Matthew Holt
e73b117332
reverse_proxy: Ability to mutate headers; set upstream placeholders
2019-09-14 13:25:26 -06:00
Matthew Holt
2fd22139c6
headers: Ability to mutate request headers including http.Request.Host
...
Also a few bug fixes
2019-09-14 13:22:48 -06:00
Matthew Holt
2ab2d5bf9e
Forgot to commit caddyfile.go changes in last commit
2019-09-13 23:38:52 -06:00
Matthew Holt
c09e86fddc
headers: Add ability to replace substrings in header fields
...
This will probably be useful so the proxy can rewrite header values.
2019-09-13 16:24:51 -06:00
Matthew Holt
46aaf02371
encode: Fix bug where default status code was being written
...
for small responses.
See https://caddy.community/t/v2-permanent-redirect-prompt/6190?u=matt
2019-09-13 16:00:03 -06:00
Matthew Holt
839507e24e
http: Consider wildcards when evaluating automatic HTTPS
2019-09-13 11:46:58 -06:00
Matthew Holt
ed40a5dcab
tls: Do away with SetDefaults which did nothing useful
...
CertMagic uses the same defaults for us
2019-09-12 17:31:54 -06:00
Matthew Holt
7799554baa
go.mod: Use lego v3 and CertMagic 0.7.0
2019-09-12 17:31:10 -06:00
Matthew Holt
2cb01d43cf
tls: Remove support for TLS 1.0 and TLS 1.1
2019-09-11 22:26:06 -06:00
Matthew Holt
758269124e
reverseproxy: Fix host and port on requests; fix Caddyfile parser
2019-09-11 18:53:44 -06:00
Matthew Holt
b4dce74e59
tls: Use Let's Encrypt production endpoint
...
We're done testing this in staging
2019-09-11 18:52:07 -06:00
Matthew Holt
fe389fcbd7
http: Set Alt-Svc header if experimental HTTP3 server is enabled
2019-09-11 18:49:21 -06:00
Matthew Holt
005a11cf4b
headers: New 'request_header' directive; handle Host header specially
...
Before this change, only response headers could be manipulated with the
Caddyfile's 'header' directive.
Also handle the request Host header specially, since the Go standard
library treats it separately from the other header fields...
2019-09-11 18:48:37 -06:00
Matthew Holt
194df652eb
reverseproxy: Add 'tls' option to enable HTTPS with HTTP transport
2019-09-11 18:46:32 -06:00
Matthew Holt
2459c292a4
caddyfile: Improve Dispenser.NextBlock() to support nesting
2019-09-10 19:21:52 -06:00
Matthew Holt
0cf592fa2e
New 'php_fastcgi' directive for convenient PHP+FastCGI reverse proxy
2019-09-10 14:16:41 -06:00
Matthew Holt
d9136fb0a0
rewrite: Caddyfile directive should always invoke a rehandle
...
This is unless each route's matcher is dynamically executed after
previous handlers...
2019-09-10 14:13:52 -06:00
Matthew Holt
c32b7e8865
fastcgi: Make EnvVars a map instead of a slice
2019-09-10 14:12:51 -06:00
Matthew Holt
1ce10b453f
Require Go 1.13; use Go 1.13's default support for TLS 1.3
2019-09-10 13:11:27 -06:00
Matt Holt
0c8ad52be1
Experimental IETF-standard HTTP/3 support (known issue exists) ( #2727 )
...
* Begin WIP integration of HTTP/3 support
* http3: Set actual Handler, make fakeClosePacketConn type for UDP sockets
Also use latest quic-go for ALPN fix
* Manually keep track of and close HTTP/3 listeners
* Update quic-go after working through some http3 bugs
* Fix go mod
* Make http3 optional for now
2019-09-10 08:03:37 -06:00
Matthew Holt
d67d8cf5a8
Fix build (sigh)
2019-09-10 07:15:36 -06:00
Matt Holt
44b7ce9850
Merge pull request #2737 from caddyserver/fastcgi (reverse proxy!)
