Commit graph

728 commits

Author SHA1 Message Date
Денис Телюх
2e46c2ac1d
admin, reverseproxy: Stop timers if canceled to avoid goroutine leak () 2022-01-04 12:14:18 -07:00
Francis Lavoie
249adc1c87
logging: Support turning off roll compression via Caddyfile () 2022-01-04 12:11:27 -07:00
Francis Lavoie
e9dde23024
headers: Fix + in Caddyfile to properly append rather than set () 2022-01-04 10:10:11 -07:00
Francis Lavoie
3fe2c73dd0
caddyhttp: Fix MatchPath sanitizing ()
This is a followup to , in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542

Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
2021-12-30 04:15:48 -05:00
Francis Lavoie
5333c3528b
reverseproxy: Fix incorrect health_headers Caddyfile parsing ()
Fixes 
2021-12-17 08:53:11 -07:00
Rainer Borene
180ae0cc48
caddyhttp: Implement http.request.uuid placeholder () 2021-12-15 00:17:53 -07:00
Matthew Holt
a1c41210d3 caddypki: Minor tweak, don't use context pointer 2021-12-13 16:13:38 -07:00
Matt Holt
ecac03cdcb
caddyhttp: Enhance vars matcher ()
* caddyhttp: Enhance vars matcher

Enable "or" logic for multiple values.
Fall back to checking placeholders if not a var name.

* Fix tests (thanks @mohammed90 !)
2021-12-13 13:59:58 -07:00
Francis Lavoie
c04d24cafa
pki: Avoid provisioning the local CA when not necessary ()
* pki: Avoid provisioning the `local` CA when not necessary

* pki: Refactor CA loading to keep the logic in the PKI app
2021-12-13 12:25:35 -07:00
Mohammed Al Sahaf
78b5356f2b
fileserver: do not double-escape paths () 2021-12-11 09:26:21 -05:00
Adam Burgess
dce81e85d5
docs: use backticks to not italicise glob path () 2021-12-05 23:48:40 -07:00
Kévin Dunglas
a1b417c832
logging: add support for hashing data ()
* logging: add support for hashing data

* Update modules/logging/filters.go

Co-authored-by: wiese <wiese@users.noreply.github.com>

* Update modules/logging/filters.go

Co-authored-by: wiese <wiese@users.noreply.github.com>

Co-authored-by: wiese <wiese@users.noreply.github.com>
2021-12-02 13:51:37 -07:00
Francis Lavoie
5bf0adad87
caddyhttp: Make logging of credential headers opt-in () 2021-12-02 13:26:24 -07:00
Francis Lavoie
8e5aafa5cd
fastcgi: Fix a TODO, prevent zap using reflection for logging env ()
* fastcgi: Fix a TODO, prevent zap using reflection for logging env

* Update modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2021-12-02 13:23:19 -07:00
Tim Culverhouse
ec14ccdd40
templates: fix inconsistent nested includes () 2021-11-29 12:29:40 -05:00
Francis Lavoie
f55b123d63
caddyhttp: Split up logged remote address into IP and port () 2021-11-29 01:18:35 -05:00
Matt Holt
0eb0b60f47
logging: Remove common_log field and single_field encoder () () 2021-11-29 01:08:52 -05:00
Francis Lavoie
9ee68c1bd5
reverseproxy: Adjust defaults, document defaults ()
* reverseproxy: Adjust defaults, document defaults

Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6.

- Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release.

- Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost!

- Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience.

* reverseproxy: Make keepalive interval configurable via Caddyfile

* fastcgi: DialTimeout default for fastcgi transport too
2021-11-24 01:32:25 -05:00
Kévin Dunglas
789efa5dee
logging: add a regexp filter () 2021-11-23 10:00:20 -07:00
Kévin Dunglas
8887adb027
logging: add a filter for cookies ()
* feat(logging): add a filter for cookies

* Improve godoc and add validation
2021-11-23 09:40:20 -07:00
Kévin Dunglas
bcac2beee7
logging: add a filter for query parameters ()
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-11-23 04:01:43 -05:00
Mohammed Al Sahaf
1e10f6f725
fileserver: browse: do not encode the paths in breadcrumbs and page title () 2021-11-23 03:13:09 -05:00
Jeremy Lin
c8b5a81607
fileserver: Fix handling of symlink sizes in directory listings () 2021-11-22 14:59:09 -07:00
Francis Lavoie
eead337324
caddyhttp: Log non-500 handler errors at debug level ()
Fixes 

It's best to still log handler errors at debug level so that they're hidden by default, but still accessible if additional details are necessary.
2021-11-22 11:58:25 -07:00
Matthew Holt
7d5047c1f1
caddyhttp: Log empty value for typical password headers
Work around for common misconfiguration
2021-11-22 11:31:50 -07:00
Jeremy Lin
e81369e220
fileserver: Move default browse template into a separate file ()
This makes it easier for users to find the default browse template if they
want to create a custom template based on that. It also makes it easier to
view the template with proper syntax highlighting.
2021-11-15 11:53:54 -07:00
Francis Lavoie
e7457b43e4
caddyhttp: Sanitize the path before evaluating path matchers () 2021-11-08 13:45:03 -07:00
Matt Holt
24fda7514d
caddytls: Mark storage clean timestamp at end of routine ()
See discussion on 42b7134ffa
2021-11-02 08:27:25 -06:00
Matthew Holt
3385856966
Fix lint message in metrics tests 2021-10-27 13:44:46 -06:00
Francis Lavoie
f73f55dba7
reverseproxy: Sanitize scheme and host on incoming requests ()
* caddyhttp: Sanitize scheme and host on incoming requests

* reverseproxy: Sanitize the URL scheme and host before proxying

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-10-26 14:41:28 -06:00
Klaus Helenius
a21d5a001f
fileserver: Prevent focusing filter from scrolling on page load () 2021-10-20 12:15:58 -04:00
Matthew Holt
a2119c09e9
map: Fix 95c03506 (avoid repeated expansions) 2021-10-19 12:25:36 -06:00
Francis Lavoie
b092061591
reverseproxy: Prevent copying the response if a response handler ran () 2021-10-18 14:00:43 -04:00
Y.Horie
64f8b557b1
fileserver: Fix compression breaks using httpInclude () () 2021-10-16 11:09:16 -04:00
Matthew Holt
95c035060f
map: Fix regex mappings
It didn't really make sense how we were doing them before. See https://caddy.community/t/map-directive-and-regular-expressions/13866/6?u=matt
2021-10-13 17:58:20 -06:00
Simão Gomes Viana
837cdc566d
caddyhttp: reverseproxy: clarify warning for -insecure ()
The question would only receive bad answers so it's better
to just say what the option actually does.
2021-10-11 16:15:00 -06:00
Oleg
cbb045a121
caddyhttp: Placeholder for client cert in DER + base64 format ()
* client.certificate_pem_encoded in base64 format

* base64-encoding without pem encoding;naming change

* fix cert.Raw instead of block.bytes
2021-10-01 16:27:29 -06:00
KallyDev
c48fadc4a7
Move from deprecated ioutil to os and io packages () 2021-09-29 11:17:48 -06:00
Matthew Holt
059fc32f00
Revert 3336faf2 (close )
Debug log is correct level for this
2021-09-27 12:06:06 -06:00
Matthew Holt
501da21f20
General minor improvements to docs 2021-09-24 18:31:01 -06:00
Matthew Holt
3336faf254
reverseproxy: Log error at error level (fix ) 2021-09-24 18:29:23 -06:00
Tim Culverhouse
16f752125f
templates: Add tests for funcInclude and funcImport ()
* Update tplcontext.go

Add {{ render "/path/to/file.ext" $data }} via funcRender

* Update tplcontext.go

* Refactor funcInclude, add funcImport to enable {{block}} and {{template}}

* Fix funcImport return of nil showing up in html

* Update godocs for  and

* Add tests for funcInclude

* Add tests for funcImport

* os.RemoveAll -> os.Remove for TestFuncInclude and TestFuncImport
2021-09-20 12:29:37 -06:00
Slavik
0a5f7a677f
fileserver: Make file listing links purple once visited () 2021-09-19 22:01:11 -06:00
HayatoShiba
d3a0259944
fileserver: Fix displayed file size if it is symlink ()
* Fix file size if it is symlink

* change the variable name for readability
2021-09-18 05:51:59 -06:00
Tim Culverhouse
5fda9610f9
templates: Add 'import' action ()
Related to (closed) Issue  on template inheritance. This PR adds a new function called "import" which works like "include", except it only takes one argument and passes it to the referenced file to be used as "." in that file.

* Update tplcontext.go

Add {{ render "/path/to/file.ext" $data }} via funcRender

* Update tplcontext.go

* Refactor funcInclude, add funcImport to enable {{block}} and {{template}}

* Fix funcImport return of nil showing up in html

* Update godocs for  and
2021-09-17 13:00:36 -06:00
Francis Lavoie
3f2c3ecf85
fastcgi: Implement try_files override in Caddyfile directive () 2021-09-17 08:23:06 -06:00
Francis Lavoie
907e2d8d3a
caddyhttp: Add support for triggering errors from try_files ()
* caddyhttp: Add support for triggering errors from `try_files`

* caddyhttp: Use vars instead of placeholders/replacer for matcher errors

* caddyhttp: Add comment for matcher error var key
2021-09-17 00:52:32 -06:00
Mohammed Al Sahaf
33c70f418f
fileserver: properly handle escaped/non-ascii paths ()
* fileserver: properly handle escaped/non-ascii paths

* fileserver: tests: accommodate Windows hate of colons in files names
2021-09-16 20:40:31 +00:00
Matthew Holt
2392478bd3
templates: Propagate httpError to HTTP response
Now possible with Go 1.17.
See https://github.com/golang/go/issues/34201.
2021-09-15 09:55:57 -06:00
Matthew Holt
a437206643
headers: Canonicalize case in replace (fix ) 2021-09-13 10:13:32 -06:00