{env.CADDY_HTTPS_FD} {
|
||||
protocols h1 h2
|
||||
}
|
||||
bind fdgram/{env.CADDY_HTTP3_FD} {
|
||||
protocols h3
|
||||
}
|
||||
log
|
||||
respond "Hello, HTTPS!"
|
||||
}
|
||||
----------
|
||||
{
|
||||
"admin": {
|
||||
"disabled": true
|
||||
},
|
||||
"apps": {
|
||||
"http": {
|
||||
"servers": {
|
||||
"srv0": {
|
||||
"listen": [
|
||||
"fd/{env.CADDY_HTTPS_FD}",
|
||||
"fdgram/{env.CADDY_HTTP3_FD}"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"localhost"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "Hello, HTTPS!",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
],
|
||||
"automatic_https": {
|
||||
"disable_redirects": true
|
||||
},
|
||||
"logs": {
|
||||
"logger_names": {
|
||||
"localhost": [
|
||||
""
|
||||
]
|
||||
}
|
||||
},
|
||||
"listen_protocols": [
|
||||
[
|
||||
"h1",
|
||||
"h2"
|
||||
],
|
||||
[
|
||||
"h3"
|
||||
]
|
||||
]
|
||||
},
|
||||
"srv1": {
|
||||
"automatic_https": {
|
||||
"disable_redirects": true
|
||||
}
|
||||
},
|
||||
"srv2": {
|
||||
"listen": [
|
||||
"fd/{env.CADDY_HTTP_FD}"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"localhost"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "Hello, HTTP!",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
],
|
||||
"automatic_https": {
|
||||
"disable_redirects": true,
|
||||
"skip": [
|
||||
"localhost"
|
||||
]
|
||||
},
|
||||
"logs": {
|
||||
"logger_names": {
|
||||
"localhost": [
|
||||
""
|
||||
]
|
||||
}
|
||||
},
|
||||
"listen_protocols": [
|
||||
[
|
||||
"h1"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,8 +1,10 @@
|
|||
:80
|
||||
|
||||
file_server browse {
|
||||
file_server {
|
||||
browse {
|
||||
sort size desc
|
||||
}
|
||||
}
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
|
@ -16,15 +18,16 @@ file_server browse {
|
|||
{
|
||||
"handle": [
|
||||
{
|
||||
"browse": {},
|
||||
"handler": "file_server",
|
||||
"hide": [
|
||||
"./Caddyfile"
|
||||
],
|
||||
"browse": {
|
||||
"sort": [
|
||||
"size",
|
||||
"desc"
|
||||
]
|
||||
},
|
||||
"handler": "file_server",
|
||||
"hide": [
|
||||
"./Caddyfile"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -17,8 +17,6 @@
|
|||
admin off
|
||||
on_demand_tls {
|
||||
ask https://example.com
|
||||
interval 30s
|
||||
burst 20
|
||||
}
|
||||
local_certs
|
||||
key_type ed25519
|
||||
|
@ -72,10 +70,6 @@
|
|||
"permission": {
|
||||
"endpoint": "https://example.com",
|
||||
"module": "http"
|
||||
},
|
||||
"rate_limit": {
|
||||
"interval": 30000000000,
|
||||
"burst": 20
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -17,8 +17,6 @@
|
|||
admin off
|
||||
on_demand_tls {
|
||||
ask https://example.com
|
||||
interval 30s
|
||||
burst 20
|
||||
}
|
||||
storage_clean_interval 7d
|
||||
renew_interval 1d
|
||||
|
@ -89,10 +87,6 @@
|
|||
"permission": {
|
||||
"endpoint": "https://example.com",
|
||||
"module": "http"
|
||||
},
|
||||
"rate_limit": {
|
||||
"interval": 30000000000,
|
||||
"burst": 20
|
||||
}
|
||||
},
|
||||
"ocsp_interval": 172800000000000,
|
||||
|
|
|
@ -16,8 +16,6 @@
|
|||
}
|
||||
on_demand_tls {
|
||||
ask https://example.com
|
||||
interval 30s
|
||||
burst 20
|
||||
}
|
||||
local_certs
|
||||
key_type ed25519
|
||||
|
@ -74,10 +72,6 @@
|
|||
"permission": {
|
||||
"endpoint": "https://example.com",
|
||||
"module": "http"
|
||||
},
|
||||
"rate_limit": {
|
||||
"interval": 30000000000,
|
||||
"burst": 20
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ example.com {
|
|||
</html>
|
||||
EOF 200
|
||||
}
|
||||
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
|
|
|
@ -27,6 +27,7 @@ vars {
|
|||
ghi 2.3
|
||||
jkl "mn op"
|
||||
}
|
||||
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
servers :80 {
|
||||
metrics {
|
||||
per_host
|
||||
}
|
||||
}
|
||||
}
|
||||
:80 {
|
||||
respond "Hello"
|
||||
}
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
"http": {
|
||||
"servers": {
|
||||
"srv0": {
|
||||
"listen": [
|
||||
":80"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "Hello",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"per_host": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
https://example.com {
|
||||
reverse_proxy http://localhost:54321 {
|
||||
transport http {
|
||||
local_address 192.168.0.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
"http": {
|
||||
"servers": {
|
||||
"srv0": {
|
||||
"listen": [
|
||||
":443"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"example.com"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"handler": "reverse_proxy",
|
||||
"transport": {
|
||||
"local_address": "192.168.0.1",
|
||||
"protocol": "http"
|
||||
},
|
||||
"upstreams": [
|
||||
{
|
||||
"dial": "localhost:54321"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,157 @@
|
|||
*.example.com {
|
||||
tls foo@example.com {
|
||||
dns mock
|
||||
}
|
||||
|
||||
@foo host foo.example.com
|
||||
handle @foo {
|
||||
respond "Foo!"
|
||||
}
|
||||
|
||||
@bar host bar.example.com
|
||||
handle @bar {
|
||||
respond "Bar!"
|
||||
}
|
||||
|
||||
# Fallback for otherwise unhandled domains
|
||||
handle {
|
||||
abort
|
||||
}
|
||||
}
|
||||
----------
|
||||
{
|
||||
"apps": {
|
||||
"http": {
|
||||
"servers": {
|
||||
"srv0": {
|
||||
"listen": [
|
||||
":443"
|
||||
],
|
||||
"routes": [
|
||||
{
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"*.example.com"
|
||||
]
|
||||
}
|
||||
],
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"group": "group3",
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "Foo!",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"foo.example.com"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "group3",
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"body": "Bar!",
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"match": [
|
||||
{
|
||||
"host": [
|
||||
"bar.example.com"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "group3",
|
||||
"handle": [
|
||||
{
|
||||
"handler": "subroute",
|
||||
"routes": [
|
||||
{
|
||||
"handle": [
|
||||
{
|
||||
"abort": true,
|
||||
"handler": "static_response"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"terminal": true
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"tls": {
|
||||
"automation": {
|
||||
"policies": [
|
||||
{
|
||||
"subjects": [
|
||||
"*.example.com"
|
||||
],
|
||||
"issuers": [
|
||||
{
|
||||
"challenges": {
|
||||
"dns": {
|
||||
"provider": {
|
||||
"name": "mock"
|
||||
}
|
||||
}
|
||||
},
|
||||
"email": "foo@example.com",
|
||||
"module": "acme"
|
||||
},
|
||||
{
|
||||
"ca": "https://acme.zerossl.com/v2/DV90",
|
||||
"challenges": {
|
||||
"dns": {
|
||||
"provider": {
|
||||
"name": "mock"
|
||||
}
|
||||
}
|
||||
},
|
||||
"email": "foo@example.com",
|
||||
"module": "acme"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
61
caddytest/integration/mockdns_test.go
Normal file
61
caddytest/integration/mockdns_test.go
Normal file
|
@ -0,0 +1,61 @@
|
|||
package integration
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
"github.com/caddyserver/certmagic"
|
||||
"github.com/libdns/libdns"
|
||||
)
|
||||
|
||||
func init() {
|
||||
caddy.RegisterModule(MockDNSProvider{})
|
||||
}
|
||||
|
||||
// MockDNSProvider is a mock DNS provider, for testing config with DNS modules.
|
||||
type MockDNSProvider struct{}
|
||||
|
||||
// CaddyModule returns the Caddy module information.
|
||||
func (MockDNSProvider) CaddyModule() caddy.ModuleInfo {
|
||||
return caddy.ModuleInfo{
|
||||
ID: "dns.providers.mock",
|
||||
New: func() caddy.Module { return new(MockDNSProvider) },
|
||||
}
|
||||
}
|
||||
|
||||
// Provision sets up the module.
|
||||
func (MockDNSProvider) Provision(ctx caddy.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// UnmarshalCaddyfile sets up the module from Caddyfile tokens.
|
||||
func (MockDNSProvider) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// AppendsRecords appends DNS records to the zone.
|
||||
func (MockDNSProvider) AppendRecords(ctx context.Context, zone string, recs []libdns.Record) ([]libdns.Record, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// DeleteRecords deletes DNS records from the zone.
|
||||
func (MockDNSProvider) DeleteRecords(ctx context.Context, zone string, recs []libdns.Record) ([]libdns.Record, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// GetRecords gets DNS records from the zone.
|
||||
func (MockDNSProvider) GetRecords(ctx context.Context, zone string) ([]libdns.Record, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// SetRecords sets DNS records in the zone.
|
||||
func (MockDNSProvider) SetRecords(ctx context.Context, zone string, recs []libdns.Record) ([]libdns.Record, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// Interface guard
|
||||
var _ caddyfile.Unmarshaler = (*MockDNSProvider)(nil)
|
||||
var _ certmagic.DNSProvider = (*MockDNSProvider)(nil)
|
||||
var _ caddy.Provisioner = (*MockDNSProvider)(nil)
|
||||
var _ caddy.Module = (*MockDNSProvider)(nil)
|
|
@ -1,3 +1,8 @@
|
|||
// The below line is required to enable post-quantum key agreement in Go 1.23
|
||||
// by default without insisting on setting a minimum version of 1.23 in go.mod.
|
||||
// See https://github.com/caddyserver/caddy/issues/6540#issuecomment-2313094905
|
||||
//go:debug tlskyber=1
|
||||
|
||||
// Copyright 2015 Matthew Holt and The Caddy Authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
|
|
|
@ -660,6 +660,8 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io
|
|||
return nil, err
|
||||
}
|
||||
parsedAddr.Host = addr
|
||||
} else if parsedAddr.IsFdNetwork() {
|
||||
origin = "http://127.0.0.1"
|
||||
}
|
||||
|
||||
// form the request
|
||||
|
@ -667,13 +669,13 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io
|
|||
if err != nil {
|
||||
return nil, fmt.Errorf("making request: %v", err)
|
||||
}
|
||||
if parsedAddr.IsUnixNetwork() {
|
||||
if parsedAddr.IsUnixNetwork() || parsedAddr.IsFdNetwork() {
|
||||
// We used to conform to RFC 2616 Section 14.26 which requires
|
||||
// an empty host header when there is no host, as is the case
|
||||
// with unix sockets. However, Go required a Host value so we
|
||||
// used a hack of a space character as the host (it would see
|
||||
// the Host was non-empty, then trim the space later). As of
|
||||
// Go 1.20.6 (July 2023), this hack no longer works. See:
|
||||
// with unix sockets and socket fds. However, Go required a
|
||||
// Host value so we used a hack of a space character as the host
|
||||
// (it would see the Host was non-empty, then trim the space later).
|
||||
// As of Go 1.20.6 (July 2023), this hack no longer works. See:
|
||||
// https://github.com/golang/go/issues/60374
|
||||
// See also the discussion here:
|
||||
// https://github.com/golang/go/issues/61431
|
||||
|
@ -714,7 +716,7 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io
|
|||
|
||||
// if it didn't work, let the user know
|
||||
if resp.StatusCode >= 400 {
|
||||
respBody, err := io.ReadAll(io.LimitReader(resp.Body, 1024*10))
|
||||
respBody, err := io.ReadAll(io.LimitReader(resp.Body, 1024*1024*2))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("HTTP %d: reading error message: %v", resp.StatusCode, err)
|
||||
}
|
||||
|
|
|
@ -439,7 +439,7 @@ EXPERIMENTAL: May be changed or removed.
|
|||
})
|
||||
|
||||
defaultFactory.Use(func(rootCmd *cobra.Command) {
|
||||
RegisterCommand(Command{
|
||||
rootCmd.AddCommand(caddyCmdToCobra(Command{
|
||||
Name: "manpage",
|
||||
Usage: "--directory <path>",
|
||||
Short: "Generates the manual pages for Caddy commands",
|
||||
|
@ -469,7 +469,7 @@ argument of --directory. If the directory does not exist, it will be created.
|
|||
return caddy.ExitCodeSuccess, nil
|
||||
})
|
||||
},
|
||||
})
|
||||
}))
|
||||
|
||||
// source: https://github.com/spf13/cobra/blob/main/shell_completions.md
|
||||
rootCmd.AddCommand(&cobra.Command{
|
||||
|
|
22
context.go
22
context.go
|
@ -23,6 +23,8 @@ import (
|
|||
"reflect"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/collectors"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/exp/zapslog"
|
||||
|
||||
|
@ -47,6 +49,7 @@ type Context struct {
|
|||
ancestry []Module
|
||||
cleanupFuncs []func() // invoked at every config unload
|
||||
exitFuncs []func(context.Context) // invoked at config unload ONLY IF the process is exiting (EXPERIMENTAL)
|
||||
metricsRegistry *prometheus.Registry
|
||||
}
|
||||
|
||||
// NewContext provides a new context derived from the given
|
||||
|
@ -58,7 +61,7 @@ type Context struct {
|
|||
// modules which are loaded will be properly unloaded.
|
||||
// See standard library context package's documentation.
|
||||
func NewContext(ctx Context) (Context, context.CancelFunc) {
|
||||
newCtx := Context{moduleInstances: make(map[string][]Module), cfg: ctx.cfg}
|
||||
newCtx := Context{moduleInstances: make(map[string][]Module), cfg: ctx.cfg, metricsRegistry: prometheus.NewPedanticRegistry()}
|
||||
c, cancel := context.WithCancel(ctx.Context)
|
||||
wrappedCancel := func() {
|
||||
cancel()
|
||||
|
@ -79,6 +82,7 @@ func NewContext(ctx Context) (Context, context.CancelFunc) {
|
|||
}
|
||||
}
|
||||
newCtx.Context = c
|
||||
newCtx.initMetrics()
|
||||
return newCtx, wrappedCancel
|
||||
}
|
||||
|
||||
|
@ -97,6 +101,22 @@ func (ctx *Context) Filesystems() FileSystems {
|
|||
return ctx.cfg.filesystems
|
||||
}
|
||||
|
||||
// Returns the active metrics registry for the context
|
||||
// EXPERIMENTAL: This API is subject to change.
|
||||
func (ctx *Context) GetMetricsRegistry() *prometheus.Registry {
|
||||
return ctx.metricsRegistry
|
||||
}
|
||||
|
||||
func (ctx *Context) initMetrics() {
|
||||
ctx.metricsRegistry.MustRegister(
|
||||
collectors.NewBuildInfoCollector(),
|
||||
adminMetrics.requestCount,
|
||||
adminMetrics.requestErrors,
|
||||
globalMetrics.configSuccess,
|
||||
globalMetrics.configSuccessTime,
|
||||
)
|
||||
}
|
||||
|
||||
// OnExit executes f when the process exits gracefully.
|
||||
// The function is only executed if the process is gracefully
|
||||
// shut down while this context is active.
|
||||
|
|
67
go.mod
67
go.mod
|
@ -1,56 +1,58 @@
|
|||
module github.com/caddyserver/caddy/v2
|
||||
|
||||
go 1.21.0
|
||||
go 1.22.3
|
||||
|
||||
toolchain go1.22.2
|
||||
toolchain go1.23.0
|
||||
|
||||
require (
|
||||
github.com/BurntSushi/toml v1.3.2
|
||||
github.com/Masterminds/sprig/v3 v3.2.3
|
||||
github.com/alecthomas/chroma/v2 v2.13.0
|
||||
github.com/BurntSushi/toml v1.4.0
|
||||
github.com/Masterminds/sprig/v3 v3.3.0
|
||||
github.com/alecthomas/chroma/v2 v2.14.0
|
||||
github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b
|
||||
github.com/caddyserver/certmagic v0.21.3
|
||||
github.com/caddyserver/certmagic v0.21.4
|
||||
github.com/caddyserver/zerossl v0.1.3
|
||||
github.com/dustin/go-humanize v1.0.1
|
||||
github.com/go-chi/chi/v5 v5.0.12
|
||||
github.com/google/cel-go v0.20.1
|
||||
github.com/google/cel-go v0.21.0
|
||||
github.com/google/uuid v1.6.0
|
||||
github.com/klauspost/compress v1.17.8
|
||||
github.com/klauspost/cpuid/v2 v2.2.7
|
||||
github.com/mholt/acmez/v2 v2.0.1
|
||||
github.com/klauspost/compress v1.17.10
|
||||
github.com/klauspost/cpuid/v2 v2.2.8
|
||||
github.com/mholt/acmez/v2 v2.0.3
|
||||
github.com/prometheus/client_golang v1.19.1
|
||||
github.com/quic-go/quic-go v0.46.0
|
||||
github.com/quic-go/quic-go v0.47.0
|
||||
github.com/smallstep/certificates v0.26.1
|
||||
github.com/smallstep/nosql v0.6.1
|
||||
github.com/smallstep/truststore v0.13.0
|
||||
github.com/spf13/cobra v1.8.0
|
||||
github.com/spf13/cobra v1.8.1
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53
|
||||
github.com/yuin/goldmark v1.7.1
|
||||
github.com/yuin/goldmark v1.7.4
|
||||
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
|
||||
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0
|
||||
go.opentelemetry.io/contrib/propagators/autoprop v0.42.0
|
||||
go.opentelemetry.io/otel v1.24.0
|
||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
|
||||
go.opentelemetry.io/otel/sdk v1.21.0
|
||||
go.uber.org/automaxprocs v1.5.3
|
||||
go.uber.org/automaxprocs v1.6.0
|
||||
go.uber.org/zap v1.27.0
|
||||
go.uber.org/zap/exp v0.2.0
|
||||
golang.org/x/crypto v0.26.0
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240507223354-67b13616a595
|
||||
golang.org/x/net v0.28.0
|
||||
golang.org/x/crypto v0.27.0
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240930154113-a0819fbb0244
|
||||
golang.org/x/net v0.29.0
|
||||
golang.org/x/sync v0.8.0
|
||||
golang.org/x/term v0.23.0
|
||||
golang.org/x/time v0.5.0
|
||||
golang.org/x/term v0.24.0
|
||||
golang.org/x/time v0.6.0
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
)
|
||||
|
||||
require (
|
||||
dario.cat/mergo v1.0.1 // indirect
|
||||
github.com/Microsoft/go-winio v0.6.0 // indirect
|
||||
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/francoispqt/gojay v1.2.13 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.6.0 // indirect
|
||||
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
|
||||
github.com/go-kit/log v0.2.1 // indirect
|
||||
|
@ -62,12 +64,12 @@ require (
|
|||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
|
||||
github.com/onsi/ginkgo/v2 v2.13.2 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/quic-go/qpack v0.4.0 // indirect
|
||||
github.com/quic-go/qpack v0.5.1 // indirect
|
||||
github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 // indirect
|
||||
github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81 // indirect
|
||||
github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
github.com/zeebo/blake3 v0.2.3 // indirect
|
||||
github.com/zeebo/blake3 v0.2.4 // indirect
|
||||
go.opentelemetry.io/contrib/propagators/aws v1.17.0 // indirect
|
||||
go.opentelemetry.io/contrib/propagators/b3 v1.17.0 // indirect
|
||||
go.opentelemetry.io/contrib/propagators/jaeger v1.17.0 // indirect
|
||||
|
@ -82,13 +84,13 @@ require (
|
|||
filippo.io/edwards25519 v1.1.0 // indirect
|
||||
github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect
|
||||
github.com/Masterminds/goutils v1.1.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.2.0 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.3.0 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
|
||||
github.com/cespare/xxhash v1.1.0 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.2.0
|
||||
github.com/chzyer/readline v1.5.1 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
|
||||
github.com/dgraph-io/badger v1.6.2 // indirect
|
||||
github.com/dgraph-io/badger/v2 v2.2007.4 // indirect
|
||||
github.com/dgraph-io/ristretto v0.1.0 // indirect
|
||||
|
@ -103,8 +105,7 @@ require (
|
|||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
|
||||
github.com/golang/protobuf v1.5.4 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
github.com/huandu/xstrings v1.3.3 // indirect
|
||||
github.com/imdario/mergo v0.3.12 // indirect
|
||||
github.com/huandu/xstrings v1.5.0 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
||||
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
|
||||
github.com/jackc/pgconn v1.14.3 // indirect
|
||||
|
@ -114,12 +115,12 @@ require (
|
|||
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
|
||||
github.com/jackc/pgtype v1.14.0 // indirect
|
||||
github.com/jackc/pgx/v4 v4.18.3 // indirect
|
||||
github.com/libdns/libdns v0.2.2 // indirect
|
||||
github.com/libdns/libdns v0.2.2
|
||||
github.com/manifoldco/promptui v0.9.0 // indirect
|
||||
github.com/mattn/go-colorable v0.1.13 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
|
||||
github.com/miekg/dns v1.1.59 // indirect
|
||||
github.com/miekg/dns v1.1.62 // indirect
|
||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||
github.com/mitchellh/go-ps v1.0.0 // indirect
|
||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||
|
@ -130,11 +131,11 @@ require (
|
|||
github.com/prometheus/procfs v0.12.0 // indirect
|
||||
github.com/rs/xid v1.5.0 // indirect
|
||||
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
||||
github.com/shopspring/decimal v1.2.0 // indirect
|
||||
github.com/shopspring/decimal v1.4.0 // indirect
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
|
||||
github.com/sirupsen/logrus v1.9.3 // indirect
|
||||
github.com/slackhq/nebula v1.6.1 // indirect
|
||||
github.com/spf13/cast v1.4.1 // indirect
|
||||
github.com/spf13/cast v1.7.0 // indirect
|
||||
github.com/stoewer/go-strcase v1.2.0 // indirect
|
||||
github.com/urfave/cli v1.22.14 // indirect
|
||||
go.etcd.io/bbolt v1.3.9 // indirect
|
||||
|
@ -146,10 +147,10 @@ require (
|
|||
go.step.sm/crypto v0.45.0
|
||||
go.step.sm/linkedca v0.20.1 // indirect
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
golang.org/x/mod v0.17.0 // indirect
|
||||
golang.org/x/sys v0.23.0
|
||||
golang.org/x/text v0.17.0 // indirect
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
|
||||
golang.org/x/mod v0.18.0 // indirect
|
||||
golang.org/x/sys v0.25.0
|
||||
golang.org/x/text v0.18.0 // indirect
|
||||
golang.org/x/tools v0.22.0 // indirect
|
||||
google.golang.org/grpc v1.63.2 // indirect
|
||||
google.golang.org/protobuf v1.34.1 // indirect
|
||||
howett.net/plist v1.0.0 // indirect
|
||||
|
|
281
go.sum
281
go.sum
|
@ -1,3 +1,7 @@
|
|||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
|
||||
cloud.google.com/go v0.112.1 h1:uJSeirPke5UNZHIb4SxfZklVSiWWVqW4oXlETwZziwM=
|
||||
cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg=
|
||||
cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro=
|
||||
|
@ -12,32 +16,41 @@ cloud.google.com/go/kms v1.16.0 h1:1yZsRPhmargZOmY+fVAh8IKiR9HzCb0U1zsxb5g2nRY=
|
|||
cloud.google.com/go/kms v1.16.0/go.mod h1:olQUXy2Xud+1GzYfiBO9N0RhjsJk5IJLU6n/ethLXVc=
|
||||
cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=
|
||||
cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng=
|
||||
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
|
||||
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
|
||||
dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
|
||||
dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
|
||||
dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
|
||||
dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
|
||||
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
|
||||
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
|
||||
git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
|
||||
github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M=
|
||||
github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
|
||||
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
|
||||
github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
|
||||
github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
|
||||
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
|
||||
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
|
||||
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
|
||||
github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
|
||||
github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
|
||||
github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
|
||||
github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
|
||||
github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0=
|
||||
github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
|
||||
github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
|
||||
github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
|
||||
github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
|
||||
github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
|
||||
github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE=
|
||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/alecthomas/assert/v2 v2.6.0 h1:o3WJwILtexrEUk3cUVal3oiQY2tfgr/FHWiz/v2n4FU=
|
||||
github.com/alecthomas/assert/v2 v2.6.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
|
||||
github.com/alecthomas/assert/v2 v2.7.0 h1:QtqSACNS3tF7oasA8CU6A6sXZSBDqnm7RfpLl9bZqbE=
|
||||
github.com/alecthomas/assert/v2 v2.7.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
|
||||
github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
|
||||
github.com/alecthomas/chroma/v2 v2.13.0 h1:VP72+99Fb2zEcYM0MeaWJmV+xQvz5v5cxRHd+ooU1lI=
|
||||
github.com/alecthomas/chroma/v2 v2.13.0/go.mod h1:BUGjjsD+ndS6eX37YgTchSEG+Jg9Jv1GiZs9sqPqztk=
|
||||
github.com/alecthomas/chroma/v2 v2.14.0 h1:R3+wzpnUArGcQz7fCETQBzO5n9IMNi13iIs46aU4V9E=
|
||||
github.com/alecthomas/chroma/v2 v2.14.0/go.mod h1:QolEbTfmUHIMVpBqxeDnNBj2uoeI4EbYP4i6n68SG4I=
|
||||
github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
|
||||
github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
|
||||
github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
|
||||
github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
|
||||
github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
|
||||
github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
|
||||
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
|
||||
|
@ -71,10 +84,13 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1q
|
|||
github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
|
||||
github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
|
||||
github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
github.com/caddyserver/certmagic v0.21.3 h1:pqRRry3yuB4CWBVq9+cUqu+Y6E2z8TswbhNx1AZeYm0=
|
||||
github.com/caddyserver/certmagic v0.21.3/go.mod h1:Zq6pklO9nVRl3DIFUw9gVUfXKdpc/0qwTUAQMBlfgtI=
|
||||
github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
|
||||
github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
|
||||
github.com/caddyserver/certmagic v0.21.4 h1:e7VobB8rffHv8ZZpSiZtEwnLDHUwLVYLWzWSa1FfKI0=
|
||||
github.com/caddyserver/certmagic v0.21.4/go.mod h1:swUXjQ1T9ZtMv95qj7/InJvWLXURU85r+CfG0T+ZbDE=
|
||||
github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
|
||||
github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
|
||||
github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
|
||||
|
@ -93,17 +109,19 @@ github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObk
|
|||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
|
||||
github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
|
||||
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
|
@ -128,11 +146,19 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
|
|||
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
||||
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
|
||||
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
|
||||
github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk=
|
||||
github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
|
||||
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
|
||||
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/fxamacker/cbor/v2 v2.6.0 h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=
|
||||
github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
|
||||
github.com/go-chi/chi/v5 v5.0.12 h1:9euLV5sTrTNTRUU9POmDUvfxyj6LAABLUcEWO+JJb4s=
|
||||
github.com/go-chi/chi/v5 v5.0.12/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
|
||||
github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
|
||||
github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
|
||||
github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
|
@ -158,55 +184,68 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
|
|||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
|
||||
github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
|
||||
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
|
||||
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
|
||||
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
|
||||
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
|
||||
github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84=
|
||||
github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg=
|
||||
github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
|
||||
github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
|
||||
github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
|
||||
github.com/google/certificate-transparency-go v1.1.8-0.20240110162603-74a5dd331745 h1:heyoXNxkRT155x4jTAiSv5BVSVkueifPUm+Q8LUXMRo=
|
||||
github.com/google/certificate-transparency-go v1.1.8-0.20240110162603-74a5dd331745/go.mod h1:zN0wUQgV9LjwLZeFHnrAbQi8hzMVvEWePyk+MhPOk7k=
|
||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
|
||||
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
|
||||
github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
|
||||
github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
|
||||
github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98=
|
||||
github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY=
|
||||
github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=
|
||||
github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI=
|
||||
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
|
||||
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
|
||||
github.com/google/pprof v0.0.0-20231212022811-ec68065c825e h1:bwOy7hAFd0C91URzMIEBfr6BAz29yk7Qj0cy6S7DJlU=
|
||||
github.com/google/pprof v0.0.0-20231212022811-ec68065c825e/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
|
||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
|
||||
github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
|
||||
github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU=
|
||||
github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
|
||||
github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
|
||||
github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
|
||||
github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk=
|
||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
|
||||
github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
|
||||
github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
|
||||
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
|
||||
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
|
||||
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
|
||||
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
||||
|
@ -257,14 +296,16 @@ github.com/jackc/pgx/v4 v4.18.3/go.mod h1:Ey4Oru5tH5sB6tV7hDmfWFahwF15Eb7DNXlRKx
|
|||
github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
|
||||
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
|
||||
github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
|
||||
github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
|
||||
github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
|
||||
github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
|
||||
github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
|
||||
github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0=
|
||||
github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
|
||||
github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
|
||||
github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
|
@ -272,6 +313,7 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
|
|||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
|
@ -284,7 +326,9 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
|
|||
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
|
||||
github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s=
|
||||
github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
|
||||
github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
|
||||
github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
|
||||
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
|
||||
|
@ -297,26 +341,31 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
|
|||
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
|
||||
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
|
||||
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
|
||||
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
|
||||
github.com/mholt/acmez/v2 v2.0.1 h1:3/3N0u1pLjMK4sNEAFSI+bcvzbPhRpY383sy1kLHJ6k=
|
||||
github.com/mholt/acmez/v2 v2.0.1/go.mod h1:fX4c9r5jYwMyMsC+7tkYRxHibkOTgta5DIFGoe67e1U=
|
||||
github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
|
||||
github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
|
||||
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
|
||||
github.com/mholt/acmez/v2 v2.0.3 h1:CgDBlEwg3QBp6s45tPQmFIBrkRIkBT4rW4orMM6p4sw=
|
||||
github.com/mholt/acmez/v2 v2.0.3/go.mod h1:pQ1ysaDeGrIMvJ9dfJMk5kJNkn7L2sb3UhyrX6Q91cw=
|
||||
github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
|
||||
github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
|
||||
github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
|
||||
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
|
||||