...
v2: Refactor reverse proxy and add FastCGI support
2019-09-09 21:46:21 -06:00
Matthew Holt
b4f4fcd437
Migrate some selection policy tests over to v2
2019-09-09 21:44:58 -06:00
Matthew Holt
50e62d06bc
reverse_proxy: Caddyfile integration (and fix blocks in Dispenser)
2019-09-09 12:23:27 -06:00
Matthew Holt
9169cd43d4
Log when auto HTTPS or auto HTTP->HTTPS redirects are disabled
2019-09-09 08:25:48 -06:00
Matthew Holt
e12c62e60b
file_server: Enforce URL canonicalization ( closes #2741 )
2019-09-09 08:21:45 -06:00
Ingo Gottwald
3e9e7555ef
Fix build ( #2740 )
...
Build was broken with commit 50961ec
.
2019-09-07 14:25:04 -06:00
Matthew Holt
f6126acf37
Header matchers: allow matching presence of header with empty list
2019-09-06 14:25:16 -06:00
Matthew Holt
97ace2a39e
File matcher enforces trailing-slash convention to match dirs/files
2019-09-06 13:32:02 -06:00
Matthew Holt
4bd9496525
Fix Schrodinger's file existence check in file matcher
...
See: https://stackoverflow.com/a/12518877/1048862
For example, trying to check the existence of "/www/index.php/index.php"
fails but not with an os.IsNotExist()-type error. So we have to assume
that a file that cannot be successfully stat'ed at all does not exist.
2019-09-06 12:57:12 -06:00
Matthew Holt
14f9662f9c
Various fixes/tweaks to HTTP placeholder variables and file matching
...
- Rename http.var.* -> http.vars.* to be more consistent
- Prefixing a path matcher with * now invokes simple suffix matching
- Handlers and matchers that need a root path default to {http.vars.root}
- Clean replacer output on the file matcher's file selection suffix
2019-09-06 12:36:45 -06:00
Matthew Holt
21d7b662e7
fastcgi: Use request context as base, not a new one
2019-09-06 12:02:11 -06:00
Matthew Holt
d2e46c2be0
fastcgi: Set default root path; add interface guards
2019-09-05 13:42:20 -06:00
Matthew Holt
80b54f3b9d
Add original URI to request context; implement into fastcgi env
2019-09-05 13:36:42 -06:00
Matthew Holt
0830fbad03
Reconcile upstream dial addresses and request host/URL information
...
My goodness that was complicated
Blessed be request.Context
Sort of
2019-09-05 13:14:39 -06:00
Matthew Holt
a60d54dbfd
reverse_proxy: Ignore context.Canceled errors
...
These happen when downstream clients cancel the request, but that's not
our problem nor a failure in our end
2019-09-03 19:10:09 -06:00
Matthew Holt
acb8f0e0c2
Integrate circuit breaker modules with reverse proxy
2019-09-03 19:06:54 -06:00
Matthew Holt
652460e03e
Some cleanup and godoc
2019-09-03 16:56:09 -06:00
Matthew Holt
4a1e1649bc
reverse_proxy: Implement remaining TLS config for proxy to backend
2019-09-03 15:26:09 -06:00
Matthew Holt
ccfb12347b
reverse_proxy: Implement active health checks
2019-09-03 12:10:11 -06:00
Alexandre Stein
50961ecc77
Initial implementation of TLS client authentication ( #2731 )
...
* Add support for client TLS authentication
Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com>
* make and use client authentication struct
* force StrictSNIHost if TLSConnPolicies is not empty
* Implement leafs verification
* Fixes issue when using multiple verification
* applies the comments from maintainers
* Apply comment
* Refactor/cleanup initial TLS client auth implementation
2019-09-03 09:35:36 -06:00
Matthew Holt
026df7c5cb
reverse_proxy: WIP refactor and support for FastCGI
2019-09-02 22:01:02 -06:00
Matthew Holt
d242f10eda
Add query_string to HTTP replacer and use it for try_files
2019-08-27 14:38:24 -06:00
Mohammed Al Sahaf
a0fd2b6c0a
Fix SIV where /v2 was missing from caddyfile adapter work ( #2721 )
2019-08-22 12:26:48 -06:00
Matthew Holt
c0da7d487a
file_server: Automatically hide all involved Caddyfiles
2019-08-21 15:50:02 -06:00
Matthew Holt
c9980fd367
Refactor Caddyfile adapter and module registration
...
