Bas Westerbaan
f658fd05ac
reverseproxy: Add tls_curves
option to HTTP transport ( #5851 )
2024-01-13 20:56:23 +00:00
Nebez Briefkani
cc0c0cf03e
caddyhttp: Security enhancements for client IP parsing ( #5805 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-13 20:46:37 +00:00
Aziz Rmadi
80acf1bf23
replacer: Fix escaped closing braces ( #5995 )
2024-01-13 20:24:03 +00:00
a
c839a98ff5
filesystem: Globally declared filesystems, fs
directive ( #5833 )
2024-01-13 20:12:43 +00:00
Mohammed Al Sahaf
b359ca565c
ci/cd: use the build tag nobadger
to exclude badgerdb ( #6031 )
...
* ci/cd: use the build tag `nobadger` to exclude badgerdb
* upgrade github.com/google/certificate-transparency-go@master
2024-01-10 21:04:11 +03:00
Subhaditya Nath
c2d889f85e
httpcaddyfile: Fix redir <to> html ( #6001 )
2024-01-10 12:24:47 +00:00
Zach Galvin
cb86319bd5
httpcaddyfile: Support client auth verifiers ( #6022 )
...
* Added verifier case
Update author
* Update verifier to match struct tag
* gci run
2024-01-09 23:14:51 +00:00
Rithvik Vibhu
ed41c924cf
tls: add reuse_private_keys ( #6025 )
2024-01-09 16:00:31 -07:00
Fred Cox
d9ff7b1872
reverseproxy: Only change Content-Length when full request is buffered ( #5830 )
...
fixes: https://github.com/caddyserver/caddy/issues/5829
Signed-off-by: Fred Cox <mcfedr@gmail.com>
2024-01-09 12:59:30 -07:00
Aaron Brady
76611fa150
Switch Solaris-derivatives away from listen_unix ( #6021 )
...
Solaris 10 and Illumos are missing SO_REUSEPORT. Treat them more like
Windows (i.e. use the listener pool).
2024-01-06 05:09:20 -05:00
dependabot[bot]
8a50f191bf
build(deps): bump actions/upload-artifact from 3 to 4 ( #6013 )
...
* build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Disable compression
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-02 08:23:25 +00:00
dependabot[bot]
4f3f6e35e8
build(deps): bump actions/setup-go from 4 to 5 ( #6012 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-02 07:13:31 +00:00
Mohammed Al Sahaf
787f6b257f
chore: check against errors of io/fs
instead of os
( #6011 )
...
* chore: replace `os.ErrNotExist` with `fs.ErrNotExist`
* check against permission error from `io/fs` package
2024-01-02 08:48:55 +03:00
networkException
b568a10dd4
caddyhttp: support unix sockets in caddy respond
command ( #6010 )
...
previously the `caddy respond` command would treat the argument
passed to --listen as a TCP socket address, iterating over a possible
port range.
this patch factors the server creation out into a separate function,
allowing this to be reused in case the listen address is a unix network
address.
2023-12-31 22:34:00 -05:00
Steffen Busch
8f9ffc587e
fileserver: Add total file size to directory listing ( #6003 )
...
* browse: Add total file size to directory listing
* Apply suggestion to remove "in "
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-30 18:47:13 +00:00
Francis Lavoie
f976c84d9e
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file ( #5997 )
2023-12-20 08:37:21 -07:00
dependabot[bot]
1bf72db6ff
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 ( #5994 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 16:11:51 -07:00
Kévin Dunglas
d54dcf1598
cmd: use automaxprocs for better perf in containers ( #5711 )
...
* feat: use automaxprocs for better perf in containers
* better logs
* cs
2023-12-18 15:50:26 -07:00
Francis Lavoie
3248e4c89f
logging: Add zap.Option
support ( #5944 )
2023-12-18 20:48:34 +00:00
Francis Lavoie
da7d8cb26d
httpcaddyfile: Sort skip_hosts for deterministic JSON ( #5990 )
...
* httpcaddyfile: Sort skip_hosts for deterministic JSON
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* Fix test
* Bah
---------
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-12-18 12:54:52 -07:00
Tim Geoghegan
387545a895
metrics: Record request metrics on HTTP errors ( #5979 )
2023-12-15 20:14:00 +00:00
Aziz Rmadi
b49ec05161
go.mod: Updated quic-go to v0.40.1 ( #5983 )
2023-12-14 22:42:01 -07:00
Kévin Dunglas
b16aba5c27
fileserver: Enable compression for command by default ( #5855 )
...
* feat: enable compression for file-server
* refactor
* const
* Update help text
* Update modules/caddyhttp/fileserver/command.go
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-13 20:44:22 -07:00
David DeMoss
362f33daae
fileserver: New --precompressed flag ( #5880 )
...
exposes the file_server precompressed functionality to be used with the
file-server command
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-13 20:26:20 -07:00
Francis Lavoie
3d7d60f7cf
caddyhttp: Add uuid
to access logs when used ( #5859 )
2023-12-13 15:40:15 -07:00
Mohammed Al Sahaf
dc12bd9743
proxyprotocol: use github.com/pires/go-proxyproto ( #5915 )
...
* proxyprotocol: use github.com/pires/go-proxyproto
* Fix typo: r/generelly/generally
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add config options for `Deny` CIDR and fallback policy
* use `netip` package & trust unix sockets
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-12-13 09:07:43 -07:00
Jens-Uwe Mager
56c6b3f673
cmd: Preserve LastModified date when exporting storage ( #5968 )
2023-12-13 09:06:06 -07:00
Aziz Rmadi
cbbd1df904
core: Always make AppDataDir for InstanceID ( #5976 )
2023-12-13 07:39:10 -07:00
Benjamin Marwell
7d919af01b
chore: cross-build for AIX ( #5971 )
2023-12-11 12:55:04 +00:00
Matt Holt
4a09cf0dc0
caddytls: Sync distributed storage cleaning ( #5940 )
...
* caddytls: Log out remote addr to detect abuse
* caddytls: Sync distributed storage cleaning
* Handle errors
* Update certmagic to fix tiny bug
* Split off port when logging remote IP
* Upgrade CertMagic
2023-12-07 11:00:02 -07:00
Andreas Kohn
b24ae63ea6
caddytls: Context to DecisionFunc ( #5923 )
...
See https://github.com/caddyserver/certmagic/pull/255
2023-12-07 10:40:13 -07:00
Mohammed Al Sahaf
4173e2c77a
tls: accept placeholders in string values of certificate loaders ( #5963 )
...
* tls: loader: accept placeholders in string values
* appease the linter
2023-12-04 09:23:15 -07:00
Matt Holt
18f34290d2
templates: Offically make templates extensible ( #5939 )
...
* templates: Offically make templates extensible
This supercedes #4757 (and #4568 ) by making template extensions
configurable.
The previous implementation was never documented AFAIK and had only
1 consumer, which I'll notify as a courtesy.
* templates: Add 'maybe' function for optional components
* Try to fix lint error
2023-11-28 09:39:14 -07:00
WeidiDeng
22eecdb90c
http2 uses new round-robin scheduler ( #5946 )
2023-11-24 01:54:27 +00:00
WeidiDeng
4de2c1c65e
panic when reading from backend failed to propagate stream error ( #5952 )
2023-11-23 03:18:18 -05:00
dlorenc
878d491834
chore: Bump otel to v1.21.0. ( #5949 )
...
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
2023-11-22 17:02:13 +03:00
WeidiDeng
96f638eaad
httpredirectlistener: Only set read limit for when request is HTTP ( #5917 )
2023-11-20 12:31:36 +00:00
Matthew Holt
7e52db8280
fileserver: Add .m4v for browse template icon
2023-11-14 13:39:57 -07:00
Mohammed Al Sahaf
3b3d678714
Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations ( #5848 )" ( #5924 )
2023-11-01 13:17:02 -04:00
WeidiDeng
ee358550e4
go.mod: update quic-go version to v0.40.0 ( #5922 )
2023-10-31 14:05:34 -04:00
Marten Seemann
3f55efcfde
update quic-go to v0.39.3 ( #5918 )
2023-10-27 07:52:12 -04:00
WeidiDeng
f71d779009
chore: Fix usage pool comment ( #5916 )
2023-10-25 23:05:20 -04:00
Mohammed Al Sahaf
d949caf459
test: acmeserver: add smoke test for the ACME server directory ( #5914 )
2023-10-24 13:59:53 -04:00
Mariano Cano
ac0ad4da84
Upgrade acmeserver to github.com/go-chi/chi/v5 ( #5913 )
...
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.
Fixes #5911
Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
2023-10-23 21:02:11 -04:00
Francis Lavoie
4c10a05431
caddyhttp: Adjust scheme
placeholder docs ( #5910 )
2023-10-22 17:47:16 -04:00
Matthew Holt
fe2a02bf7a
go.mod: Upgrade quic-go to v0.39.1
2023-10-20 15:23:35 -06:00
Ethan Brown (Domino)
9fc55a9792
go.mod: CVE-2023-45142 Update opentelemetry ( #5908 )
2023-10-20 21:15:48 +00:00
Francis Lavoie
4e8245df0b
templates: Delete headers on httpError
to reset to clean slate ( #5905 )
2023-10-18 16:43:14 -06:00
Francis Lavoie
ac1f20b9e4
httpcaddyfile: Remove port from logger names ( #5881 )
...
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-16 23:57:03 -06:00
Matt Holt
174c19a953
core: Apply SO_REUSEPORT to UDP sockets ( #5725 )
...
* core: Apply SO_REUSEPORT to UDP sockets
For some reason, 10 months ago when I implemented SO_REUSEPORT
for TCP, I didn't realize, or forgot, that it can be used for UDP too. It is a
much better solution than using deadline hacks to reuse a socket, at
least for TCP.
Then https://github.com/mholt/caddy-l4/issues/132 was posted,
in which we see that UDP servers never actually stopped when the
L4 app was stopped. I verified this using this command:
$ nc -u 127.0.0.1 55353
combined with POSTing configs to the /load admin endpoint (which
alternated between an echo server and a proxy server so I could tell
which config was being used).
I refactored the code to use SO_REUSEPORT for UDP, but of course
we still need graceful reloads on all platforms, not just Unix, so I
also implemented a deadline hack similar to what we used for
TCP before. That implementation for TCP was not perfect, possibly
having a logical (not data) race condition; but for UDP so far it
seems to be working. Verified the same way I verified that SO_REUSEPORT
works.
I think this code is slightly cleaner and I'm fairly confident this code
is effective.
* Check error
* Fix return
* Fix var name
* implement Unwrap interface and clean up
* move unix packet conn to platform specific file
* implement Unwrap for unix packet conn
* Move sharedPacketConn into proper file
* Fix Windows
* move sharedPacketConn and fakeClosePacketConn to proper file
---------
Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2023-10-16 22:17:32 -06:00