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
|
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
|
||||
github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
|
||||
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
|
||||
github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
|
||||
github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
|
||||
github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
|
||||
github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
|
||||
github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
|
||||
github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
|
||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||
github.com/peterbourgon/diskv/v3 v3.0.1 h1:x06SQA46+PKIUftmEujdwSEpIx8kR+M9eLYsUxeYveU=
|
||||
github.com/peterbourgon/diskv/v3 v3.0.1/go.mod h1:kJ5Ny7vLdARGU3WUuy6uzO6T0nb/2gWcT1JiBvRmb5o=
|
||||
|
@ -329,18 +378,22 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
|
|||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
|
||||
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
|
||||
github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
|
||||
github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
|
||||
github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
|
||||
github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
|
||||
github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
|
||||
github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
|
||||
github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
|
||||
github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
|
||||
github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
|
||||
github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
|
||||
github.com/quic-go/quic-go v0.46.0 h1:uuwLClEEyk1DNvchH8uCByQVjo3yKL9opKulExNDs7Y=
|
||||
github.com/quic-go/quic-go v0.46.0/go.mod h1:1dLehS7TIR64+vxGR70GDcatWTOtMX2PUtnKsjbTurI=
|
||||
github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
|
||||
github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
|
||||
github.com/quic-go/quic-go v0.47.0 h1:yXs3v7r2bm1wmPTYNLKAAJTHMYkPEsfYJmTazXrCZ7Y=
|
||||
github.com/quic-go/quic-go v0.47.0/go.mod h1:3bCapYsJvXGZcipOHuu7plYtaV6tnF+z7wIFsU0WK9E=
|
||||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
|
||||
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
|
||||
|
@ -355,11 +408,35 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
|
|||
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
|
||||
github.com/schollz/jsonstore v1.1.0 h1:WZBDjgezFS34CHI+myb4s8GGpir3UMpy7vWoCeO0n6E=
|
||||
github.com/schollz/jsonstore v1.1.0/go.mod h1:15c6+9guw8vDRyozGjN3FoILt0wpruJk9Pi66vjaZfg=
|
||||
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
|
||||
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
|
||||
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
|
||||
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
|
||||
github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
|
||||
github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
|
||||
github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY=
|
||||
github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM=
|
||||
github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0=
|
||||
github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
|
||||
github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
|
||||
github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw=
|
||||
github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI=
|
||||
github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU=
|
||||
github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag=
|
||||
github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg=
|
||||
github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw=
|
||||
github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y=
|
||||
github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
|
||||
github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q=
|
||||
github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ=
|
||||
github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I=
|
||||
github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0=
|
||||
github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
|
||||
github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
|
||||
github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
|
||||
github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
|
||||
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
|
||||
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
|
||||
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||
|
@ -381,17 +458,18 @@ github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d h1:06LUHn4Ia2X6syjI
|
|||
github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d/go.mod h1:4d0ub42ut1mMtvGyMensjuHYEUpRrASvkzLEJvoRQcU=
|
||||
github.com/smallstep/truststore v0.13.0 h1:90if9htAOblavbMeWlqNLnO9bsjjgVv2hQeQJCi/py4=
|
||||
github.com/smallstep/truststore v0.13.0/go.mod h1:3tmMp2aLKZ/OA/jnFUB0cYPcho402UG2knuJoPh4j7A=
|
||||
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
|
||||
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
|
||||
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
|
||||
github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI=
|
||||
github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
|
||||
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
|
||||
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
|
||||
github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
|
||||
github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
|
||||
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
|
||||
github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
|
||||
github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
|
||||
github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
|
||||
github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
|
@ -417,27 +495,31 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
|
|||
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53 h1:uxMgm0C+EjytfAqyfBG55ZONKQ7mvd7x4YYCWsf8QHQ=
|
||||
github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU=
|
||||
github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
|
||||
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
|
||||
github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
|
||||
github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
|
||||
github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
|
||||
github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
github.com/yuin/goldmark v1.7.1 h1:3bajkSilaCbjdKVsKdZjZCLBNPL9pYzrCakKaf4U49U=
|
||||
github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
|
||||
github.com/yuin/goldmark v1.7.4 h1:BDXOHExt+A7gwPCJgPIIq7ENvceR7we7rOS9TNoLZeg=
|
||||
github.com/yuin/goldmark v1.7.4/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
|
||||
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
|
||||
github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
|
||||
github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY=
|
||||
github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
|
||||
github.com/zeebo/blake3 v0.2.3 h1:TFoLXsjeXqRNFxSbk35Dk4YtszE/MQQGK10BH4ptoTg=
|
||||
github.com/zeebo/blake3 v0.2.3/go.mod h1:mjJjZpnsyIVtVgTOSpJ9vmRE4wgDeyt2HU3qXvvKCaQ=
|
||||
github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
|
||||
github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
|
||||
github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
|
||||
github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
|
||||
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
|
||||
go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
|
||||
go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
|
||||
go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
|
||||
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
|
||||
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
|
||||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
|
||||
|
@ -478,8 +560,8 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
|||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
|
||||
go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
|
||||
go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
|
||||
go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
|
||||
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
|
||||
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
|
||||
go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
|
||||
|
@ -497,8 +579,12 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
|
|||
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
|
||||
go.uber.org/zap/exp v0.2.0 h1:FtGenNNeCATRB3CmB/yEUnjEFeJWpB/pMcy7e2bKPYs=
|
||||
go.uber.org/zap/exp v0.2.0/go.mod h1:t0gqAIdh1MfKv9EwN/dLwfZnJxe9ITAZN78HEWPFWDQ=
|
||||
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
|
||||
golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
|
||||
golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
|
||||
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
|
@ -508,44 +594,67 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP
|
|||
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
|
||||
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
|
||||
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
|
||||
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240507223354-67b13616a595 h1:TgSqweA595vD0Zt86JzLv3Pb/syKg8gd5KMGGbJPYFw=
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240507223354-67b13616a595/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=
|
||||
golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
|
||||
golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240930154113-a0819fbb0244 h1:3uziZWNwkTfxhMOxJB13NpTR+svHLMMVDhTrEyZOd3k=
|
||||
golang.org/x/crypto/x509roots/fallback v0.0.0-20240930154113-a0819fbb0244/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
|
||||
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
|
||||
golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
|
||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
|
||||
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
|
||||
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
|
||||
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
|
||||
golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
|
||||
golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
|
||||
golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
|
||||
golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
|
||||
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
@ -562,37 +671,41 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
|
||||
golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
|
||||
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
|
||||
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
|
||||
golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
|
||||
golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
|
||||
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
|
||||
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
|
||||
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
|
||||
golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
|
||||
golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
|
||||
golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
|
||||
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
|
@ -603,21 +716,37 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
|
|||
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
|
||||
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
|
||||
golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
|
||||
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
|
||||
google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
|
||||
google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
|
||||
google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4=
|
||||
google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
|
||||
google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||
google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw=
|
||||
google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae h1:AH34z6WAGVNkllnKs5raNq3yRq93VnjBG6rpfub/jYk=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
|
||||
google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
|
||||
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
|
||||
google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
|
||||
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
|
||||
|
@ -629,16 +758,22 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
|
|||
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
|
||||
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||
gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
|
||||
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
|
||||
gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
|
||||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
|
||||
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
|
||||
howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
|
||||
sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
|
||||
sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
|
||||
|
|
68
listen.go
68
listen.go
|
@ -18,7 +18,11 @@ package caddy
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"slices"
|
||||
"strconv"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
@ -31,10 +35,49 @@ func reuseUnixSocket(network, addr string) (any, error) {
|
|||
}
|
||||
|
||||
func listenReusable(ctx context.Context, lnKey string, network, address string, config net.ListenConfig) (any, error) {
|
||||
switch network {
|
||||
case "udp", "udp4", "udp6", "unixgram":
|
||||
var socketFile *os.File
|
||||
|
||||
fd := slices.Contains([]string{"fd", "fdgram"}, network)
|
||||
if fd {
|
||||
socketFd, err := strconv.ParseUint(address, 0, strconv.IntSize)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid file descriptor: %v", err)
|
||||
}
|
||||
|
||||
func() {
|
||||
socketFilesMu.Lock()
|
||||
defer socketFilesMu.Unlock()
|
||||
|
||||
socketFdWide := uintptr(socketFd)
|
||||
var ok bool
|
||||
|
||||
socketFile, ok = socketFiles[socketFdWide]
|
||||
|
||||
if !ok {
|
||||
socketFile = os.NewFile(socketFdWide, lnKey)
|
||||
if socketFile != nil {
|
||||
socketFiles[socketFdWide] = socketFile
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
if socketFile == nil {
|
||||
return nil, fmt.Errorf("invalid socket file descriptor: %d", socketFd)
|
||||
}
|
||||
}
|
||||
|
||||
datagram := slices.Contains([]string{"udp", "udp4", "udp6", "unixgram", "fdgram"}, network)
|
||||
if datagram {
|
||||
sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) {
|
||||
pc, err := config.ListenPacket(ctx, network, address)
|
||||
var (
|
||||
pc net.PacketConn
|
||||
err error
|
||||
)
|
||||
if fd {
|
||||
pc, err = net.FilePacketConn(socketFile)
|
||||
} else {
|
||||
pc, err = config.ListenPacket(ctx, network, address)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -44,10 +87,18 @@ func listenReusable(ctx context.Context, lnKey string, network, address string,
|
|||
return nil, err
|
||||
}
|
||||
return &fakeClosePacketConn{sharedPacketConn: sharedPc.(*sharedPacketConn)}, nil
|
||||
}
|
||||
|
||||
default:
|
||||
sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) {
|
||||
ln, err := config.Listen(ctx, network, address)
|
||||
var (
|
||||
ln net.Listener
|
||||
err error
|
||||
)
|
||||
if fd {
|
||||
ln, err = net.FileListener(socketFile)
|
||||
} else {
|
||||
ln, err = config.Listen(ctx, network, address)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -58,7 +109,6 @@ func listenReusable(ctx context.Context, lnKey string, network, address string,
|
|||
}
|
||||
return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener), keepAlivePeriod: config.KeepAlive}, nil
|
||||
}
|
||||
}
|
||||
|
||||
// fakeCloseListener is a private wrapper over a listener that
|
||||
// is shared. The state of fakeCloseListener is not shared.
|
||||
|
@ -260,3 +310,9 @@ var (
|
|||
Unwrap() net.PacketConn
|
||||
}) = (*fakeClosePacketConn)(nil)
|
||||
)
|
||||
|
||||
// socketFiles is a fd -> *os.File map used to make a FileListener/FilePacketConn from a socket file descriptor.
|
||||
var socketFiles = map[uintptr]*os.File{}
|
||||
|
||||
// socketFilesMu synchronizes socketFiles insertions
|
||||
var socketFilesMu sync.Mutex
|
||||
|
|
132
listen_unix.go
132
listen_unix.go
|
@ -22,10 +22,14 @@ package caddy
|
|||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/fs"
|
||||
"net"
|
||||
"os"
|
||||
"slices"
|
||||
"strconv"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"syscall"
|
||||
|
||||
|
@ -34,12 +38,9 @@ import (
|
|||
)
|
||||
|
||||
// reuseUnixSocket copies and reuses the unix domain socket (UDS) if we already
|
||||
// have it open; if not, unlink it so we can have it. No-op if not a unix network.
|
||||
// have it open; if not, unlink it so we can have it.
|
||||
// No-op if not a unix network.
|
||||
func reuseUnixSocket(network, addr string) (any, error) {
|
||||
if !IsUnixNetwork(network) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
socketKey := listenerKey(network, addr)
|
||||
|
||||
socket, exists := unixSockets[socketKey]
|
||||
|
@ -71,7 +72,7 @@ func reuseUnixSocket(network, addr string) (any, error) {
|
|||
return nil, err
|
||||
}
|
||||
atomic.AddInt32(unixSocket.count, 1)
|
||||
unixSockets[socketKey] = &unixConn{pc.(*net.UnixConn), addr, socketKey, unixSocket.count}
|
||||
unixSockets[socketKey] = &unixConn{pc.(*net.UnixConn), socketKey, unixSocket.count}
|
||||
}
|
||||
|
||||
return unixSockets[socketKey], nil
|
||||
|
@ -89,7 +90,46 @@ func reuseUnixSocket(network, addr string) (any, error) {
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
// listenReusable creates a new listener for the given network and address, and adds it to listenerPool.
|
||||
func listenReusable(ctx context.Context, lnKey string, network, address string, config net.ListenConfig) (any, error) {
|
||||
// even though SO_REUSEPORT lets us bind the socket multiple times,
|
||||
// we still put it in the listenerPool so we can count how many
|
||||
// configs are using this socket; necessary to ensure we can know
|
||||
// whether to enforce shutdown delays, for example (see #5393).
|
||||
var (
|
||||
ln io.Closer
|
||||
err error
|
||||
socketFile *os.File
|
||||
)
|
||||
|
||||
fd := slices.Contains([]string{"fd", "fdgram"}, network)
|
||||
if fd {
|
||||
socketFd, err := strconv.ParseUint(address, 0, strconv.IntSize)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid file descriptor: %v", err)
|
||||
}
|
||||
|
||||
func() {
|
||||
socketFilesMu.Lock()
|
||||
defer socketFilesMu.Unlock()
|
||||
|
||||
socketFdWide := uintptr(socketFd)
|
||||
var ok bool
|
||||
|
||||
socketFile, ok = socketFiles[socketFdWide]
|
||||
|
||||
if !ok {
|
||||
socketFile = os.NewFile(socketFdWide, lnKey)
|
||||
if socketFile != nil {
|
||||
socketFiles[socketFdWide] = socketFile
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
if socketFile == nil {
|
||||
return nil, fmt.Errorf("invalid socket file descriptor: %d", socketFd)
|
||||
}
|
||||
} else {
|
||||
// wrap any Control function set by the user so we can also add our reusePort control without clobbering theirs
|
||||
oldControl := config.Control
|
||||
config.Control = func(network, address string, c syscall.RawConn) error {
|
||||
|
@ -100,45 +140,57 @@ func listenReusable(ctx context.Context, lnKey string, network, address string,
|
|||
}
|
||||
return reusePort(network, address, c)
|
||||
}
|
||||
}
|
||||
|
||||
// even though SO_REUSEPORT lets us bind the socket multiple times,
|
||||
// we still put it in the listenerPool so we can count how many
|
||||
// configs are using this socket; necessary to ensure we can know
|
||||
// whether to enforce shutdown delays, for example (see #5393).
|
||||
var ln io.Closer
|
||||
var err error
|
||||
switch network {
|
||||
case "udp", "udp4", "udp6", "unixgram":
|
||||
datagram := slices.Contains([]string{"udp", "udp4", "udp6", "unixgram", "fdgram"}, network)
|
||||
if datagram {
|
||||
if fd {
|
||||
ln, err = net.FilePacketConn(socketFile)
|
||||
} else {
|
||||
ln, err = config.ListenPacket(ctx, network, address)
|
||||
default:
|
||||
}
|
||||
} else {
|
||||
if fd {
|
||||
ln, err = net.FileListener(socketFile)
|
||||
} else {
|
||||
ln, err = config.Listen(ctx, network, address)
|
||||
}
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
listenerPool.LoadOrStore(lnKey, nil)
|
||||
}
|
||||
|
||||
if datagram {
|
||||
if !fd {
|
||||
// TODO: Not 100% sure this is necessary, but we do this for net.UnixListener, so...
|
||||
if unix, ok := ln.(*net.UnixConn); ok {
|
||||
one := int32(1)
|
||||
ln = &unixConn{unix, lnKey, &one}
|
||||
unixSockets[lnKey] = ln.(*unixConn)
|
||||
}
|
||||
}
|
||||
// lightly wrap the connection so that when it is closed,
|
||||
// we can decrement the usage pool counter
|
||||
if specificLn, ok := ln.(net.PacketConn); ok {
|
||||
ln = deletePacketConn{specificLn, lnKey}
|
||||
}
|
||||
} else {
|
||||
if !fd {
|
||||
// if new listener is a unix socket, make sure we can reuse it later
|
||||
// (we do our own "unlink on close" -- not required, but more tidy)
|
||||
one := int32(1)
|
||||
if unix, ok := ln.(*net.UnixListener); ok {
|
||||
unix.SetUnlinkOnClose(false)
|
||||
one := int32(1)
|
||||
ln = &unixListener{unix, lnKey, &one}
|
||||
unixSockets[lnKey] = ln.(*unixListener)
|
||||
}
|
||||
|
||||
// TODO: Not 100% sure this is necessary, but we do this for net.UnixListener in listen_unix.go, so...
|
||||
if unix, ok := ln.(*net.UnixConn); ok {
|
||||
ln = &unixConn{unix, address, lnKey, &one}
|
||||
unixSockets[lnKey] = ln.(*unixConn)
|
||||
}
|
||||
|
||||
// lightly wrap the listener so that when it is closed,
|
||||
// we can decrement the usage pool counter
|
||||
switch specificLn := ln.(type) {
|
||||
case net.Listener:
|
||||
return deleteListener{specificLn, lnKey}, err
|
||||
case net.PacketConn:
|
||||
return deletePacketConn{specificLn, lnKey}, err
|
||||
if specificLn, ok := ln.(net.Listener); ok {
|
||||
ln = deleteListener{specificLn, lnKey}
|
||||
}
|
||||
}
|
||||
|
||||
// other types, I guess we just return them directly
|
||||
|
@ -170,12 +222,18 @@ type unixListener struct {
|
|||
func (uln *unixListener) Close() error {
|
||||
newCount := atomic.AddInt32(uln.count, -1)
|
||||
if newCount == 0 {
|
||||
file, err := uln.File()
|
||||
var name string
|
||||
if err == nil {
|
||||
name = file.Name()
|
||||
}
|
||||
defer func() {
|
||||
addr := uln.Addr().String()
|
||||
unixSocketsMu.Lock()
|
||||
delete(unixSockets, uln.mapKey)
|
||||
unixSocketsMu.Unlock()
|
||||
_ = syscall.Unlink(addr)
|
||||
if err == nil {
|
||||
_ = syscall.Unlink(name)
|
||||
}
|
||||
}()
|
||||
}
|
||||
return uln.UnixListener.Close()
|
||||
|
@ -183,7 +241,6 @@ func (uln *unixListener) Close() error {
|
|||
|
||||
type unixConn struct {
|
||||
*net.UnixConn
|
||||
filename string
|
||||
mapKey string
|
||||
count *int32 // accessed atomically
|
||||
}
|
||||
|
@ -191,11 +248,18 @@ type unixConn struct {
|
|||
func (uc *unixConn) Close() error {
|
||||
newCount := atomic.AddInt32(uc.count, -1)
|
||||
if newCount == 0 {
|
||||
file, err := uc.File()
|
||||
var name string
|
||||
if err == nil {
|
||||
name = file.Name()
|
||||
}
|
||||
defer func() {
|
||||
unixSocketsMu.Lock()
|
||||
delete(unixSockets, uc.mapKey)
|
||||
unixSocketsMu.Unlock()
|
||||
_ = syscall.Unlink(uc.filename)
|
||||
if err == nil {
|
||||
_ = syscall.Unlink(name)
|
||||
}
|
||||
}()
|
||||
}
|
||||
return uc.UnixConn.Close()
|
||||
|
@ -211,6 +275,12 @@ var unixSockets = make(map[string]interface {
|
|||
File() (*os.File, error)
|
||||
})
|
||||
|
||||
// socketFiles is a fd -> *os.File map used to make a FileListener/FilePacketConn from a socket file descriptor.
|
||||
var socketFiles = map[uintptr]*os.File{}
|
||||
|
||||
// socketFilesMu synchronizes socketFiles insertions
|
||||
var socketFilesMu sync.Mutex
|
||||
|
||||
// deleteListener is a type that simply deletes itself
|
||||
// from the listenerPool when it closes. It is used
|
||||
// solely for the purpose of reference counting (i.e.
|
||||
|
|
106
listeners.go
106
listeners.go
|
@ -31,6 +31,7 @@ import (
|
|||
|
||||
"github.com/quic-go/quic-go"
|
||||
"github.com/quic-go/quic-go/http3"
|
||||
"github.com/quic-go/quic-go/qlog"
|
||||
"go.uber.org/zap"
|
||||
"golang.org/x/time/rate"
|
||||
|
||||
|
@ -57,7 +58,7 @@ type NetworkAddress struct {
|
|||
EndPort uint
|
||||
}
|
||||
|
||||
// ListenAll calls Listen() for all addresses represented by this struct, i.e. all ports in the range.
|
||||
// ListenAll calls Listen for all addresses represented by this struct, i.e. all ports in the range.
|
||||
// (If the address doesn't use ports or has 1 port only, then only 1 listener will be created.)
|
||||
// It returns an error if any listener failed to bind, and closes any listeners opened up to that point.
|
||||
func (na NetworkAddress) ListenAll(ctx context.Context, config net.ListenConfig) ([]any, error) {
|
||||
|
@ -105,7 +106,8 @@ func (na NetworkAddress) ListenAll(ctx context.Context, config net.ListenConfig)
|
|||
// portOffset to the start port. (For network types that do not use ports, the
|
||||
// portOffset is ignored.)
|
||||
//
|
||||
// The provided ListenConfig is used to create the listener. Its Control function,
|
||||
// First Listen checks if a plugin can provide a listener from this address. Otherwise,
|
||||
// the provided ListenConfig is used to create the listener. Its Control function,
|
||||
// if set, may be wrapped by an internally-used Control function. The provided
|
||||
// context may be used to cancel long operations early. The context is not used
|
||||
// to close the listener after it has been created.
|
||||
|
@ -128,6 +130,8 @@ func (na NetworkAddress) ListenAll(ctx context.Context, config net.ListenConfig)
|
|||
// Unix sockets will be unlinked before being created, to ensure we can bind to
|
||||
// it even if the previous program using it exited uncleanly; it will also be
|
||||
// unlinked upon a graceful exit (or when a new config does not use that socket).
|
||||
// Listen synchronizes binds to unix domain sockets to avoid race conditions
|
||||
// while an existing socket is unlinked.
|
||||
func (na NetworkAddress) Listen(ctx context.Context, portOffset uint, config net.ListenConfig) (any, error) {
|
||||
if na.IsUnixNetwork() {
|
||||
unixSocketsMu.Lock()
|
||||
|
@ -149,50 +153,49 @@ func (na NetworkAddress) listen(ctx context.Context, portOffset uint, config net
|
|||
err error
|
||||
address string
|
||||
unixFileMode fs.FileMode
|
||||
isAbstractUnixSocket bool
|
||||
)
|
||||
|
||||
// split unix socket addr early so lnKey
|
||||
// is independent of permissions bits
|
||||
if na.IsUnixNetwork() {
|
||||
var err error
|
||||
address, unixFileMode, err = internal.SplitUnixSocketPermissionsBits(na.Host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
isAbstractUnixSocket = strings.HasPrefix(address, "@")
|
||||
} else if na.IsFdNetwork() {
|
||||
address = na.Host
|
||||
} else {
|
||||
address = na.JoinHostPort(portOffset)
|
||||
}
|
||||
|
||||
// if this is a unix socket, see if we already have it open,
|
||||
// force socket permissions on it and return early
|
||||
if socket, err := reuseUnixSocket(na.Network, address); socket != nil || err != nil {
|
||||
if !isAbstractUnixSocket {
|
||||
if err := os.Chmod(address, unixFileMode); err != nil {
|
||||
return nil, fmt.Errorf("unable to set permissions (%s) on %s: %v", unixFileMode, address, err)
|
||||
}
|
||||
}
|
||||
return socket, err
|
||||
}
|
||||
|
||||
lnKey := listenerKey(na.Network, address)
|
||||
|
||||
if strings.HasPrefix(na.Network, "ip") {
|
||||
ln, err = config.ListenPacket(ctx, na.Network, address)
|
||||
} else {
|
||||
if na.IsUnixNetwork() {
|
||||
// if this is a unix socket, see if we already have it open
|
||||
ln, err = reuseUnixSocket(na.Network, address)
|
||||
}
|
||||
|
||||
if ln == nil && err == nil {
|
||||
// otherwise, create a new listener
|
||||
lnKey := listenerKey(na.Network, address)
|
||||
ln, err = listenReusable(ctx, lnKey, na.Network, address, config)
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if ln == nil {
|
||||
return nil, fmt.Errorf("unsupported network type: %s", na.Network)
|
||||
}
|
||||
|
||||
if IsUnixNetwork(na.Network) {
|
||||
isAbstractUnixSocket := strings.HasPrefix(address, "@")
|
||||
if !isAbstractUnixSocket {
|
||||
if err := os.Chmod(address, unixFileMode); err != nil {
|
||||
err = os.Chmod(address, unixFileMode)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to set permissions (%s) on %s: %v", unixFileMode, address, err)
|
||||
}
|
||||
}
|
||||
|
@ -207,13 +210,19 @@ func (na NetworkAddress) IsUnixNetwork() bool {
|
|||
return IsUnixNetwork(na.Network)
|
||||
}
|
||||
|
||||
// IsUnixNetwork returns true if na.Network is
|
||||
// fd or fdgram.
|
||||
func (na NetworkAddress) IsFdNetwork() bool {
|
||||
return IsFdNetwork(na.Network)
|
||||
}
|
||||
|
||||
// JoinHostPort is like net.JoinHostPort, but where the port
|
||||
// is StartPort + offset.
|
||||
func (na NetworkAddress) JoinHostPort(offset uint) string {
|
||||
if na.IsUnixNetwork() {
|
||||
if na.IsUnixNetwork() || na.IsFdNetwork() {
|
||||
return na.Host
|
||||
}
|
||||
return net.JoinHostPort(na.Host, strconv.Itoa(int(na.StartPort+offset)))
|
||||
return net.JoinHostPort(na.Host, strconv.FormatUint(uint64(na.StartPort+offset), 10))
|
||||
}
|
||||
|
||||
// Expand returns one NetworkAddress for each port in the port range.
|
||||
|
@ -247,7 +256,7 @@ func (na NetworkAddress) PortRangeSize() uint {
|
|||
}
|
||||
|
||||
func (na NetworkAddress) isLoopback() bool {
|
||||
if na.IsUnixNetwork() {
|
||||
if na.IsUnixNetwork() || na.IsFdNetwork() {
|
||||
return true
|
||||
}
|
||||
if na.Host == "localhost" {
|
||||
|
@ -291,6 +300,30 @@ func IsUnixNetwork(netw string) bool {
|
|||
return strings.HasPrefix(netw, "unix")
|
||||
}
|
||||
|
||||
// IsFdNetwork returns true if the netw is a fd network.
|
||||
func IsFdNetwork(netw string) bool {
|
||||
return strings.HasPrefix(netw, "fd")
|
||||
}
|
||||
|
||||
// normally we would simply append the port,
|
||||
// but if host is IPv6, we need to ensure it
|
||||
// is enclosed in [ ]; net.JoinHostPort does
|
||||
// this for us, but host might also have a
|
||||
// network type in front (e.g. "tcp/") leading
|
||||
// to "[tcp/::1]" which causes parsing failures
|
||||
// later; what we need is "tcp/[::1]", so we have
|
||||
// to split the network and host, then re-combine
|
||||
func ParseNetworkAddressFromHostPort(host, port string) (NetworkAddress, error) {
|
||||
network, addr, ok := strings.Cut(host, "/")
|
||||
if !ok {
|
||||
addr = network
|
||||
network = ""
|
||||
}
|
||||
addr = strings.Trim(addr, "[]") // IPv6
|
||||
networkAddr := JoinNetworkAddress(network, addr, port)
|
||||
return ParseNetworkAddress(networkAddr)
|
||||
}
|
||||
|
||||
// ParseNetworkAddress parses addr into its individual
|
||||
// components. The input string is expected to be of
|
||||
// the form "network/host:port-range" where any part is
|
||||
|
@ -321,6 +354,12 @@ func ParseNetworkAddressWithDefaults(addr, defaultNetwork string, defaultPort ui
|
|||
Host: host,
|
||||
}, err
|
||||
}
|
||||
if IsFdNetwork(network) {
|
||||
return NetworkAddress{
|
||||
Network: network,
|
||||
Host: host,
|
||||
}, nil
|
||||
}
|
||||
var start, end uint64
|
||||
if port == "" {
|
||||
start = uint64(defaultPort)
|
||||
|
@ -361,7 +400,7 @@ func SplitNetworkAddress(a string) (network, host, port string, err error) {
|
|||
network = strings.ToLower(strings.TrimSpace(beforeSlash))
|
||||
a = afterSlash
|
||||
}
|
||||
if IsUnixNetwork(network) {
|
||||
if IsUnixNetwork(network) || IsFdNetwork(network) {
|
||||
host = a
|
||||
return
|
||||
}
|
||||
|
@ -392,7 +431,7 @@ func JoinNetworkAddress(network, host, port string) string {
|
|||
if network != "" {
|
||||
a = network + "/"
|
||||
}
|
||||
if (host != "" && port == "") || IsUnixNetwork(network) {
|
||||
if (host != "" && port == "") || IsUnixNetwork(network) || IsFdNetwork(network) {
|
||||
a += host
|
||||
} else if port != "" {
|
||||
a += net.JoinHostPort(host, port)
|
||||
|
@ -400,9 +439,11 @@ func JoinNetworkAddress(network, host, port string) string {
|
|||
return a
|
||||
}
|
||||
|
||||
// ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module.
