Aziz Rmadi
3ae07a73dc
caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable ( #6050 )
...
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module
* Added leaf loaders modules: file, folder, pem aand storage
* Cleaned implementation of leaf cert loader modules
* Added tests for leaf certs file and folder loaders
* cmd: fix the output of the `Usage` section (#6138 )
* core: OnExit hooks (#6128 )
* core: OnExit callbacks
* core: Process-global OnExit callbacks
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141 )
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Added more leaf certificate loaders tests and cleaned up code
* Modified leaf cert loaders json field names and cleaned up storage loader comment
* Update modules/caddytls/leaffileloader.go
* Update LeafStorageLoader certificates field name
* Upgraded protobuf version
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-05 14:55:37 -07:00
Francis Lavoie
e473ae6803
cmd: Adjust config load logs/errors ( #6032 )
...
* cmd: Adjust config load logs/errors
* Update cmd/main.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-05 19:26:30 +00:00
Matt Holt
72ce78d9af
reverseproxy: SRV dynamic upstream failover ( #5832 )
...
* Implement grace period, but probably needs sync
* Update cached freshness value
* D'oh, actually use the grace period
* Fix freshness math
2024-03-05 12:08:31 -07:00
dependabot[bot]
8f8204708a
ci: bump golangci/golangci-lint-action from 3 to 4 ( #6141 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-02 02:38:57 +03:00
Matt Holt
46c5db92da
core: OnExit hooks ( #6128 )
...
* core: OnExit callbacks
* core: Process-global OnExit callbacks
2024-03-01 09:57:05 -07:00
Mohammed Al Sahaf
de4959fe7b
cmd: fix the output of the Usage
section ( #6138 )
2024-03-01 19:00:29 +03:00
Mohammed Al Sahaf
03f703a00e
caddytls: verifier: caddyfile: re-add Caddyfile support ( #6127 )
...
* caddytls: verifier: caddyfile: re-add Caddyfile support
* appease the linter
* caddytls: client_auth: verifier: change namespace to `tls.client_auth.verifier`
2024-02-26 00:13:48 +03:00
Mohammed Al Sahaf
931656bd68
acmeserver: add policy field to define allow/deny rules ( #5796 )
...
* acmeserver: support specifying the allowed challenge types
* add caddyfile adapt tests
* acmeserver: add `policy` field to define allow/deny rules
* allow `omitempty` to work
* add caddyfile support for `policy`
* remove "uri domain" policy
* fmt the files
* add docs
* do not support `CommonName`; the field is deprecated
* r/DNSDomains/Domains/g
* Caddyfile docs
* add tests
* move `Policy` to top of file
2024-02-24 02:26:00 +03:00
Sam Ottenhoff
da6a569e85
reverseproxy: cookie should be Secure and SameSite=None when TLS ( #6115 )
...
* reverseproxy: cookie should be Secure and SameSite=None when TLS
* Update modules/caddyhttp/reverseproxy/selectionpolicies_test.go
Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
---------
Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
2024-02-23 12:45:58 -07:00
Francis Lavoie
4512be49a9
caddytest: Rename adapt tests to *.caddyfiletest
extension ( #6119 )
2024-02-21 00:37:40 +00:00
José Carlos Chávez
f8143a3af1
tests: uses testing.TB interface for helper to be able to use test server in benchmarks. ( #6103 )
2024-02-20 22:04:14 +00:00
bbaa
8bbf8ec629
caddyfile: Assert having a space after heredoc marker to simply check ( #6117 )
2024-02-20 12:29:20 +00:00
Francis Lavoie
4284e39a17
chore: Update Chroma to get the new Caddyfile lexer ( #6118 )
2024-02-20 06:23:39 -05:00
WeidiDeng
53f7035299
reverseproxy: use context.WithoutCancel ( #6116 )
2024-02-19 20:25:02 -07:00
Aziz Rmadi
b893c8c5f8
caddyfile: Reject directives in the place of site addresses ( #6104 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-02-19 00:22:48 +00:00
Matt Holt
127788807f
caddyhttp: Register post-shutdown callbacks ( #5948 )
2024-02-14 21:21:23 -07:00
Francis Lavoie
2c48dda109
caddyhttp: Only attempt to enable full duplex for HTTP/1.x ( #6102 )
2024-02-13 13:45:38 -05:00
Francis Lavoie
30d63648f5
caddyauth: Drop support for scrypt
( #6091 )
2024-02-12 19:33:54 +00:00
Mohammed Al Sahaf
21744b6c4c
Revert "caddyfile: Reject long heredoc markers ( #6098 )" ( #6100 )
...
This reverts commit e7a534d0a3
.
2024-02-12 18:06:22 +00:00
Francis Lavoie
f9e11158bc
caddyauth: Rename basicauth
to basic_auth
( #6092 )
2024-02-12 17:34:23 +00:00
Francis Lavoie
91ec75441a
logging: Inline Caddyfile syntax for ip_mask
filter ( #6094 )
2024-02-12 17:15:35 +00:00
Francis Lavoie
e7a534d0a3
caddyfile: Reject long heredoc markers ( #6098 )
...
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-02-11 13:30:14 -05:00
Francis Lavoie
c78ebb3d6a
chore: Rename CI jobs, run on M1 mac ( #6089 )
...
