Commit graph

1070 commits

Author SHA1 Message Date
Alexander Stecher
22c98ea165
caddyhttp: Optimize logs using zap's WithLazy() (#6590)
* uses zap's .WithLazy with a cloned request

* fixes the cloning

* adds comment explaining why cloning is faster
2024-09-26 12:23:12 -06:00
Francis Lavoie
2faeac0a10
chore: Use slices package where possible (#6585)
* chore: Use slices package where possible

* More, mostly using ContainsFunc

* Even more slice operations
2024-09-25 14:30:56 -06:00
Marten Seemann
ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) 2024-09-21 05:47:18 +02:00
Mohammed Al Sahaf
6ab9fb6f74
ci: update the linter action version (#6575)
* ci: update the linter action version

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* exclude rule `G115`; disable deprecated linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-09-16 07:50:26 -06:00
Kévin Dunglas
f4bf4e0097
perf: use zap's Check() to prevent useless allocs (#6560)
* perf: use zap's Check() to prevent useless allocs

* fix

* fix

* fix

* fix

* restore previous replacer behavior

* fix linter
2024-09-13 11:16:37 -06:00
mister-turtle
21f9c20a04
rewrite: Avoid panic on bad arg count for uri (#6571) 2024-09-13 03:22:03 -04:00
Jesper Brix Rosenkilde
91e62db666
caddyhttp: Make route provisioning idempotent (#6558)
ref: https://github.com/caddyserver/caddy/issues/6551
2024-09-03 11:57:55 -06:00
Steffen Busch
c050a37e1c
reverse_proxy: add placeholder http.reverse_proxy.retries (#6553)
* Add placeholder http.reverse_proxy.lb.retries

* Renamed placeholder to http.reverse_proxy.retries
2024-08-30 11:53:56 -06:00
lollipopkit🏳️‍⚧️
5c47c2f147
fileserver: browse: Configurable default sort (#6502)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options

* fileserver: move `sort` to `browse`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-08-30 09:01:37 -06:00
Alexander Stecher
ffd28be90a
rewrite: Only serialize request if necessary (#6541)
* Prevents serializing the caddy request if log level is not debug.

* Extracts message to const.
2024-08-30 08:46:51 -06:00
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 (#6526)
* chore: build and test with Go 1.23

* ci: bump golangci-lint to v1.60

* fix: make properly wrap errors

* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
4ade967005
reverseproxy: allow user to define source address (#6504)
* reverseproxy: allow user to define source address

Closes #6503

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reverse_proxy: caddyfile support for local_address

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 19:52:05 +00:00
Mohammed Al Sahaf
8af646730b
caddyhttp: run error (msg) through replacer (#6536)
* error: run `error` (msg) through replacer

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* fix integration test

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 11:32:44 -06:00
Cuckoo Chickoo
098897bdea
chore: Fix a typo (#6534)
Fixes Typo in Docs
2024-08-22 13:15:58 +03:00
Jens-Uwe Mager
2bb2ecc549
reverseproxy: Change errors writing the response to warning. (#6532)
Most of the errors that can be seen here are write errors due to clients
aborting the request from their side. Often seen ones include:

	* writing: ... write: broken pipe
	* writing: ... connection timed out
	* writing: http2: stream closed
	* writing: timeout...
	* writing: h3 error...

Most of these errors are beyond of the control of caddy on the client side,
probably nothing can be done on the server side. It still warrants
researching when these errors occur very often, so a change in level from
error to warn is better here to not polute the logs with errors in the
normal case.
2024-08-21 11:39:20 -06:00
Jesper Brix Rosenkilde
54a0c8f948
reverseproxy: Active health checks request body option (#6520)
* Add an option to specify the body used for active health checks

* Replacer on request body
2024-08-19 10:55:55 -06:00
vnxme
3a48b03369
Move PrivateRangesCIDR() back: add a pass-through function (#6514) 2024-08-12 05:47:05 -04:00
WeidiDeng
21af88fefc
reverseproxy: Disable keep alive for h2c requests (#6343) 2024-08-08 06:53:30 -06:00
vnxme
59cbb2c83a
caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* Runtime placeholders for caddytls matchers (1/3):

