Commit graph

1104 commits

Author SHA1 Message Date
Kévin Dunglas
5c2617ebf9
fileserver: good default for precompressed (#6736) 2024-12-10 08:31:43 -07:00
WeidiDeng
9c0c71e577
reverseproxy: Rewrite requests and responses for websocket over http2 (#6567)
* reverse proxy: rewrite requests and responses for websocket over http2

* delete protocol pseudo-header

* modify cloned requests

* set request variable to track if it's a h2 websocket

* use request bodu

* rewrite request body

* use WebSocket instead of Websocket in the headers

* use logger check for zap loggers

* fix lint
2024-12-06 13:23:27 -07:00
Francis Lavoie
d0123bd760
fileserver: Fix policy Validate() oversight (#6727) 2024-12-04 14:01:58 -05:00
Kévin Dunglas
efd9251ad3
fileserver: Add first_exist_fallback strategy for try_files (#6699)
* feat: add first_exist_or_fallback strategy for try_files

* fix tests

* linter
2024-12-03 05:44:49 -07:00
Francis Lavoie
b116dcea3d
caddyhttp: Add {?query} placeholder (#6714)
* caddyhttp: Add `{prefixed_query}` placeholder

* fastcgi: Preserve query during canonical redirect

* Use orig_uri instead for the redirect, shorter Caddyfile shortcut
2024-12-02 08:06:38 -05:00
Rishita Shaw
8c3dd3de70
requestbody: Type-based error handling for MaxBytesError (#6701)
* fix: handle "request body too large" error using type assertion

* fix: address overlooked nil check for MaxBytesError

* fix: replace type assertion with errors.As() for MaxBytesError
2024-11-22 19:45:58 +00:00
Kévin Dunglas
eddbccd298
fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
* perf: remove dir redirection when useless in php_fastcgi

* fix test

* review

* fix

* fix

* simplify

* simplify again

* restore test

* add test
2024-11-21 10:38:31 -07:00
Matthew Holt
197c564f20
caddyhttp: Set default ReadHeaderTimeout (1 min)
Ref. #6663
2024-11-19 11:24:12 -07:00
Francis Lavoie
315715e90f
core: Implement FastAbs to avoid repeated os.Getwd calls (#6687)
* core: Implement FastAbs to avoid repeated os.Getwd calls

* Lint

* Rename files
2024-11-13 03:55:51 -05:00
Matthew Holt
238f1108e6
reverseproxy: Revert #4952 - don't ignore context cancellation in stream mode
i.e. Revert commit f5dce84a70

Two years ago, the patch in #4952 was a seemingly necessary way to fix an issue (sort of an edge case), but it broke other more common use cases (see #6666).

Now, as of #6669, it seems like the original issue can no longer be replicated, so we are reverting that patch, because it was incorrect anyway.

If it turns out the original issue returns, a more proper patch may be in #6669 (even if used as a baseline for a future fix). A potential future fix could be an opt-in setting.
2024-11-12 13:43:34 -07:00
Sucipto
825fe48e06
reverseproxy: Allow 0 as weights for weighted_round_robin (#6681)
* Allow 0 as weights

Change positive to non-negative

* reverseproxy: allow 0 as weighted round robin value

* test: add more wrr select test

---------

Co-authored-by: peanutduck <peanutduck@yahoo.com>
2024-11-07 17:58:31 -05:00
Francis Lavoie
5823eccf99
rewrite: Don't add / in Caddyfile, do it after replacer (#6662) 2024-11-05 10:15:31 -07:00
Atakan Yenel
cc23ad6402
fileserver: Add file_limit option for browse (to be experimental) (#6648)
* Add file_limit option for file_server browse

* Move file_limit inside browse.

* add file_server_file_limit caddyfile adapt test.
2024-11-05 09:35:32 -07:00
Francis Lavoie
09b2cbcf4d
caddyhttp: Add MatchWithError to replace SetVar hack (#6596)
* caddyhttp: Add `MatchWithError` to replace SetVar hack

* Error in IP matchers on TLS handshake not complete

* Use MatchWithError everywhere possible

* Move implementations to MatchWithError versions

* Looser interface checking to allow fallback

* CEL factories can return RequestMatcherWithError

* Clarifying comment since it's subtle that an err is returned

* Return 425 Too Early status in IP matchers

* Keep AnyMatch signature the same for now

* Apparently Deprecated can't be all-uppercase to get IDE linting

* Linter
2024-11-04 23:18:50 +00:00
Francis Lavoie
05cfb121ec
forwardauth: Skip copying missing response headers (#6608) 2024-11-04 14:58:53 -07:00
Matthew Holt
350ad38f63
fileserver: Fix Caddyfile parsing
Reported at https://github.com/mholt/caddy-sqlite-fs/issues/3
2024-10-31 10:37:37 -06:00
Francis Lavoie
fbf0f4c425
reverseproxy: Sync changes from stdlib for 1xx handling (#6656)
* reverseproxy: Sync changes from stdlib for 1xx handling