|
||||
// The network will be transformed into a QUIC-compatible type (if unix, then
|
||||
// unixgram will be used; otherwise, udp will be used).
|
||||
// ListenQUIC returns a http3.QUICEarlyListener suitable for use in a Caddy module.
|
||||
//
|
||||
// The network will be transformed into a QUIC-compatible type if the same address can be used with
|
||||
// different networks. Currently this just means that for tcp, udp will be used with the same
|
||||
// address instead.
|
||||
//
|
||||
// NOTE: This API is EXPERIMENTAL and may be changed or removed.
|
||||
func (na NetworkAddress) ListenQUIC(ctx context.Context, portOffset uint, config net.ListenConfig, tlsConf *tls.Config) (http3.QUICEarlyListener, error) {
|
||||
|
@ -437,7 +478,13 @@ func (na NetworkAddress) ListenQUIC(ctx context.Context, portOffset uint, config
|
|||
Conn: h3ln,
|
||||
VerifySourceAddress: func(addr net.Addr) bool { return !limiter.Allow() },
|
||||
}
|
||||
earlyLn, err := tr.ListenEarly(http3.ConfigureTLSConfig(quicTlsConfig), &quic.Config{Allow0RTT: true})
|
||||
earlyLn, err := tr.ListenEarly(
|
||||
http3.ConfigureTLSConfig(quicTlsConfig),
|
||||
&quic.Config{
|
||||
Allow0RTT: true,
|
||||
Tracer: qlog.DefaultConnectionTracer,
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -610,7 +657,8 @@ func RegisterNetwork(network string, getListener ListenerFunc) {
|
|||
if network == "tcp" || network == "tcp4" || network == "tcp6" ||
|
||||
network == "udp" || network == "udp4" || network == "udp6" ||
|
||||
network == "unix" || network == "unixpacket" || network == "unixgram" ||
|
||||
strings.HasPrefix("ip:", network) || strings.HasPrefix("ip4:", network) || strings.HasPrefix("ip6:", network) {
|
||||
strings.HasPrefix("ip:", network) || strings.HasPrefix("ip4:", network) || strings.HasPrefix("ip6:", network) ||
|
||||
network == "fd" || network == "fdgram" {
|
||||
panic("network type " + network + " is reserved")
|
||||
}
|
||||
|
||||
|
|
23
metrics.go
23
metrics.go
|
@ -4,30 +4,33 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/collectors"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
||||
"github.com/caddyserver/caddy/v2/internal/metrics"
|
||||
)
|
||||
|
||||
// define and register the metrics used in this package.
|
||||
func init() {
|
||||
prometheus.MustRegister(collectors.NewBuildInfoCollector())
|
||||
|
||||
const ns, sub = "caddy", "admin"
|
||||
|
||||
adminMetrics.requestCount = promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
adminMetrics.requestCount = prometheus.NewCounterVec(prometheus.CounterOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "http_requests_total",
|
||||
Help: "Counter of requests made to the Admin API's HTTP endpoints.",
|
||||
}, []string{"handler", "path", "code", "method"})
|
||||
adminMetrics.requestErrors = promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
adminMetrics.requestErrors = prometheus.NewCounterVec(prometheus.CounterOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "http_request_errors_total",
|
||||
Help: "Number of requests resulting in middleware errors.",
|
||||
}, []string{"handler", "path", "method"})
|
||||
globalMetrics.configSuccess = prometheus.NewGauge(prometheus.GaugeOpts{
|
||||
Name: "caddy_config_last_reload_successful",
|
||||
Help: "Whether the last configuration reload attempt was successful.",
|
||||
})
|
||||
globalMetrics.configSuccessTime = prometheus.NewGauge(prometheus.GaugeOpts{
|
||||
Name: "caddy_config_last_reload_success_timestamp_seconds",
|
||||
Help: "Timestamp of the last successful configuration reload.",
|
||||
})
|
||||
}
|
||||
|
||||
// adminMetrics is a collection of metrics that can be tracked for the admin API.
|
||||
|
@ -36,6 +39,12 @@ var adminMetrics = struct {
|
|||
requestErrors *prometheus.CounterVec
|
||||
}{}
|
||||
|
||||
// globalMetrics is a collection of metrics that can be tracked for Caddy global state
|
||||
var globalMetrics = struct {
|
||||
configSuccess prometheus.Gauge
|
||||
configSuccessTime prometheus.Gauge
|
||||
}{}
|
||||
|
||||
// Similar to promhttp.InstrumentHandlerCounter, but upper-cases method names
|
||||
// instead of lower-casing them.
|
||||
//
|
||||
|
|
|
@ -124,7 +124,9 @@ func (app *App) Provision(ctx caddy.Context) error {
|
|||
app.subscriptions = make(map[string]map[caddy.ModuleID][]Handler)
|
||||
|
||||
for _, sub := range app.Subscriptions {
|
||||
if sub.HandlersRaw != nil {
|
||||
if sub.HandlersRaw == nil {
|
||||
continue
|
||||
}
|
||||
handlersIface, err := ctx.LoadModule(sub, "HandlersRaw")
|
||||
if err != nil {
|
||||
return fmt.Errorf("loading event subscriber modules: %v", err)
|
||||
|
@ -137,7 +139,6 @@ func (app *App) Provision(ctx caddy.Context) error {
|
|||
return fmt.Errorf("no handlers defined")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ import (
|
|||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"maps"
|
||||
"net"
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
@ -203,17 +204,75 @@ func (app *App) Provision(ctx caddy.Context) error {
|
|||
}
|
||||
}
|
||||
|
||||
// the Go standard library does not let us serve only HTTP/2 using
|
||||
// http.Server; we would probably need to write our own server
|
||||
if !srv.protocol("h1") && (srv.protocol("h2") || srv.protocol("h2c")) {
|
||||
return fmt.Errorf("server %s: cannot enable HTTP/2 or H2C without enabling HTTP/1.1; add h1 to protocols or remove h2/h2c", srvName)
|
||||
}
|
||||
|
||||
// if no protocols configured explicitly, enable all except h2c
|
||||
if len(srv.Protocols) == 0 {
|
||||
srv.Protocols = []string{"h1", "h2", "h3"}
|
||||
}
|
||||
|
||||
srvProtocolsUnique := map[string]struct{}{}
|
||||
for _, srvProtocol := range srv.Protocols {
|
||||
srvProtocolsUnique[srvProtocol] = struct{}{}
|
||||
}
|
||||
_, h1ok := srvProtocolsUnique["h1"]
|
||||
_, h2ok := srvProtocolsUnique["h2"]
|
||||
_, h2cok := srvProtocolsUnique["h2c"]
|
||||
|
||||
// the Go standard library does not let us serve only HTTP/2 using
|
||||
// http.Server; we would probably need to write our own server
|
||||
if !h1ok && (h2ok || h2cok) {
|
||||
return fmt.Errorf("server %s: cannot enable HTTP/2 or H2C without enabling HTTP/1.1; add h1 to protocols or remove h2/h2c", srvName)
|
||||
}
|
||||
|
||||
if srv.ListenProtocols != nil {
|
||||
if len(srv.ListenProtocols) != len(srv.Listen) {
|
||||
return fmt.Errorf("server %s: listener protocols count does not match address count: %d != %d",
|
||||
srvName, len(srv.ListenProtocols), len(srv.Listen))
|
||||
}
|
||||
|
||||
for i, lnProtocols := range srv.ListenProtocols {
|
||||
if lnProtocols != nil {
|
||||
// populate empty listen protocols with server protocols
|
||||
lnProtocolsDefault := false
|
||||
var lnProtocolsInclude []string
|
||||
srvProtocolsInclude := maps.Clone(srvProtocolsUnique)
|
||||
|
||||
// keep existing listener protocols unless they are empty
|
||||
for _, lnProtocol := range lnProtocols {
|
||||
if lnProtocol == "" {
|
||||
lnProtocolsDefault = true
|
||||
} else {
|
||||
lnProtocolsInclude = append(lnProtocolsInclude, lnProtocol)
|
||||
delete(srvProtocolsInclude, lnProtocol)
|
||||
}
|
||||
}
|
||||
|
||||
// append server protocols to listener protocols if any listener protocols were empty
|
||||
if lnProtocolsDefault {
|
||||
for _, srvProtocol := range srv.Protocols {
|
||||
if _, ok := srvProtocolsInclude[srvProtocol]; ok {
|
||||
lnProtocolsInclude = append(lnProtocolsInclude, srvProtocol)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
lnProtocolsIncludeUnique := map[string]struct{}{}
|
||||
for _, lnProtocol := range lnProtocolsInclude {
|
||||
lnProtocolsIncludeUnique[lnProtocol] = struct{}{}
|
||||
}
|
||||
_, h1ok := lnProtocolsIncludeUnique["h1"]
|
||||
_, h2ok := lnProtocolsIncludeUnique["h2"]
|
||||
_, h2cok := lnProtocolsIncludeUnique["h2c"]
|
||||
|
||||
// check if any listener protocols contain h2 or h2c without h1
|
||||
if !h1ok && (h2ok || h2cok) {
|
||||
return fmt.Errorf("server %s, listener %d: cannot enable HTTP/2 or H2C without enabling HTTP/1.1; add h1 to protocols or remove h2/h2c", srvName, i)
|
||||
}
|
||||
|
||||
srv.ListenProtocols[i] = lnProtocolsInclude
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// if not explicitly configured by the user, disallow TLS
|
||||
// client auth bypass (domain fronting) which could
|
||||
// otherwise be exploited by sending an unprotected SNI
|
||||
|
@ -288,6 +347,10 @@ func (app *App) Provision(ctx caddy.Context) error {
|
|||
// route handler so that important security checks are done, etc.
|
||||
primaryRoute := emptyHandler
|
||||
if srv.Routes != nil {
|
||||
if srv.Metrics != nil {
|
||||
srv.Metrics.init = sync.Once{}
|
||||
srv.Metrics.httpMetrics = &httpMetrics{}
|
||||
}
|
||||
err := srv.Routes.ProvisionHandlers(ctx, srv.Metrics)
|
||||
if err != nil {
|
||||
return fmt.Errorf("server %s: setting up route handlers: %v", srvName, err)
|
||||
|
@ -344,7 +407,7 @@ func (app *App) Validate() error {
|
|||
// check that every address in the port range is unique to this server;
|
||||
// we do not use <= here because PortRangeSize() adds 1 to EndPort for us
|
||||
for i := uint(0); i < listenAddr.PortRangeSize(); i++ {
|
||||
addr := caddy.JoinNetworkAddress(listenAddr.Network, listenAddr.Host, strconv.Itoa(int(listenAddr.StartPort+i)))
|
||||
addr := caddy.JoinNetworkAddress(listenAddr.Network, listenAddr.Host, strconv.FormatUint(uint64(listenAddr.StartPort+i), 10))
|
||||
if sn, ok := lnAddrs[addr]; ok {
|
||||
return fmt.Errorf("server %s: listener address repeated: %s (already claimed by server '%s')", srvName, addr, sn)
|
||||
}
|
||||
|
@ -422,21 +485,59 @@ func (app *App) Start() error {
|
|||
srv.server.Handler = h2c.NewHandler(srv, h2server)
|
||||
}
|
||||
|
||||
for _, lnAddr := range srv.Listen {
|
||||
for lnIndex, lnAddr := range srv.Listen {
|
||||
listenAddr, err := caddy.ParseNetworkAddress(lnAddr)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%s: parsing listen address '%s': %v", srvName, lnAddr, err)
|
||||
}
|
||||
|
||||
srv.addresses = append(srv.addresses, listenAddr)
|
||||
|
||||
protocols := srv.Protocols
|
||||
if srv.ListenProtocols != nil && srv.ListenProtocols[lnIndex] != nil {
|
||||
protocols = srv.ListenProtocols[lnIndex]
|
||||
}
|
||||
|
||||
protocolsUnique := map[string]struct{}{}
|
||||
for _, protocol := range protocols {
|
||||
protocolsUnique[protocol] = struct{}{}
|
||||
}
|
||||
_, h1ok := protocolsUnique["h1"]
|
||||
_, h2ok := protocolsUnique["h2"]
|
||||
_, h2cok := protocolsUnique["h2c"]
|
||||
_, h3ok := protocolsUnique["h3"]
|
||||
|
||||
for portOffset := uint(0); portOffset < listenAddr.PortRangeSize(); portOffset++ {
|
||||
// create the listener for this socket
|
||||
hostport := listenAddr.JoinHostPort(portOffset)
|
||||
|
||||
// enable TLS if there is a policy and if this is not the HTTP port
|
||||
useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort()
|
||||
|
||||
// enable HTTP/3 if configured
|
||||
if h3ok && useTLS {
|
||||
app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport))
|
||||
if err := srv.serveHTTP3(listenAddr.At(portOffset), tlsCfg); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if h3ok && !useTLS {
|
||||
// Can only serve h3 with TLS enabled
|
||||
app.logger.Warn("HTTP/3 skipped because it requires TLS",
|
||||
zap.String("network", listenAddr.Network),
|
||||
zap.String("addr", hostport))
|
||||
}
|
||||
|
||||
if h1ok || h2ok && useTLS || h2cok {
|
||||
// create the listener for this socket
|
||||
lnAny, err := listenAddr.Listen(app.ctx, portOffset, net.ListenConfig{KeepAlive: time.Duration(srv.KeepAliveInterval)})
|
||||
if err != nil {
|
||||
return fmt.Errorf("listening on %s: %v", listenAddr.At(portOffset), err)
|
||||
}
|
||||
ln := lnAny.(net.Listener)
|
||||
ln, ok := lnAny.(net.Listener)
|
||||
if !ok {
|
||||
return fmt.Errorf("network '%s' cannot handle HTTP/1 or HTTP/2 connections", listenAddr.Network)
|
||||
}
|
||||
|
||||
// wrap listener before TLS (up to the TLS placeholder wrapper)
|
||||
var lnWrapperIdx int
|
||||
|
@ -448,36 +549,9 @@ func (app *App) Start() error {
|
|||
ln = lnWrapper.WrapListener(ln)
|
||||
}
|
||||
|
||||
// enable TLS if there is a policy and if this is not the HTTP port
|
||||
useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort()
|
||||
if useTLS {
|
||||
// create TLS listener - this enables and terminates TLS
|
||||
ln = tls.NewListener(ln, tlsCfg)
|
||||
|
||||
// enable HTTP/3 if configured
|
||||
if srv.protocol("h3") {
|
||||
// Can't serve HTTP/3 on the same socket as HTTP/1 and 2 because it uses
|
||||
// a different transport mechanism... which is fine, but the OS doesn't
|
||||
// differentiate between a SOCK_STREAM file and a SOCK_DGRAM file; they
|
||||
// are still one file on the system. So even though "unixpacket" and
|
||||
// "unixgram" are different network types just as "tcp" and "udp" are,
|
||||
// the OS will not let us use the same file as both STREAM and DGRAM.
|
||||
if len(srv.Protocols) > 1 && listenAddr.IsUnixNetwork() {
|
||||
app.logger.Warn("HTTP/3 disabled because Unix can't multiplex STREAM and DGRAM on same socket",
|
||||
zap.String("file", hostport))
|
||||
for i := range srv.Protocols {
|
||||
if srv.Protocols[i] == "h3" {
|
||||
srv.Protocols = append(srv.Protocols[:i], srv.Protocols[i+1:]...)
|
||||
break
|
||||
}
|
||||
}
|
||||
} else {
|
||||
app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport))
|
||||
if err := srv.serveHTTP3(listenAddr.At(portOffset), tlsCfg); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// finish wrapping listener where we left off before TLS
|
||||
|
@ -486,7 +560,7 @@ func (app *App) Start() error {
|
|||
}
|
||||
|
||||
// handle http2 if use tls listener wrapper
|
||||
if useTLS {
|
||||
if h2ok {
|
||||
http2lnWrapper := &http2Listener{
|
||||
Listener: ln,
|
||||
server: srv.server,
|
||||
|
@ -498,7 +572,7 @@ func (app *App) Start() error {
|
|||
|
||||
// if binding to port 0, the OS chooses a port for us;
|
||||
// but the user won't know the port unless we print it
|
||||
if !listenAddr.IsUnixNetwork() && listenAddr.StartPort == 0 && listenAddr.EndPort == 0 {
|
||||
if !listenAddr.IsUnixNetwork() && !listenAddr.IsFdNetwork() && listenAddr.StartPort == 0 && listenAddr.EndPort == 0 {
|
||||
app.logger.Info("port 0 listener",
|
||||
zap.String("input_address", lnAddr),
|
||||
zap.String("actual_address", ln.Addr().String()))
|
||||
|
@ -512,11 +586,19 @@ func (app *App) Start() error {
|
|||
srv.listeners = append(srv.listeners, ln)
|
||||
|
||||
// enable HTTP/1 if configured
|
||||
if srv.protocol("h1") {
|
||||
if h1ok {
|
||||
//nolint:errcheck
|
||||
go srv.server.Serve(ln)
|
||||
}
|
||||
}
|
||||
|
||||
if h2ok && !useTLS {
|
||||
// Can only serve h2 with TLS enabled
|
||||
app.logger.Warn("HTTP/2 skipped because it requires TLS",
|
||||
zap.String("network", listenAddr.Network),
|
||||
zap.String("addr", hostport))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
srv.logger.Info("server running",
|
||||
|
|
|
@ -17,6 +17,7 @@ package caddyhttp
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
|
@ -64,17 +65,12 @@ type AutoHTTPSConfig struct {
|
|||
// enabled. To force automated certificate management
|
||||
// regardless of loaded certificates, set this to true.
|
||||
IgnoreLoadedCerts bool `json:"ignore_loaded_certificates,omitempty"`
|
||||
}
|
||||
|
||||
// Skipped returns true if name is in skipSlice, which
|
||||
// should be either the Skip or SkipCerts field on ahc.
|
||||
func (ahc AutoHTTPSConfig) Skipped(name string, skipSlice []string) bool {
|
||||
for _, n := range skipSlice {
|
||||
if name == n {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
// If true, automatic HTTPS will prefer wildcard names
|
||||
// and ignore non-wildcard names if both are available.
|
||||
// This allows for writing a config with top-level host
|
||||
// matchers without having those names produce certificates.
|
||||
PreferWildcard bool `json:"prefer_wildcard,omitempty"`
|
||||
}
|
||||
|
||||
// automaticHTTPSPhase1 provisions all route matchers, determines
|
||||
|
@ -158,7 +154,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er
|
|||
return fmt.Errorf("%s: route %d, matcher set %d, matcher %d, host matcher %d: %v",
|
||||
srvName, routeIdx, matcherSetIdx, matcherIdx, hostMatcherIdx, err)
|
||||
}
|
||||
if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) {
|
||||
if !slices.Contains(srv.AutoHTTPS.Skip, d) {
|
||||
serverDomainSet[d] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
@ -167,6 +163,27 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er
|
|||
}
|
||||
}
|
||||
|
||||
if srv.AutoHTTPS.PreferWildcard {
|
||||
wildcards := make(map[string]struct{})
|
||||
for d := range serverDomainSet {
|
||||
if strings.HasPrefix(d, "*.") {
|
||||
wildcards[d[2:]] = struct{}{}
|
||||
}
|
||||
}
|
||||
for d := range serverDomainSet {
|
||||
if strings.HasPrefix(d, "*.") {
|
||||
continue
|
||||
}
|
||||
base := d
|
||||
if idx := strings.Index(d, "."); idx != -1 {
|
||||
base = d[idx+1:]
|
||||
}
|
||||
if _, ok := wildcards[base]; ok {
|
||||
delete(serverDomainSet, d)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// nothing more to do here if there are no domains that qualify for
|
||||
// automatic HTTPS and there are no explicit TLS connection policies:
|
||||
// if there is at least one domain but no TLS conn policy (F&&T), we'll
|
||||
|
@ -193,7 +210,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er
|
|||
} else {
|
||||
for d := range serverDomainSet {
|
||||
if certmagic.SubjectQualifiesForCert(d) &&
|
||||
!srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) {
|
||||
!slices.Contains(srv.AutoHTTPS.SkipCerts, d) {
|
||||
// if a certificate for this name is already loaded,
|
||||
// don't obtain another one for it, unless we are
|
||||
// supposed to ignore loaded certificates
|
||||
|
@ -303,11 +320,21 @@ uniqueDomainsLoop:
|
|||
}
|
||||
}
|
||||
|
||||
// if no automation policy exists for the name yet, we
|
||||
// will associate it with an implicit one
|
||||
// if no automation policy exists for the name yet, we will associate it with an implicit one;
|
||||
// we handle tailscale domains specially, and we also separate out identifiers that need the
|
||||
// internal issuer (self-signed certs); certmagic does not consider public IP addresses to be
|
||||
// disqualified for public certs, because there are public CAs that will issue certs for IPs.
|
||||
// However, with auto-HTTPS, many times there is no issuer explicitly defined, and the default
|
||||
// issuers do not (currently, as of 2024) issue IP certificates; so assign all IP subjects to
|
||||
// the internal issuer when there are no explicit automation policies
|
||||
shouldUseInternal := func(ident string) bool {
|
||||
usingDefaultIssuersAndIsIP := certmagic.SubjectIsIP(ident) &&
|
||||
(app.tlsApp == nil || app.tlsApp.Automation == nil || len(app.tlsApp.Automation.Policies) == 0)
|
||||
return !certmagic.SubjectQualifiesForPublicCert(d) || usingDefaultIssuersAndIsIP
|
||||
}
|
||||
if isTailscaleDomain(d) {
|
||||
tailscale = append(tailscale, d)
|
||||
} else if !certmagic.SubjectQualifiesForPublicCert(d) {
|
||||
} else if shouldUseInternal(d) {
|
||||
internal = append(internal, d)
|
||||
}
|
||||
}
|
||||
|
@ -742,7 +769,7 @@ func (app *App) automaticHTTPSPhase2() error {
|
|||
)
|
||||
err := app.tlsApp.Manage(app.allCertDomains)
|
||||
if err != nil {
|
||||
return fmt.Errorf("managing certificates for %v: %s", app.allCertDomains, err)
|
||||
return fmt.Errorf("managing certificates for %d domains: %s", len(app.allCertDomains), err)
|
||||
}
|
||||
app.allCertDomains = nil // no longer needed; allow GC to deallocate
|
||||
return nil
|
||||
|
|
|
@ -19,6 +19,7 @@ import (
|
|||
"net/http"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -76,9 +77,9 @@ func (a Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
for provName, prov := range a.Providers {
|
||||
user, authed, err = prov.Authenticate(w, r)
|
||||
if err != nil {
|
||||
a.logger.Error("auth provider returned error",
|
||||
zap.String("provider", provName),
|
||||
zap.Error(err))
|
||||
if c := a.logger.Check(zapcore.ErrorLevel, "auth provider returned error"); c != nil {
|
||||
c.Write(zap.String("provider", provName), zap.Error(err))
|
||||
}
|
||||
continue
|
||||
}
|
||||
if authed {
|
||||
|
|
|
@ -126,6 +126,10 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error {
|
|||
// light (and possibly naïve) syntactic sugar
|
||||
m.expandedExpr = placeholderRegexp.ReplaceAllString(m.Expr, placeholderExpansion)
|
||||
|
||||
// as a second pass, we'll strip the escape character from an escaped
|
||||
// placeholder, so that it can be used as an input to other CEL functions
|
||||
m.expandedExpr = escapedPlaceholderRegexp.ReplaceAllString(m.expandedExpr, escapedPlaceholderExpansion)
|
||||
|
||||
// our type adapter expands CEL's standard type support
|
||||
m.ta = celTypeAdapter{}
|
||||
|
||||
|
@ -159,14 +163,17 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error {
|
|||
|
||||
// create the CEL environment
|
||||
env, err := cel.NewEnv(
|
||||
cel.Function(placeholderFuncName, cel.SingletonBinaryBinding(m.caddyPlaceholderFunc), cel.Overload(
|
||||
placeholderFuncName+"_httpRequest_string",
|
||||
cel.Function(CELPlaceholderFuncName, cel.SingletonBinaryBinding(m.caddyPlaceholderFunc), cel.Overload(
|
||||
CELPlaceholderFuncName+"_httpRequest_string",
|
||||
[]*cel.Type{httpRequestObjectType, cel.StringType},
|
||||
cel.AnyType,
|
||||
)),
|
||||
cel.Variable("request", httpRequestObjectType),
|
||||
cel.Variable(CELRequestVarName, httpRequestObjectType),
|
||||
cel.CustomTypeAdapter(m.ta),
|
||||
ext.Strings(),
|
||||
ext.Bindings(),
|
||||
ext.Lists(),
|
||||
ext.Math(),
|
||||
matcherLib,
|
||||
)
|
||||
if err != nil {
|
||||
|
@ -247,7 +254,7 @@ func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val {
|
|||
return types.NewErr(
|
||||
"invalid request of type '%v' to %s(request, placeholderVarName)",
|
||||
lhs.Type(),
|
||||
placeholderFuncName,
|
||||
CELPlaceholderFuncName,
|
||||
)
|
||||
}
|
||||
phStr, ok := rhs.(types.String)
|
||||
|
@ -255,7 +262,7 @@ func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val {
|
|||
return types.NewErr(
|
||||
"invalid placeholder variable name of type '%v' to %s(request, placeholderVarName)",
|
||||
rhs.Type(),
|
||||
placeholderFuncName,
|
||||
CELPlaceholderFuncName,
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -275,7 +282,7 @@ var httpRequestCELType = cel.ObjectType("http.Request", traits.ReceiverType)
|
|||
type celHTTPRequest struct{ *http.Request }
|
||||
|
||||
func (cr celHTTPRequest) ResolveName(name string) (any, bool) {
|
||||
if name == "request" {
|
||||
if name == CELRequestVarName {
|
||||
return cr, true
|
||||
}
|
||||
return nil, false
|
||||
|
@ -340,7 +347,7 @@ func (celTypeAdapter) NativeToValue(value any) ref.Val {
|
|||
case time.Time:
|
||||
return types.Timestamp{Time: v}
|
||||
case error:
|
||||
types.NewErr(v.Error())
|
||||
return types.WrapErr(v)
|
||||
}
|
||||
return types.DefaultTypeAdapter.NativeToValue(value)
|
||||
}
|
||||
|
@ -457,15 +464,15 @@ func CELMatcherDecorator(funcName string, fac CELMatcherFactory) interpreter.Int
|
|||
callArgs := call.Args()
|
||||
reqAttr, ok := callArgs[0].(interpreter.InterpretableAttribute)
|
||||
if !ok {
|
||||
return nil, errors.New("missing 'request' argument")
|
||||
return nil, errors.New("missing 'req' argument")
|
||||
}
|
||||
nsAttr, ok := reqAttr.Attr().(interpreter.NamespacedAttribute)
|
||||
if !ok {
|
||||
return nil, errors.New("missing 'request' argument")
|
||||
return nil, errors.New("missing 'req' argument")
|
||||
}
|
||||
varNames := nsAttr.CandidateVariableNames()
|
||||
if len(varNames) != 1 || len(varNames) == 1 && varNames[0] != "request" {
|
||||
return nil, errors.New("missing 'request' argument")
|
||||
if len(varNames) != 1 || len(varNames) == 1 && varNames[0] != CELRequestVarName {
|
||||
return nil, errors.New("missing 'req' argument")
|
||||
}
|
||||
matcherData, ok := callArgs[1].(interpreter.InterpretableConst)
|
||||
if !ok {
|
||||
|
@ -499,7 +506,7 @@ func CELMatcherRuntimeFunction(funcName string, fac CELMatcherFactory) functions
|
|||
return func(celReq, matcherData ref.Val) ref.Val {
|
||||
matcher, err := fac(matcherData)
|
||||
if err != nil {
|
||||
return types.NewErr(err.Error())
|
||||
return types.WrapErr(err)
|
||||
}
|
||||
httpReq := celReq.Value().(celHTTPRequest)
|
||||
return types.Bool(matcher.Match(httpReq.Request))
|
||||
|
@ -524,7 +531,7 @@ func celMatcherStringListMacroExpander(funcName string) cel.MacroFactory {
|
|||
return nil, eh.NewError(arg.ID(), "matcher arguments must be string constants")
|
||||
}
|
||||
}
|
||||
return eh.NewCall(funcName, eh.NewIdent("request"), eh.NewList(matchArgs...)), nil
|
||||
return eh.NewCall(funcName, eh.NewIdent(CELRequestVarName), eh.NewList(matchArgs...)), nil
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -538,7 +545,7 @@ func celMatcherStringMacroExpander(funcName string) parser.MacroExpander {
|
|||
return nil, eh.NewError(0, "matcher requires one argument")
|
||||
}
|
||||
if isCELStringExpr(args[0]) {
|
||||
return eh.NewCall(funcName, eh.NewIdent("request"), args[0]), nil
|
||||
return eh.NewCall(funcName, eh.NewIdent(CELRequestVarName), args[0]), nil
|
||||
}
|
||||
return nil, eh.NewError(args[0].ID(), "matcher argument must be a string literal")
|
||||
}
|
||||
|
@ -572,7 +579,7 @@ func celMatcherJSONMacroExpander(funcName string) parser.MacroExpander {
|
|||
return nil, eh.NewError(entry.AsMapEntry().Value().ID(), "matcher map values must be string or list literals")
|
||||
}
|
||||
}
|
||||
return eh.NewCall(funcName, eh.NewIdent("request"), arg), nil
|
||||
return eh.NewCall(funcName, eh.NewIdent(CELRequestVarName), arg), nil
|
||||
case ast.UnspecifiedExprKind, ast.CallKind, ast.ComprehensionKind, ast.IdentKind, ast.ListKind, ast.LiteralKind, ast.SelectKind:
|
||||
// appeasing the linter :)
|
||||
}
|
||||
|
@ -646,7 +653,7 @@ func isCELCaddyPlaceholderCall(e ast.Expr) bool {
|
|||
switch e.Kind() {
|
||||
case ast.CallKind:
|
||||
call := e.AsCall()
|
||||
if call.FunctionName() == "caddyPlaceholder" {
|
||||
if call.FunctionName() == CELPlaceholderFuncName {
|
||||
return true
|
||||
}
|
||||
case ast.UnspecifiedExprKind, ast.ComprehensionKind, ast.IdentKind, ast.ListKind, ast.LiteralKind, ast.MapKind, ast.SelectKind, ast.StructKind:
|
||||
|
@ -701,8 +708,15 @@ func isCELStringListLiteral(e ast.Expr) bool {
|
|||
// expressions with a proper CEL function call; this is
|
||||
// just for syntactic sugar.