- remove IPs validation in UnmarshalCaddyfile

* Runtime placeholders for caddytls matchers (2/3):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddytls matchers (3/3):

- add placeholder replacement for other strings

* Runtime placeholders for caddyhttp matchers (1/1):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddyhttp/caddytls matchers:

- move PrivateRandesCIDR under internal
2024-08-07 11:02:23 -06:00
WeidiDeng
a8b0dfa8da
go.mod: update quic-go package (#6498) 2024-08-06 22:08:32 -06:00
lollipopkit🏳️‍⚧️
b198678174
browse: Customizable default sort options (#6468)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options
2024-08-05 08:27:45 -06:00
Prakhar Awasthi
840094ac65
proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support

* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-08-03 19:51:50 +03:00
WeidiDeng
976469ca0d
encode: flush already compressed data from the encoder (#6471) 2024-07-27 17:46:56 -06:00
Matthew Holt
806f5b1117
reverseproxy: Fix panic when using header-related flags (fix #6464) 2024-07-18 21:31:07 -06:00
schultzie
b2492f8567
reverseproxy: add health_upstream subdirective (#6451)
* Add health_upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add health_upstream to caddyfile parsing

* Add Active Upstream case for health checks

* Update ignore health port comment

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update Upstream json doc

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update modules/caddyhttp/reverseproxy/healthchecks.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Use error rather than log for health_port override

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add comment about port being ignore if using upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

---------

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-15 17:00:12 +00:00
Jesper Brix Rosenkilde
07c863637d
reverseproxy: Caddyfile support for health_method (#6454)
* Add Caddyfile support of setting active health check request method

* Add integration test for active health check request method
2024-07-12 17:01:58 -04:00
Jesper Brix Rosenkilde
dc2a5d5c52
reverseproxy: Configurable method for active health checks (#6453)
* Add option to set which HTTP method to use for active health checks

* Default Method to GET if not set
2024-07-11 09:24:13 -04:00
schultzie
4943a4fc52
reverseproxy: Add placeholder for networkAddr in active health check headers (#6450)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-09 18:08:25 +00:00
Aziz Rmadi
630c62b313
fixed bug in resolving ip version in dynamic upstreams (#6448) 2024-07-09 03:06:30 -04:00
Francis Lavoie
9338741ca7
browse: Exclude symlink target size from total, show arrow on size (#6412)
* fileserver: Exclude symlink target size from total, show arrow on size

* Keep both totals

* Linter doesn't like my spelling :(

* Stop parallelizing tests for now

* Update modules/caddyhttp/fileserver/browse.html

* Minor renamings

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-07-07 07:01:07 -06:00
Steffen Busch
88c7e53da5
browse: fix Content-Security-Policy warnings in Firefox (#6443)
* Remove 'strict-dynamic' + block-all-mixed-content

* CSP: remove 'unsafe-inline' from script-src
2024-07-07 06:56:47 -06:00
Steffen Busch
4ef360745d
browse: add Content-Security-Policy w/ nonce (#6425)
* browse: add Content-Security-Policy w/ nonce

* Add backward-compat values to script-src

* Remove dummy "#" href from layout anchors
2024-07-06 10:46:08 -06:00
Francis Lavoie
7142d7c1e4
reverseproxy: Add placeholder for host in active health check headers (#6440) 2024-07-06 10:43:19 -06:00
Matt Holt
c3fb5f4d3f
caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying (#6427)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying

See RFC 8470: https://httpwg.org/specs/rfc8470.html

Thanks to Michael Wedl (@MWedl)  at the University of Applied Sciences St. Poelten for reporting this.