Sourced from 960654be0c

* Use clear()

3bc28402fa
2024-10-22 12:10:46 -06:00
Matthew Holt
5e6024c48d
reverseproxy: Fix log message
Fixes regression from #6560
2024-10-21 12:19:04 -06:00
Yifan Yang
669fc41e63
tracing: Add spanID field to access logs and http.vars.span_id placeholder (#6646)
* logging: Add spanID field to access logs when tracing is enabled

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>

* tracing: add `http.vars.span_id` placeholder when tracing is enabled

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>

---------

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>
2024-10-21 11:06:55 -06:00
Logan Fleur
9753c44510
fileserver: fix try_policy when instantiating file matcher from CEL (#6624)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-10-20 14:08:30 +00:00
Mohammed Al Sahaf
388c7e898c
metrics: move metrics up, outside servers (#6606)
* metrics: move `metrics`  up, outside `servers`

This change moves the metrics configuration from per-server level to a single config knob within the `http` app. Enabling `metrics` in any of the configured servers inside `http` enables metrics for all servers.

Fix #6604

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* normalize domain name

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-10-18 09:54:21 -06:00
WeidiDeng
c6f2979986
caddyhttp: Close http3 server gracefully (#6213)
* close http3 server gracefully

* update server field

* update from upstream

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-15 21:28:20 -04:00
Marten Seemann
a211c656f1
chore: update quic-go to v0.48.0 (#6627) 2024-10-15 09:38:10 -04:00
WeidiDeng
48ce47f1d4
reverseproxy: Use correct cases for websocket related headers (#6621)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-10-11 09:02:23 +00:00
Mohammed Al Sahaf
c8a76d003f
docs: expand proxy protocol docs (#6620) 2024-10-10 16:21:26 -04:00
Matthew Holt
88fd5f3491
caddyhttp: Use internal issuer for IPs when no APs configured
This fixes a regression in 2.8 where IP addresses
would be considered qualifying for public certs
by auto-HTTPS. The default issuers do not issue
IP certs at this time, so if no APs are explicitly
configured, we assign them to the internal
issuer. We have to add a couple lines of code because
CertMagic can no longer consider IPs as not
qualifying for public certs, since there are public CAs
that issue IP certs. This edge case is specific to Caddy's
auto-HTTPS.

Without this patch, Caddy will try using Let's Encrypt
or ZeroSSL's ACME endpoint to get IP certs, neither
of which support that.
2024-10-04 10:23:30 -06:00
Mohammed Al Sahaf
41f5dd56e1
metrics: scope metrics to active config, add optional per-host metrics (#6531)
* Add per host config

* Pass host label when option is enabled

* Test per host enabled

* metrics: scope metrics per loaded config

* doc and linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* inject the custom registry into the admin handler

Co-Authored-By: Dave Henderson <dhenderson@gmail.com>

* remove `TODO` comment

* fixes

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* refactor to delay metrics admin handler provision

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Hussam Almarzooq <me@hussam.io>
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2024-10-02 08:23:26 -06:00
Francis Lavoie
16724842d9
caddyhttp: Implement auto_https prefer_wildcard option (#6146)
* Allow specifying multiple `auto_https` options

* Implement `auto_https prefer_wildcard` option

* Adapt tests, add mock DNS module for config testing

* Rebase fix
2024-10-02 07:31:58 -06:00
Francis Lavoie
792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add vars and vars_regexp (#6594)
* caddyhttp: Escaping placeholders in CEL

* Simplify some of the test cases

* Implement vars and vars_regexp in CEL

* dupl lint is dumb

* Better consts for the placeholder CEL shortcut

* Bump CEL version, register a few extensions

* Refactor s390x test script for readability

* Add retries for s390x to smooth over flakiness

* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-02 06:34:04 -06:00
Matt Holt
c8adb1b553
cmd: Better error handling when reloading (#6601)
* caddyhttp: Limit auto-HTTPS error logs to 100 domains

* Improve error message and increase error size limit
2024-10-01 20:31:30 -06:00
WeidiDeng
f3aead0e4d
http: ReponseWriter prefer ReadFrom if available (#6565)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-01 11:19:03 -06:00
Francis Lavoie
571f88d86f
chore: Adjust incorrect reverse_proxy Caddyfile comment (#6598) 2024-10-01 10:56:30 -06:00
Aaron Paterson
0e829bc418
caddyhttp: Fix listener wrapper regression from #6573 (#6599) 2024-10-01 01:47:21 -04:00
Aaron Paterson
4b1a9b6cc1
core: Implement socket activation listeners (#6573)
* caddy adapt for listen_protocols