* Try macos-14 for fun
* Decouple OS names and VM names
* Shorten `cross-build-test` to `build`
2024-02-09 15:31:26 -07:00
Kévin Dunglas
a6d9f9be5b
Merge pull request #6081 from dunglas/fix/encode-match
2024-02-09 09:41:44 +01:00
Kévin Dunglas
2348ac897a
update comment
2024-02-09 09:35:55 +01:00
Kévin Dunglas
d3f23a8eeb
improved list
2024-02-09 09:35:55 +01:00
Kévin Dunglas
60abd72c7a
fix: add back text/*
2024-02-09 09:35:55 +01:00
Kévin Dunglas
b8f729b88f
fix: add more media types to the compressed by default list
2024-02-09 09:35:55 +01:00
Mohammed Al Sahaf
e1aa862e6a
acmeserver: support specifying the allowed challenge types ( #5794 )
...
* acmeserver: support specifying the allowed challenge types
* add caddyfile adapt tests
* introduce basic acme_server test
* skip acme test on unsuitable environments
* skip integration tests of ACME
* documentation
* add negative-scenario test for mismatched allowed challenges
* a bit more docs
* fix tests for ACME challenges
* appease the linter
* skip ACME tests on s390x
* enable ACME challenge tests on all machines
* Apply suggestions from code review
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-02-08 11:42:03 +03:00
Francis Lavoie
8c2a72ad07
matchers: Drop forwarded
option from remote_ip
matcher ( #6085 )
2024-02-07 10:09:29 -05:00
Francis Lavoie
bde46211e3
caddyhttp: Test cases for %2F
and %252F
( #6084 )
2024-02-07 05:13:17 -05:00
WeidiDeng
bc1e63198d
bump to golang 1.22 ( #6083 )
2024-02-07 02:13:58 -05:00
Aziz Rmadi
feb07a7b59
fileserver: Browse can show symlink target if enabled ( #5973 )
...
* Added optional subdirective to browse allowing to reveal symlink paths.
* Update modules/caddyhttp/fileserver/browsetplcontext.go
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-02-06 04:31:26 +00:00
Aziz Rmadi
a7479302fc
core: Support NO_COLOR env var to disable log coloring ( #6078 )
2024-02-01 19:12:42 -07:00
dependabot[bot]
223f314331
build(deps): bump peter-evans/repository-dispatch from 2 to 3 ( #6080 )
...
Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) from 2 to 3.
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases )
- [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: peter-evans/repository-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 18:34:40 -05:00
Matthew Holt
1919c08ecc
Update comment in setcap helper script
2024-01-31 12:59:26 -07:00
Matt Holt
57c5b921a4
caddytls: Make on-demand 'ask' permission modular ( #6055 )
...
* caddytls: Make on-demand 'ask' permission modular
This makes the 'ask' endpoint a module, which means that developers can
write custom plugins for granting permission for on-demand certificates.
Kicking myself that we didn't do it this way at the beginning, but who coulda known...
* Lint
* Error on conflicting config
* Fix bad merge
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-30 16:11:29 -07:00
Francis Lavoie
e1b9a9d7b0
core: Add ctx.Slogger()
which returns an slog
logger ( #5945 )
2024-01-25 12:31:15 -07:00
Marten Seemann
697cc593a1
chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 ( #6043 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-01-25 13:58:19 -05:00
Yolan Romailler
2fe69a828f
chore: enabling a few more linters ( #5961 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-25 15:24:58 +00:00
bbaa
c369df5c37
caddyfile: Correctly close the heredoc when the closing marker appears immediately ( #6062 )
2024-01-25 14:55:00 +00:00
bbaa
7c48b5fdbb
caddyfile: Switch to slices.Equal for better performance ( #6061 )
2024-01-25 14:46:08 +00:00
Mohammed Al Sahaf
e965b111cd
tls: modularize trusted CA providers ( #5784 )
...
* tls: modularize client authentication trusted CA
* add `omitempty` to `CARaw`
* docs
* initial caddyfile support
* revert anything related to leaf cert validation
The certs are used differently than the CA pool flow
* complete caddyfile unmarshalling implementation
* Caddyfile syntax documentation
* enhance caddyfile parsing and documentation
Apply suggestions from code review
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add client_auth caddyfile tests
* add caddyfile unmarshalling tests
* fix and add missed adapt tests
* fix rebase issue
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-25 11:44:41 +03:00
Francis Lavoie
b9c40e7111
logging: Automatic wrap
default for filter
encoder ( #5980 )
...
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
2024-01-25 04:00:22 +00:00
Francis Lavoie
f5344f8cad
caddyhttp: Fix panic when request missing ClientIPVarKey ( #6040 )
2024-01-24 00:45:50 +00:00
Francis Lavoie
750d0b8331
caddyfile: Normalize & flatten all unmarshalers ( #6037 )
2024-01-23 19:36:59 -05:00
Mohammed Al Sahaf
54823f52bc
cmd: reverseproxy: log: use caddy logger ( #6042 )
2024-01-23 10:52:02 -07:00
Aziz Rmadi
ed7e3c906a
matchers: query
now ANDs multiple keys ( #6054 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-22 02:36:44 +00:00
bbaa
c0273f1f04
caddyfile: Add heredoc support to fmt
command ( #6056 )
2024-01-22 02:24:49 +00:00
Kévin Dunglas
dba556fe4b
refactor: move automaxprocs init in caddycmd.Main()
2024-01-19 11:17:35 +01:00