|
||||
var (
|
||||
placeholderRegexp = regexp.MustCompile(`{([a-zA-Z][\w.-]+)}`)
|
||||
placeholderExpansion = `caddyPlaceholder(request, "${1}")`
|
||||
// The placeholder may not be preceded by a backslash; the expansion
|
||||
// will include the preceding character if it is not a backslash.
|
||||
placeholderRegexp = regexp.MustCompile(`([^\\]|^){([a-zA-Z][\w.-]+)}`)
|
||||
placeholderExpansion = `${1}ph(req, "${2}")`
|
||||
|
||||
// As a second pass, we need to strip the escape character in front of
|
||||
// the placeholder, if it exists.
|
||||
escapedPlaceholderRegexp = regexp.MustCompile(`\\{([a-zA-Z][\w.-]+)}`)
|
||||
escapedPlaceholderExpansion = `{${1}}`
|
||||
|
||||
CELTypeJSON = cel.MapType(cel.StringType, cel.DynType)
|
||||
)
|
||||
|
@ -710,7 +724,10 @@ var (
|
|||
var httpRequestObjectType = cel.ObjectType("http.Request")
|
||||
|
||||
// The name of the CEL function which accesses Replacer values.
|
||||
const placeholderFuncName = "caddyPlaceholder"
|
||||
const CELPlaceholderFuncName = "ph"
|
||||
|
||||
// The name of the CEL request variable.
|
||||
const CELRequestVarName = "req"
|
||||
|
||||
const MatcherNameCtxKey = "matcher_name"
|
||||
|
||||
|
|
|
@ -70,12 +70,35 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "header error (MatchHeader)",
|
||||
name: "header matches an escaped placeholder value (MatchHeader)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `header({'Field': '\\\{foobar}'})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
httpHeader: &http.Header{"Field": []string{"{foobar}"}},
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "header matches an placeholder replaced during the header matcher (MatchHeader)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `header({'Field': '\{http.request.uri.path}'})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
httpHeader: &http.Header{"Field": []string{"/foo"}},
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "header error, invalid escape sequence (MatchHeader)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `header({'Field': '\\{foobar}'})`,
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "header error, needs to be JSON syntax with field as key (MatchHeader)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `header('foo')`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
httpHeader: &http.Header{"Field": []string{"foo", "bar"}},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -110,8 +133,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `header_regexp('foo')`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
httpHeader: &http.Header{"Field": []string{"foo", "bar"}},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -143,7 +164,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `host(80)`,
|
||||
},
|
||||
urlTarget: "http://localhost:80",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -169,8 +189,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `method()`,
|
||||
},
|
||||
urlTarget: "https://foo.example.com",
|
||||
httpMethod: "PUT",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -266,7 +284,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `protocol()`,
|
||||
},
|
||||
urlTarget: "https://example.com",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -274,7 +291,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `protocol('grpc', 'https')`,
|
||||
},
|
||||
urlTarget: "https://example.com",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -282,7 +298,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `protocol(true)`,
|
||||
},
|
||||
urlTarget: "https://example.com",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -330,7 +345,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `query({1: "1"})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -338,7 +352,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `query(Message{field: "1"})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -346,7 +359,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `query({"debug": 1})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo/?debug=1",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -354,7 +366,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `query()`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo/?debug=1",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -362,7 +373,6 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
expression: &MatchExpression{
|
||||
Expr: `remote_ip()`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
|
@ -373,6 +383,67 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV
|
|||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars value (VarsMatcher)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars({'foo': 'bar'})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars matches placeholder, needs escape (VarsMatcher)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars({'\{http.request.uri.path}': '/foo'})`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars error wrong syntax (VarsMatcher)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars('foo', 'bar')`,
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "vars error no args (VarsMatcher)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars()`,
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "vars_regexp value (MatchVarsRE)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars_regexp('foo', 'ba?r')`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars_regexp value with name (MatchVarsRE)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars_regexp('name', 'foo', 'ba?r')`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars_regexp matches placeholder, needs escape (MatchVarsRE)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars_regexp('\{http.request.uri.path}', '/fo?o')`,
|
||||
},
|
||||
urlTarget: "https://example.com/foo",
|
||||
wantResult: true,
|
||||
},
|
||||
{
|
||||
name: "vars_regexp error no args (MatchVarsRE)",
|
||||
expression: &MatchExpression{
|
||||
Expr: `vars_regexp()`,
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -396,6 +467,9 @@ func TestMatchExpressionMatch(t *testing.T) {
|
|||
}
|
||||
repl := caddy.NewReplacer()
|
||||
ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl)
|
||||
ctx = context.WithValue(ctx, VarsCtxKey, map[string]any{
|
||||
"foo": "bar",
|
||||
})
|
||||
req = req.WithContext(ctx)
|
||||
addHTTPVarsToReplacer(repl, req, httptest.NewRecorder())
|
||||
|
||||
|
@ -436,6 +510,9 @@ func BenchmarkMatchExpressionMatch(b *testing.B) {
|
|||
}
|
||||
repl := caddy.NewReplacer()
|
||||
ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl)
|
||||
ctx = context.WithValue(ctx, VarsCtxKey, map[string]any{
|
||||
"foo": "bar",
|
||||
})
|
||||
req = req.WithContext(ctx)
|
||||
addHTTPVarsToReplacer(repl, req, httptest.NewRecorder())
|
||||
if tc.clientCertificate != nil {
|
||||
|
|
|
@ -24,6 +24,7 @@ import (
|
|||
"io"
|
||||
"math"
|
||||
"net/http"
|
||||
"slices"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -441,12 +442,9 @@ func AcceptedEncodings(r *http.Request, preferredOrder []string) []string {
|
|||
}
|
||||
|
||||
// set server preference
|
||||
prefOrder := -1
|
||||
for i, p := range preferredOrder {
|
||||
if encName == p {
|
||||
prefOrder = len(preferredOrder) - i
|
||||
break
|
||||
}
|
||||
prefOrder := slices.Index(preferredOrder, encName)
|
||||
if prefOrder > -1 {
|
||||
prefOrder = len(preferredOrder) - prefOrder
|
||||
}
|
||||
|
||||
prefs = append(prefs, encodingPreference{
|
||||
|
|
|
@ -33,6 +33,7 @@ import (
|
|||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -52,14 +53,25 @@ var BrowseTemplate string
|
|||
type Browse struct {
|
||||
// Filename of the template to use instead of the embedded browse template.
|
||||
TemplateFile string `json:"template_file,omitempty"`
|
||||
|
||||
// Determines whether or not targets of symlinks should be revealed.
|
||||
RevealSymlinks bool `json:"reveal_symlinks,omitempty"`
|
||||
|
||||
// Override the default sort.
|
||||
// It includes the following options:
|
||||
// - sort_by: name(default), namedirfirst, size, time
|
||||
// - order: asc(default), desc
|
||||
// eg.:
|
||||
// - `sort time desc` will sort by time in descending order
|
||||
// - `sort size` will sort by size in ascending order
|
||||
// The first option must be `sort_by` and the second option must be `order` (if exists).
|
||||
SortOptions []string `json:"sort,omitempty"`
|
||||
}
|
||||
|
||||
func (fsrv *FileServer) serveBrowse(fileSystem fs.FS, root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
|
||||
fsrv.logger.Debug("browse enabled; listing directory contents",
|
||||
zap.String("path", dirPath),
|
||||
zap.String("root", root))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "browse enabled; listing directory contents"); c != nil {
|
||||
c.Write(zap.String("path", dirPath), zap.String("root", root))
|
||||
}
|
||||
|
||||
// Navigation on the client-side gets messed up if the
|
||||
// URL doesn't end in a trailing slash because hrefs to
|
||||
|
@ -81,7 +93,9 @@ func (fsrv *FileServer) serveBrowse(fileSystem fs.FS, root, dirPath string, w ht
|
|||
origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request)
|
||||
if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) {
|
||||
if !strings.HasSuffix(origReq.URL.Path, "/") {
|
||||
fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to trailing slash to preserve hrefs"); c != nil {
|
||||
c.Write(zap.String("request_path", r.URL.Path))
|
||||
}
|
||||
return redirect(w, r, origReq.URL.Path+"/")
|
||||
}
|
||||
}
|
||||
|
@ -210,7 +224,7 @@ func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Re
|
|||
|
||||
// The configs in Caddyfile have lower priority than Query params,
|
||||
// so put it at first.
|
||||
for idx, item := range fsrv.SortOptions {
|
||||
for idx, item := range fsrv.Browse.SortOptions {
|
||||
// Only `sort` & `order`, 2 params are allowed
|
||||
if idx >= 2 {
|
||||
break
|
||||
|
|
|
@ -21,6 +21,7 @@ import (
|
|||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"slices"
|
||||
"sort"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -28,6 +29,7 @@ import (
|
|||
|
||||
"github.com/dustin/go-humanize"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -57,9 +59,9 @@ func (fsrv *FileServer) directoryListing(ctx context.Context, fileSystem fs.FS,
|
|||
|
||||
info, err := entry.Info()
|
||||
if err != nil {
|
||||
fsrv.logger.Error("could not get info about directory entry",
|
||||
zap.String("name", entry.Name()),
|
||||
zap.String("root", root))
|
||||
if c := fsrv.logger.Check(zapcore.ErrorLevel, "could not get info about directory entry"); c != nil {
|
||||
c.Write(zap.String("name", entry.Name()), zap.String("root", root))
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -280,12 +282,9 @@ type fileInfo struct {
|
|||
|
||||
// HasExt returns true if the filename has any of the given suffixes, case-insensitive.
|
||||
func (fi fileInfo) HasExt(exts ...string) bool {
|
||||
for _, ext := range exts {
|
||||
if strings.HasSuffix(strings.ToLower(fi.Name), strings.ToLower(ext)) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(exts, func(ext string) bool {
|
||||
return strings.HasSuffix(strings.ToLower(fi.Name), strings.ToLower(ext))
|
||||
})
|
||||
}
|
||||
|
||||
// HumanSize returns the size of the file as a
|
||||
|
|
|
@ -119,6 +119,16 @@ func (fsrv *FileServer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
return d.Err("Symlinks path reveal is already enabled")
|
||||
}
|
||||
fsrv.Browse.RevealSymlinks = true
|
||||
case "sort":
|
||||
for d.NextArg() {
|
||||
dVal := d.Val()
|
||||
switch dVal {
|
||||
case sortByName, sortByNameDirFirst, sortBySize, sortByTime, sortOrderAsc, sortOrderDesc:
|
||||
fsrv.Browse.SortOptions = append(fsrv.Browse.SortOptions, dVal)
|
||||
default:
|
||||
return d.Errf("unknown sort option '%s'", dVal)
|
||||
}
|
||||
}
|
||||
default:
|
||||
return d.Errf("unknown subdirective '%s'", d.Val())
|
||||
}
|
||||
|
@ -171,17 +181,6 @@ func (fsrv *FileServer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
}
|
||||
fsrv.EtagFileExtensions = etagFileExtensions
|
||||
|
||||
case "sort":
|
||||
for d.NextArg() {
|
||||
dVal := d.Val()
|
||||
switch dVal {
|
||||
case sortByName, sortBySize, sortByTime, sortOrderAsc, sortOrderDesc:
|
||||
fsrv.SortOptions = append(fsrv.SortOptions, dVal)
|
||||
default:
|
||||
return d.Errf("unknown sort option '%s'", dVal)
|
||||
}
|
||||
}
|
||||
|
||||
default:
|
||||
return d.Errf("unknown subdirective '%s'", d.Val())
|
||||
}
|
||||
|
|
|
@ -33,6 +33,7 @@ import (
|
|||
"github.com/google/cel-go/common/types/ref"
|
||||
"github.com/google/cel-go/parser"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
|
@ -224,7 +225,7 @@ func celFileMatcherMacroExpander() parser.MacroExpander {
|
|||
return func(eh parser.ExprHelper, target ast.Expr, args []ast.Expr) (ast.Expr, *common.Error) {
|
||||
if len(args) == 0 {
|
||||
return eh.NewCall("file",
|
||||
eh.NewIdent("request"),
|
||||
eh.NewIdent(caddyhttp.CELRequestVarName),
|
||||
eh.NewMap(),
|
||||
), nil
|
||||
}
|
||||
|
@ -232,7 +233,7 @@ func celFileMatcherMacroExpander() parser.MacroExpander {
|
|||
arg := args[0]
|
||||
if isCELStringLiteral(arg) || isCELCaddyPlaceholderCall(arg) {
|
||||
return eh.NewCall("file",
|
||||
eh.NewIdent("request"),
|
||||
eh.NewIdent(caddyhttp.CELRequestVarName),
|
||||
eh.NewMap(eh.NewMapEntry(
|
||||
eh.NewLiteral(types.String("try_files")),
|
||||
eh.NewList(arg),
|
||||
|
@ -241,7 +242,7 @@ func celFileMatcherMacroExpander() parser.MacroExpander {
|
|||
), nil
|
||||
}
|
||||
if isCELTryFilesLiteral(arg) {
|
||||
return eh.NewCall("file", eh.NewIdent("request"), arg), nil
|
||||
return eh.NewCall("file", eh.NewIdent(caddyhttp.CELRequestVarName), arg), nil
|
||||
}
|
||||
return nil, &common.Error{
|
||||
Location: eh.OffsetLocation(arg.ID()),
|
||||
|
@ -258,7 +259,7 @@ func celFileMatcherMacroExpander() parser.MacroExpander {
|
|||
}
|
||||
}
|
||||
return eh.NewCall("file",
|
||||
eh.NewIdent("request"),
|
||||
eh.NewIdent(caddyhttp.CELRequestVarName),
|
||||
eh.NewMap(eh.NewMapEntry(
|
||||
eh.NewLiteral(types.String("try_files")),
|
||||
eh.NewList(args...),
|
||||
|
@ -326,7 +327,9 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) {
|
|||
|
||||
fileSystem, ok := m.fsmap.Get(fsName)
|
||||
if !ok {
|
||||
m.logger.Error("use of unregistered filesystem", zap.String("fs", fsName))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "use of unregistered filesystem"); c != nil {
|
||||
c.Write(zap.String("fs", fsName))
|
||||
}
|
||||
return false
|
||||
}
|
||||
type matchCandidate struct {
|
||||
|
@ -356,7 +359,10 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) {
|
|||
return val, nil
|
||||
})
|
||||
if err != nil {
|
||||
m.logger.Error("evaluating placeholders", zap.Error(err))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "evaluating placeholders"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
|
||||
expandedFile = file // "oh well," I guess?
|
||||
}
|
||||
|
||||
|
@ -379,7 +385,9 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) {
|
|||
} else {
|
||||
globResults, err = fs.Glob(fileSystem, fullPattern)
|
||||
if err != nil {
|
||||
m.logger.Error("expanding glob", zap.Error(err))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "expanding glob"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -626,7 +634,7 @@ func isCELCaddyPlaceholderCall(e ast.Expr) bool {
|
|||
switch e.Kind() {
|
||||
case ast.CallKind:
|
||||
call := e.AsCall()
|
||||
if call.FunctionName() == "caddyPlaceholder" {
|
||||
if call.FunctionName() == caddyhttp.CELPlaceholderFuncName {
|
||||
return true
|
||||
}
|
||||
case ast.UnspecifiedExprKind, ast.ComprehensionKind, ast.IdentKind, ast.ListKind, ast.LiteralKind, ast.MapKind, ast.SelectKind, ast.StructKind:
|
||||
|
|
|
@ -31,6 +31,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -153,16 +154,6 @@ type FileServer struct {
|
|||
// a 404 error. By default, this is false (disabled).
|
||||
PassThru bool `json:"pass_thru,omitempty"`
|
||||
|
||||
// Override the default sort.
|
||||
// It includes the following options:
|
||||
// - sort_by: name(default), namedirfirst, size, time
|
||||
// - order: asc(default), desc
|
||||
// eg.:
|
||||
// - `sort time desc` will sort by time in descending order
|
||||
// - `sort size` will sort by size in ascending order
|
||||
// The first option must be `sort_by` and the second option must be `order` (if exists).
|
||||
SortOptions []string `json:"sort,omitempty"`
|
||||
|
||||
// Selection of encoders to use to check for precompressed files.
|
||||
PrecompressedRaw caddy.ModuleMap `json:"precompressed,omitempty" caddy:"namespace=http.precompressed"`
|
||||
|
||||
|
@ -246,8 +237,9 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error {
|
|||
fsrv.precompressors[ae] = p
|
||||
}
|
||||
|
||||
if fsrv.Browse != nil {
|
||||
// check sort options
|
||||
for idx, sortOption := range fsrv.SortOptions {
|
||||
for idx, sortOption := range fsrv.Browse.SortOptions {
|
||||
switch idx {
|
||||
case 0:
|
||||
if sortOption != sortByName && sortOption != sortByNameDirFirst && sortOption != sortBySize && sortOption != sortByTime {
|
||||
|
@ -261,6 +253,7 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error {
|
|||
return fmt.Errorf("only max 2 sort options are allowed, but got %d", idx+1)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -294,11 +287,14 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
// remove any trailing `/` as it breaks fs.ValidPath() in the stdlib
|
||||
filename := strings.TrimSuffix(caddyhttp.SanitizedPathJoin(root, r.URL.Path), "/")
|
||||
|
||||
fsrv.logger.Debug("sanitized path join",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "sanitized path join"); c != nil {
|
||||
c.Write(
|
||||
zap.String("site_root", root),
|
||||
zap.String("fs", fsName),
|
||||
zap.String("request_path", r.URL.Path),
|
||||
zap.String("result", filename))
|
||||
zap.String("result", filename),
|
||||
)
|
||||
}
|
||||
|
||||
// get information about the file
|
||||
info, err := fs.Stat(fileSystem, filename)
|
||||
|
@ -321,9 +317,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
indexPath := caddyhttp.SanitizedPathJoin(filename, indexPage)
|
||||
if fileHidden(indexPath, filesToHide) {
|
||||
// pretend this file doesn't exist
|
||||
fsrv.logger.Debug("hiding index file",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "hiding index file"); c != nil {
|
||||
c.Write(
|
||||
zap.String("filename", indexPath),
|
||||
zap.Strings("files_to_hide", filesToHide))
|
||||
zap.Strings("files_to_hide", filesToHide),
|
||||
)
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
|
@ -343,7 +342,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
info = indexInfo
|
||||
filename = indexPath
|
||||
implicitIndexFile = true
|
||||
fsrv.logger.Debug("located index file", zap.String("filename", filename))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "located index file"); c != nil {
|
||||
c.Write(zap.String("filename", filename))
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
|
@ -351,9 +352,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
// if still referencing a directory, delegate
|
||||
// to browse or return an error
|
||||
if info.IsDir() {
|
||||
fsrv.logger.Debug("no index file in directory",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "no index file in directory"); c != nil {
|
||||
c.Write(
|
||||
zap.String("path", filename),
|
||||
zap.Strings("index_filenames", fsrv.IndexNames))
|
||||
zap.Strings("index_filenames", fsrv.IndexNames),
|
||||
)
|
||||
}
|
||||
if fsrv.Browse != nil && !fileHidden(filename, filesToHide) {
|
||||
return fsrv.serveBrowse(fileSystem, root, filename, w, r, next)
|
||||
}
|
||||
|
@ -363,9 +367,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
// one last check to ensure the file isn't hidden (we might
|
||||
// have changed the filename from when we last checked)
|
||||
if fileHidden(filename, filesToHide) {
|
||||
fsrv.logger.Debug("hiding file",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "hiding file"); c != nil {
|
||||
c.Write(
|
||||
zap.String("filename", filename),
|
||||
zap.Strings("files_to_hide", filesToHide))
|
||||
zap.Strings("files_to_hide", filesToHide),
|
||||
)
|
||||
}
|
||||
return fsrv.notFound(w, r, next)
|
||||
}
|
||||
|
||||
|
@ -383,15 +390,21 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) {
|
||||
if implicitIndexFile && !strings.HasSuffix(origReq.URL.Path, "/") {
|
||||
to := origReq.URL.Path + "/"
|
||||
fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to canonical URI (adding trailing slash for directory"); c != nil {
|
||||
c.Write(
|
||||
zap.String("from_path", origReq.URL.Path),
|
||||
zap.String("to_path", to))
|
||||
zap.String("to_path", to),
|
||||
)
|
||||
}
|
||||
return redirect(w, r, to)
|
||||
} else if !implicitIndexFile && strings.HasSuffix(origReq.URL.Path, "/") {
|
||||
to := origReq.URL.Path[:len(origReq.URL.Path)-1]
|
||||
fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)",
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to canonical URI (removing trailing slash for file"); c != nil {
|
||||
c.Write(
|
||||
zap.String("from_path", origReq.URL.Path),
|
||||
zap.String("to_path", to))
|
||||
zap.String("to_path", to),
|
||||
)
|
||||
}
|
||||
return redirect(w, r, to)
|
||||
}
|
||||
}
|
||||
|
@ -419,13 +432,19 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
compressedFilename := filename + precompress.Suffix()
|
||||
compressedInfo, err := fs.Stat(fileSystem, compressedFilename)
|
||||
if err != nil || compressedInfo.IsDir() {
|
||||
fsrv.logger.Debug("precompressed file not accessible", zap.String("filename", compressedFilename), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "precompressed file not accessible"); c != nil {
|
||||
c.Write(zap.String("filename", compressedFilename), zap.Error(err))
|
||||
}
|
||||
continue
|
||||
}
|
||||
fsrv.logger.Debug("opening compressed sidecar file", zap.String("filename", compressedFilename), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "opening compressed sidecar file"); c != nil {
|
||||
c.Write(zap.String("filename", compressedFilename), zap.Error(err))
|
||||
}
|
||||
file, err = fsrv.openFile(fileSystem, compressedFilename, w)
|
||||
if err != nil {
|
||||
fsrv.logger.Warn("opening precompressed file failed", zap.String("filename", compressedFilename), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.WarnLevel, "opening precompressed file failed"); c != nil {
|
||||
c.Write(zap.String("filename", compressedFilename), zap.Error(err))
|
||||
}
|
||||
if caddyErr, ok := err.(caddyhttp.HandlerError); ok && caddyErr.StatusCode == http.StatusServiceUnavailable {
|
||||
return err
|
||||
}
|
||||
|
@ -456,7 +475,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c
|
|||
|
||||
// no precompressed file found, use the actual file
|
||||
if file == nil {
|
||||
fsrv.logger.Debug("opening file", zap.String("filename", filename))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "opening file"); c != nil {
|
||||
c.Write(zap.String("filename", filename))
|
||||
}
|
||||
|
||||
// open the file
|
||||
file, err = fsrv.openFile(fileSystem, filename, w)
|
||||
|
@ -556,10 +577,14 @@ func (fsrv *FileServer) openFile(fileSystem fs.FS, filename string, w http.Respo
|
|||
if err != nil {
|
||||
err = fsrv.mapDirOpenError(fileSystem, err, filename)
|
||||
if errors.Is(err, fs.ErrNotExist) {
|
||||
fsrv.logger.Debug("file not found", zap.String("filename", filename), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "file not found"); c != nil {
|
||||
c.Write(zap.String("filename", filename), zap.Error(err))
|
||||
}
|
||||
return nil, caddyhttp.Error(http.StatusNotFound, err)
|
||||
} else if errors.Is(err, fs.ErrPermission) {
|
||||
fsrv.logger.Debug("permission denied", zap.String("filename", filename), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "permission denied"); c != nil {
|
||||
c.Write(zap.String("filename", filename), zap.Error(err))
|
||||
}
|
||||
return nil, caddyhttp.Error(http.StatusForbidden, err)
|
||||
}
|
||||
// maybe the server is under load and ran out of file descriptors?
|
||||
|
@ -567,7 +592,9 @@ func (fsrv *FileServer) openFile(fileSystem fs.FS, filename string, w http.Respo
|
|||
//nolint:gosec
|
||||
backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff
|
||||
w.Header().Set("Retry-After", strconv.Itoa(backoff))
|
||||
fsrv.logger.Debug("retry after backoff", zap.String("filename", filename), zap.Int("backoff", backoff), zap.Error(err))
|
||||
if c := fsrv.logger.Check(zapcore.DebugLevel, "retry after backoff"); c != nil {
|
||||
c.Write(zap.String("filename", filename), zap.Int("backoff", backoff), zap.Error(err))
|
||||
}
|
||||
return nil, caddyhttp.Error(http.StatusServiceUnavailable, err)
|
||||
}
|
||||
return file, nil
|
||||
|
|
|
@ -135,7 +135,9 @@ type HeaderOps struct {
|
|||
func (ops *HeaderOps) Provision(_ caddy.Context) error {
|
||||
for fieldName, replacements := range ops.Replace {
|
||||
for i, r := range replacements {
|
||||
if r.SearchRegexp != "" {
|
||||
if r.SearchRegexp == "" {
|
||||
continue
|
||||
}
|
||||
re, err := regexp.Compile(r.SearchRegexp)
|
||||
if err != nil {
|
||||
return fmt.Errorf("replacement %d for header field '%s': %v", i, fieldName, err)
|
||||
|
@ -143,7 +145,6 @@ func (ops *HeaderOps) Provision(_ caddy.Context) error {
|
|||
replacements[i].re = re
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -23,6 +23,7 @@ import (
|
|||
"sync"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
|
@ -165,7 +166,9 @@ func (ir Intercept) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy
|
|||
}
|
||||
repl.Set("http.intercept.status_code", rec.Status())
|
||||
|
||||
ir.logger.Debug("handling response", zap.Int("handler", rec.handlerIndex))
|
||||
if c := ir.logger.Check(zapcore.DebugLevel, "handling response"); c != nil {
|
||||
c.Write(zap.Int("handler", rec.handlerIndex))
|
||||
}
|
||||
|
||||
// pass the request through the response handler routes
|
||||
return rec.handler.Routes.Compile(next).ServeHTTP(w, r)
|
||||
|
|
|
@ -26,6 +26,7 @@ import (
|
|||
"github.com/google/cel-go/cel"
|
||||
"github.com/google/cel-go/common/types/ref"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
|
@ -150,12 +151,17 @@ func (m MatchRemoteIP) Match(r *http.Request) bool {
|
|||
address := r.RemoteAddr
|
||||
clientIP, zoneID, err := parseIPZoneFromString(address)
|
||||
if err != nil {
|
||||
m.logger.Error("getting remote IP", zap.Error(err))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "getting remote "); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
matches, zoneFilter := matchIPByCidrZones(clientIP, zoneID, m.cidrs, m.zones)
|
||||
if !matches && !zoneFilter {
|
||||
m.logger.Debug("zone ID from remote IP did not match", zap.String("zone", zoneID))
|
||||
if c := m.logger.Check(zapcore.DebugLevel, "zone ID from remote IP did not match"); c != nil {
|
||||
c.Write(zap.String("zone", zoneID))
|
||||
}
|
||||
}
|
||||
return matches
|
||||
}
|
||||
|
|
|
@ -193,7 +193,7 @@ func (sa *StringArray) UnmarshalJSON(b []byte) error {
|
|||
// to use, the error log message, and any extra fields.