Use piles from which to draw config values.
Module values can return their name, so now we can do two-way mapping
from value to name and name to value; whereas before we could only map
name to value. This was problematic with the Caddyfile adapter since
it receives values and needs to know the name to put in the config.
2019-08-21 10:46:35 -06:00
Matthew Holt
c4159ef76d
Fix module-related errors
2019-08-09 12:19:56 -06:00
Matthew Holt
ab885f07b8
Implement config adapters and beginning of Caddyfile adapter
...
Along with several other changes, such as renaming caddyhttp.ServerRoute
to caddyhttp.Route, exporting some types that were not exported before,
and tweaking the caddytls TLS values to be more consistent.
Notably, we also now disable automatic cert management for names which
already have a cert (manually) loaded into the cache. These names no
longer need to be specified in the "skip_certificates" field of the
automatic HTTPS config, because they will be skipped automatically.
2019-08-09 12:05:47 -06:00
Dominik Braun
4950ce485f
Part 1: Optimize using compiler's inliner ( #2687 )
...
* optimized functions for inlining
* added note regarding ResponseWriterWrapper
* optimzed browseWrite* methods for FileServer
* created benchmarks for comparison
* creating browseListing instance in each function
* created benchmarks for openResponseWriter
* removed benchmarks of old implementations
* implemented sync.Pool for byte buffers
* using global sync.Pool for writing JSON/HTML
2019-08-07 23:59:02 -06:00
Matthew Holt
28df6cedfe
tls: Use IANA-standard cipher suite names
2019-07-18 09:52:43 -06:00
Matthew Holt
dd6aa91d72
Fix DNS provider module unmarshaling ( closes #2676 )
2019-07-18 09:15:23 -06:00
Matt Holt
b44a22a9d4
Performance improvements to Replacer implementation (placeholders) ( #2674 )
...
Closes #2673
2019-07-16 12:27:11 -06:00
Matthew Holt
bdf92ee84e
Minor tweaks
2019-07-15 17:33:47 -06:00
Matthew Holt
f217181293
mod: Use blackfriday's standard v2 module import path
2019-07-15 17:33:08 -06:00
Matthew Holt
ccb5d19c25
Get module name at runtime, and tidy up modules
2019-07-12 10:15:27 -06:00
Matthew Holt
63674ba081
Rename handler modules to use http.handlers namespace
2019-07-11 22:03:12 -06:00
Matthew Holt
9722dbe18a
Fix rehandling bug
2019-07-11 22:02:47 -06:00
Matthew Holt
eb8625f774
Add error & subroute handlers; weakString; other minor handler changes
2019-07-11 17:02:57 -06:00
Matthew Holt
4a3a418156
Flatten HTTP handler config ( #2662 )
...
Differentiating middleware and responders has one benefit, namely that
it's clear which module provides the response, but even then it's not
a great advantage. Linear handler config makes a little more sense,
giving greater flexibility and simplifying the core a bit, even though
it's slightly awkward that handlers which are responders may not use
the 'next' handler that is passed in at all.
2019-07-09 12:58:39 -06:00
Matthew Holt
6dfba5fda8
Add path components to HTTP replacer
2019-07-08 16:46:55 -06:00
Matthew Holt
d25008d2c8
Move listen address functions into caddy package; fix unix bug
2019-07-08 16:46:38 -06:00
Matthew Holt
42acdad9e5
Fix error handling with Validate when loading modules ( fixes #2658 )
...