* Don't return value for {remote} placeholder in early data

* Add Caddyfile support
2024-07-05 10:46:20 -06:00
Kévin Dunglas
15d986e1c9
encode: Don't compress already-compressed fonts (#6432)
* fix: don't compress already compressed fonts

* fix: remove WOFF
2024-07-04 14:57:13 -06:00
klaxa
f350e001b6
reverseproxy: Only log host is up status on change (fixes #6415) (#6419) 2024-07-03 19:05:52 +00:00
Kévin Dunglas
0287009ee5
intercept: fix http.intercept.header.* placeholder (#6429) 2024-07-03 08:43:13 -06:00
Matthew Holt
f8861ca16b
reverseproxy: Wire up TLS options for H3 transport 2024-06-28 12:15:41 -06:00
Aziz Rmadi
c2ccf8690f
fileserver: Remove newline characters from precomputed etags (#6394)
* Removed newline characters from precomputed etags

* Update modules/caddyhttp/fileserver/staticfiles.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-06-19 13:27:10 +00:00
Matthew Holt
99dcdf7e42 caddyhttp: Convert IDNs to ASCII when provisioning Host matcher 2024-06-18 14:44:05 -06:00
Jason Yuan
fab6375a8b
reverseproxy: add Max-Age option to sticky cookie (#6398)
* reverseproxy: add Max-Age option to sticky cookie

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-06-15 07:50:31 -06:00
Andreas Kohn
9be4f194e0
caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380) 2024-06-07 07:25:36 -06:00
Matt Holt
198f4385d2
caddyhttp: Add test cases to corpus (#6374)
* caddyhttp: Add test case to corpus

* One more test case

* Clean up stray comment

* More tests
2024-06-04 14:23:55 -06:00
Will Norris
f8a2c60297
caddyhttp: properly sanitize requests for root path (#6360)
SanitizePathJoin protects against directory traversal attacks by
checking for requests whose URL path look like they are trying to
request something other than a local file, and returns the root
directory in those cases.

The method is also careful to ensure that requests which contain a
trailing slash include a trailing slash in the returned value.  However,
for requests that contain only a slash (requests for the root path), the
IsLocal check returns early before the matching trailing slash is
re-added.

This change updates SanitizePathJoin to only perform the
filepath.IsLocal check if the cleaned request URL path is non-empty.

---

This change also updates the existing SanitizePathJoin tests to use
filepath.FromSlash rather than filepath.Join. This makes the expected
value a little easier to read, but also has the advantage of not being
processed by filepath.Clean like filepath.Join is. This means that the
exact expect value will be compared, not the result of first cleaning
it.

Fixes #6352
2024-06-02 03:40:59 +00:00
Francis Lavoie
40c582ce82
caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350) 2024-05-30 07:32:17 -06:00
Francis Lavoie
224316eaec
autohttps: Move log WARN to INFO, reduce confusion (#6185)
* autohttps: Move log WARN to INFO, reduce confusion

* Change implicit condition back to WARN

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-05-20 13:14:39 -06:00
Matt Holt
5f6758dab5
reverseproxy: Support HTTP/3 transport to backend (#6312)
Closes #5086
2024-05-20 13:06:43 -06:00
Matt Holt
9ba999141b
caddyhttp: Trace individual middleware handlers (#6313)
* caddyhttp: Trace individual middleware handlers

* Fix typo
2024-05-18 14:48:42 -06:00
deneb
f98f449f05
templates: Add pathEscape template function and use it in file browser (#6278)
* use url.PathEscape in file-server browse template

- add `pathEscape` to c.tpl.Funcs, using `url.PathEscape`
- use `pathEscape` in browse.html in place of `replace`

* document `pathEscape`

* Remove unnecessary pipe of img src to `html`
2024-05-18 12:55:36 -06:00
Kévin Dunglas
fb63e2e40c
caddyhttp: New experimental handler for intercepting responses (#6232)
* feat: add generic response interceptors

* fix: cs

* rename intercept

* add some docs

* @francislavoie review (first round)

* Update modules/caddyhttp/intercept/intercept.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* shorthands: ir to resp

* mark exported symbols as experimental

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-13 17:38:18 +00:00