|
||||
// If err is a HandlerError, the returned values will
|
||||
// have richer information.
|
||||
func errLogValues(err error) (status int, msg string, fields []zapcore.Field) {
|
||||
func errLogValues(err error) (status int, msg string, fields func() []zapcore.Field) {
|
||||
var handlerErr HandlerError
|
||||
if errors.As(err, &handlerErr) {
|
||||
status = handlerErr.StatusCode
|
||||
|
@ -202,11 +202,13 @@ func errLogValues(err error) (status int, msg string, fields []zapcore.Field) {
|
|||
} else {
|
||||
msg = handlerErr.Err.Error()
|
||||
}
|
||||
fields = []zapcore.Field{
|
||||
fields = func() []zapcore.Field {
|
||||
return []zapcore.Field{
|
||||
zap.Int("status", handlerErr.StatusCode),
|
||||
zap.String("err_id", handlerErr.ID),
|
||||
zap.String("err_trace", handlerErr.Trace),
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
status = http.StatusInternalServerError
|
||||
|
|
|
@ -18,6 +18,7 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"slices"
|
||||
"strings"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
|
@ -126,7 +127,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt
|
|||
// defer work until a variable is actually evaluated by using replacer's Map callback
|
||||
repl.Map(func(key string) (any, bool) {
|
||||
// return early if the variable is not even a configured destination
|
||||
destIdx := h.destinationIndex(key)
|
||||
destIdx := slices.Index(h.Destinations, key)
|
||||
if destIdx < 0 {
|
||||
return nil, false
|
||||
}
|
||||
|
@ -170,17 +171,6 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt
|
|||
return next.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
// destinationIndex returns the positional index of the destination
|
||||
// is name is a known destination; otherwise it returns -1.
|
||||
func (h Handler) destinationIndex(name string) int {
|
||||
for i, dest := range h.Destinations {
|
||||
if dest == name {
|
||||
return i
|
||||
}
|
||||
}
|
||||
return -1
|
||||
}
|
||||
|
||||
// Mapping describes a mapping from input to outputs.
|
||||
type Mapping struct {
|
||||
// The input value to match. Must be distinct from other mappings.
|
||||
|
|
|
@ -764,12 +764,7 @@ func (m *MatchMethod) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
|
||||
// Match returns true if r matches m.
|
||||
func (m MatchMethod) Match(r *http.Request) bool {
|
||||
for _, method := range m {
|
||||
if r.Method == method {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.Contains(m, r.Method)
|
||||
}
|
||||
|
||||
// CELLibrary produces options that expose this matcher for use in CEL
|
||||
|
@ -1567,8 +1562,8 @@ var (
|
|||
_ CELLibraryProducer = (*MatchHeader)(nil)
|
||||
_ CELLibraryProducer = (*MatchHeaderRE)(nil)
|
||||
_ CELLibraryProducer = (*MatchProtocol)(nil)
|
||||
// _ CELLibraryProducer = (*VarsMatcher)(nil)
|
||||
// _ CELLibraryProducer = (*MatchVarsRE)(nil)
|
||||
_ CELLibraryProducer = (*VarsMatcher)(nil)
|
||||
_ CELLibraryProducer = (*MatchVarsRE)(nil)
|
||||
|
||||
_ json.Marshaler = (*MatchNot)(nil)
|
||||
_ json.Unmarshaler = (*MatchNot)(nil)
|
||||
|
|
|
@ -10,15 +10,23 @@ import (
|
|||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/internal/metrics"
|
||||
)
|
||||
|
||||
// Metrics configures metrics observations.
|
||||
// EXPERIMENTAL and subject to change or removal.
|
||||
type Metrics struct{}
|
||||
type Metrics struct {
|
||||
// Enable per-host metrics. Enabling this option may
|
||||
// incur high-memory consumption, depending on the number of hosts
|
||||
// managed by Caddy.
|
||||
PerHost bool `json:"per_host,omitempty"`
|
||||
|
||||
var httpMetrics = struct {
|
||||
init sync.Once
|
||||
httpMetrics *httpMetrics `json:"-"`
|
||||
}
|
||||
|
||||
type httpMetrics struct {
|
||||
requestInFlight *prometheus.GaugeVec
|
||||
requestCount *prometheus.CounterVec
|
||||
requestErrors *prometheus.CounterVec
|
||||
|
@ -26,27 +34,28 @@ var httpMetrics = struct {
|
|||
requestSize *prometheus.HistogramVec
|
||||
responseSize *prometheus.HistogramVec
|
||||
responseDuration *prometheus.HistogramVec
|
||||
}{
|
||||
init: sync.Once{},
|
||||
}
|
||||
|
||||
func initHTTPMetrics() {
|
||||
func initHTTPMetrics(ctx caddy.Context, metrics *Metrics) {
|
||||
const ns, sub = "caddy", "http"
|
||||
|
||||
registry := ctx.GetMetricsRegistry()
|
||||
basicLabels := []string{"server", "handler"}
|
||||
httpMetrics.requestInFlight = promauto.NewGaugeVec(prometheus.GaugeOpts{
|
||||
if metrics.PerHost {
|
||||
basicLabels = append(basicLabels, "host")
|
||||
}
|
||||
metrics.httpMetrics.requestInFlight = promauto.With(registry).NewGaugeVec(prometheus.GaugeOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "requests_in_flight",
|
||||
Help: "Number of requests currently handled by this server.",
|
||||
}, basicLabels)
|
||||
httpMetrics.requestErrors = promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
metrics.httpMetrics.requestErrors = promauto.With(registry).NewCounterVec(prometheus.CounterOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "request_errors_total",
|
||||
Help: "Number of requests resulting in middleware errors.",
|
||||
}, basicLabels)
|
||||
httpMetrics.requestCount = promauto.NewCounterVec(prometheus.CounterOpts{
|
||||
metrics.httpMetrics.requestCount = promauto.With(registry).NewCounterVec(prometheus.CounterOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "requests_total",
|
||||
|
@ -58,28 +67,31 @@ func initHTTPMetrics() {
|
|||
sizeBuckets := prometheus.ExponentialBuckets(256, 4, 8)
|
||||
|
||||
httpLabels := []string{"server", "handler", "code", "method"}
|
||||
httpMetrics.requestDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
||||
if metrics.PerHost {
|
||||
httpLabels = append(httpLabels, "host")
|
||||
}
|
||||
metrics.httpMetrics.requestDuration = promauto.With(registry).NewHistogramVec(prometheus.HistogramOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "request_duration_seconds",
|
||||
Help: "Histogram of round-trip request durations.",
|
||||
Buckets: durationBuckets,
|
||||
}, httpLabels)
|
||||
httpMetrics.requestSize = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
||||
metrics.httpMetrics.requestSize = promauto.With(registry).NewHistogramVec(prometheus.HistogramOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "request_size_bytes",
|
||||
Help: "Total size of the request. Includes body",
|
||||
Buckets: sizeBuckets,
|
||||
}, httpLabels)
|
||||
httpMetrics.responseSize = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
||||
metrics.httpMetrics.responseSize = promauto.With(registry).NewHistogramVec(prometheus.HistogramOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "response_size_bytes",
|
||||
Help: "Size of the returned response.",
|
||||
Buckets: sizeBuckets,
|
||||
}, httpLabels)
|
||||
httpMetrics.responseDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
||||
metrics.httpMetrics.responseDuration = promauto.With(registry).NewHistogramVec(prometheus.HistogramOpts{
|
||||
Namespace: ns,
|
||||
Subsystem: sub,
|
||||
Name: "response_duration_seconds",
|
||||
|
@ -101,14 +113,15 @@ func serverNameFromContext(ctx context.Context) string {
|
|||
type metricsInstrumentedHandler struct {
|
||||
handler string
|
||||
mh MiddlewareHandler
|
||||
metrics *Metrics
|
||||
}
|
||||
|
||||
func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metricsInstrumentedHandler {
|
||||
httpMetrics.init.Do(func() {
|
||||
initHTTPMetrics()
|
||||
func newMetricsInstrumentedHandler(ctx caddy.Context, handler string, mh MiddlewareHandler, metrics *Metrics) *metricsInstrumentedHandler {
|
||||
metrics.init.Do(func() {
|
||||
initHTTPMetrics(ctx, metrics)
|
||||
})
|
||||
|
||||
return &metricsInstrumentedHandler{handler, mh}
|
||||
return &metricsInstrumentedHandler{handler, mh, metrics}
|
||||
}
|
||||
|
||||
func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error {
|
||||
|
@ -119,7 +132,12 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
// of a panic
|
||||
statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": method, "code": ""}
|
||||
|
||||
inFlight := httpMetrics.requestInFlight.With(labels)
|
||||
if h.metrics.PerHost {
|
||||
labels["host"] = r.Host
|
||||
statusLabels["host"] = r.Host
|
||||
}
|
||||
|
||||
inFlight := h.metrics.httpMetrics.requestInFlight.With(labels)
|
||||
inFlight.Inc()
|
||||
defer inFlight.Dec()
|
||||
|
||||
|
@ -131,13 +149,13 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
writeHeaderRecorder := ShouldBufferFunc(func(status int, header http.Header) bool {
|
||||
statusLabels["code"] = metrics.SanitizeCode(status)
|
||||
ttfb := time.Since(start).Seconds()
|
||||
httpMetrics.responseDuration.With(statusLabels).Observe(ttfb)
|
||||
h.metrics.httpMetrics.responseDuration.With(statusLabels).Observe(ttfb)
|
||||
return false
|
||||
})
|
||||
wrec := NewResponseRecorder(w, nil, writeHeaderRecorder)
|
||||
err := h.mh.ServeHTTP(wrec, r, next)
|
||||
dur := time.Since(start).Seconds()
|
||||
httpMetrics.requestCount.With(labels).Inc()
|
||||
h.metrics.httpMetrics.requestCount.With(labels).Inc()
|
||||
|
||||
observeRequest := func(status int) {
|
||||
// If the code hasn't been set yet, and we didn't encounter an error, we're
|
||||
|
@ -148,9 +166,9 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
statusLabels["code"] = metrics.SanitizeCode(status)
|
||||
}
|
||||
|
||||
httpMetrics.requestDuration.With(statusLabels).Observe(dur)
|
||||
httpMetrics.requestSize.With(statusLabels).Observe(float64(computeApproximateRequestSize(r)))
|
||||
httpMetrics.responseSize.With(statusLabels).Observe(float64(wrec.Size()))
|
||||
h.metrics.httpMetrics.requestDuration.With(statusLabels).Observe(dur)
|
||||
h.metrics.httpMetrics.requestSize.With(statusLabels).Observe(float64(computeApproximateRequestSize(r)))
|
||||
h.metrics.httpMetrics.responseSize.With(statusLabels).Observe(float64(wrec.Size()))
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
|
@ -159,7 +177,7 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
|
|||
observeRequest(handlerErr.StatusCode)
|
||||
}
|
||||
|
||||
httpMetrics.requestErrors.With(labels).Inc()
|
||||
h.metrics.httpMetrics.requestErrors.With(labels).Inc()
|
||||
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -6,9 +6,10 @@ import (
|
|||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/prometheus/client_golang/prometheus/testutil"
|
||||
)
|
||||
|
||||
|
@ -27,10 +28,15 @@ func TestServerNameFromContext(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestMetricsInstrumentedHandler(t *testing.T) {
|
||||
ctx, _ := caddy.NewContext(caddy.Context{Context: context.Background()})
|
||||
metrics := &Metrics{
|
||||
init: sync.Once{},
|
||||
httpMetrics: &httpMetrics{},
|
||||
}
|
||||
handlerErr := errors.New("oh noes")
|
||||
response := []byte("hello world!")
|
||||
h := HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
|
||||
if actual := testutil.ToFloat64(httpMetrics.requestInFlight); actual != 1.0 {
|
||||
if actual := testutil.ToFloat64(metrics.httpMetrics.requestInFlight); actual != 1.0 {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", 1.0, actual)
|
||||
}
|
||||
if handlerErr == nil {
|
||||
|
@ -43,7 +49,7 @@ func TestMetricsInstrumentedHandler(t *testing.T) {
|
|||
return h.ServeHTTP(w, r)
|
||||
})
|
||||
|
||||
ih := newMetricsInstrumentedHandler("bar", mh)
|
||||
ih := newMetricsInstrumentedHandler(ctx, "bar", mh, metrics)
|
||||
|
||||
r := httptest.NewRequest("GET", "/", nil)
|
||||
w := httptest.NewRecorder()
|
||||
|
@ -51,7 +57,7 @@ func TestMetricsInstrumentedHandler(t *testing.T) {
|
|||
if actual := ih.ServeHTTP(w, r, h); actual != handlerErr {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", handlerErr, actual)
|
||||
}
|
||||
if actual := testutil.ToFloat64(httpMetrics.requestInFlight); actual != 0.0 {
|
||||
if actual := testutil.ToFloat64(metrics.httpMetrics.requestInFlight); actual != 0.0 {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", 0.0, actual)
|
||||
}
|
||||
|
||||
|
@ -64,7 +70,7 @@ func TestMetricsInstrumentedHandler(t *testing.T) {
|
|||
mh = middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error {
|
||||
return nil
|
||||
})
|
||||
ih = newMetricsInstrumentedHandler("empty", mh)
|
||||
ih = newMetricsInstrumentedHandler(ctx, "empty", mh, metrics)
|
||||
r = httptest.NewRequest("GET", "/", nil)
|
||||
w = httptest.NewRecorder()
|
||||
|
||||
|
@ -83,7 +89,7 @@ func TestMetricsInstrumentedHandler(t *testing.T) {
|
|||
return Error(http.StatusTooManyRequests, nil)
|
||||
})
|
||||
|
||||
ih = newMetricsInstrumentedHandler("foo", mh)
|
||||
ih = newMetricsInstrumentedHandler(ctx, "foo", mh, metrics)
|
||||
|
||||
r = httptest.NewRequest("GET", "/", nil)
|
||||
w = httptest.NewRecorder()
|
||||
|
@ -183,7 +189,183 @@ func TestMetricsInstrumentedHandler(t *testing.T) {
|
|||
caddy_http_request_errors_total{handler="bar",server="UNKNOWN"} 1
|
||||
caddy_http_request_errors_total{handler="foo",server="UNKNOWN"} 1
|
||||
`
|
||||
if err := testutil.GatherAndCompare(prometheus.DefaultGatherer, strings.NewReader(expected),
|
||||
if err := testutil.GatherAndCompare(ctx.GetMetricsRegistry(), strings.NewReader(expected),
|
||||
"caddy_http_request_size_bytes",
|
||||
"caddy_http_response_size_bytes",
|
||||
// caddy_http_request_duration_seconds_sum will vary based on how long the test took to run,
|
||||
// so we check just the _bucket and _count metrics
|
||||
"caddy_http_request_duration_seconds_bucket",
|
||||
"caddy_http_request_duration_seconds_count",
|
||||
"caddy_http_request_errors_total",
|
||||
); err != nil {
|
||||
t.Errorf("received unexpected error: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMetricsInstrumentedHandlerPerHost(t *testing.T) {
|
||||
ctx, _ := caddy.NewContext(caddy.Context{Context: context.Background()})
|
||||
metrics := &Metrics{
|
||||
PerHost: true,
|
||||
init: sync.Once{},
|
||||
httpMetrics: &httpMetrics{},
|
||||
}
|
||||
handlerErr := errors.New("oh noes")
|
||||
response := []byte("hello world!")
|
||||
h := HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
|
||||
if actual := testutil.ToFloat64(metrics.httpMetrics.requestInFlight); actual != 1.0 {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", 1.0, actual)
|
||||
}
|
||||
if handlerErr == nil {
|
||||
w.Write(response)
|
||||
}
|
||||
return handlerErr
|
||||
})
|
||||
|
||||
mh := middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error {
|
||||
return h.ServeHTTP(w, r)
|
||||
})
|
||||
|
||||
ih := newMetricsInstrumentedHandler(ctx, "bar", mh, metrics)
|
||||
|
||||
r := httptest.NewRequest("GET", "/", nil)
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
if actual := ih.ServeHTTP(w, r, h); actual != handlerErr {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", handlerErr, actual)
|
||||
}
|
||||
if actual := testutil.ToFloat64(metrics.httpMetrics.requestInFlight); actual != 0.0 {
|
||||
t.Errorf("Not same: expected %#v, but got %#v", 0.0, actual)
|
||||
}
|
||||
|
||||
handlerErr = nil
|
||||
if err := ih.ServeHTTP(w, r, h); err != nil {
|
||||
t.Errorf("Received unexpected error: %v", err)
|
||||
}
|
||||
|
||||
// an empty handler - no errors, no header written
|
||||
mh = middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error {
|
||||
return nil
|
||||
})
|
||||
ih = newMetricsInstrumentedHandler(ctx, "empty", mh, metrics)
|
||||
r = httptest.NewRequest("GET", "/", nil)
|
||||
w = httptest.NewRecorder()
|
||||
|
||||
if err := ih.ServeHTTP(w, r, h); err != nil {
|
||||
t.Errorf("Received unexpected error: %v", err)
|
||||
}
|
||||
if actual := w.Result().StatusCode; actual != 200 {
|
||||
t.Errorf("Not same: expected status code %#v, but got %#v", 200, actual)
|
||||
}
|
||||
if actual := w.Result().Header; len(actual) != 0 {
|
||||
t.Errorf("Not empty: expected headers to be empty, but got %#v", actual)
|
||||
}
|
||||
|
||||
// handler returning an error with an HTTP status
|
||||
mh = middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error {
|
||||
return Error(http.StatusTooManyRequests, nil)
|
||||
})
|
||||
|
||||
ih = newMetricsInstrumentedHandler(ctx, "foo", mh, metrics)
|
||||
|
||||
r = httptest.NewRequest("GET", "/", nil)
|
||||
w = httptest.NewRecorder()
|
||||
|
||||
if err := ih.ServeHTTP(w, r, nil); err == nil {
|
||||
t.Errorf("expected error to be propagated")
|
||||
}
|
||||
|
||||
expected := `
|
||||
# HELP caddy_http_request_duration_seconds Histogram of round-trip request durations.
|
||||
# TYPE caddy_http_request_duration_seconds histogram
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.005"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.01"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.025"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.05"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.1"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.25"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="0.5"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="1"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="2.5"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="5"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="10"} 1
|
||||
caddy_http_request_duration_seconds_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_request_duration_seconds_count{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
# HELP caddy_http_request_size_bytes Total size of the request. Includes body
|
||||
# TYPE caddy_http_request_size_bytes histogram
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_request_size_bytes_sum{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN"} 23
|
||||
caddy_http_request_size_bytes_count{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_request_size_bytes_sum{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN"} 23
|
||||
caddy_http_request_size_bytes_count{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_request_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_request_size_bytes_sum{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN"} 23
|
||||
caddy_http_request_size_bytes_count{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
# HELP caddy_http_response_size_bytes Size of the returned response.
|
||||
# TYPE caddy_http_response_size_bytes histogram
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_response_size_bytes_sum{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN"} 12
|
||||
caddy_http_response_size_bytes_count{code="200",handler="bar",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_response_size_bytes_sum{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN"} 0
|
||||
caddy_http_response_size_bytes_count{code="200",handler="empty",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="256"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="1024"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="4096"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="16384"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="65536"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="262144"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="1.048576e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="4.194304e+06"} 1
|
||||
caddy_http_response_size_bytes_bucket{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN",le="+Inf"} 1
|
||||
caddy_http_response_size_bytes_sum{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN"} 0
|
||||
caddy_http_response_size_bytes_count{code="429",handler="foo",host="example.com",method="GET",server="UNKNOWN"} 1
|
||||
# HELP caddy_http_request_errors_total Number of requests resulting in middleware errors.
|
||||
# TYPE caddy_http_request_errors_total counter
|
||||
caddy_http_request_errors_total{handler="bar",host="example.com",server="UNKNOWN"} 1
|
||||
caddy_http_request_errors_total{handler="foo",host="example.com",server="UNKNOWN"} 1
|
||||
`
|
||||
if err := testutil.GatherAndCompare(ctx.GetMetricsRegistry(), strings.NewReader(expected),
|
||||
"caddy_http_request_size_bytes",
|
||||
"caddy_http_response_size_bytes",
|
||||
// caddy_http_request_duration_seconds_sum will vary based on how long the test took to run,
|
||||
|
|
|
@ -25,7 +25,12 @@ import (
|
|||
)
|
||||
|
||||
// ListenerWrapper provides PROXY protocol support to Caddy by implementing
|
||||
// the caddy.ListenerWrapper interface. It must be loaded before the `tls` listener.
|
||||
// the caddy.ListenerWrapper interface. If a connection is received via Unix
|
||||
// socket, it's trusted. Otherwise, it's checked against the Allow/Deny lists,
|
||||
// then it's handled by the FallbackPolicy.
|
||||
//
|
||||
// It must be loaded before the `tls` listener because the PROXY protocol
|
||||
// encapsulates the TLS data.
|
||||
//
|
||||
// Credit goes to https://github.com/mastercactapus/caddy2-proxyprotocol for having
|
||||
// initially implemented this as a plugin.
|
||||
|
@ -45,8 +50,35 @@ type ListenerWrapper struct {
|
|||
Deny []string `json:"deny,omitempty"`
|
||||
deny []netip.Prefix
|
||||
|
||||
// Accepted values are: ignore, use, reject, require, skip
|
||||
// default: ignore
|
||||
// FallbackPolicy specifies the policy to use if the downstream
|
||||
// IP address is not in the Allow list nor is in the Deny list.
|
||||
//
|
||||
// NOTE: The generated docs which describe the value of this
|
||||
// field is wrong because of how this type unmarshals JSON in a
|
||||
// custom way. The field expects a string, not a number.
|
||||
//
|
||||
// Accepted values are: IGNORE, USE, REJECT, REQUIRE, SKIP
|
||||
//
|
||||
// - IGNORE: address from PROXY header, but accept connection
|
||||
//
|
||||
// - USE: address from PROXY header
|
||||
//
|
||||
// - REJECT: connection when PROXY header is sent
|
||||
// Note: even though the first read on the connection returns an error if
|
||||
// a PROXY header is present, subsequent reads do not. It is the task of
|
||||
// the code using the connection to handle that case properly.
|
||||
//
|
||||
// - REQUIRE: connection to send PROXY header, reject if not present
|
||||
// Note: even though the first read on the connection returns an error if
|
||||
// a PROXY header is not present, subsequent reads do not. It is the task
|
||||
// of the code using the connection to handle that case properly.
|
||||
//
|
||||
// - SKIP: accepts a connection without requiring the PROXY header.
|
||||
// Note: an example usage can be found in the SkipProxyHeaderForCIDR
|
||||
// function.
|
||||
//
|
||||
// Default: IGNORE
|
||||
//
|
||||
// Policy definitions are here: https://pkg.go.dev/github.com/pires/go-proxyproto@v0.7.0#Policy
|
||||
FallbackPolicy Policy `json:"fallback_policy,omitempty"`
|
||||
|
||||
|
@ -72,7 +104,7 @@ func (pp *ListenerWrapper) Provision(ctx caddy.Context) error {
|
|||
|
||||
pp.policy = func(options goproxy.ConnPolicyOptions) (goproxy.Policy, error) {
|
||||
// trust unix sockets
|
||||
if network := options.Upstream.Network(); caddy.IsUnixNetwork(network) {
|
||||
if network := options.Upstream.Network(); caddy.IsUnixNetwork(network) || caddy.IsFdNetwork(network) {
|
||||
return goproxy.USE, nil
|
||||
}
|
||||
ret := pp.FallbackPolicy
|
||||
|
|
|
@ -20,6 +20,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -92,14 +93,17 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt
|
|||
|
||||
// push first!
|
||||
for _, resource := range h.Resources {
|
||||
h.logger.Debug("pushing resource",
|
||||
if c := h.logger.Check(zapcore.DebugLevel, "pushing resource"); c != nil {
|
||||
c.Write(
|
||||
zap.String("uri", r.RequestURI),
|
||||
zap.String("push_method", resource.Method),
|
||||
zap.String("push_target", resource.Target),
|
||||
zap.Object("push_headers", caddyhttp.LoggableHTTPHeader{
|
||||
Header: hdr,
|
||||
ShouldLogCredentials: shouldLogCredentials,
|
||||
}))
|
||||
}),
|
||||
)
|
||||
}
|
||||
err := pusher.Push(repl.ReplaceAll(resource.Target, "."), &http.PushOptions{
|
||||
Method: resource.Method,
|
||||
Header: hdr,
|
||||
|
@ -209,7 +213,9 @@ func (lp linkPusher) WriteHeader(statusCode int) {
|
|||
if links, ok := lp.ResponseWriter.Header()["Link"]; ok {
|
||||
// only initiate these pushes if it hasn't been done yet
|
||||
if val := caddyhttp.GetVar(lp.request.Context(), pushedLink); val == nil {
|
||||
lp.handler.logger.Debug("pushing Link resources", zap.Strings("linked", links))
|
||||
if c := lp.handler.logger.Check(zapcore.DebugLevel, "pushing Link resources"); c != nil {
|
||||
c.Write(zap.Strings("linked", links))
|
||||
}
|
||||
caddyhttp.SetVar(lp.request.Context(), pushedLink, true)
|
||||
lp.handler.servePreloadLinks(lp.pusher, lp.header, links)
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ import (
|
|||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -69,12 +70,16 @@ func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad
|
|||
rc := http.NewResponseController(w)
|
||||
if rb.ReadTimeout > 0 {
|
||||
if err := rc.SetReadDeadline(time.Now().Add(rb.ReadTimeout)); err != nil {
|
||||
rb.logger.Error("could not set read deadline", zap.Error(err))
|
||||
if c := rb.logger.Check(zapcore.ErrorLevel, "could not set read deadline"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
if rb.WriteTimeout > 0 {
|
||||
if err := rc.SetWriteDeadline(time.Now().Add(rb.WriteTimeout)); err != nil {
|
||||
rb.logger.Error("could not set write deadline", zap.Error(err))
|
||||
if c := rb.logger.Check(zapcore.ErrorLevel, "could not set write deadline"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,9 +42,13 @@ func (rww *ResponseWriterWrapper) Push(target string, opts *http.PushOptions) er
|
|||
return ErrNotImplemented
|
||||
}
|
||||
|
||||
// ReadFrom implements io.ReaderFrom. It simply calls io.Copy,
|
||||
// which uses io.ReaderFrom if available.
|
||||
// ReadFrom implements io.ReaderFrom. It retries to use io.ReaderFrom if available,
|
||||
// then fallback to io.Copy.
|
||||
// see: https://github.com/caddyserver/caddy/issues/6546
|
||||
func (rww *ResponseWriterWrapper) ReadFrom(r io.Reader) (n int64, err error) {
|
||||
if rf, ok := rww.ResponseWriter.(io.ReaderFrom); ok {
|
||||
return rf.ReadFrom(r)
|
||||
}
|
||||
return io.Copy(rww.ResponseWriter, r)
|
||||
}
|
||||
|
||||
|
|
|
@ -137,7 +137,7 @@ func parseUpstreamDialAddress(upstreamAddr string) (parsedAddr, error) {
|
|||
}
|
||||
// we can assume a port if only a hostname is specified, but use of a
|
||||
// placeholder without a port likely means a port will be filled in
|
||||
if port == "" && !strings.Contains(host, "{") && !caddy.IsUnixNetwork(network) {
|
||||
if port == "" && !strings.Contains(host, "{") && !caddy.IsUnixNetwork(network) && !caddy.IsFdNetwork(network) {
|
||||
port = "80"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -93,12 +93,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error)
|
|||
//
|
||||
// # streaming
|
||||
// flush_interval <duration>
|
||||
// buffer_requests
|
||||
// buffer_responses
|
||||
// max_buffer_size <size>
|
||||
// request_buffers <size>
|
||||
// response_buffers <size>
|
||||
// stream_timeout <duration>
|
||||
// stream_close_delay <duration>
|
||||
// trace_logs
|
||||
// verbose_logs
|
||||
//
|
||||
// # request manipulation
|
||||
// trusted_proxies [private_ranges] <ranges...>
|
||||
|
@ -1326,7 +1325,11 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
return d.Err("cannot specify \"tls_trust_pool\" twice in caddyfile")
|
||||
}
|
||||
h.TLS.CARaw = caddyconfig.JSONModuleObject(ca, "provider", modStem, nil)
|
||||
|
||||
case "local_address":
|
||||
if !d.NextArg() {
|
||||
return d.ArgErr()
|
||||
}
|
||||
h.LocalAddress = d.Val()
|
||||
default:
|
||||
return d.Errf("unrecognized subdirective %s", d.Val())
|
||||
}
|
||||
|
|
|
@ -40,6 +40,7 @@ import (
|
|||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
)
|
||||
|
||||
// FCGIListenSockFileno describes listen socket file number.