The return statement was improperly nested in context.go
2019-07-07 14:12:22 -06:00
Matthew Holt
84f9f7cd60
Little cleanups
2019-07-05 13:59:30 -06:00
Matthew Holt
79216d356c
acmemanager: Use storage module key "module" instead of "system"
2019-07-05 09:59:46 -06:00
Matthew Holt
fdd871e177
go.mod: Append /v2 to module name; update all import paths
...
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-07-02 12:37:06 -06:00
Matthew Holt
533d1afb4b
tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structs
2019-07-01 11:47:46 -06:00
Matthew Holt
9f8d3611eb
encode: Add "Vary" response header
2019-06-30 23:38:36 -06:00
Matthew Holt
3177ee8010
Add license
2019-06-30 16:07:58 -06:00
Matthew Holt
fee0b38b48
Fix encoder name bug; remove unused field in encode middleware struct
2019-06-29 16:57:55 -06:00
Matthew Holt
d5ae3a4966
httpserver: Set default Server header
2019-06-28 19:28:47 -06:00
Matthew Holt
006dc1792f
Use html/template for escaping by default
...
Allow HTML only with a few specific functions
2019-06-27 13:30:41 -06:00
Matthew Holt
a63cb3e3fd
Implement etag; fix related bugs in encode and templates middlewares
2019-06-27 13:09:10 -06:00
Matthew Holt
2b22d2e6ea
Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup
...
We should look into a way to enable this by default when TLS client auth
is configured for a server
2019-06-26 16:03:29 -06:00
Matthew Holt
a524bcfe78
Enable skipping just certificate management for some auto HTTPS names
2019-06-26 10:57:18 -06:00
Matthew Holt
91b03dccb0
Refactor automatic HTTPS configuration; ability to skip certain names
2019-06-26 10:49:32 -06:00
Matthew Holt
38677aaa58
caddytls: Support tags for manually-loaded certificates
2019-06-24 12:16:10 -06:00
Matthew Holt
d49f762f6d
Various bug fixes and minor improvements
...
- Fix static responder so it doesn't replace its own headers config,
and instead replaces the actual response header values
- caddyhttp.ResponseRecorder type optionally buffers response
- Add interface guards to ensure regexp matchers get provisioned
- Use default HTTP port if one is not explicitly set
- Encode middleware writes status code 200 if not written upstream
- Templates and markdown only try to execute on text responses
- Static file server sets Content-Type based on file extension only
(this whole thing -- MIME sniffing, etc -- needs more configurability)
2019-06-21 14:36:26 -06:00
Matthew Holt
81a9e125b5
Oops
2019-06-21 08:52:15 -06:00
Matthew Holt
70c788ce0c
Minor cleanups/improvements
2019-06-21 08:08:26 -06:00
Matthew Holt
1c443beb9c
caddyhttp: ResponseRecorder type for middlewares to buffer responses
...
Unfortunately, templates and markdown require buffering the full
response before it can be processed and written to the client
2019-06-20 21:49:45 -06:00
Matthew Holt
269b1e9aa3
tls: Improve (and fix) on-demand configuration
2019-06-20 20:36:29 -06:00
Matthew Holt
6d0350d04e
caddyhttp: Fix host matching when host has a port
2019-06-20 20:24:46 -06:00
Matthew Holt
15647bdfb7
templates: Remove context functions implemented by sprig
2019-06-18 15:43:51 -06:00
Matthew Holt
2663dd176d
Refactor templates execution; add sprig functions
2019-06-18 15:17:48 -06:00
Matthew Holt
6706c9225a
Implement templates handler; various minor cleanups and bug fixes
2019-06-18 11:13:12 -06:00
Matthew Holt
5137859e47
Rename caddy2 -> caddy
...
Removes the version from the package name
2019-06-14 11:58:28 -06:00
Matthew Holt
b8e7453fef
Implement brotli encoder; improve validation of other encoders
2019-06-13 11:20:43 -06:00
Matthew Holt
0c8763a728
Add simple tests for static responder
2019-06-11 17:46:11 -06:00
Matt Holt
f5b4f268dc
Implement encode middleware ( #2 )
...
