Kiss Károly
2a97902c21
Merge branch 'master' of github.com:kresike/caddy
2022-06-14 13:42:53 +02:00
Kiss Károly
afdf87bc08
Moved SNI servername replacement into httptransport.
2022-06-14 13:42:44 +02:00
Kiss Károly Pál
e572db3d3e
Merge branch 'master' into master
2022-06-13 11:20:44 +02:00
Kiss Károly
a661daff98
Move TLS servername replacement into it's own function
2022-06-13 11:20:17 +02:00
Kiss Károly
7b99772e85
Reverted previous TLS server name replacement, and implemented thread safe version.
2022-06-10 18:17:26 +02:00
Yaacov Akiba Slama
aaf6794b31
reverseproxy: Add renegotiation param in TLS client ( #4784 )
...
* Add renegotiation option in reverseproxy tls client
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-10 09:33:35 -06:00
Kiss Károly
7683eb294b
Make reverse proxy TLS server name replaceable for SNI upstreams.
2022-06-09 13:21:51 +02:00
Matthew Holt
1498132ea3
caddyhttp: Log error from CEL evaluation ( fix #4832 )
2022-06-08 16:42:24 -06:00
Francis Lavoie
7f9b1f43c9
reverseproxy: Correct the tls_server_name
docs ( #4827 )
...
* reverseproxy: Correct the `tls_server_name` docs
* Update modules/caddyhttp/reverseproxy/httptransport.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-06-06 12:37:09 -06:00
Matt Holt
5e729c1e85
reverseproxy: HTTP 504 for upstream timeouts ( #4824 )
...
Closes #4823
2022-06-03 14:13:47 -06:00
Gr33nbl00d
0a14f97e49
caddytls: Make peer certificate verification pluggable ( #4389 )
...
* caddytls: Adding ClientCertValidator for custom client cert validations
* caddytls: Cleanups for ClientCertValidator changes
caddytls: Cleanups for ClientCertValidator changes
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update modules/caddytls/connpolicy.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Unexported field Validators, corrected renaming of LeafVerificationValidator to LeafCertClientAuth
* admin: Write proper status on invalid requests (#4569 ) (fix #4561 )
* Apply suggestions from code review
* Register module; fix compilation
* Add log for deprecation notice
Co-authored-by: Roettges Florian <roettges.florian@scheidt-bachmann.de>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Alok Naushad <alokme123@gmail.com>
2022-06-02 14:25:07 -06:00
Matthew Holt
9864b138fb
reverseproxy: api: Remove misleading 'healthy' value
...
In v2.5.0, upstream health was fixed such that whether an upstream is
considered healthy or not is mostly up to each individual handler's
config. Since "healthy" is an opinion, it is not a global value.
I unintentionally left in the "healthy" field in the API endpoint for
checking upstreams, and it is now misleading (see #4792 ).
However, num_requests and fails remains, so health can be determined by
the API client, rather than having it be opaquely (and unhelpfully)
determined for the client.
If we do restore this value later on, it'd need to be replicated once
per reverse_proxy handler according to their individual configs.
2022-06-02 12:32:23 -06:00
Matthew Holt
3d18bc56b9
go.mod: Update go-yaml to v3
2022-06-01 15:15:20 -06:00
Matthew Holt
886ba84baa
Fix #4822 and fix #4779
...
The fix for 4822 is the change at the top of the file, and
4779's fix is toward the bottom of the file.
2022-06-01 15:12:57 -06:00
Alexander M
a9267791c4
reverseproxy: Add --internal-certs CLI flag #3589 ( #4817 )
...
added flag --internal-certs
when set, for non-local domains the internal CA will be used for cert generation
2022-05-29 14:33:01 -06:00
Aleks
6891f7f421
templates: Add humanize
function ( #4767 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2022-05-24 19:47:08 -04:00
David Larlet
9e760e2e0c
templates: Documentation consistency ( #4796 )
2022-05-17 18:56:40 -04:00
Matt Holt
57d27c1b58
reverseproxy: Support http1.1>h2c ( close #4777 ) ( #4778 )
2022-05-10 17:25:58 -04:00
Matthew Holt
693e9b5283
rewrite: Handle fragment before query ( fix #4775 )
2022-05-09 11:09:42 -06:00
Francis Lavoie
f7be0ee101
map: Prevent output destinations overlap with Caddyfile shorthands ( #4657 )
2022-05-06 10:25:31 -06:00
Francis Lavoie
f6900fcf53
reverseproxy: Support performing pre-check requests ( #4739 )
2022-05-06 10:50:26 -04:00
Francis Lavoie
ec86a2f7a3
caddyfile: Shortcut for remote_ip
for private IP ranges ( #4753 )
2022-05-04 12:42:37 -06:00
Francis Lavoie
e7fbee8c82
reverseproxy: Permit resolver addresses to not specify a port ( #4760 )
...
Context: https://caddy.community/t/caddy-2-5-dynamic-upstreams-and-consul-srv-dns/15839
I realized it probably makes sense to allow `:53` to be omitted, since it's the default port for DNS.
2022-05-04 12:40:39 -06:00
Tyler Kropp
e84e19a04e
templates: Add custom template function registration ( #4757 )
...
