Commit graph

1553 commits

Author SHA1 Message Date
Francis Lavoie
b40548ff61
ci: Fix goreleaser deprecation (#5270) 2022-12-28 13:11:39 -05:00
TAKAHASHI Shuuji
4e54e48409
ci: Update GitHub Actions to avoid set-output deprecation (#5271) 2022-12-28 12:05:42 -05:00
Mohammed Al Sahaf
b166b90083
ci: exclude dependbot from running tests on s390x machine (#5266) 2022-12-22 14:13:47 -05:00
darkweak
dac7cacd4d
encode: Respect Cache-Control no-transform (#5257)
* encode: respect Cache-Control HTTP header no-transform

* encode: switch to strings.Contains
2022-12-20 13:26:53 -07:00
dependabot[bot]
af93517c2d
build(deps): bump goreleaser/goreleaser-action from 2 to 4 (#5264)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 19:47:33 -05:00
dependabot[bot]
3b724a2082
build(deps): bump actions/upload-artifact from 1 to 3 (#5262)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 19:14:43 -05:00
dependabot[bot]
329af5ced9
build(deps): bump actions/cache from 2 to 3 (#5263)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:56:52 -05:00
dependabot[bot]
cd49847edb
build(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5261)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-19 18:44:54 -05:00
John Losito
d3d76d6ac2
ci: Check for github action updates monthly (#5258) 2022-12-19 14:57:56 -07:00
Lukas Vogel
c3b5b1811c
cmd: Avoid panic when printing version without build info (#5210)
* version: don't panic if read build info doesn't work

If `debug.ReadBuildInfo()` doesn't return the build information we
should not try to access it. Especially if users only want to build with
the `CustomVersion` we should not assume access to
`debug.ReadBuildInfo()`.

The build environment where this isn't available for me is when building
with bazel.

* exit early
2022-12-19 14:23:45 -07:00
Emily Lange
4fe5e64e46
readme: white ZeroSSL text color in dark mode (#5259)
* readme: white ZeroSSL text color in dark mode

* fix: keep `valign` for GitHub mobile app
2022-12-19 13:01:30 -07:00
IndeedNotJames
e10ed7b00d
readme: darker variants of logos in dark mode (#5248) 2022-12-12 10:18:30 -07:00
Matthew Holt
fac35db9dc
go.mod: Update quic-go to v0.31.0
And fix a comment typo
2022-12-08 08:55:04 -07:00
Kyle McCullough
bfaf2a8201
acme_server: Configurable default lifetime for issued certificates (#5232)
* acme_server: add certificate lifetime configuration option

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

* pki: allow intermediate cert lifetime to be configured

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
2022-12-06 00:12:26 -07:00
Mohammed Al Sahaf
fef9cb3e05
caddytest: internalize init config into '.go' file (#5230) 2022-12-05 18:49:41 +00:00
Alban Lecocq
d4a7d89f56
reverseproxy: Improve hostByHashing distribution (#5229)
* If upstreams are all using same host but with different ports
ie:
foobar:4001
foobar:4002
foobar:4003
...
Because fnv-1a has not a good enough avalanche effect
Then the hostByHashing result is not well balanced over
all upstreams

As last byte FNV input tend to affect few bits, the idea is to change
the concatenation order between the key and the upstream strings
So the upstream last byte have more impact on hash diffusion
2022-12-05 11:28:12 -07:00
Matthew Holt
ae77a56ac8
Clarify some docs 2022-11-30 16:03:31 -07:00
bit
762b02789a
admin: set certmagic cache logger (#5173)
same way it is set in modules/caddytls/tls.go
2022-11-23 20:49:22 -07:00
Mariano Cano
6f8fe01da1
caddypki: Use go.step.sm/crypto to generate the PKI (#5217)
This commit replaces the use of github.com/smallstep/cli to generate the
root and intermediate certificates and uses go.step.sm/crypto instead.

It also upgrades the version of github.com/smallstep/certificates to the
latest version.
2022-11-23 20:47:42 -07:00
bit
ac96455a9a
admin: fix certificate renewal for admin (#5169)
certmagic.New takes a template and returns pointer to the new config.
GetConfigForCert later must return a pointer to the new config not the
template.

fixes #5162
2022-11-23 11:48:37 -07:00
Francis Lavoie
ee7c92ec9b
reverseproxy: Mask the WS close message when we're the client (#5199)
* reverseproxy: Mask the WS close message when we're the client

* weakrand

* Bump golangci-lint version so path ignores work on Windows

* gofmt

* ugh, gofmt everything, I guess
2022-11-14 09:38:02 -07:00
Jonathan Garcia
33fdea8f26
caddypki: Prefer user-configured root instead of generating new one (#5189)
instead of generating a new root certificate at the default location
load the certificate from the configuration.
fixes: #5181
2022-11-08 12:13:46 -07:00
Ashish Kurmi
6efd1b3bb1
ci: set least privilged token for github actions for lint workflow (#5179)
* ci: set least privilged token for github actions

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>

* ci:reverting github actions permissions for all but lint workflow

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
2022-11-06 08:01:36 +00:00
Alexander Graf
087f126cf4
caddyhttp: Canonicalize header field names (#5176) 2022-10-29 16:35:44 -04:00
Benjamin Chalmers
1fa4cb7ba1
caddytest: Increased sleep between retries to reduce flakey tests in CI (#5160)
* Incresed sleep between retries to reduce flakey tests in CI

