* tls: Add support for the tls-alpn-01 challenge
Also updates lego/acme to latest on master.
TODO: This implementation of the tls-alpn challenge is not yet solvable
in a distributed Caddy cluster like the http challenge is.
* build: Allow building with the race detector
* tls: Support distributed solving of the TLS-ALPN-01 challenge
* Update vendor and add a todo in MITM checker
* Adding {when_unix_ms} requests placeholder (unix timestamp with a milliseconds precision)
* Add an 499 HTTP status code on user's cancel request as NGINX doing (instead of 502 Bad Gateway status with 'Context canceled' message)
* 499 HTTP status code was added as constant CustomStatusContextCancelled = 499
* caddytls: Raise TLS alert if no certificate matches SAN (closes#1303)
I don't love this half-baked solution to the issue raised in #1303 way
more than a year after the original issue was closed (the necro comments
are about an issue separate from the original issue that started it),
but I do like TLS alerts more than wrong certificates.
* Restore test to match
* Restore another previous test
* Updates the existing proxy and reverse proxy tests to include a new fallback delay value
* Adds a new fallback_delay sub-directive to the proxy directive and uses it in the creation of single host reverse proxies
* Add callback OnRestartFailed to caddy.Controller
* markdown: Fix 500 error (#2266)
* Addressed the comments
* Update paths for filebrowser plugins
* httpserver: update minify ordering (#2273)
* Bump required version of golang to 1.10 in README.md (#2267)
Adding TLS client cert placeholders #2217 uses features of go
v1.10. Update README requirements accordingly.
* Update CI to use Go 1.11
* caddytls: gofmt (Go 1.11) (#2241)
* Ensure assets path exists before writing UUID file
* Adding {when_unix_ms} requests placeholder (unix timestamp with a milliseconds precision) (#2260)
* update to quic-go v0.10.0 (#2288)
quic-go now vendors all of its dependencies, so we don't need to vendor
them here.
Created by running:
gvt delete github.com/lucas-clemente/quic-go
gvt delete github.com/bifurcation/mint
gvt delete github.com/lucas-clemente/aes12
gvt delete github.com/lucas-clemente/fnv128a
gvt delete github.com/lucas-clemente/quic-go-certificates
gvt delete github.com/aead/chacha20
gvt delete github.com/hashicorp/golang-lru
gvt fetch -tag v0.10.0-no-integrationtests github.com/lucas-clemente/quic-go
* fastcgi: Add default timeouts (#2265)
Default fastcgi timeout is 60 seconds
Add tests
* Fix AppVeyor builds (#2289)
* Attempting to fix AppVeyor builds
* Trying again, 2015 image this time
* Use Appveyor's Go 1.11 stack
* Restore GOPATH\bin to PATH and delete old image config
* Add gcc to path manually
* Addressed the comments
* Fix broken link to sourcegraph in README (#2285)
* Fix deadlock, ensure instances mutex unlocked (#2296)
it's a stupid mistake
* proxy: Use DualStack=true in defaultDialer (#2305)
* ci: get golint tool from `golang.org/x/lint/golint` (#2324)
* templates: TLSVersion (#2323)
* new template action: TLS protocol version
* new template action: use caddytls.GetSupportedProtocolName
Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
* Don't return error on onRestartFail. Only log it.
* new template action: TLS protocol version
* new template action: use caddytls.GetSupportedProtocolName
Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
* Attempting to fix AppVeyor builds
* Trying again, 2015 image this time
* Use Appveyor's Go 1.11 stack
* Restore GOPATH\bin to PATH and delete old image config
* Add gcc to path manually
quic-go now vendors all of its dependencies, so we don't need to vendor
them here.
Created by running:
gvt delete github.com/lucas-clemente/quic-go
gvt delete github.com/bifurcation/mint
gvt delete github.com/lucas-clemente/aes12
gvt delete github.com/lucas-clemente/fnv128a
gvt delete github.com/lucas-clemente/quic-go-certificates
gvt delete github.com/aead/chacha20
gvt delete github.com/hashicorp/golang-lru
gvt fetch -tag v0.10.0-no-integrationtests github.com/lucas-clemente/quic-go
* Fix 502 errors for requests without headers
* Add unexported roundRobinPolicier
We have to preserve state for fallback mode of Header policy, so
it's required to save state in some variable
* Adding TLS client cert placeholders
* Use function to get the peer certificate
* Changing SHA1 to SHA256
* Use UTC instead of GMT
* Adding tests
* Adding getters for Protocol and Cipher
Current Caddy code used a combination of CSS styles that
some mainstream browsers (e.g. Firefox) do not support well:
"td:first-child { width: 100%; }" together with
"td:last-child { padding-right: 5%; }".
The old approach was three columns with:
- "Name": 100% width, 5% padding left
- "Size": minimal width
- "Modified": minimal width, 5% padding right
Now the new approach is five columns with:
- <Dummy>: 5% width
- "Name": 80% width
- "Size": minimal width
- "Modified": minimal width
- <Dummy>: 5% width
* Fix a few import problems: snippets and import literals.
Two problems are fixed by this code simplification:
1. Snippets defined in one import file are strangely not available in
another.
2. If an imported file had a directive with an argument "import", then
the rest of the tokens on the line would be converted to absolute
filepaths.
An example of #2 would be the following directive in an imported file:
basicauth / import secret
In this case, the password would actually be an absolute path to the
file 'secret' (whether or not it exists) in the directory of the imported
Caddyfile.
The problem was the blind token processing to fix import paths in the
imported tokens without considering the context of the 'import' token.
My first inclination was to just add more context (detect 'import' tokens
at the beginning of lines and check the value tokens against defined
snippets), however I eventually realized that we already do all of this
in the parser, so the code was redundant. Instead we just use the current
token's File property when importing. This works fine with imported tokens
since they already have the absolute path to the imported file!
Fixes#2204
* renamed file2 -> fileName
* Fix copy/pasted comment in test.
* Change gzip example to basicauth example.
This makes it more clear how the import side effect is detrimental.