|
||||
|
@ -184,10 +185,13 @@ func (f clientCloser) Close() error {
|
|||
return f.rwc.Close()
|
||||
}
|
||||
|
||||
logLevel := zapcore.WarnLevel
|
||||
if f.status >= 400 {
|
||||
f.logger.Error("stderr", zap.ByteString("body", stderr))
|
||||
} else {
|
||||
f.logger.Warn("stderr", zap.ByteString("body", stderr))
|
||||
logLevel = zapcore.ErrorLevel
|
||||
}
|
||||
|
||||
if c := f.logger.Check(logLevel, "stderr"); c != nil {
|
||||
c.Write(zap.ByteString("body", stderr))
|
||||
}
|
||||
|
||||
return f.rwc.Close()
|
||||
|
|
|
@ -148,10 +148,13 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) {
|
|||
zap.Object("request", loggableReq),
|
||||
zap.Object("env", loggableEnv),
|
||||
)
|
||||
logger.Debug("roundtrip",
|
||||
if c := t.logger.Check(zapcore.DebugLevel, "roundtrip"); c != nil {
|
||||
c.Write(
|
||||
zap.String("dial", address),
|
||||
zap.Object("env", loggableEnv),
|
||||
zap.Object("request", loggableReq))
|
||||
zap.Object("request", loggableReq),
|
||||
)
|
||||
}
|
||||
|
||||
// connect to the backend
|
||||
dialer := net.Dialer{Timeout: time.Duration(t.DialTimeout)}
|
||||
|
|
|
@ -23,11 +23,13 @@ import (
|
|||
"net/url"
|
||||
"regexp"
|
||||
"runtime/debug"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -270,9 +272,12 @@ type CircuitBreaker interface {
|
|||
func (h *Handler) activeHealthChecker() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
h.HealthChecks.Active.logger.Error("active health checker panicked",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health checker panicked"); c != nil {
|
||||
c.Write(
|
||||
zap.Any("error", err),
|
||||
zap.ByteString("stack", debug.Stack()))
|
||||
zap.ByteString("stack", debug.Stack()),
|
||||
)
|
||||
}
|
||||
}
|
||||
}()
|
||||
ticker := time.NewTicker(time.Duration(h.HealthChecks.Active.Interval))
|
||||
|
@ -295,43 +300,52 @@ func (h *Handler) doActiveHealthCheckForAllHosts() {
|
|||
go func(upstream *Upstream) {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
h.HealthChecks.Active.logger.Error("active health check panicked",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health checker panicked"); c != nil {
|
||||
c.Write(
|
||||
zap.Any("error", err),
|
||||
zap.ByteString("stack", debug.Stack()))
|
||||
zap.ByteString("stack", debug.Stack()),
|
||||
)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
networkAddr, err := caddy.NewReplacer().ReplaceOrErr(upstream.Dial, true, true)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Error("invalid use of placeholders in dial address for active health checks",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "invalid use of placeholders in dial address for active health checks"); c != nil {
|
||||
c.Write(
|
||||
zap.String("address", networkAddr),
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
addr, err := caddy.ParseNetworkAddress(networkAddr)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Error("bad network address",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "bad network address"); c != nil {
|
||||
c.Write(
|
||||
zap.String("address", networkAddr),
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
if hcp := uint(upstream.activeHealthCheckPort); hcp != 0 {
|
||||
if addr.IsUnixNetwork() {
|
||||
if addr.IsUnixNetwork() || addr.IsFdNetwork() {
|
||||
addr.Network = "tcp" // I guess we just assume TCP since we are using a port??
|
||||
}
|
||||
addr.StartPort, addr.EndPort = hcp, hcp
|
||||
}
|
||||
if addr.PortRangeSize() != 1 {
|
||||
h.HealthChecks.Active.logger.Error("multiple addresses (upstream must map to only one address)",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "multiple addresses (upstream must map to only one address)"); c != nil {
|
||||
c.Write(
|
||||
zap.String("address", networkAddr),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
hostAddr := addr.JoinHostPort(0)
|
||||
dialAddr := hostAddr
|
||||
if addr.IsUnixNetwork() {
|
||||
if addr.IsUnixNetwork() || addr.IsFdNetwork() {
|
||||
// this will be used as the Host portion of a http.Request URL, and
|
||||
// paths to socket files would produce an error when creating URL,
|
||||
// so use a fake Host value instead; unix sockets are usually local
|
||||
|
@ -339,11 +353,13 @@ func (h *Handler) doActiveHealthCheckForAllHosts() {
|
|||
}
|
||||
err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, networkAddr, upstream)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Error("active health check failed",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health check failed"); c != nil {
|
||||
c.Write(
|
||||
zap.String("address", hostAddr),
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
}
|
||||
}(upstream)
|
||||
}
|
||||
}
|
||||
|
@ -382,14 +398,10 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
u.Scheme = "https"
|
||||
|
||||
// if the port is in the except list, flip back to HTTP
|
||||
if ht, ok := h.Transport.(*HTTPTransport); ok {
|
||||
for _, exceptPort := range ht.TLS.ExceptPorts {
|
||||
if exceptPort == port {
|
||||
if ht, ok := h.Transport.(*HTTPTransport); ok && slices.Contains(ht.TLS.ExceptPorts, port) {
|
||||
u.Scheme = "http"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// if we have a provisioned uri, use that, otherwise use
|
||||
// the deprecated Path option
|
||||
|
@ -441,9 +453,12 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
// increment failures and then check if it has reached the threshold to mark unhealthy
|
||||
err := upstream.Host.countHealthFail(1)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Error("could not count active health failure",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count active health failure"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", upstream.Dial),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
if upstream.Host.activeHealthFails() >= h.HealthChecks.Active.Fails {
|
||||
|
@ -459,14 +474,19 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
// increment passes and then check if it has reached the threshold to be healthy
|
||||
err := upstream.Host.countHealthPass(1)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Error("could not count active health pass",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count active health pass"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", upstream.Dial),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
if upstream.Host.activeHealthPasses() >= h.HealthChecks.Active.Passes {
|
||||
if upstream.setHealthy(true) {
|
||||
h.HealthChecks.Active.logger.Info("host is up", zap.String("host", hostAddr))
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "host is up"); c != nil {
|
||||
c.Write(zap.String("host", hostAddr))
|
||||
}
|
||||
h.events.Emit(h.ctx, "healthy", map[string]any{"host": hostAddr})
|
||||
upstream.Host.resetHealth()
|
||||
}
|
||||
|
@ -476,10 +496,12 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
// do the request, being careful to tame the response body
|
||||
resp, err := h.HealthChecks.Active.httpClient.Do(req)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Info("HTTP request failed",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "HTTP request failed"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", hostAddr),
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
markUnhealthy()
|
||||
return nil
|
||||
}
|
||||
|
@ -496,18 +518,22 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
// if status code is outside criteria, mark down
|
||||
if h.HealthChecks.Active.ExpectStatus > 0 {
|
||||
if !caddyhttp.StatusCodeMatches(resp.StatusCode, h.HealthChecks.Active.ExpectStatus) {
|
||||
h.HealthChecks.Active.logger.Info("unexpected status code",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "unexpected status code"); c != nil {
|
||||
c.Write(
|
||||
zap.Int("status_code", resp.StatusCode),
|
||||
zap.String("host", hostAddr),
|
||||
)
|
||||
}
|
||||
markUnhealthy()
|
||||
return nil
|
||||
}
|
||||
} else if resp.StatusCode < 200 || resp.StatusCode >= 300 {
|
||||
h.HealthChecks.Active.logger.Info("status code out of tolerances",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "status code out of tolerances"); c != nil {
|
||||
c.Write(
|
||||
zap.Int("status_code", resp.StatusCode),
|
||||
zap.String("host", hostAddr),
|
||||
)
|
||||
}
|
||||
markUnhealthy()
|
||||
return nil
|
||||
}
|
||||
|
@ -516,17 +542,21 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ
|
|||
if h.HealthChecks.Active.bodyRegexp != nil {
|
||||
bodyBytes, err := io.ReadAll(body)
|
||||
if err != nil {
|
||||
h.HealthChecks.Active.logger.Info("failed to read response body",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "failed to read response body"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", hostAddr),
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
markUnhealthy()
|
||||
return nil
|
||||
}
|
||||
if !h.HealthChecks.Active.bodyRegexp.Match(bodyBytes) {
|
||||
h.HealthChecks.Active.logger.Info("response body failed expectations",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "response body failed expectations"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", hostAddr),
|
||||
)
|
||||
}
|
||||
markUnhealthy()
|
||||
return nil
|
||||
}
|
||||
|
@ -556,9 +586,12 @@ func (h *Handler) countFailure(upstream *Upstream) {
|
|||
// count failure immediately
|
||||
err := upstream.Host.countFail(1)
|
||||
if err != nil {
|
||||
h.HealthChecks.Passive.logger.Error("could not count failure",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count failure"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", upstream.Dial),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -566,9 +599,12 @@ func (h *Handler) countFailure(upstream *Upstream) {
|
|||
go func(host *Host, failDuration time.Duration) {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
h.HealthChecks.Passive.logger.Error("passive health check failure forgetter panicked",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "passive health check failure forgetter panicked"); c != nil {
|
||||
c.Write(
|
||||
zap.Any("error", err),
|
||||
zap.ByteString("stack", debug.Stack()))
|
||||
zap.ByteString("stack", debug.Stack()),
|
||||
)
|
||||
}
|
||||
}
|
||||
}()
|
||||
timer := time.NewTimer(failDuration)
|
||||
|
@ -581,9 +617,12 @@ func (h *Handler) countFailure(upstream *Upstream) {
|
|||
}
|
||||
err := host.countFail(-1)
|
||||
if err != nil {
|
||||
h.HealthChecks.Passive.logger.Error("could not forget failure",
|
||||
if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not forget failure"); c != nil {
|
||||
c.Write(
|
||||
zap.String("host", upstream.Dial),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
}
|
||||
}(upstream.Host, failDuration)
|
||||
}
|
||||
|
|
|
@ -27,12 +27,14 @@ import (
|
|||
"net/url"
|
||||
"os"
|
||||
"reflect"
|
||||
"slices"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/pires/go-proxyproto"
|
||||
"github.com/quic-go/quic-go/http3"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
"golang.org/x/net/http2"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
|
@ -132,6 +134,10 @@ type HTTPTransport struct {
|
|||
// to change or removal while experimental.
|
||||
Versions []string `json:"versions,omitempty"`
|
||||
|
||||
// Specify the address to bind to when connecting to an upstream. In other words,
|
||||
// it is the address the upstream sees as the remote address.
|
||||
LocalAddress string `json:"local_address,omitempty"`
|
||||
|
||||
// The pre-configured underlying HTTP transport.
|
||||
Transport *http.Transport `json:"-"`
|
||||
|
||||
|
@ -185,6 +191,31 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
|
|||
FallbackDelay: time.Duration(h.FallbackDelay),
|
||||
}
|
||||
|
||||
if h.LocalAddress != "" {
|
||||
netaddr, err := caddy.ParseNetworkAddressWithDefaults(h.LocalAddress, "tcp", 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if netaddr.PortRangeSize() > 1 {
|
||||
return nil, fmt.Errorf("local_address must be a single address, not a port range")
|
||||
}
|
||||
switch netaddr.Network {
|
||||
case "tcp", "tcp4", "tcp6":
|
||||
dialer.LocalAddr, err = net.ResolveTCPAddr(netaddr.Network, netaddr.JoinHostPort(0))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case "unix", "unixgram", "unixpacket":
|
||||
dialer.LocalAddr, err = net.ResolveUnixAddr(netaddr.Network, netaddr.JoinHostPort(0))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case "udp", "udp4", "udp6":
|
||||
return nil, fmt.Errorf("local_address must be a TCP address, not a UDP address")
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported network")
|
||||
}
|
||||
}
|
||||
if h.Resolver != nil {
|
||||
err := h.Resolver.ParseAddresses()
|
||||
if err != nil {
|
||||
|
@ -351,7 +382,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
|
|||
rt.DisableCompression = !*h.Compression
|
||||
}
|
||||
|
||||
if sliceContains(h.Versions, "2") {
|
||||
if slices.Contains(h.Versions, "2") {
|
||||
if err := http2.ConfigureTransport(rt); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -370,13 +401,13 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e
|
|||
return nil, fmt.Errorf("making TLS client config for HTTP/3 transport: %v", err)
|
||||
}
|
||||
}
|
||||
} else if len(h.Versions) > 1 && sliceContains(h.Versions, "3") {
|
||||
} else if len(h.Versions) > 1 && slices.Contains(h.Versions, "3") {
|
||||
return nil, fmt.Errorf("if HTTP/3 is enabled to the upstream, no other HTTP versions are supported")
|
||||
}
|
||||
|
||||
// if h2c is enabled, configure its transport (std lib http.Transport
|
||||
// does not "HTTP/2 over cleartext TCP")
|
||||
if sliceContains(h.Versions, "h2c") {
|
||||
if slices.Contains(h.Versions, "h2c") {
|
||||
// crafting our own http2.Transport doesn't allow us to utilize
|
||||
// most of the customizations/preferences on the http.Transport,
|
||||
// because, for some reason, only http2.ConfigureTransport()
|
||||
|
@ -721,7 +752,9 @@ func (c *tcpRWTimeoutConn) Read(b []byte) (int, error) {
|
|||
if c.readTimeout > 0 {
|
||||
err := c.TCPConn.SetReadDeadline(time.Now().Add(c.readTimeout))
|
||||
if err != nil {
|
||||
c.logger.Error("failed to set read deadline", zap.Error(err))
|
||||
if ce := c.logger.Check(zapcore.ErrorLevel, "failed to set read deadline"); ce != nil {
|
||||
ce.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
return c.TCPConn.Read(b)
|
||||
|
@ -731,7 +764,9 @@ func (c *tcpRWTimeoutConn) Write(b []byte) (int, error) {
|
|||
if c.writeTimeout > 0 {
|
||||
err := c.TCPConn.SetWriteDeadline(time.Now().Add(c.writeTimeout))
|
||||
if err != nil {
|
||||
c.logger.Error("failed to set write deadline", zap.Error(err))
|
||||
if ce := c.logger.Check(zapcore.ErrorLevel, "failed to set write deadline"); ce != nil {
|
||||
ce.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
return c.TCPConn.Write(b)
|
||||
|
@ -749,16 +784,6 @@ func decodeBase64DERCert(certStr string) (*x509.Certificate, error) {
|
|||
return x509.ParseCertificate(derBytes)
|
||||
}
|
||||
|
||||
// sliceContains returns true if needle is in haystack.
|
||||
func sliceContains(haystack []string, needle string) bool {
|
||||
for _, s := range haystack {
|
||||
if s == needle {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Interface guards
|
||||
var (
|
||||
_ caddy.Provisioner = (*HTTPTransport)(nil)
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
)
|
||||
|
||||
var reverseProxyMetrics = struct {
|
||||
|
@ -48,9 +49,12 @@ func (m *metricsUpstreamsHealthyUpdater) Init() {
|
|||
go func() {
|
||||
defer func() {
|
||||
if err := recover(); err != nil {
|
||||
reverseProxyMetrics.logger.Error("upstreams healthy metrics updater panicked",
|
||||
if c := reverseProxyMetrics.logger.Check(zapcore.ErrorLevel, "upstreams healthy metrics updater panicked"); c != nil {
|
||||
c.Write(
|
||||
zap.Any("error", err),
|
||||
zap.ByteString("stack", debug.Stack()))
|
||||
zap.ByteString("stack", debug.Stack()),
|
||||
)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ import (
|
|||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
"golang.org/x/net/http/httpguts"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
|
@ -67,6 +68,7 @@ func init() {
|
|||
// `{http.reverse_proxy.upstream.duration_ms}` | Same as 'upstream.duration', but in milliseconds.
|
||||
// `{http.reverse_proxy.duration}` | Total time spent proxying, including selecting an upstream, retries, and writing response.
|
||||
// `{http.reverse_proxy.duration_ms}` | Same as 'duration', but in milliseconds.
|
||||
// `{http.reverse_proxy.retries}` | The number of retries actually performed to communicate with an upstream.
|
||||
type Handler struct {
|
||||
// Configures the method of transport for the proxy. A transport
|
||||
// is what performs the actual "round trip" to the backend.
|
||||
|
@ -438,11 +440,16 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht
|
|||
if h.LoadBalancing != nil {
|
||||
lbWait = time.Duration(h.LoadBalancing.TryInterval)
|
||||
}
|
||||
h.logger.Debug("retrying", zap.Error(proxyErr), zap.Duration("after", lbWait))
|
||||
if c := h.logger.Check(zapcore.DebugLevel, "retrying"); c != nil {
|
||||
c.Write(zap.Error(proxyErr), zap.Duration("after", lbWait))
|
||||
}
|
||||
}
|
||||
retries++
|
||||
}
|
||||
|
||||
// number of retries actually performed
|
||||
repl.Set("http.reverse_proxy.retries", retries)
|
||||
|
||||
if proxyErr != nil {
|
||||
return statusError(proxyErr)
|
||||
}
|
||||
|
@ -462,13 +469,17 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h
|
|||
if h.DynamicUpstreams != nil {
|
||||
dUpstreams, err := h.DynamicUpstreams.GetUpstreams(r)
|
||||
if err != nil {
|
||||
h.logger.Error("failed getting dynamic upstreams; falling back to static upstreams", zap.Error(err))
|
||||
if c := h.logger.Check(zapcore.ErrorLevel, "failed getting dynamic upstreams; falling back to static upstreams"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
} else {
|
||||
upstreams = dUpstreams
|
||||
for _, dUp := range dUpstreams {
|
||||
h.provisionUpstream(dUp)
|
||||
}
|
||||
h.logger.Debug("provisioned dynamic upstreams", zap.Int("count", len(dUpstreams)))
|
||||
if c := h.logger.Check(zapcore.DebugLevel, "provisioned dynamic upstreams"); c != nil {
|
||||
c.Write(zap.Int("count", len(dUpstreams)))
|
||||
}
|
||||
defer func() {
|
||||
// these upstreams are dynamic, so they are only used for this iteration
|
||||
// of the proxy loop; be sure to let them go away when we're done with them
|
||||
|
@ -499,9 +510,12 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h
|
|||
return true, fmt.Errorf("making dial info: %v", err)
|
||||
}
|
||||
|
||||
h.logger.Debug("selected upstream",
|
||||
if c := h.logger.Check(zapcore.DebugLevel, "selected upstream"); c != nil {
|
||||
c.Write(
|
||||
zap.String("dial", dialInfo.Address),
|
||||
zap.Int("total_upstreams", len(upstreams)))
|
||||
zap.Int("total_upstreams", len(upstreams)),
|
||||
)
|
||||
}
|
||||
|
||||
// attach to the request information about how to dial the upstream;
|
||||
// this is necessary because the information cannot be sufficiently
|
||||
|
@ -555,6 +569,30 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h
|
|||
return false, proxyErr
|
||||
}
|
||||
|
||||
// Mapping of the canonical form of the headers, to the RFC 6455 form,
|
||||
// i.e. `WebSocket` with uppercase 'S'.
|
||||
var websocketHeaderMapping = map[string]string{
|
||||
"Sec-Websocket-Accept": "Sec-WebSocket-Accept",
|
||||
"Sec-Websocket-Extensions": "Sec-WebSocket-Extensions",
|
||||
"Sec-Websocket-Key": "Sec-WebSocket-Key",
|
||||
"Sec-Websocket-Protocol": "Sec-WebSocket-Protocol",
|
||||
"Sec-Websocket-Version": "Sec-WebSocket-Version",
|
||||
}
|
||||
|
||||
// normalizeWebsocketHeaders ensures we use the standard casing as per
|
||||
// RFC 6455, i.e. `WebSocket` with uppercase 'S'. Most servers don't
|
||||
// care about this difference (read headers case insensitively), but
|
||||
// some do, so this maximizes compatibility with upstreams.
|
||||
// See https://github.com/caddyserver/caddy/pull/6621
|
||||
func normalizeWebsocketHeaders(header http.Header) {
|
||||
for k, rk := range websocketHeaderMapping {
|
||||
if v, ok := header[k]; ok {
|
||||
delete(header, k)
|
||||
header[rk] = v
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// prepareRequest clones req so that it can be safely modified without
|
||||
// changing the original request or introducing data races. It then
|
||||
// modifies it so that it is ready to be proxied, except for directing
|
||||
|
@ -641,6 +679,7 @@ func (h Handler) prepareRequest(req *http.Request, repl *caddy.Replacer) (*http.
|
|||
if reqUpType != "" {
|
||||
req.Header.Set("Connection", "Upgrade")
|
||||
req.Header.Set("Upgrade", reqUpType)
|
||||
normalizeWebsocketHeaders(req.Header)
|
||||
}
|
||||
|
||||
// Set up the PROXY protocol info
|
||||
|
@ -807,16 +846,22 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe
|
|||
ShouldLogCredentials: shouldLogCredentials,
|
||||
}),
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
logger.Debug("upstream roundtrip", zap.Error(err))
|
||||
if c := logger.Check(zapcore.DebugLevel, "upstream roundtrip"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
return err
|
||||
}
|
||||
logger.Debug("upstream roundtrip",
|
||||
if c := logger.Check(zapcore.DebugLevel, "upstream roundtrip"); c != nil {
|
||||
c.Write(
|
||||
zap.Object("headers", caddyhttp.LoggableHTTPHeader{
|
||||
Header: res.Header,
|
||||
ShouldLogCredentials: shouldLogCredentials,
|
||||
}),
|
||||
zap.Int("status", res.StatusCode))
|
||||
zap.Int("status", res.StatusCode),
|
||||
)
|
||||
}
|
||||
|
||||
// duration until upstream wrote response headers (roundtrip duration)
|
||||
repl.Set("http.reverse_proxy.upstream.latency", duration)
|
||||
|
@ -875,7 +920,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe
|
|||
repl.Set("http.reverse_proxy.status_code", res.StatusCode)
|
||||
repl.Set("http.reverse_proxy.status_text", res.Status)
|
||||
|
||||
logger.Debug("handling response", zap.Int("handler", i))
|
||||
if c := logger.Check(zapcore.DebugLevel, "handling response"); c != nil {
|
||||
c.Write(zap.Int("handler", i))
|
||||
}
|
||||
|
||||
// we make some data available via request context to child routes
|
||||
// so that they may inherit some options and functions from the
|
||||
|
@ -971,7 +1018,9 @@ func (h *Handler) finalizeResponse(
|
|||
err := h.copyResponse(rw, res.Body, h.flushInterval(req, res), logger)
|
||||
errClose := res.Body.Close() // close now, instead of defer, to populate res.Trailer
|
||||
if h.VerboseLogs || errClose != nil {
|
||||
logger.Debug("closed response body from upstream", zap.Error(errClose))
|
||||
if c := logger.Check(zapcore.DebugLevel, "closed response body from upstream"); c != nil {
|
||||
c.Write(zap.Error(errClose))
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
// we're streaming the response and we've already written headers, so
|
||||
|
@ -979,7 +1028,9 @@ func (h *Handler) finalizeResponse(
|
|||
// we'll just log the error and abort the stream here and panic just as
|
||||
// the standard lib's proxy to propagate the stream error.
|
||||
// see issue https://github.com/caddyserver/caddy/issues/5951
|
||||
logger.Warn("aborting with incomplete response", zap.Error(err))
|
||||
if c := logger.Check(zapcore.WarnLevel, "aborting with incomplete response"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
// no extra logging from stdlib
|
||||
panic(http.ErrAbortHandler)
|
||||
}
|
||||
|
|
|
@ -31,6 +31,7 @@ import (
|
|||
"unsafe"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
"golang.org/x/net/http/httpguts"
|
||||
)
|
||||
|
||||
|
@ -41,14 +42,18 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
// Taken from https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a
|
||||
// We know reqUpType is ASCII, it's checked by the caller.
|
||||
if !asciiIsPrint(resUpType) {
|
||||
logger.Debug("backend tried to switch to invalid protocol",
|
||||
zap.String("backend_upgrade", resUpType))
|
||||
if c := logger.Check(zapcore.DebugLevel, "backend tried to switch to invalid protocol"); c != nil {
|
||||
c.Write(zap.String("backend_upgrade", resUpType))
|
||||
}
|
||||
return
|
||||
}
|
||||
if !asciiEqualFold(reqUpType, resUpType) {
|
||||
logger.Debug("backend tried to switch to unexpected protocol via Upgrade header",
|
||||
if c := logger.Check(zapcore.DebugLevel, "backend tried to switch to unexpected protocol via Upgrade header"); c != nil {
|
||||
c.Write(
|
||||
zap.String("backend_upgrade", resUpType),
|
||||
zap.String("requested_upgrade", reqUpType))
|
||||
zap.String("requested_upgrade", reqUpType),
|
||||
)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -61,6 +66,7 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
// write header first, response headers should not be counted in size
|
||||
// like the rest of handler chain.
|
||||
copyHeader(rw.Header(), res.Header)
|
||||
normalizeWebsocketHeaders(rw.Header())
|
||||
rw.WriteHeader(res.StatusCode)
|
||||
|
||||
logger.Debug("upgrading connection")
|
||||
|
@ -68,12 +74,16 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
//nolint:bodyclose
|
||||
conn, brw, hijackErr := http.NewResponseController(rw).Hijack()
|
||||
if errors.Is(hijackErr, http.ErrNotSupported) {
|
||||
h.logger.Error("can't switch protocols using non-Hijacker ResponseWriter", zap.String("type", fmt.Sprintf("%T", rw)))
|
||||
if c := logger.Check(zapcore.ErrorLevel, "can't switch protocols using non-Hijacker ResponseWriter"); c != nil {
|
||||
c.Write(zap.String("type", fmt.Sprintf("%T", rw)))
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if hijackErr != nil {
|
||||
h.logger.Error("hijack failed on protocol switch", zap.Error(hijackErr))
|
||||
if c := logger.Check(zapcore.ErrorLevel, "hijack failed on protocol switch"); c != nil {
|
||||
c.Write(zap.Error(hijackErr))
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -93,11 +103,15 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
start := time.Now()
|
||||
defer func() {
|
||||
conn.Close()
|
||||
logger.Debug("connection closed", zap.Duration("duration", time.Since(start)))
|
||||
if c := logger.Check(zapcore.DebugLevel, "hijack failed on protocol switch"); c != nil {
|
||||
c.Write(zap.Duration("duration", time.Since(start)))
|
||||
}
|
||||
}()
|
||||
|
||||
if err := brw.Flush(); err != nil {
|
||||
logger.Debug("response flush", zap.Error(err))
|
||||
if c := logger.Check(zapcore.DebugLevel, "response flush"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -107,7 +121,9 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
data, _ := brw.Peek(buffered)
|
||||
_, err := backConn.Write(data)
|
||||
if err != nil {
|
||||
logger.Debug("backConn write failed", zap.Error(err))
|
||||
if c := logger.Check(zapcore.DebugLevel, "backConn write failed"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -148,9 +164,13 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup,
|
|||
go spc.copyFromBackend(errc)
|
||||
select {
|
||||
case err := <-errc:
|
||||
logger.Debug("streaming error", zap.Error(err))
|
||||
if c := logger.Check(zapcore.DebugLevel, "streaming error"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
case time := <-timeoutc:
|
||||
logger.Debug("stream timed out", zap.Time("timeout", time))
|
||||
if c := logger.Check(zapcore.DebugLevel, "stream timed out"); c != nil {
|
||||
c.Write(zap.Time("timeout", time))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -247,7 +267,9 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za
|
|||
logger.Debug("waiting to read from upstream")
|
||||
nr, rerr := src.Read(buf)
|
||||
logger := logger.With(zap.Int("read", nr))
|
||||
logger.Debug("read from upstream", zap.Error(rerr))
|
||||
if c := logger.Check(zapcore.DebugLevel, "read from upstream"); c != nil {
|
||||
c.Write(zap.Error(rerr))
|
||||
}
|
||||
if rerr != nil && rerr != io.EOF && rerr != context.Canceled {
|
||||
// TODO: this could be useful to know (indeed, it revealed an error in our
|
||||
// fastcgi PoC earlier; but it's this single error report here that necessitates
|
||||
|
@ -256,7 +278,9 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za
|
|||
// something we need to report to the client, but read errors are a problem on our
|
||||
// end for sure. so we need to decide what we want.)