* Also changed wait time for admin

* Modified time to make it more reliable

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2022-10-27 22:12:30 +00:00
Mohammed Al Sahaf
f20a8e7aa0
cmd: replace deprecate func use (#5170) 2022-10-25 17:56:38 +03:00
Matthew Holt
798c4a3ba4
go.mod: Upgrade some dependencies
Quic-go 0.30 should be faster
2022-10-24 12:20:39 -06:00
Matthew Holt
817470dd66
httploader: Close resp body on bad status code
Related to #5158
2022-10-24 12:18:32 -06:00
Chris Lahaye
bbe3663167
caddyconfig: Fix httploader leak from unused responses (#5159)
fixes #5158

Signed-off-by: Chris Lahaye <mail@chrislahaye.com>

Signed-off-by: Chris Lahaye <mail@chrislahaye.com>
2022-10-24 11:58:30 -06:00
XYenon
ed503118dd
caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161) 2022-10-24 11:57:50 -06:00
Matt Holt
a3ae146cbd
fileserver: Reject non-GET/HEAD requests (close #5166) (#5167)
* fileserver: Reject non-GET/HEAD requests (close #5166)

* Set Allow header according to RFC 9110 10.2.1
2022-10-24 10:23:57 -06:00
Matt Holt
4bf6cb4199
fileserver: Reject ADS and short name paths; trim trailing dots and spaces on Windows (#5148)
* fileserver: Reject ADS and short name paths

* caddyhttp: Trim trailing space and dot on Windows

Windows ignores trailing dots and spaces in filenames.

* Fix test

* Adjust path filters

* Revert Windows test

* Actually revert the test

* Just check for colons
2022-10-18 21:55:25 -06:00
Scott Mebberson
72e7edda1f
map: Clarified how destination values should be formatted (#5156) 2022-10-18 18:14:53 -06:00
BakaFT
a999b70727
cmd: Add missing \n to HelpTemplate (#5151) 2022-10-17 11:51:41 +03:00
Francis Lavoie
1cd594963e
docs: Fix templates documentation, stray newline breaks godoc (#5149) 2022-10-16 12:25:44 -04:00
Matt Holt
6bad878a22
httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off

* Try removing this check altogether...

* Refine test timeouts slightly, sigh

* caddyhttp: Assume udp for unrecognized network type

Seems like the reasonable thing to do if a plugin registers its own
network type.

* Add comment to document my lack of knowledge

* Clean up and prepare to merge

Add comments to try to explain what happened
2022-10-13 11:30:57 -06:00
Matt Holt
3e1fd2a8d4
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)

* Correct boolean logic (oops)
2022-10-12 09:27:08 -06:00
Abdussamet Koçak
33f60da9f2
fileserver: stop listing dir when request context is cancelled (#5131)
Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished.

Closes #5129
2022-10-08 12:56:35 -06:00
Kévin Dunglas
b4e28af953
replacer: working directory global placeholder (#5127) 2022-10-07 05:54:41 -04:00
Francis Lavoie
d46ba2e27f
httpcaddyfile: Fix metrics global option parsing (#5126) 2022-10-06 19:40:08 -06:00
Cory Cooper
498f32bab9
caddyconfig: Implement retries into HTTPLoader (#5077)
* httploader: Add max_retries

* caddyconfig: dependency-free http config loading retries

* caddyconfig: support `retry_delay` in http loader

* httploader: Implement retries

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-10-05 22:34:49 -06:00
Ioannis Cherouvim
ed118f2b09
Fix typo in comment (#5121) 2022-10-05 12:36:06 -06:00
Francis Lavoie
99ffe93388
logging: Fix skip_hosts with wildcards (#5102)
Fix #4859
2022-10-05 12:14:13 -06:00
Matthew Holt
e07a267276
caddytest: Revise sleep durations
Attempt to reduce flakiness a bit more

Test suite needs to be rewritten.
2022-10-05 11:40:41 -06:00
Adam Weinberger
e4fac1294f
core: Set version manually via CustomVersion (#5072)
* Allow version to be set manually

When Caddy is built from a release tarball (as downloaded from GitHub),
`caddy version` returns an empty string. This causes confusion for
downstream packagers.

With this commit, VersionString can be set with eg.
  go build (...) -ldflags '-X (...).VersionString=v1.2.3'
Then the short form version will be "v1.2.3", and the full version
string will begin with "v1.2.3 ".

* Prefer embedded version, then CustomVersion

* Prefer "unknown" for full version over empty

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2022-10-05 10:59:57 -06:00
Matt Holt
2153a81ec8
forwardauth: Canonicalize header fields (fix #5038) (#5097) 2022-10-05 01:37:01 -04:00
Francis Lavoie
ea58d51907
logging: Perform filtering on arrays of strings (where possible) (#5101)
* logging: Perform filtering on arrays of strings (where possible)

* Add test for ip_mask filter

* Oops, need to continue when it's not an IP

* Test for invalid IPs
2022-10-04 23:21:23 -06:00
Francis Lavoie
9e1d964bd6
logging: Add time_local option to use local time instead of UTC (#5108) 2022-10-05 00:23:14 -04:00
xufanglu
2be56c526c
fileserver: Treat invalid file path as NotFound (#5099)
treat invalid file path as notFound so that PassThru can work
2022-10-04 21:32:40 -06:00
Francis Lavoie
01e192edc9
logging: Better console encoder defaults (#5109)
This is something that has bothered me for a while, so I figured I'd do something about it now since I'm playing in the logging code lately.

The `console` encoder doesn't actually match the defaults that zap's default logger uses. This makes it match better with the rest of the logs when using the `console` encoder alongside somekind of filter, which requires you to configure an encoder to wrap.
2022-10-04 21:18:48 -06:00