* Implement encode middleware
* Add missing break; and add missing JSON struct field tag
2019-06-10 10:21:25 -06:00
Matthew Holt
ef5f29cfb2
Do not allow Go standard lib to sniff Content-Type header
2019-06-07 19:59:25 -06:00
dev
878ae0002a
fix goroutine leak in healthcheckers
2019-06-07 15:52:10 -04:00
Matthew Holt
b79f86f256
Fix bugs related to auto HTTPS and alternate port configurations
2019-06-04 22:43:21 -06:00
Matthew Holt
613aecb898
Change import paths to GitHub package names
2019-06-04 13:52:37 -06:00
Matthew Holt
39db06d9c4
Implement IP/CIDR matcher and Not (negated) matcher
2019-06-04 13:42:54 -06:00
Matthew Holt
f064889a4f
Customize admin endpoint address with -listen flag
...
This is a temporary holdover for development purposes
2019-06-03 15:35:14 -06:00
Matthew Holt
3439933235
Implement session ticket keys; default STEK module with rotation
2019-05-29 23:11:46 -06:00
Matthew Holt
bf54615efc
ResponseMatcher for conditional logic of response headers
2019-05-28 18:53:08 -06:00
Matthew Holt
da6a8cfc86
Minor cleanups
2019-05-28 18:52:21 -06:00
Matthew Holt
9cd6f35e9d
Separate out certificate selection
2019-05-27 11:31:47 -06:00
Matthew Holt
210d0cf7f1
Implement custom cert selection policies; optimize matching for SNI
2019-05-24 13:18:45 -06:00
Matthew Holt
5a4a1421de
Fix error handling and matching catch-all routes
2019-05-23 14:42:14 -06:00
Matthew Holt
34a25dd558
Add very simple markdown middleware for now
2019-05-23 14:41:43 -06:00
Matthew Holt
9e576c76e7
Add request_body middleware and some limits to HTTP servers
2019-05-23 13:16:34 -06:00
Matthew Holt
869fbac632
Don't use auto HTTPS for servers with only HTTP port listeners
2019-05-22 14:14:26 -06:00
Matthew Holt
284fb3a98c
Allow multiple matcher sets in routes (OR'ed together)
...
Also export MatchRegexp in case other matcher modules find it useful.
Add comments to the exported matchers.
2019-05-22 13:13:39 -06:00
Matthew Holt
bc00d840e8
Export types and fields necessary to build configs (for config adapters)
...
Also flag most fields with 'omitempty' for JSON marshaling
2019-05-22 12:32:36 -06:00
Matthew Holt
be9b6e7b57
Honor the configured CA value
2019-05-21 14:22:33 -06:00
Matthew Holt
2fd98cb040
Module.New() does not need to return an error
2019-05-21 14:22:21 -06:00
Matthew Holt
67d32e6779
Fix up matchers tests and take care of TODO in rewrite
2019-05-21 13:10:14 -06:00
Matthew Holt
9d54f655aa
Take care of remaining TODOs in the browse responder
2019-05-21 13:03:52 -06:00
Matthew Holt
65195a726d
Implement rewrite middleware; fix middleware stack bugs
2019-05-20 23:48:43 -06:00
Matthew Holt
b84cb05848
Fix deferred header ops
2019-05-20 22:00:54 -06:00
Matthew Holt
a969872850
Default error handler; rename StaticFiles -> FileServer
2019-05-20 21:21:33 -06:00
Matthew Holt
aaacab1bc3
Sanitize paths in static file server; some cleanup
...
Also remove AutomaticHTTPSError for now
2019-05-20 17:15:38 -06:00
Matthew Holt
d22f64e6d4
Implement headers middleware
2019-05-20 15:46:52 -06:00
Matthew Holt
22995e5655
Implement most of browse; fix a couple obvious bugs; some cleanup
2019-05-20 15:46:52 -06:00
dev
043eb1d9e5
move internal packages to pkg folder and update reverse proxy
...
* set automatic https error type for cert-magic failures
* add state to onload and unload methods
* update reverse proxy to use Provision() and Cleanup()
2019-05-20 14:48:26 -04:00
Matthew Holt
fec7fa8bfd
Implement most of static file server; refactor and improve Replacer
2019-05-20 10:59:20 -06:00
Matthew Holt
1f0c061ce3
Architectural shift to using context for config and module state
2019-05-16 16:05:38 -06:00
Matthew Holt
ff5b4639d5
Some minor updates, and get rid of OnLoad/OnUnload
2019-05-16 11:46:17 -06:00
Matthew Holt
f9d93ead4e
Rename and export some types, other minor changes
2019-05-14 14:14:05 -06:00
Matthew Holt
8ae0d6a509
caddyhttp: Implement better HTTP matchers including regexp; add tests
2019-05-10 21:07:02 -06:00
Matthew Holt
48b5a80320
Remove (unimplemented) enterprise TLS matchers
2019-05-07 11:58:58 -06:00
Matthew Holt
ad3d408067
Add some tests and fix vet warning
2019-05-07 10:15:46 -06:00
Matthew Holt
e40bbecb16
Rough implementation of auto HTTP->HTTPS redirects
...
Also added GracePeriod for server shutdowns
2019-05-07 09:56:18 -06:00
Matthew Holt
2eb3593327
Begin implementing HTTP replacer and static responder
2019-05-04 13:21:20 -06:00
Matthew Holt
1136e2cfee
Add reverse proxy
2019-05-04 10:49:50 -06:00
Matthew Holt
5859cd8dad
Instantiate apps that are needed but not explicitly configured
2019-04-29 09:22:00 -06:00
Matthew Holt
43961b542b
General cleanup and more godocs
2019-04-26 12:35:39 -06:00
Matthew Holt
2d056fbe66
Initial commit of Storage, TLS, and automatic HTTPS implementations
2019-04-25 13:54:48 -06:00
Matthew Holt
545f28008e
Begin implementing error handling and re-handling
2019-04-11 20:42:55 -06:00
dev
27ecc7f384
Protocol and Caddyscript matchers
...
* Added matcher to determine what protocol the request is being made by
- grpc, tls, http
* Added ability to run caddyscript in a matcher to evaluate the http request
* Added TLS field to caddyscript request time
* Added a library to manipulate and compare a new caddyscript time type
* Library for regex in starlark
2019-04-08 09:58:11 -04:00
Matthew Holt
402f423693
Implement "global" state for modules, OnLoad and OnUnload callbacks
...
Tested for memory leaks and performance. Obviously the added locking and
global state is not awesome, but the alternative is a little uglier IMO:
we'd have to make some sort of "liaison" value which stores the state,
then pass it around to every module, and so LoadModule becomes a lot
less accessible, and each module would need to maintain a reference to
it... nope, just ugly. I think this is the cleaner solution: just make
sure only one Start() happens at a time, and keep global things global.
Very simple log middleware is an example.
Might need to reorder the operations in Start() and handle errors
differently, etc. Otherwise, I'm mostly happy with this solution...
2019-04-08 00:00:14 -06:00
Matt Holt
f976aa7443
Merged in deadlines (pull request #1 )
...
Cleanly fake-close listeners
* WIP debugging listener deadlines
* Fix listener deadlines
2019-04-02 20:58:24 +00:00
Matthew Holt
6621406fa8
Very basic middleware and route matching functionality
2019-03-31 20:41:29 -06:00
Matthew Holt
27ff6aeccb
Fix goroutine leak in Run
...
D'oh, the servers' Shutdown() would never be called because they were
never added to the list of servers.
Thanks Danny for finding this.
2019-03-27 12:36:30 -06:00
Matthew Holt
a8dc73b4d9
Performance testing Load function
2019-03-26 19:42:52 -06:00
Matthew Holt
86e2d1b0a4
Rudimentary start of HTTP servers
2019-03-26 15:45:51 -06:00
Matthew Holt
859b5d7ea3
Initial commit
2019-03-26 12:00:54 -06:00