|
||||
// p.logf("copyBuffer: ReverseProxy read error during body copy: %v", rerr)
|
||||
h.logger.Error("reading from backend", zap.Error(rerr))
|
||||
if c := logger.Check(zapcore.ErrorLevel, "reading from backend"); c != nil {
|
||||
c.Write(zap.Error(rerr))
|
||||
}
|
||||
}
|
||||
if nr > 0 {
|
||||
logger.Debug("writing to downstream")
|
||||
|
@ -264,10 +288,13 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za
|
|||
if nw > 0 {
|
||||
written += int64(nw)
|
||||
}
|
||||
logger.Debug("wrote to downstream",
|
||||
if c := logger.Check(zapcore.DebugLevel, "wrote to downstream"); c != nil {
|
||||
c.Write(
|
||||
zap.Int("written", nw),
|
||||
zap.Int64("written_total", written),
|
||||
zap.Error(werr))
|
||||
zap.Error(werr),
|
||||
)
|
||||
}
|
||||
if werr != nil {
|
||||
return written, fmt.Errorf("writing: %w", werr)
|
||||
}
|
||||
|
@ -347,13 +374,17 @@ func (h *Handler) cleanupConnections() error {
|
|||
if len(h.connections) > 0 {
|
||||
delay := time.Duration(h.StreamCloseDelay)
|
||||
h.connectionsCloseTimer = time.AfterFunc(delay, func() {
|
||||
h.logger.Debug("closing streaming connections after delay",
|
||||
zap.Duration("delay", delay))
|
||||
if c := h.logger.Check(zapcore.DebugLevel, "closing streaming connections after delay"); c != nil {
|
||||
c.Write(zap.Duration("delay", delay))
|
||||
}
|
||||
err := h.closeConnections()
|
||||
if err != nil {
|
||||
h.logger.Error("failed to closed connections after delay",
|
||||
if c := h.logger.Check(zapcore.ErrorLevel, "failed to closed connections after delay"); c != nil {
|
||||
c.Write(
|
||||
zap.Error(err),
|
||||
zap.Duration("delay", delay))
|
||||
zap.Duration("delay", delay),
|
||||
)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
|
@ -494,7 +525,9 @@ func (m *maxLatencyWriter) Write(p []byte) (n int, err error) {
|
|||
m.mu.Lock()
|
||||
defer m.mu.Unlock()
|
||||
n, err = m.dst.Write(p)
|
||||
m.logger.Debug("wrote bytes", zap.Int("n", n), zap.Error(err))
|
||||
if c := m.logger.Check(zapcore.DebugLevel, "wrote bytes"); c != nil {
|
||||
c.Write(zap.Int("n", n), zap.Error(err))
|
||||
}
|
||||
if m.latency < 0 {
|
||||
m.logger.Debug("flushing immediately")
|
||||
//nolint:errcheck
|
||||
|
@ -510,7 +543,9 @@ func (m *maxLatencyWriter) Write(p []byte) (n int, err error) {
|
|||
} else {
|
||||
m.t.Reset(m.latency)
|
||||
}
|
||||
m.logger.Debug("timer set for delayed flush", zap.Duration("duration", m.latency))
|
||||
if c := m.logger.Check(zapcore.DebugLevel, "timer set for delayed flush"); c != nil {
|
||||
c.Write(zap.Duration("duration", m.latency))
|
||||
}
|
||||
m.flushPending = true
|
||||
return
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"time"
|
||||
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
)
|
||||
|
@ -136,10 +137,13 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) {
|
|||
return allNew(cached.upstreams), nil
|
||||
}
|
||||
|
||||
su.logger.Debug("refreshing SRV upstreams",
|
||||
if c := su.logger.Check(zapcore.DebugLevel, "refreshing SRV upstreams"); c != nil {
|
||||
c.Write(
|
||||
zap.String("service", service),
|
||||
zap.String("proto", proto),
|
||||
zap.String("name", name))
|
||||
zap.String("name", name),
|
||||
)
|
||||
}
|
||||
|
||||
_, records, err := su.resolver.LookupSRV(r.Context(), service, proto, name)
|
||||
if err != nil {
|
||||
|
@ -148,23 +152,30 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) {
|
|||
// only return an error if no records were also returned.
|
||||
if len(records) == 0 {
|
||||
if su.GracePeriod > 0 {
|
||||
su.logger.Error("SRV lookup failed; using previously cached", zap.Error(err))
|
||||
if c := su.logger.Check(zapcore.ErrorLevel, "SRV lookup failed; using previously cached"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
cached.freshness = time.Now().Add(time.Duration(su.GracePeriod) - time.Duration(su.Refresh))
|
||||
srvs[suAddr] = cached
|
||||
return allNew(cached.upstreams), nil
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
su.logger.Warn("SRV records filtered", zap.Error(err))
|
||||
if c := su.logger.Check(zapcore.WarnLevel, "SRV records filtered"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
|
||||
upstreams := make([]Upstream, len(records))
|
||||
for i, rec := range records {
|
||||
su.logger.Debug("discovered SRV record",
|
||||
if c := su.logger.Check(zapcore.DebugLevel, "discovered SRV record"); c != nil {
|
||||
c.Write(
|
||||
zap.String("target", rec.Target),
|
||||
zap.Uint16("port", rec.Port),
|
||||
zap.Uint16("priority", rec.Priority),
|
||||
zap.Uint16("weight", rec.Weight))
|
||||
zap.Uint16("weight", rec.Weight),
|
||||
)
|
||||
}
|
||||
addr := net.JoinHostPort(rec.Target, strconv.Itoa(int(rec.Port)))
|
||||
upstreams[i] = Upstream{Dial: addr}
|
||||
}
|
||||
|
@ -361,10 +372,13 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) {
|
|||
name := repl.ReplaceAll(au.Name, "")
|
||||
port := repl.ReplaceAll(au.Port, "")
|
||||
|
||||
au.logger.Debug("refreshing A upstreams",
|
||||
if c := au.logger.Check(zapcore.DebugLevel, "refreshing A upstreams"); c != nil {
|
||||
c.Write(
|
||||
zap.String("version", ipVersion),
|
||||
zap.String("name", name),
|
||||
zap.String("port", port))
|
||||
zap.String("port", port),
|
||||
)
|
||||
}
|
||||
|
||||
ips, err := au.resolver.LookupIP(r.Context(), ipVersion, name)
|
||||
if err != nil {
|
||||
|
@ -373,8 +387,9 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) {
|
|||
|
||||
upstreams := make([]Upstream, len(ips))
|
||||
for i, ip := range ips {
|
||||
au.logger.Debug("discovered A record",
|
||||
zap.String("ip", ip.String()))
|
||||
if c := au.logger.Check(zapcore.DebugLevel, "discovered A record"); c != nil {
|
||||
c.Write(zap.String("ip", ip.String()))
|
||||
}
|
||||
upstreams[i] = Upstream{
|
||||
Dial: net.JoinHostPort(ip.String(), port),
|
||||
}
|
||||
|
@ -467,11 +482,16 @@ func (mu MultiUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) {
|
|||
|
||||
up, err := src.GetUpstreams(r)
|
||||
if err != nil {
|
||||
mu.logger.Error("upstream source returned error",
|
||||
if c := mu.logger.Check(zapcore.ErrorLevel, "upstream source returned error"); c != nil {
|
||||
c.Write(
|
||||
zap.Int("source_idx", i),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
} else if len(up) == 0 {
|
||||
mu.logger.Warn("upstream source returned 0 upstreams", zap.Int("source_idx", i))
|
||||
if c := mu.logger.Check(zapcore.WarnLevel, "upstream source returned 0 upstreams"); c != nil {
|
||||
c.Write(zap.Int("source_idx", i))
|
||||
}
|
||||
} else {
|
||||
upstreams = append(upstreams, up...)
|
||||
}
|
||||
|
|
|
@ -106,7 +106,7 @@ func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, err
|
|||
|
||||
switch args[0] {
|
||||
case "strip_prefix":
|
||||
if len(args) > 2 {
|
||||
if len(args) != 2 {
|
||||
return nil, h.ArgErr()
|
||||
}
|
||||
rewr.StripPathPrefix = args[1]
|
||||
|
@ -115,7 +115,7 @@ func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, err
|
|||
}
|
||||
|
||||
case "strip_suffix":
|
||||
if len(args) > 2 {
|
||||
if len(args) != 2 {
|
||||
return nil, h.ArgErr()
|
||||
}
|
||||
rewr.StripPathSuffix = args[1]
|
||||
|
|
|
@ -131,15 +131,19 @@ func (rewr *Rewrite) Provision(ctx caddy.Context) error {
|
|||
|
||||
func (rewr Rewrite) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error {
|
||||
repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer)
|
||||
const message = "rewrote request"
|
||||
|
||||
logger := rewr.logger.With(
|
||||
zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}),
|
||||
)
|
||||
c := rewr.logger.Check(zap.DebugLevel, message)
|
||||
if c == nil {
|
||||
rewr.Rewrite(r, repl)
|
||||
return next.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
changed := rewr.Rewrite(r, repl)
|
||||
|
||||
if changed {
|
||||
logger.Debug("rewrote request",
|
||||
c.Write(
|
||||
zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}),
|
||||
zap.String("method", r.Method),
|
||||
zap.String("uri", r.RequestURI),
|
||||
)
|
||||
|
|
|
@ -159,6 +159,9 @@ func (r *Route) ProvisionHandlers(ctx caddy.Context, metrics *Metrics) error {
|
|||
r.Handlers = append(r.Handlers, handler.(MiddlewareHandler))
|
||||
}
|
||||
|
||||
// Make ProvisionHandlers idempotent by clearing the middleware field
|
||||
r.middleware = []Middleware{}
|
||||
|
||||
// pre-compile the middleware handler chain
|
||||
for _, midhandler := range r.Handlers {
|
||||
r.middleware = append(r.middleware, wrapMiddleware(ctx, midhandler, metrics))
|
||||
|
@ -311,11 +314,11 @@ func wrapRoute(route Route) Middleware {
|
|||
// we need to pull this particular MiddlewareHandler
|
||||
// pointer into its own stack frame to preserve it so it
|
||||
// won't be overwritten in future loop iterations.
|
||||
func wrapMiddleware(_ caddy.Context, mh MiddlewareHandler, metrics *Metrics) Middleware {
|
||||
func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler, metrics *Metrics) Middleware {
|
||||
handlerToUse := mh
|
||||
if metrics != nil {
|
||||
// wrap the middleware with metrics instrumentation
|
||||
handlerToUse = newMetricsInstrumentedHandler(caddy.GetModuleName(mh), mh)
|
||||
handlerToUse = newMetricsInstrumentedHandler(ctx, caddy.GetModuleName(mh), mh, metrics)
|
||||
}
|
||||
|
||||
return func(next Handler) Handler {
|
||||
|
|
|
@ -25,6 +25,7 @@ import (
|
|||
"net/netip"
|
||||
"net/url"
|
||||
"runtime"
|
||||
"slices"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
@ -32,6 +33,7 @@ import (
|
|||
"github.com/caddyserver/certmagic"
|
||||
"github.com/quic-go/quic-go"
|
||||
"github.com/quic-go/quic-go/http3"
|
||||
"github.com/quic-go/quic-go/qlog"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
|
@ -222,6 +224,10 @@ type Server struct {
|
|||
// Default: `[h1 h2 h3]`
|
||||
Protocols []string `json:"protocols,omitempty"`
|
||||
|
||||
// ListenProtocols overrides Protocols for each parallel address in Listen.
|
||||
// A nil value or element indicates that Protocols will be used instead.
|
||||
ListenProtocols [][]string `json:"listen_protocols,omitempty"`
|
||||
|
||||
// If set, metrics observations will be enabled.
|
||||
// This setting is EXPERIMENTAL and subject to change.
|
||||
Metrics *Metrics `json:"metrics,omitempty"`
|
||||
|
@ -279,7 +285,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
if r.ProtoMajor < 3 {
|
||||
err := s.h3server.SetQUICHeaders(w.Header())
|
||||
if err != nil {
|
||||
s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err))
|
||||
if c := s.logger.Check(zapcore.ErrorLevel, "setting HTTP/3 Alt-Svc header"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -287,9 +295,12 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
// reject very long methods; probably a mistake or an attack
|
||||
if len(r.Method) > 32 {
|
||||
if s.shouldLogRequest(r) {
|
||||
s.accessLogger.Debug("rejecting request with long method",
|
||||
if c := s.accessLogger.Check(zapcore.DebugLevel, "rejecting request with long method"); c != nil {
|
||||
c.Write(
|
||||
zap.String("method_trunc", r.Method[:32]),
|
||||
zap.String("remote_addr", r.RemoteAddr))
|
||||
zap.String("remote_addr", r.RemoteAddr),
|
||||
)
|
||||
}
|
||||
}
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
return
|
||||
|
@ -304,20 +315,24 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
//nolint:bodyclose
|
||||
err := http.NewResponseController(w).EnableFullDuplex()
|
||||
if err != nil {
|
||||
s.logger.Warn("failed to enable full duplex", zap.Error(err))
|
||||
if c := s.logger.Check(zapcore.WarnLevel, "failed to enable full duplex"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// encode the request for logging purposes before
|
||||
// clone the request for logging purposes before
|
||||
// it enters any handler chain; this is necessary
|
||||
// to capture the original request in case it gets
|
||||
// modified during handling
|
||||
// cloning the request and using .WithLazy is considerably faster
|
||||
// than using .With, which will JSON encode the request immediately
|
||||
shouldLogCredentials := s.Logs != nil && s.Logs.ShouldLogCredentials
|
||||
loggableReq := zap.Object("request", LoggableHTTPRequest{
|
||||
Request: r,
|
||||
Request: r.Clone(r.Context()),
|
||||
ShouldLogCredentials: shouldLogCredentials,
|
||||
})
|
||||
errLog := s.errorLogger.With(loggableReq)
|
||||
errLog := s.errorLogger.WithLazy(loggableReq)
|
||||
|
||||
var duration time.Duration
|
||||
|
||||
|
@ -383,6 +398,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
// add HTTP error information to request context
|
||||
r = s.Errors.WithError(r, err)
|
||||
|
||||
var fields []zapcore.Field
|
||||
if s.Errors != nil && len(s.Errors.Routes) > 0 {
|
||||
// execute user-defined error handling route
|
||||
err2 := s.errorHandlerChain.ServeHTTP(w, r)
|
||||
|
@ -390,17 +406,28 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
// user's error route handled the error response
|
||||
// successfully, so now just log the error
|
||||
for _, logger := range errLoggers {
|
||||
logger.Debug(errMsg, errFields...)
|
||||
if c := logger.Check(zapcore.DebugLevel, errMsg); c != nil {
|
||||
if fields == nil {
|
||||
fields = errFields()
|
||||
}
|
||||
|
||||
c.Write(fields...)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// well... this is awkward
|
||||
errFields = append([]zapcore.Field{
|
||||
for _, logger := range errLoggers {
|
||||
if c := logger.Check(zapcore.ErrorLevel, "error handling handler error"); c != nil {
|
||||
if fields == nil {
|
||||
fields = errFields()
|
||||
fields = append([]zapcore.Field{
|
||||
zap.String("error", err2.Error()),
|
||||
zap.Namespace("first_error"),
|
||||
zap.String("msg", errMsg),
|
||||
}, errFields...)
|
||||
for _, logger := range errLoggers {
|
||||
logger.Error("error handling handler error", errFields...)
|
||||
}, fields...)
|
||||
}
|
||||
c.Write(fields...)
|
||||
}
|
||||
}
|
||||
if handlerErr, ok := err.(HandlerError); ok {
|
||||
w.WriteHeader(handlerErr.StatusCode)
|
||||
|
@ -409,11 +436,17 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
} else {
|
||||
for _, logger := range errLoggers {
|
||||
logLevel := zapcore.DebugLevel
|
||||
if errStatus >= 500 {
|
||||
logger.Error(errMsg, errFields...)
|
||||
} else {
|
||||
logger.Debug(errMsg, errFields...)
|
||||
logLevel = zapcore.ErrorLevel
|
||||
}
|
||||
|
||||
for _, logger := range errLoggers {
|
||||
if c := logger.Check(logLevel, errMsg); c != nil {
|
||||
if fields == nil {
|
||||
fields = errFields()
|
||||
}
|
||||
c.Write(fields...)
|
||||
}
|
||||
}
|
||||
w.WriteHeader(errStatus)
|
||||
|
@ -521,12 +554,9 @@ func (s *Server) hasListenerAddress(fullAddr string) bool {
|
|||
}
|
||||
|
||||
func (s *Server) hasTLSClientAuth() bool {
|
||||
for _, cp := range s.TLSConnPolicies {
|
||||
if cp.ClientAuthentication != nil && cp.ClientAuthentication.Active() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(s.TLSConnPolicies, func(cp *caddytls.ConnectionPolicy) bool {
|
||||
return cp.ClientAuthentication != nil && cp.ClientAuthentication.Active()
|
||||
})
|
||||
}
|
||||
|
||||
// findLastRouteWithHostMatcher returns the index of the last route
|
||||
|
@ -575,7 +605,11 @@ func (s *Server) findLastRouteWithHostMatcher() int {
|
|||
// not already done, and then uses that server to serve HTTP/3 over
|
||||
// the listener, with Server s as the handler.
|
||||
func (s *Server) serveHTTP3(addr caddy.NetworkAddress, tlsCfg *tls.Config) error {
|
||||
addr.Network = getHTTP3Network(addr.Network)
|
||||
h3net, err := getHTTP3Network(addr.Network)
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting HTTP/3 QUIC listener: %v", err)
|
||||
}
|
||||
addr.Network = h3net
|
||||
h3ln, err := addr.ListenQUIC(s.ctx, 0, net.ListenConfig{}, tlsCfg)
|
||||
if err != nil {
|
||||
return fmt.Errorf("starting HTTP/3 QUIC listener: %v", err)
|
||||
|
@ -602,9 +636,9 @@ func (s *Server) serveHTTP3(addr caddy.NetworkAddress, tlsCfg *tls.Config) error
|
|||
}),
|
||||
TLSConfig: tlsCfg,
|
||||
MaxHeaderBytes: s.MaxHeaderBytes,
|
||||
// TODO: remove this config when draft versions are no longer supported (we have no need to support drafts)
|
||||
QUICConfig: &quic.Config{
|
||||
Versions: []quic.Version{quic.Version1, quic.Version2},
|
||||
Tracer: qlog.DefaultConnectionTracer,
|
||||
},
|
||||
IdleTimeout: time.Duration(s.IdleTimeout),
|
||||
ConnContext: func(ctx context.Context, c quic.Connection) context.Context {
|
||||
|
@ -750,7 +784,9 @@ func (s *Server) logTrace(mh MiddlewareHandler) {
|
|||
if s.Logs == nil || !s.Logs.Trace {
|
||||
return
|
||||
}
|
||||
s.traceLogger.Debug(caddy.GetModuleName(mh), zap.Any("module", mh))
|
||||
if c := s.traceLogger.Check(zapcore.DebugLevel, caddy.GetModuleName(mh)); c != nil {
|
||||
c.Write(zap.Any("module", mh))
|
||||
}
|
||||
}
|
||||
|
||||
// logRequest logs the request to access logs, unless skipped.
|
||||
|
@ -763,11 +799,37 @@ func (s *Server) logRequest(
|
|||
return
|
||||
}
|
||||
|
||||
repl.Set("http.response.status", wrec.Status()) // will be 0 if no response is written by us (Go will write 200 to client)
|
||||
repl.Set("http.response.size", wrec.Size())
|
||||
status := wrec.Status()
|
||||
size := wrec.Size()
|
||||
|
||||
repl.Set("http.response.status", status) // will be 0 if no response is written by us (Go will write 200 to client)
|
||||
repl.Set("http.response.size", size)
|
||||
repl.Set("http.response.duration", duration)
|
||||
repl.Set("http.response.duration_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666)
|
||||
|
||||
loggers := []*zap.Logger{accLog}
|
||||
if s.Logs != nil {
|
||||
loggers = s.Logs.wrapLogger(accLog, r)
|
||||
}
|
||||
|
||||
message := "handled request"
|
||||
if nop, ok := GetVar(r.Context(), "unhandled").(bool); ok && nop {
|
||||
message = "NOP"
|
||||
}
|
||||
|
||||
logLevel := zapcore.InfoLevel
|
||||
if status >= 500 {
|
||||
logLevel = zapcore.ErrorLevel
|
||||
}
|
||||
|
||||
var fields []zapcore.Field
|
||||
for _, logger := range loggers {
|
||||
c := logger.Check(logLevel, message)
|
||||
if c == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if fields == nil {
|
||||
userID, _ := repl.GetString("http.auth.user.id")
|
||||
|
||||
reqBodyLength := 0
|
||||
|
@ -778,45 +840,41 @@ func (s *Server) logRequest(
|
|||
extra := r.Context().Value(ExtraLogFieldsCtxKey).(*ExtraLogFields)
|
||||
|
||||
fieldCount := 6
|
||||
fields := make([]zapcore.Field, 0, fieldCount+len(extra.fields))
|
||||
fields = make([]zapcore.Field, 0, fieldCount+len(extra.fields))
|
||||
fields = append(fields,
|
||||
zap.Int("bytes_read", reqBodyLength),
|
||||
zap.String("user_id", userID),
|
||||
zap.Duration("duration", *duration),
|
||||
zap.Int("size", wrec.Size()),
|
||||
zap.Int("status", wrec.Status()),
|
||||
zap.Int("size", size),
|
||||
zap.Int("status", status),
|
||||
zap.Object("resp_headers", LoggableHTTPHeader{
|
||||
Header: wrec.Header(),
|
||||
ShouldLogCredentials: shouldLogCredentials,
|
||||
}))
|
||||
}),
|
||||
)
|
||||
fields = append(fields, extra.fields...)
|
||||
|
||||
loggers := []*zap.Logger{accLog}
|
||||
if s.Logs != nil {
|
||||
loggers = s.Logs.wrapLogger(accLog, r)
|
||||
}
|
||||
|
||||
// wrapping may return multiple loggers, so we log to all of them
|
||||
for _, logger := range loggers {
|
||||
logAtLevel := logger.Info
|
||||
if wrec.Status() >= 500 {
|
||||
logAtLevel = logger.Error
|
||||
}
|
||||
message := "handled request"
|
||||
if nop, ok := GetVar(r.Context(), "unhandled").(bool); ok && nop {
|
||||
message = "NOP"
|
||||
}
|
||||
logAtLevel(message, fields...)
|
||||
c.Write(fields...)
|
||||
}
|
||||
}
|
||||
|
||||
// protocol returns true if the protocol proto is configured/enabled.
|
||||
func (s *Server) protocol(proto string) bool {
|
||||
for _, p := range s.Protocols {
|
||||
if p == proto {
|
||||
if s.ListenProtocols == nil {
|
||||
if slices.Contains(s.Protocols, proto) {
|
||||
return true
|
||||
}
|
||||
} else {
|
||||
for _, lnProtocols := range s.ListenProtocols {
|
||||
for _, lnProtocol := range lnProtocols {
|
||||
if lnProtocol == "" && slices.Contains(s.Protocols, proto) || lnProtocol == proto {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
|
@ -922,12 +980,9 @@ func determineTrustedProxy(r *http.Request, s *Server) (bool, string) {
|
|||
// isTrustedClientIP returns true if the given IP address is
|
||||
// in the list of trusted IP ranges.
|
||||
func isTrustedClientIP(ipAddr netip.Addr, trusted []netip.Prefix) bool {
|
||||
for _, ipRange := range trusted {
|
||||
if ipRange.Contains(ipAddr) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(trusted, func(prefix netip.Prefix) bool {
|
||||
return prefix.Contains(ipAddr)
|
||||
})
|
||||
}
|
||||
|
||||
// trustedRealClientIP finds the client IP from the request assuming it is
|
||||
|
@ -1060,9 +1115,14 @@ const (
|
|||
)
|
||||
|
||||
var networkTypesHTTP3 = map[string]string{
|
||||
"unix": "unixgram",
|
||||
"unixgram": "unixgram",
|
||||
"udp": "udp",
|
||||
"udp4": "udp4",
|
||||
"udp6": "udp6",
|
||||
"tcp": "udp",
|
||||
"tcp4": "udp4",
|
||||
"tcp6": "udp6",
|
||||
"fdgram": "fdgram",
|
||||
}
|
||||
|
||||
// RegisterNetworkHTTP3 registers a mapping from non-HTTP/3 network to HTTP/3
|
||||
|
@ -1077,11 +1137,10 @@ func RegisterNetworkHTTP3(originalNetwork, h3Network string) {
|
|||
networkTypesHTTP3[originalNetwork] = h3Network
|
||||
}
|
||||
|
||||
func getHTTP3Network(originalNetwork string) string {
|
||||
func getHTTP3Network(originalNetwork string) (string, error) {
|
||||
h3Network, ok := networkTypesHTTP3[strings.ToLower(originalNetwork)]
|
||||
if !ok {
|
||||
// TODO: Maybe a better default is to not enable HTTP/3 if we do not know the network?
|
||||
return "udp"
|
||||
return "", fmt.Errorf("network '%s' cannot handle HTTP/3 connections", originalNetwork)
|
||||
}
|
||||
return h3Network
|
||||
return h3Network, nil
|
||||
}
|
||||
|
|
|
@ -121,6 +121,29 @@ func BenchmarkServer_LogRequest(b *testing.B) {
|
|||
}
|
||||
}
|
||||
|
||||
func BenchmarkServer_LogRequest_NopLogger(b *testing.B) {
|
||||
s := &Server{}
|
||||
|
||||
extra := new(ExtraLogFields)
|
||||
ctx := context.WithValue(context.Background(), ExtraLogFieldsCtxKey, extra)
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx)
|
||||
rec := httptest.NewRecorder()
|
||||
wrec := NewResponseRecorder(rec, nil, nil)
|
||||
|
||||
duration := 50 * time.Millisecond
|
||||
repl := NewTestReplacer(req)
|
||||
bodyReader := &lengthReader{Source: req.Body}
|
||||
|
||||
accLog := zap.NewNop()
|
||||
|
||||
b.ResetTimer()
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
s.logRequest(accLog, req, wrec, &duration, repl, bodyReader, false)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkServer_LogRequest_WithTraceID(b *testing.B) {
|
||||
s := &Server{}
|
||||
|
||||
|
|
|
@ -387,7 +387,7 @@ func cmdRespond(fl caddycmd.Flags) (int, error) {
|
|||
return caddy.ExitCodeFailedStartup, err
|
||||
}
|
||||
|
||||
if !listenAddr.IsUnixNetwork() {
|
||||
if !listenAddr.IsUnixNetwork() && !listenAddr.IsFdNetwork() {
|
||||
listenAddrs := make([]string, 0, listenAddr.PortRangeSize())
|
||||
for offset := uint(0); offset < listenAddr.PortRangeSize(); offset++ {
|
||||
listenAddrs = append(listenAddrs, listenAddr.JoinHostPort(offset))
|
||||
|
|
|
@ -40,6 +40,7 @@ func extractFrontMatter(input string) (map[string]any, string, error) {
|
|||
if firstLine == fmType.FenceOpen {
|
||||
closingFence = fmType.FenceClose
|
||||
fmParser = fmType.ParseFunc
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -81,6 +81,12 @@ func init() {
|
|||
// {{placeholder "http.error.status_code"}}
|
||||
// ```
|
||||
//
|
||||
// As a shortcut, `ph` is an alias for `placeholder`.
|
||||
//
|
||||
// ```
|
||||
// {{ph "http.request.method"}}
|
||||
// ```
|
||||
//
|
||||
// ##### `.Host`
|
||||
//
|
||||
// Returns the hostname portion (no port) of the Host header of the HTTP request.
|
||||
|
|
|
@ -88,6 +88,7 @@ func (c *TemplateContext) NewTemplate(tplName string) *template.Template {
|
|||
"fileStat": c.funcFileStat,
|
||||
"env": c.funcEnv,
|
||||
"placeholder": c.funcPlaceholder,
|
||||
"ph": c.funcPlaceholder, // shortcut
|
||||
"fileExists": c.funcFileExists,
|
||||
"httpError": c.funcHTTPError,
|
||||
"humanize": c.funcHumanize,
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
sdktrace "go.opentelemetry.io/otel/sdk/trace"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
)
|
||||
|
||||
// globalTracerProvider stores global tracer provider and is responsible for graceful shutdown when nobody is using it.
|
||||
|
@ -47,7 +48,9 @@ func (t *tracerProvider) cleanupTracerProvider(logger *zap.Logger) error {
|
|||
if t.tracerProvider != nil {
|
||||
// tracerProvider.ForceFlush SHOULD be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#forceflush
|
||||
if err := t.tracerProvider.ForceFlush(context.Background()); err != nil {
|
||||
logger.Error("forcing flush", zap.Error(err))
|
||||
if c := logger.Check(zapcore.ErrorLevel, "forcing flush"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
|
||||
// tracerProvider.Shutdown MUST be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#shutdown
|
||||
|
|
|
@ -18,8 +18,12 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
||||
"github.com/google/cel-go/cel"
|
||||
"github.com/google/cel-go/common/types/ref"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
)
|
||||
|
@ -203,6 +207,28 @@ func (m VarsMatcher) Match(r *http.Request) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// CELLibrary produces options that expose this matcher for use in CEL
|
||||
// expression matchers.
|
||||
//
|
||||
// Example:
|
||||
//
|
||||
// expression vars({'{magic_number}': ['3', '5']})
|
||||
// expression vars({'{foo}': 'single_value'})
|
||||
func (VarsMatcher) CELLibrary(_ caddy.Context) (cel.Library, error) {
|
||||
return CELMatcherImpl(
|
||||
"vars",
|
||||
"vars_matcher_request_map",
|
||||
[]*cel.Type{CELTypeJSON},
|
||||
func(data ref.Val) (RequestMatcher, error) {
|
||||
mapStrListStr, err := CELValueToMapStrList(data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return VarsMatcher(mapStrListStr), nil
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
// MatchVarsRE matches the value of the context variables by a given regular expression.
|
||||
//
|
||||
// Upon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`
|
||||
|
@ -302,6 +328,69 @@ func (m MatchVarsRE) Match(r *http.Request) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// CELLibrary produces options that expose this matcher for use in CEL
|
||||
// expression matchers.