* Add custom template function registration
* Rename TemplateFunctions to CustomFunctions
* Add documentation
* Document CustomFunctions interface
* Preallocate custom functions map list
* Fix interface name in error message
2022-05-02 14:55:34 -06:00
Francis Lavoie
4a223f5203
reverseproxy: Fix Caddyfile support for replace_status
( #4754 )
2022-05-02 11:44:28 -06:00
Francis Lavoie
0be3d99543
logging: Implement rename filter, changes field key names ( #4745 )
2022-04-28 11:38:44 -04:00
Francis Lavoie
dcc98da4d2
caddyhttp: Improve listen addr error message for IPv6 ( #4740 )
2022-04-28 08:18:45 -06:00
Marco Kaufmann
3ab648382d
templates: Add missing backticks in docs ( #4737 )
2022-04-27 11:41:37 -06:00
Matt Holt
40b193fb79
reverseproxy: Improve hashing LB policies with HRW ( #4724 )
...
* reverseproxy: Improve hashing LB policies with HRW
Previously, if a list of upstreams changed, hash-based LB policies
would be greatly affected because the hash relied on the position of
upstreams in the pool. Highest Random Weight or "rendezvous" hashing
is apparently robust to pool changes. It runs in O(n) instead of
O(log n), but n is very small usually.
* Fix bug and update tests
2022-04-27 10:39:22 -06:00
Francis Lavoie
d543ad1ffd
caddypki: Fix caddy trust
command to use the correct API endpoint ( #4730 )
2022-04-25 22:00:39 -06:00
Francis Lavoie
3a1e0dbf47
httpcaddyfile: Deprecate paths in site addresses; use zap logs ( #4728 )
2022-04-25 10:12:10 -06:00
Francis Lavoie
77a77c0219
caddytls: Add propagation_delay
, support propagation_timeout -1
( #4723 )
2022-04-22 16:09:11 -06:00
Francis Lavoie
bc15b4b0e7
caddypki: Load intermediate for signing on-the-fly ( #4669 )
...
* caddypki: Load intermediate for signing on-the-fly
Fixes #4517
Big thanks to @maraino for adding an API in `smallstep/certificates` so that we can fix this
* Debug log
* Trying a hunch, does it need to be a pointer receiver?
* Clarify pointer receiver
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-04-13 10:20:42 -06:00
Francis Lavoie
00234c8ac2
templates: Switch to BurntSushi/toml
( #4700 )
2022-04-12 13:48:42 -06:00
Francis Lavoie
3e3bb00265
reverseproxy: Add _ms
placeholders for proxy durations ( #4666 )
...
* reverseproxy: Add `_ms` placeholders for proxy durations
* Add http.request.duration_ms
Also add comments, and change duration_sec to duration_ms
* Add response.duration_ms for consistency
* Add missing godoc comment
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-04-11 13:04:05 -06:00
Francis Lavoie
e4ce40f8ff
reverseproxy: Sync up handleUpgradeResponse
with stdlib ( #4664 )
...
* reverseproxy: Sync up `handleUpgradeResponse` with stdlib
I had left this as a TODO for when we bump to minimum 1.17, but I should've realized it was under `internal` so it couldn't be used directly.
Copied the functions we needed for parity. Hopefully this is ok!
* Add tests and fix godoc comments
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-04-11 12:49:56 -06:00
Y.Horie
afca242111
staticfiles: Expand placeholder for index files ( #4679 )
2022-04-07 15:01:09 -06:00
Francis Lavoie
7d229665ed
logging: Caddyfile support for duration_format
( #4684 )
...
Somehow, this was missed. Oops!
2022-04-07 11:23:28 -06:00
Matthew Holt
d06d0e79f8
go.mod: Upgrade CertMagic to v0.16.0
...
Includes several breaking changes; code base updated accordingly.
- Added lots of context arguments
- Use fs.ErrNotExist
- Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager
2022-03-25 11:28:54 -06:00
Matthew Holt
b8dbecb841
reverseproxy: Include port in A upstreams cache
...
Should fix #4659
2022-03-24 10:44:36 -06:00
Artem Mikheev
c9b5e7f77b
Fix http3 servers dying after reload ( #4654 )
2022-03-22 19:47:57 -04:00
Matthew Holt
79cbe7bfd0
httpcaddyfile: Add 'vars' directive
...
See discussion in #4650
2022-03-22 10:47:21 -06:00
Matthew Holt
55b4c12e04
map: Evaluate placeholders in output vals ( #4650 )
2022-03-21 17:05:38 -06:00
Matthew Holt
2196c92c0e
reverseproxy: Don't clear name in SRV upstreams
...
Fix for dc4d147388
2022-03-21 08:33:24 -06:00
Francis Lavoie
c5fffb4ac2
caddyfile: Support for raw token values; improve map
, expression
( #4643 )
...
* caddyfile: Support for raw token values, improve `map`, `expression`
* Applied code review comments
* Rename RawVal to ValRaw
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-03-18 15:08:23 -06:00
Matthew Holt
dc4d147388
reverseproxy: Expand SRV/A addrs for cache key
...
Hopefully fix #4645
2022-03-18 13:42:29 -06:00
Matthew Holt
93c99f6734
map: Support numeric and bool types with Caddyfile
...
Based on caddyserver/website#221
2022-03-17 17:53:32 -06:00
Francis Lavoie
a9c7e94a38
chore: Comment fixes ( #4634 )
2022-03-13 01:38:11 -05:00
Matthew Holt
3d616e8c6d
requestbody: Return HTTP 413 ( fix #4558 )
2022-03-11 12:34:55 -07:00
Mohammed Al Sahaf
b82e22b459
caddyhttp: retain all values of vars matcher when specified multiple times ( #4629 )
2022-03-11 10:55:37 -05:00