* adapt listen_socket

* allow multiple listen sockets for port ranges and readd socket fd listen logic

* readd logic to start servers according to listener protocols

* gofmt

* adapt caddytest

* gosec

* fmt and rename listen to listenWithSocket

* fmt and rename listen to listenWithSocket

* more consistent error msg

* non unix listenReusableWithSocketFile

* remove unused func

* doc comment typo

* nonosec

* commit

* doc comments

* more doc comments

* comment was misleading, cardinality did not change

* addressesWithProtocols

* update test

* fd/ and fdgram/

* rm addr

* actually write...

* i guess we doin' "skip": now

* wrong var in placeholder

* wrong var in placeholder II

* update param name in comment

* dont save nil file pointers

* windows

* key -> parsedKey

* osx

* multiple default_bind with protocols

* check for h1 and h2 listener netw
2024-09-30 10:55:03 -06:00
Alexander Stecher
22c98ea165
caddyhttp: Optimize logs using zap's WithLazy() (#6590)
* uses zap's .WithLazy with a cloned request

* fixes the cloning

* adds comment explaining why cloning is faster
2024-09-26 12:23:12 -06:00
Francis Lavoie
2faeac0a10
chore: Use slices package where possible (#6585)
* chore: Use slices package where possible

* More, mostly using ContainsFunc

* Even more slice operations
2024-09-25 14:30:56 -06:00
Marten Seemann
ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) 2024-09-21 05:47:18 +02:00
Mohammed Al Sahaf
6ab9fb6f74
ci: update the linter action version (#6575)
* ci: update the linter action version

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* exclude rule `G115`; disable deprecated linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-09-16 07:50:26 -06:00
Kévin Dunglas
f4bf4e0097
perf: use zap's Check() to prevent useless allocs (#6560)
* perf: use zap's Check() to prevent useless allocs

* fix

* fix

* fix

* fix

* restore previous replacer behavior

* fix linter
2024-09-13 11:16:37 -06:00
mister-turtle
21f9c20a04
rewrite: Avoid panic on bad arg count for uri (#6571) 2024-09-13 03:22:03 -04:00
Jesper Brix Rosenkilde
91e62db666
caddyhttp: Make route provisioning idempotent (#6558)
ref: https://github.com/caddyserver/caddy/issues/6551
2024-09-03 11:57:55 -06:00
Steffen Busch
c050a37e1c
reverse_proxy: add placeholder http.reverse_proxy.retries (#6553)
* Add placeholder http.reverse_proxy.lb.retries

* Renamed placeholder to http.reverse_proxy.retries
2024-08-30 11:53:56 -06:00
lollipopkit🏳️‍⚧️
5c47c2f147
fileserver: browse: Configurable default sort (#6502)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options

* fileserver: move `sort` to `browse`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-08-30 09:01:37 -06:00
Alexander Stecher
ffd28be90a
rewrite: Only serialize request if necessary (#6541)
* Prevents serializing the caddy request if log level is not debug.

* Extracts message to const.
2024-08-30 08:46:51 -06:00
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 (#6526)
* chore: build and test with Go 1.23

* ci: bump golangci-lint to v1.60

* fix: make properly wrap errors

* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
4ade967005
reverseproxy: allow user to define source address (#6504)
* reverseproxy: allow user to define source address

Closes #6503

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reverse_proxy: caddyfile support for local_address

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 19:52:05 +00:00
Mohammed Al Sahaf
8af646730b
caddyhttp: run error (msg) through replacer (#6536)
* error: run `error` (msg) through replacer

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* fix integration test

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 11:32:44 -06:00
Cuckoo Chickoo
098897bdea
chore: Fix a typo (#6534)
Fixes Typo in Docs
2024-08-22 13:15:58 +03:00
Jens-Uwe Mager
2bb2ecc549
reverseproxy: Change errors writing the response to warning. (#6532)
Most of the errors that can be seen here are write errors due to clients
aborting the request from their side. Often seen ones include:

	* writing: ... write: broken pipe
	* writing: ... connection timed out
	* writing: http2: stream closed
	* writing: timeout...
	* writing: h3 error...

Most of these errors are beyond of the control of caddy on the client side,
probably nothing can be done on the server side. It still warrants
researching when these errors occur very often, so a change in level from
error to warn is better here to not polute the logs with errors in the
normal case.
2024-08-21 11:39:20 -06:00
Jesper Brix Rosenkilde
54a0c8f948
reverseproxy: Active health checks request body option (#6520)
* Add an option to specify the body used for active health checks

* Replacer on request body
2024-08-19 10:55:55 -06:00