|
||||
//
|
||||
// Example:
|
||||
//
|
||||
// expression vars_regexp('foo', '{magic_number}', '[0-9]+')
|
||||
// expression vars_regexp('{magic_number}', '[0-9]+')
|
||||
func (MatchVarsRE) CELLibrary(ctx caddy.Context) (cel.Library, error) {
|
||||
unnamedPattern, err := CELMatcherImpl(
|
||||
"vars_regexp",
|
||||
"vars_regexp_request_string_string",
|
||||
[]*cel.Type{cel.StringType, cel.StringType},
|
||||
func(data ref.Val) (RequestMatcher, error) {
|
||||
refStringList := reflect.TypeOf([]string{})
|
||||
params, err := data.ConvertToNative(refStringList)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
strParams := params.([]string)
|
||||
matcher := MatchVarsRE{}
|
||||
matcher[strParams[0]] = &MatchRegexp{
|
||||
Pattern: strParams[1],
|
||||
Name: ctx.Value(MatcherNameCtxKey).(string),
|
||||
}
|
||||
err = matcher.Provision(ctx)
|
||||
return matcher, err
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
namedPattern, err := CELMatcherImpl(
|
||||
"vars_regexp",
|
||||
"vars_regexp_request_string_string_string",
|
||||
[]*cel.Type{cel.StringType, cel.StringType, cel.StringType},
|
||||
func(data ref.Val) (RequestMatcher, error) {
|
||||
refStringList := reflect.TypeOf([]string{})
|
||||
params, err := data.ConvertToNative(refStringList)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
strParams := params.([]string)
|
||||
name := strParams[0]
|
||||
if name == "" {
|
||||
name = ctx.Value(MatcherNameCtxKey).(string)
|
||||
}
|
||||
matcher := MatchVarsRE{}
|
||||
matcher[strParams[1]] = &MatchRegexp{
|
||||
Pattern: strParams[2],
|
||||
Name: name,
|
||||
}
|
||||
err = matcher.Provision(ctx)
|
||||
return matcher, err
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
envOpts := append(unnamedPattern.CompileOptions(), namedPattern.CompileOptions()...)
|
||||
prgOpts := append(unnamedPattern.ProgramOptions(), namedPattern.ProgramOptions()...)
|
||||
return NewMatcherCELLibrary(envOpts, prgOpts), nil
|
||||
}
|
||||
|
||||
// Validate validates m's regular expressions.
|
||||
func (m MatchVarsRE) Validate() error {
|
||||
for _, rm := range m {
|
||||
|
|
|
@ -35,6 +35,7 @@ import (
|
|||
"github.com/smallstep/certificates/db"
|
||||
"github.com/smallstep/nosql"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||||
|
@ -243,10 +244,14 @@ func (ash Handler) Cleanup() error {
|
|||
key := ash.getDatabaseKey()
|
||||
deleted, err := databasePool.Delete(key)
|
||||
if deleted {
|
||||
ash.logger.Debug("unloading unused CA database", zap.String("db_key", key))
|
||||
if c := ash.logger.Check(zapcore.DebugLevel, "unloading unused CA database"); c != nil {
|
||||
c.Write(zap.String("db_key", key))
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
ash.logger.Error("closing CA database", zap.String("db_key", key), zap.Error(err))
|
||||
if c := ash.logger.Check(zapcore.ErrorLevel, "closing CA database"); c != nil {
|
||||
c.Write(zap.String("db_key", key), zap.Error(err))
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
@ -271,7 +276,9 @@ func (ash Handler) openDatabase() (*db.AuthDB, error) {
|
|||
})
|
||||
|
||||
if loaded {
|
||||
ash.logger.Debug("loaded preexisting CA database", zap.String("db_key", key))
|
||||
if c := ash.logger.Check(zapcore.DebugLevel, "loaded preexisting CA database"); c != nil {
|
||||
c.Write(zap.String("db_key", key))
|
||||
}
|
||||
}
|
||||
|
||||
return database.(databaseCloser).DB, err
|
||||
|
|
|
@ -30,6 +30,7 @@ import (
|
|||
"github.com/caddyserver/zerossl"
|
||||
"github.com/mholt/acmez/v2/acme"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig"
|
||||
|
@ -321,7 +322,9 @@ func (iss *ACMEIssuer) generateZeroSSLEABCredentials(ctx context.Context, acct a
|
|||
return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode)
|
||||
}
|
||||
|
||||
iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID))
|
||||
if c := iss.logger.Check(zapcore.InfoLevel, "generated EAB credentials"); c != nil {
|
||||
c.Write(zap.String("key_id", result.EABKID))
|
||||
}
|
||||
|
||||
return &acme.EAB{
|
||||
KeyID: result.EABKID,
|
||||
|
|
|
@ -21,11 +21,13 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"slices"
|
||||
"strings"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
"github.com/mholt/acmez/v2"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
)
|
||||
|
@ -292,31 +294,34 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error {
|
|||
remoteIP, _, _ = net.SplitHostPort(remote.String())
|
||||
}
|
||||
}
|
||||
tlsApp.logger.Debug("asking for permission for on-demand certificate",
|
||||
if c := tlsApp.logger.Check(zapcore.DebugLevel, "asking for permission for on-demand certificate"); c != nil {
|
||||
c.Write(
|
||||
zap.String("remote_ip", remoteIP),
|
||||
zap.String("domain", name))
|
||||
zap.String("domain", name),
|
||||
)
|
||||
}
|
||||
|
||||
// ask the permission module if this cert is allowed
|
||||
if err := tlsApp.Automation.OnDemand.permission.CertificateAllowed(ctx, name); err != nil {
|
||||
// distinguish true errors from denials, because it's important to elevate actual errors
|
||||
if errors.Is(err, ErrPermissionDenied) {
|
||||
tlsApp.logger.Debug("on-demand certificate issuance denied",
|
||||
if c := tlsApp.logger.Check(zapcore.DebugLevel, "on-demand certificate issuance denied"); c != nil {
|
||||
c.Write(
|
||||
zap.String("domain", name),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
} else {
|
||||
tlsApp.logger.Error("failed to get permission for on-demand certificate",
|
||||
if c := tlsApp.logger.Check(zapcore.ErrorLevel, "failed to get permission for on-demand certificate"); c != nil {
|
||||
c.Write(
|
||||
zap.String("domain", name),
|
||||
zap.Error(err))
|
||||
zap.Error(err),
|
||||
)
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// check the rate limiter last because
|
||||
// doing so makes a reservation
|
||||
if !onDemandRateLimiter.Allow() {
|
||||
return fmt.Errorf("on-demand rate limit exceeded")
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
Managers: ap.Managers,
|
||||
|
@ -363,12 +368,9 @@ func (ap *AutomationPolicy) Subjects() []string {
|
|||
|
||||
// AllInternalSubjects returns true if all the subjects on this policy are internal.
|
||||
func (ap *AutomationPolicy) AllInternalSubjects() bool {
|
||||
for _, subj := range ap.subjects {
|
||||
if !certmagic.SubjectIsInternal(subj) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
return !slices.ContainsFunc(ap.subjects, func(s string) bool {
|
||||
return !certmagic.SubjectIsInternal(s)
|
||||
})
|
||||
}
|
||||
|
||||
func (ap *AutomationPolicy) onlyInternalIssuer() bool {
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"github.com/caddyserver/certmagic"
|
||||
"github.com/tailscale/tscert"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
|
@ -46,7 +47,9 @@ func (ts Tailscale) GetCertificate(ctx context.Context, hello *tls.ClientHelloIn
|
|||
return nil, nil // pass-thru: Tailscale can't offer a cert for this name
|
||||
}
|
||||
if err != nil {
|
||||
ts.logger.Warn("could not get status; will try to get certificate anyway", zap.Error(err))
|
||||
if c := ts.logger.Check(zapcore.WarnLevel, "could not get status; will try to get certificate anyway"); c != nil {
|
||||
c.Write(zap.Error(err))
|
||||
}
|
||||
}
|
||||
return tscert.GetCertificateWithContext(ctx, hello)
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"slices"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
|
||||
|
@ -72,15 +73,9 @@ nextChoice:
|
|||
}
|
||||
|
||||
if len(p.SubjectOrganization) > 0 {
|
||||
var found bool
|
||||
for _, subjOrg := range p.SubjectOrganization {
|
||||
for _, org := range cert.Leaf.Subject.Organization {
|
||||
if subjOrg == org {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
found := slices.ContainsFunc(p.SubjectOrganization, func(s string) bool {
|
||||
return slices.Contains(cert.Leaf.Subject.Organization, s)
|
||||
})
|
||||
if !found {
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
//go:build cfgo
|
||||
|
||||
package caddytls
|
||||
|
||||
// This file adds support for X25519Kyber768Draft00, a post-quantum
|
||||
// key agreement that is currently being rolled out by Chrome [1]
|
||||
// and Cloudflare [2,3]. For more context, see the PR [4].
|
||||
//
|
||||
// [1] https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
|
||||
// [2] https://blog.cloudflare.com/post-quantum-for-all/
|
||||
// [3] https://blog.cloudflare.com/post-quantum-to-origins/
|
||||
// [4] https://github.com/caddyserver/caddy/pull/5852
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
)
|
||||
|
||||
func init() {
|
||||
SupportedCurves["X25519Kyber768Draft00"] = tls.X25519Kyber768Draft00
|
||||
defaultCurves = append(
|
||||
[]tls.CurveID{tls.X25519Kyber768Draft00},
|
||||
defaultCurves...,
|
||||
)
|
||||
}
|
|
@ -15,6 +15,7 @@
|
|||
package caddytls
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
|
@ -28,6 +29,7 @@ import (
|
|||
|
||||
"github.com/mholt/acmez/v2"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig"
|
||||
|
@ -77,6 +79,14 @@ func (cp ConnectionPolicies) Provision(ctx caddy.Context) error {
|
|||
cp[i].ClientAuthentication.verifiers = append(cp[i].ClientAuthentication.verifiers, validator.(ClientCertificateVerifier))
|
||||
}
|
||||
}
|
||||
|
||||
if len(pol.HandshakeContextRaw) > 0 {
|
||||
modIface, err := ctx.LoadModule(pol, "HandshakeContextRaw")
|
||||
if err != nil {
|
||||
return fmt.Errorf("loading handshake context module: %v", err)
|
||||
}
|
||||
cp[i].handshakeContext = modIface.(HandshakeContext)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -136,6 +146,7 @@ type ConnectionPolicy struct {
|
|||
// How to match this policy with a TLS ClientHello. If
|
||||
// this policy is the first to match, it will be used.
|
||||
MatchersRaw caddy.ModuleMap `json:"match,omitempty" caddy:"namespace=tls.handshake_match"`
|
||||
matchers []ConnectionMatcher
|
||||
|
||||
// How to choose a certificate if more than one matched
|
||||
// the given ServerName (SNI) value.
|
||||
|
@ -191,6 +202,12 @@ type ConnectionPolicy struct {
|
|||
// This feature is EXPERIMENTAL and subject to change or removal.
|
||||
InsecureSecretsLog string `json:"insecure_secrets_log,omitempty"`
|
||||
|
||||
// A module that can manipulate the context passed into CertMagic's
|
||||
// certificate management functions during TLS handshakes.
|
||||
// EXPERIMENTAL - subject to change or removal.
|
||||
HandshakeContextRaw json.RawMessage `json:"handshake_context,omitempty" caddy:"namespace=tls.context inline_key=module"`
|
||||
handshakeContext HandshakeContext
|
||||
|
||||
// TLSConfig is the fully-formed, standard lib TLS config
|
||||
// used to serve TLS connections. Provision all
|
||||
// ConnectionPolicies to populate this. It is exported only
|
||||
|
@ -198,8 +215,15 @@ type ConnectionPolicy struct {
|
|||
// if necessary (like to adjust NextProtos to disable HTTP/2),
|
||||
// and may be unexported in the future.
|
||||
TLSConfig *tls.Config `json:"-"`
|
||||
}
|
||||
|
||||
matchers []ConnectionMatcher
|
||||
type HandshakeContext interface {
|
||||
// HandshakeContext returns a context to pass into CertMagic's
|
||||
// GetCertificate function used to serve, load, and manage certs
|
||||
// during TLS handshakes. Generally you'll start with the context
|
||||
// from the ClientHelloInfo, but you may use other information
|
||||
// from it as well. Return an error to abort the handshake.
|
||||
HandshakeContext(*tls.ClientHelloInfo) (context.Context, error)
|
||||
}
|
||||
|
||||
func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
|
||||
|
@ -239,7 +263,18 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
|
|||
}
|
||||
cfg.DefaultServerName = p.DefaultSNI
|
||||
cfg.FallbackServerName = p.FallbackSNI
|
||||
return cfg.GetCertificate(hello)
|
||||
|
||||
// TODO: experimental: if a handshake context module is configured, allow it
|
||||
// to modify the context before passing it into CertMagic's GetCertificate
|
||||
ctx := hello.Context()
|
||||
if p.handshakeContext != nil {
|
||||
ctx, err = p.handshakeContext.HandshakeContext(hello)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("handshake context: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
return cfg.GetCertificateWithContext(ctx, hello)
|
||||
},
|
||||
MinVersion: tls.VersionTLS12,
|
||||
MaxVersion: tls.VersionTLS13,
|
||||
|
@ -338,8 +373,9 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
|
|||
|
||||
cfg.KeyLogWriter = logFile.(io.Writer)
|
||||
|
||||
tlsApp.logger.Warn("TLS SECURITY COMPROMISED: secrets logging is enabled!",
|
||||
zap.String("log_filename", filename))
|
||||
if c := tlsApp.logger.Check(zapcore.WarnLevel, "TLS SECURITY COMPROMISED: secrets logging is enabled!"); c != nil {
|
||||
c.Write(zap.String("log_filename", filename))
|
||||
}
|
||||
}
|
||||
|
||||
setDefaultTLSParams(cfg)
|
||||
|
@ -553,16 +589,10 @@ type ClientAuthentication struct {
|
|||
// trust_pool <module> {
|
||||
// ...
|
||||
// }
|
||||
// trusted_leaf_cert <base64_der>
|
||||
// trusted_leaf_cert_file <filename>
|
||||
// verifier <module>
|
||||
// }
|
||||
//
|
||||
// If `mode` is not provided, it defaults to `require_and_verify` if any of the following are provided:
|
||||
// - `trusted_leaf_certs`
|
||||
// - `trusted_leaf_cert_file`
|
||||
// - `trust_pool`
|
||||
//
|
||||
// If `mode` is not provided, it defaults to `require_and_verify` if `trust_pool` is provided.
|
||||
// Otherwise, it defaults to `require`.
|
||||
func (ca *ClientAuthentication) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||||
for d.NextArg() {
|
||||
|
@ -766,7 +796,7 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro
|
|||
if len(clientauth.TrustedCACerts) > 0 ||
|
||||
len(clientauth.TrustedCACertPEMFiles) > 0 ||
|
||||
len(clientauth.TrustedLeafCerts) > 0 ||
|
||||
clientauth.CARaw != nil {
|
||||
clientauth.CARaw != nil || clientauth.ca != nil {
|
||||
cfg.ClientAuth = tls.RequireAndVerifyClientCert
|
||||
} else {
|
||||
cfg.ClientAuth = tls.RequireAnyClientCert
|
||||
|
@ -841,7 +871,15 @@ func setDefaultTLSParams(cfg *tls.Config) {
|
|||
cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)
|
||||
|
||||
if len(cfg.CurvePreferences) == 0 {
|
||||
cfg.CurvePreferences = defaultCurves
|
||||
// We would want to write
|
||||
//
|
||||
// cfg.CurvePreferences = defaultCurves
|
||||
//
|
||||
// but that would disable the post-quantum key agreement X25519Kyber768
|
||||
// supported in Go 1.23, for which the CurveID is not exported.
|
||||
// Instead, we'll set CurvePreferences to nil, which will enable PQC.
|
||||
// See https://github.com/caddyserver/caddy/issues/6540
|
||||
cfg.CurvePreferences = nil
|
||||
}
|
||||
|
||||
if cfg.MinVersion == 0 {
|
||||
|
|
|
@ -18,6 +18,7 @@ import (
|
|||
"crypto/tls"
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
)
|
||||
|
@ -92,8 +93,16 @@ func (fl FileLoader) LoadCertificates() ([]Certificate, error) {
|
|||
switch pair.Format {
|
||||
case "":
|
||||
fallthrough
|
||||
|
||||
case "pem":
|
||||
// if the start of the key file looks like an encrypted private key,
|
||||
// reject it with a helpful error message
|
||||
if strings.Contains(string(keyData[:40]), "ENCRYPTED") {
|
||||
return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
|
||||
}
|
||||
|
||||
cert, err = tls.X509KeyPair(certData, keyData)
|
||||
|
||||
default:
|
||||
return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format)
|
||||
}
|
||||
|
|
|
@ -150,6 +150,12 @@ func tlsCertFromCertAndKeyPEMBundle(bundle []byte) (tls.Certificate, error) {
|
|||
return tls.Certificate{}, fmt.Errorf("no private key block found")
|
||||
}
|
||||
|
||||
// if the start of the key file looks like an encrypted private key,
|
||||
// reject it with a helpful error message
|
||||
if strings.HasPrefix(string(keyPEMBytes[:40]), "ENCRYPTED") {
|
||||
return tls.Certificate{}, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
|
||||
}
|
||||
|
||||
cert, err := tls.X509KeyPair(certPEMBytes, keyPEMBytes)
|
||||
if err != nil {
|
||||
return tls.Certificate{}, fmt.Errorf("making X509 key pair: %v", err)
|
||||
|
|
|
@ -19,10 +19,14 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
"net/netip"
|
||||
"regexp"
|
||||
"slices"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/caddyserver/certmagic"
|
||||
"go.uber.org/zap"
|
||||
"go.uber.org/zap/zapcore"
|
||||
|
||||
"github.com/caddyserver/caddy/v2"
|
||||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||||
|
@ -31,6 +35,7 @@ import (
|
|||
|
||||
func init() {
|
||||
caddy.RegisterModule(MatchServerName{})
|
||||
caddy.RegisterModule(MatchServerNameRE{})
|
||||
caddy.RegisterModule(MatchRemoteIP{})
|
||||
caddy.RegisterModule(MatchLocalIP{})
|
||||
}
|
||||
|
@ -91,6 +96,146 @@ func (m *MatchServerName) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// MatchRegexp is an embeddable type for matching
|
||||
// using regular expressions. It adds placeholders
|
||||
// to the request's replacer. In fact, it is a copy of
|
||||
// caddyhttp.MatchRegexp with a local replacer prefix
|
||||
// and placeholders support in a regular expression pattern.
|
||||
type MatchRegexp struct {
|
||||
// A unique name for this regular expression. Optional,
|
||||
// but useful to prevent overwriting captures from other
|
||||
// regexp matchers.
|
||||
Name string `json:"name,omitempty"`
|
||||
|
||||
// The regular expression to evaluate, in RE2 syntax,
|
||||
// which is the same general syntax used by Go, Perl,
|
||||
// and Python. For details, see
|
||||
// [Go's regexp package](https://golang.org/pkg/regexp/).
|
||||
// Captures are accessible via placeholders. Unnamed
|
||||
// capture groups are exposed as their numeric, 1-based
|
||||
// index, while named capture groups are available by
|
||||
// the capture group name.
|
||||
Pattern string `json:"pattern"`
|
||||
|
||||
compiled *regexp.Regexp
|
||||
}
|
||||
|
||||
// Provision compiles the regular expression which may include placeholders.
|
||||
func (mre *MatchRegexp) Provision(caddy.Context) error {
|
||||
repl := caddy.NewReplacer()
|
||||
re, err := regexp.Compile(repl.ReplaceAll(mre.Pattern, ""))
|
||||
if err != nil {
|
||||
return fmt.Errorf("compiling matcher regexp %s: %v", mre.Pattern, err)
|
||||
}
|
||||
mre.compiled = re
|
||||
return nil
|
||||
}
|
||||
|
||||
// Validate ensures mre is set up correctly.
|
||||
func (mre *MatchRegexp) Validate() error {
|
||||
if mre.Name != "" && !wordRE.MatchString(mre.Name) {
|
||||
return fmt.Errorf("invalid regexp name (must contain only word characters): %s", mre.Name)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Match returns true if input matches the compiled regular
|
||||
// expression in m. It sets values on the replacer repl
|
||||
// associated with capture groups, using the given scope
|
||||
// (namespace).
|
||||
func (mre *MatchRegexp) Match(input string, repl *caddy.Replacer) bool {
|
||||
matches := mre.compiled.FindStringSubmatch(input)
|
||||
if matches == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
// save all capture groups, first by index
|
||||
for i, match := range matches {
|
||||
keySuffix := "." + strconv.Itoa(i)
|
||||
if mre.Name != "" {
|
||||
repl.Set(regexpPlaceholderPrefix+"."+mre.Name+keySuffix, match)
|
||||
}
|
||||
repl.Set(regexpPlaceholderPrefix+keySuffix, match)
|
||||
}
|
||||
|
||||
// then by name
|
||||
for i, name := range mre.compiled.SubexpNames() {
|
||||
// skip the first element (the full match), and empty names
|
||||
if i == 0 || name == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
keySuffix := "." + name
|
||||
if mre.Name != "" {
|
||||
repl.Set(regexpPlaceholderPrefix+"."+mre.Name+keySuffix, matches[i])
|
||||
}
|
||||
repl.Set(regexpPlaceholderPrefix+keySuffix, matches[i])
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
|
||||
func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||||
// iterate to merge multiple matchers into one
|
||||
for d.Next() {
|
||||
// If this is the second iteration of the loop
|
||||
// then there's more than one *_regexp matcher,
|
||||
// and we would end up overwriting the old one
|
||||
if mre.Pattern != "" {
|
||||
return d.Err("regular expression can only be used once per named matcher")
|
||||
}
|
||||
|
||||
args := d.RemainingArgs()
|
||||
switch len(args) {
|
||||
case 1:
|
||||
mre.Pattern = args[0]
|
||||
case 2:
|
||||
mre.Name = args[0]
|
||||
mre.Pattern = args[1]
|
||||
default:
|
||||
return d.ArgErr()
|
||||
}
|
||||
|
||||
// Default to the named matcher's name, if no regexp name is provided.
|
||||
// Note: it requires d.SetContext(caddyfile.MatcherNameCtxKey, value)
|
||||
// called before this unmarshalling, otherwise it wouldn't work.
|
||||
if mre.Name == "" {
|
||||
mre.Name = d.GetContextString(caddyfile.MatcherNameCtxKey)
|
||||
}
|
||||
|
||||
if d.NextBlock(0) {
|
||||
return d.Err("malformed regexp matcher: blocks are not supported")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// MatchServerNameRE matches based on SNI using a regular expression.
|
||||
type MatchServerNameRE struct{ MatchRegexp }
|
||||
|
||||
// CaddyModule returns the Caddy module information.
|
||||
func (MatchServerNameRE) CaddyModule() caddy.ModuleInfo {
|
||||
return caddy.ModuleInfo{
|
||||
ID: "tls.handshake_match.sni_regexp",
|
||||
New: func() caddy.Module { return new(MatchServerNameRE) },
|
||||
}
|
||||
}
|
||||
|
||||
// Match matches hello based on SNI using a regular expression.
|
||||
func (m MatchServerNameRE) Match(hello *tls.ClientHelloInfo) bool {
|
||||
repl := caddy.NewReplacer()
|
||||
// caddytls.TestServerNameMatcher calls this function without any context
|
||||
if ctx := hello.Context(); ctx != nil {
|
||||
// In some situations the existing context may have no replacer
|
||||
if replAny := ctx.Value(caddy.ReplacerCtxKey); replAny != nil {
|
||||
repl = replAny.(*caddy.Replacer)
|
||||
}
|
||||
}
|
||||
|
||||
return m.MatchRegexp.Match(hello.ServerName, repl)
|
||||
}
|
||||
|
||||
// MatchRemoteIP matches based on the remote IP of the
|
||||
// connection. Specific IPs or CIDR ranges can be specified.
|
||||
//
|
||||
|
@ -148,7 +293,9 @@ func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool {
|
|||
}
|
||||
ipAddr, err := netip.ParseAddr(ipStr)
|
||||
if err != nil {
|
||||
m.logger.Error("invalid client IP address", zap.String("ip", ipStr))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "invalid client IP address"); c != nil {
|
||||
c.Write(zap.String("ip", ipStr))
|
||||
}
|
||||
return false
|
||||
}
|
||||
return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) &&
|
||||
|
@ -175,12 +322,9 @@ func (MatchRemoteIP) parseIPRange(str string) ([]netip.Prefix, error) {
|
|||
}
|
||||
|
||||
func (MatchRemoteIP) matches(ip netip.Addr, ranges []netip.Prefix) bool {
|
||||
for _, ipRange := range ranges {
|
||||
if ipRange.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(ranges, func(prefix netip.Prefix) bool {
|
||||
return prefix.Contains(ip)
|
||||
})
|
||||
}
|
||||
|
||||
// UnmarshalCaddyfile sets up the MatchRemoteIP from Caddyfile tokens. Syntax:
|
||||
|
@ -265,7 +409,9 @@ func (m MatchLocalIP) Match(hello *tls.ClientHelloInfo) bool {
|
|||
}
|
||||
ipAddr, err := netip.ParseAddr(ipStr)
|
||||
if err != nil {
|
||||
m.logger.Error("invalid local IP address", zap.String("ip", ipStr))
|
||||
if c := m.logger.Check(zapcore.ErrorLevel, "invalid local IP address"); c != nil {
|
||||
c.Write(zap.String("ip", ipStr))
|
||||
}
|
||||
return false
|
||||
}
|
||||
return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs))
|
||||
|
@ -291,12 +437,9 @@ func (MatchLocalIP) parseIPRange(str string) ([]netip.Prefix, error) {
|
|||
}
|
||||
|
||||
func (MatchLocalIP) matches(ip netip.Addr, ranges []netip.Prefix) bool {
|
||||
for _, ipRange := range ranges {
|
||||
if ipRange.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
return slices.ContainsFunc(ranges, func(prefix netip.Prefix) bool {
|
||||
return prefix.Contains(ip)
|
||||
})
|
||||
}
|
||||
|
||||
// UnmarshalCaddyfile sets up the MatchLocalIP from Caddyfile tokens. Syntax:
|
||||
|
@ -331,13 +474,21 @@ func (m *MatchLocalIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
|||
|
||||
// Interface guards
|
||||
var (
|
||||
_ ConnectionMatcher = (*MatchServerName)(nil)
|
||||
_ ConnectionMatcher = (*MatchLocalIP)(nil)
|
||||
_ ConnectionMatcher = (*MatchRemoteIP)(nil)
|
||||
_ ConnectionMatcher = (*MatchServerName)(nil)
|
||||
_ ConnectionMatcher = (*MatchServerNameRE)(nil)
|
||||
|
||||
_ caddy.Provisioner = (*MatchLocalIP)(nil)
|
||||
_ ConnectionMatcher = (*MatchLocalIP)(nil)
|
||||
_ caddy.Provisioner = (*MatchRemoteIP)(nil)
|
||||
_ caddy.Provisioner = (*MatchServerNameRE)(nil)
|
||||
|
||||
_ caddyfile.Unmarshaler = (*MatchLocalIP)(nil)
|
||||
_ caddyfile.Unmarshaler = (*MatchRemoteIP)(nil)
|
||||
_ caddyfile.Unmarshaler = (*MatchServerName)(nil)
|
||||
_ caddyfile.Unmarshaler = (*MatchServerNameRE)(nil)
|
||||
)
|
||||
|
||||
var wordRE = regexp.MustCompile(`\w+`)
|
||||
|
||||
const regexpPlaceholderPrefix = "tls.regexp"
|
||||
|
|
|
@ -89,6 +89,52 @@ func TestServerNameMatcher(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestServerNameREMatcher(t *testing.T) {
|
||||
for i, tc := range []struct {
|
||||
pattern string
|
||||
input string
|
||||
expect bool
|
||||
}{
|
||||
{
|
||||
pattern: "^example\\.(com|net)$",
|
||||
input: "example.com",
|
||||
expect: true,
|
||||
},
|
||||
{
|
||||
pattern: "^example\\.(com|net)$",
|
||||
input: "foo.com",
|
||||
expect: false,
|
||||
},
|
||||
{
|
||||
pattern: "^example\\.(com|net)$",
|
||||
input: "",
|
||||
expect: false,
|
||||
},
|
||||
{
|
||||
pattern: "",
|
||||
input: "",
|
||||
expect: true,
|
||||
},
|
||||
{
|
||||
pattern: "^example\\.(com|net)$",
|
||||
input: "foo.example.com",
|
||||
expect: false,
|
||||
},
|
||||
} {
|
||||
chi := &tls.ClientHelloInfo{ServerName: tc.input}
|
||||
mre := MatchServerNameRE{MatchRegexp{Pattern: tc.pattern}}
|
||||
ctx, _ := caddy.NewContext(caddy.Context{Context: context.Background()})
|
||||
if mre.Provision(ctx) != nil {
|
||||
t.Errorf("Test %d: Failed to provision a regexp matcher (pattern=%v)", i, tc.pattern)
|
||||
}
|
||||
actual := mre.Match(chi)
|
||||
if actual != tc.expect {
|
||||
t.Errorf("Test %d: Expected %t but got %t (input=%s match=%v)",
|
||||
i, tc.expect, actual, tc.input, tc.pattern)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestRemoteIPMatcher(t *testing.T) {
|
||||
ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()})
|
||||
defer cancel()
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue