Commit graph

2401 commits

Author SHA1 Message Date
Gábor Lipták
7fa90f08ae Correct golint warning (#2915) 2019-12-04 16:35:56 -07:00
evtr
5ec503386c proxy: ability to use client certs in reverse proxy (#2914)
* ability to use client certs in reverse proxy

* changed to http3.RoundTripper after review
2019-12-04 15:35:36 -07:00
Matthew Holt
6f9a39525a
github: Remove issue and PR templates; update contributing guidelines 2019-12-04 15:13:29 -07:00
Rustin
cf611796c6 update readme to remove GO111MODULE env (#2886) 2019-11-18 12:02:08 -07:00
Matthew Holt
aadda6e34e
Prepare v1.0.4 tag 2019-11-15 13:11:32 -07:00
Matthew Holt
6c4cb5006a
go.mod: lego v3.2.0, certmagic v0.8.3, and quic-go v0.13.1 2019-11-15 13:08:28 -07:00
Yuqian Ma
12107f035c dist: update caddy.service on Ubuntu 18 (#2866)
move `StartLimitIntervalSec` and `StartLimitBurst` from [Service] to [Unit]
ref: https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html
2019-11-15 12:59:03 -07:00
MisterDuval
832df649c1 fastcgi: Case-insensitive extension comparison 2019-11-15 12:54:39 -07:00
Julian Kornberger
cc63eca0c8 Add flag to disable timestamps for process log (#2781)
* Add flag to enable/disable timstamps for process log.

solves #2615

* Remove timestamp argument from log.Printf()

* Add log-timestamps=false to systemd unit

* Copy log flags

* Fix argument list
2019-11-06 13:06:34 -07:00
Marten Seemann
aa94f2b802 update quic-go to v0.13.0 (#2862)
This version supports IETF QUIC draft-23.
2019-11-06 00:30:29 -07:00
Matt Holt
3f9a431100
Create FUNDING.yml 2019-10-30 09:56:43 -06:00
Adam Daniels
8c860641b9 dist: Update FreeBSD Init script to support custom flags (#2796)
Clear rc_flags in start precmd. If these flags are still present during
start command, they are passed to daemon(8) instead of caddy(8).

Extract all options into $caddy_options environment variable.
2019-10-15 15:38:20 -06:00
Jonathan Rudenberg
99914d2204 Move certmagic import out of caddy package (#2807) 2019-10-14 10:07:36 -06:00
Jacob Hoffman-Andrews
24b2e02ee5 init/systemd: Re-add ReadWriteDirectories. (#2798)
In systemd 231
(4f10b80786/NEWS (L3558-L3565)),
ReadWriteDirectories was renamed ReadWritePaths.

In https://github.com/caddyserver/caddy/pull/2620/files, @aspeteRakete
renamed the directive in Caddy's example systemd unit.

However, this means that if anyone runs this sytemd unit on a version of
systemd older than 231, Caddy will go into a crash loop that hammers
Let's Encrypt's servers. That's because the ProtectSystem=full directive
prevents writes to all paths that aren't explicitly permitted, and older
systemd doesn't see any paths being permitted.

To maximize compatibility, I re-add the original ReadWriteDirectories
directive. Older systemd will read that; newer systemd will read the
newer directive. Both should ignore the directive they do not recognize.

Another approach to solve this problem would be to remove
ProtectSystem=true, originally introduced in da8ae9e5. That would reduce
the risk of similar breakages in the future. It would make for a slightly
less "exemplary" systemd unit, but I think it would still be adequate,
given that this unit runs caddy as "www-data", a user the presumably has
low privileges.
2019-10-09 19:04:28 -06:00
Adil H
be2fdb6af6 httpserver: no SetKeepAlivePeriod in openbsd (#2787)
* no SetKeepAlivePeriod on openbsd

* fix tcpKeepAliveListener.Accept signature
2019-10-08 09:49:40 -06:00
Matt Holt
16b296c97e
systemd: Prevent excessive restarts in tight loop 2019-10-07 11:28:21 -06:00
Jannis Andrija Schnitzer
11eee95222 staticfiles: Signal that redirection headers have been written (#2792)
The Handler interface expects a first return value of 0 if headers have
already been written.
(cf. https://godoc.org/github.com/caddyserver/caddy/caddyhttp/httpserver#Handler)

When using http.Redirect, this is the case as http.Redirect does write
headers. When using Caddy with nested handlers, returning
http.StatusMovedPermanently could cause a wrong (200) response on a
non-slashy request on a directory name. Returning 0 ensures the
redirection will always take place.
2019-10-07 10:22:53 -06:00
Tobias Mühl
1de4a99ec3 Fix typo (#2763) 2019-09-23 22:01:44 -06:00
linquize
96579b97f6 gitattributes: go.mod, go.sum always eol=lf (#2753) 2019-09-22 14:17:16 -06:00
Ashish Acharya
8cc2f770fa Change mholt references to caddyserver (#2751)
mholt/caddy.git references are changed to caddyserver/caddy.git in the link titles
2019-09-15 11:41:20 -06:00
Jack Brown
a23f707268 Update build docs to clarify usage of .go extension (#2726)
Issue #2716 was caused by a misunderstanding regarding the filename to use when creating a custom build from source. These changes aim to make the instructions more explicit.
2019-08-26 19:07:07 +01:00
Alexander Danilov
ed4c2775e4 main: log caddy version on start (#2717) 2019-08-21 11:13:34 -06:00
Matthew Holt
bff2469d9d
Version 1.0.3 notes 2019-08-14 13:45:42 -06:00
Matthew Holt
a08ab0c007
Fix slice bounds when getting key of address (fixes #2706) 2019-08-14 10:41:25 -06:00
Matthew Holt
28e1f7c562
Version 1.0.2 2019-08-13 14:37:58 -06:00
Matthew Holt
914f39d784
Adjust address parsing for Go 1.12.8's breaking changes
See 3226f2d492
and https://github.com/golang/go/issues/29098
2019-08-13 14:37:45 -06:00
linquize
0ba427a6f4 websocket: Enhancements, message types, and tests (#2359)
* websocket: Should reset respawn parameter when processing next config entry

* websocket: add message types: lines, text, binary

* websocket: Add unit test

* Add websocket sample files
2019-07-19 13:29:49 -06:00
Matthew Holt
7fab1b15c8
readme: Fix tests badge 2019-07-19 11:28:59 -06:00
Christian Muehlhaeuser
3856ad03b0 Used goimports to fix import order (#2682)
Keeps the list sorted and prevents future merge conflicts.
2019-07-18 22:05:49 -06:00
George Hartzell
d411b7d087 Add doc re running as non-root user on FreeBSD (#2655)
Add a README.md in `dist/init/freebsd` that describes how to configure
the system so that `caddy` can be run without root privileges.
2019-07-18 15:19:21 -06:00
George Hartzell
580f7677ad Use syslog to manage caddy std{out,err} on FreeBSD (#2652)
* Use syslog to manage caddy std{out,err} on FreeBSD

There is no good way to rotate the logfile created by the previous
FreeBSD rc.d script (it's the result of redirecting std{out,err} and
is held open by the shell).

This solves the problem by sending caddy's std{out,err} stream to
syslog, using the daemon command's builtin functionality.

It replaces the old `caddy_logfile` rc.conf variable with
`caddy_syslog_facility` (which defaults to 'local7') and
`caddy_syslog_level` (which defaults to 'notice').

By default, these messages will end up in /var/log/messages but can
be redirected as documented in the script's comments.

* Add info about rotating log with newsyslog

If you create a caddy specific logfile in `/var/log`, you should
rotate it.

This adds a bit of info to the dist/init/freebsd/README.md about
rotating that log file with newsyslog.
2019-07-18 13:58:40 -06:00
rouzier
120811e7f7 staticfiles: Support pre-compressed zstd, make etag content-encoding-aware (#2626)
* Add support for precompressed zstd files (rfc8478)

* Avoid the hash lookup for the file extension.

* Only calculate Etag once
2019-07-18 13:50:01 -06:00
aspeteRakete
43458bda46 Updated systemd caddy.service (#2620)
According to https://github.com/systemd/systemd/blob/v241/NEWS#L2799
The Directive ReadWriteDirectories= has been renamed to ReadWritePaths=
in 241.
2019-07-18 13:46:00 -06:00
William Wang
a9ccaa1ae5 add recaptcha plugin (#2664) 2019-07-11 13:37:27 -06:00
Matthew Holt
f6ee100bae
Update notes for v1.0.1 2019-07-02 13:08:31 -06:00
Matthew Holt
f5720fecd6
Change all import paths: mholt/caddy -> caddyserver/caddy
Includes updating go.mod to use new module path
2019-07-02 12:49:20 -06:00
Matthew Holt
0b2e054839 tls: Deprecate 'max_certs' in favor of 'ask'; use latest CertMagic 2019-07-01 11:43:27 -06:00
Damir Vandic
6f01928512 Fix graceful shutdown (#2618)
Currently, the instance waitgroup is decremented twice in `startServers()`: once when `Serve()` is finished and once when `ServePacket()` is finished. However, with a graceful shutdown, `Serve()` returns before the server has actually finished shutting down all active connections. This patch increases the wait group by one when the server is shut down so that the program only exits when all the server instances have finished serving their connections.
2019-06-23 16:24:13 -06:00
Matthew Holt
6115a462c7
mod: Use CertMagic v0.6.1 2019-06-21 08:03:17 -06:00
Matthew Holt
5f9cba0f19
caddyfile: Move metrics into caddy package 2019-06-21 08:02:53 -06:00
Matthew Holt
05b3938556
Minor fixes to tests 2019-06-19 17:02:34 -06:00
Matthew Holt
62b4553f7d tls: Disable on-demand TLS when random config is chosen
A random config is intended to be used only for solving TLS-ALPN
challenges; so we have to be sure to disable on-demand TLS so that
arbitrary names can't request certificates with another name's
on-demand config.
2019-06-19 16:57:45 -06:00
Matthew Holt
ad20323b52 Refactor clustering setup code 2019-06-19 16:57:45 -06:00
Matthew Holt
721c100bb0 Use CertMagic's HTTP and HTTPS port variable
Slightly inconvenient because it uses int type and we use string, but
oh well. This fixes a bug related to setting -http-port and -https-port
flags which weren't being used by CertMagic in some cases.
2019-06-19 16:57:45 -06:00
Matthew Holt
6720bdfb55 Clean up certmagic locks on signaled process exit
This should help prevent hanging in some cases when the process is
restarted and tries to obtain or renew a certificate, for example, but
the lock remains from the previous shutdown (which was during the same
operation). Only works if the process is cleanly shut down with a signal
it can capture.
2019-06-19 16:57:45 -06:00
shouya
0c626fbc2e tls: Allow client auth configs if CA filenames match (#2648)
* verify client certs

* move client cert compatible checker to an independent function

* unexport client cert compatible checker

* rename functions and add comment

* gofmt code

* add test

* add back the comment
2019-06-19 11:25:56 -06:00
Daniel
af82141808 caddyhttp: Add 'permission' plugin directive (#2639) 2019-06-12 10:15:17 -06:00
Jared Ririe
d11b648137 caddytls: Fix goroutine leak when restarting Caddy (#2644)
Each time the Caddyfile reloads and Caddy is restarted,
caddytls.NewConfig starts a goroutine for cleaning the
certificate storage. This goroutine ranges over a time.Ticker
channel; although Stop is called on this ticker, Stop does
not close the underlying channel so the goroutine never exits.

This change adds an additional channel that is listened to
in the certificate cleaning goroutine so it can exit
on restarts.
2019-06-11 15:24:35 -06:00
Matthew Holt
14a8ffedd8
Fix panic serving index file if HTTP request is malformed 2019-05-27 08:12:19 -06:00
Matthew Holt
b5906135c7
Move PR template in attempt to fix (sigh)
https://github.community/t5/How-to-use-Git-and-GitHub/Our-pull-request-templates-aren-t-showing-up-for-any-PRs/m-p/22958
2019-05-27 08:11:33 -06:00