Commit graph

57 commits

Author SHA1 Message Date
Matthew Holt
b4cab78bec Starting transition to Go 1.6 (http2 compatibility)
I've built this on Go 1.6 beta 1 and made some changes to be more compatible. Namely, I removed the use of the /x/net/http2 package and let net/http enable h2 by default; updated the way h2 is disabled (if the user requires it); moved TLS_FALLBACK_SCSV to the front of the cipher suites list (all values not accepted by http2 must go after those allowed by it); removed the NextProto default of http/1.1; set the http.Server.TLSConfig value to the TLS config used by the listener (we left it nil before, but this prevents automatic enabling of h2).

It is very likely there is more to do, but at least already Caddy uses HTTP/2 when built with Go 1.6.
2016-01-13 00:29:22 -07:00
Matthew Holt
8a6c778c8d Log if host is not configured for server 2016-01-11 09:07:14 -07:00
Matthew Holt
55601d3ec2 letsencrypt: Fix OCSP stapling and restarts with new LE-capable hosts
Before, Caddy couldn't support graceful (zero-downtime) restarts when the reloaded Caddyfile had a host in it that was elligible for a LE certificate because the port was already in use. This commit makes it possible to do zero-downtime reloads and issue certificates for new hosts that need it. Supports only http-01 challenge at this time.

OCSP stapling is improved in that it updates before the expiration time when the validity window has shifted forward. See 30c949085c. Before it only used to update when the status changed.

This commit also sets the user agent for Let's Encrypt requests with a string containing "Caddy".
2016-01-03 17:05:10 -07:00
Matthew Holt
b42334eb91 Several improvements and bug fixes related to graceful reloads
Added a -grace flag to customize graceful shutdown period, fixed bugs related to closing file descriptors (and dup'ed fds), improved healthcheck signaling to parent, fixed a race condition with the graceful listener, etc. These improvements mainly provide better support for frequent reloading or unusual use cases of Start and Stop after a Restart (POSIX systems). This forum thread was valuable help in debugging: https://forum.golangbridge.org/t/bind-address-already-in-use-even-after-listener-closed/1510?u=matt
2015-11-14 18:00:25 -07:00
Matthew Holt
7d46a7d5f4 Much refactor; many fix; so wow
Fixed pidfile writing problem where a pidfile would be written even if child failed, also cleaned up restarts a bit and fixed a few bugs, it's more robust now in case of failures and with logging.
2015-11-14 18:00:25 -07:00
Matthew Holt
5cced604e4 startup: Only run commands at first startup
We had to hack some special support into the server and caddy packages for this. There are some middlewares which should only execute commands when the original parent process first starts up. For example, someone using the startup directive to start a backend service would not expect the command to be executed every time the config was reloaded or changed - only once when they first started the original caddy process.

This commit adds FirstStartup to the virtualhost config
2015-11-10 19:46:18 -07:00
Matthew Holt
bcea5182c6 Don't truncate process log; more consistent output 2015-11-05 17:01:08 -07:00
Matthew Holt
2fb4810cdb Fixed racy error reporting at server startup
Previously, if a listener fails to bind (for example), there was a race in caddy.go between unblocking the startup waitgroup and returning the error and putting it into errChan. Now, an error is returned directly into errChan and the closing of the startup waitgroup is defered until after that return takes place.
2015-11-05 15:21:13 -07:00
buddhamagnet
57f1d3c205 pass golint
pass all tests

respond to maintainer comments

reinstate assignment of t

correct typo

correct typo

pass linter some more
2015-11-05 00:40:35 +00:00
Matthew Holt
4d71620cb0 core (Windows): Retry every 100ms for 2s if listener fails to bind
In testing, I've found that Windows doesn't release the socket right away even though the listener is closed, so calling caddy.Start() right after caddy.Stop() can fail. This change has server.ListenAndServe() try up to 20 times every 100ms to bind the listener, and only return an error if it doesn't succeed after 2 seconds. This might be kind of nifty for Unix, too, but there hasn't been a need for it yet.
2015-10-31 13:22:23 -06:00
Matthew Holt
88c646c86c core: Start() blocks until servers finish starting
Also improved/clarified some docs
2015-10-30 00:19:43 -06:00
Matthew Holt
6762df415c Clean up leaking goroutines and safer Start()/Stop() 2015-10-28 22:54:27 -06:00
Matthew Holt
c46898592f Merge branch 'letsencrypt' into le-graceful
Conflicts:
	caddy/letsencrypt/letsencrypt.go
	caddy/letsencrypt/renew.go
2015-10-27 12:59:55 -06:00
Matthew Holt
41c4484222 core: SIGUSR1 to reload config; some code cleanup 2015-10-26 14:28:50 -06:00
Matthew Holt
4ebff9a130 core: Major refactor for graceful restarts; numerous fixes
Merged config and app packages into one called caddy. Abstracted away caddy startup functionality making it easier to embed Caddy in any Go application and use it as a library. Graceful restart (should) now ensure child starts properly. Now piping a gob bundle to child process so that the child can match up inherited listeners to server address. Much cleanup still to do.
2015-10-26 13:34:31 -06:00
Matthew Holt
b5b31e398c letsencrypt: Graceful restarts
Lots of refinement still needed and runs only on POSIX systems. Windows will not get true graceful restarts (for now), but we will opt for very, very quick forceful restarts. Also, server configs are no longer put into a map; it is critical that they stay ordered so that they can be matched with their sockets in the child process after forking.

This implementation of graceful restarts is probably not perfect, but it is a good start. Lots of details to attend to now.
2015-10-25 18:45:55 -06:00
xenolf
91465d8e6f Support for OCSP Stapling. Fixes #280 2015-10-24 04:36:54 +02:00
Matthew Holt
0c07f7adcc Epic revert of 0ac8bf5 and adding OncePerServerBlock
Turns out having each server block share a single server.Config during initialization when the Setup functions are being called was a bad idea. Sure, startup and shutdown functions were only executed once, but they had no idea what their hostname or port was. So here we revert to the old way of doing things where Setup may be called multiple times per server block (once per host associated with the block, to be precise), but the Setup functions now know their host and port since the config belongs to exactly one virtualHost. To have something happen just once per server block, use OncePerServerBlock, a new function available on each Controller.
2015-10-14 23:45:28 -06:00
Zac Bergquist
f9bc74626d Address various lint and gocyclo warnings. Fixes #253 2015-10-11 16:28:02 -04:00
Tobias Breitwieser
0ca0d552eb change to official http2 repo
The golang.org/x/net/http2 is now the official http2 repo.
It is advised to change the imports to it.
2015-09-25 14:10:03 +02:00
Alexander Morozov
740a6a7ad5 Use func from stdlib to clone *tls.Config for calming vet
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
2015-09-10 20:52:49 -07:00
Matthew Holt
0ac8bf58ea core: Run startup/shutdown functions only once
Even if defined for multiple hosts. Startup or shutdown callbacks registered by any directive (startup, shutdown, markdown, git, log, etc.) will only run as many times as it appears in the Caddyfile, not repeated for each host that shares that server block. Fixing this involved refactoring three packages (yeesh) and we need to restore some tests that are no longer valid (that used to verify splitting a multiServerBlock into multiple serverBlocks).
2015-08-01 13:08:31 -06:00
Matthew Holt
1a82943db2 core: Simplify Server initializer 2015-07-11 12:00:21 -06:00
Matthew Holt
c811d416a7 log: Customizable default error function 2015-06-15 10:17:09 -06:00
Matthew Holt
00093a2052 core: Fix to allow empty (wildcard) host 2015-06-09 23:07:32 -06:00
Zac Bergquist
41e1f1ffa5 Update error strings (start with lowercase letters) 2015-06-07 20:49:17 -04:00
Matthew Holt
c78eb50eb8 tls: Client authentication 2015-06-01 23:22:11 -06:00
Guilherme Rezende
69939108e1 removed tls cache option 2015-05-25 14:42:09 -03:00
Zac Bergquist
e4b50aa814 Fix more lint warnings 2015-05-24 22:52:34 -04:00
Matthew Holt
d6df615588 tls: Mainstream compatibility improvements, better security rating 2015-05-21 10:37:39 -06:00
Matthew Holt
5f72b7438a Created app package, and better TLS compatibility with HTTP/2 2015-05-21 00:06:53 -06:00
Guilherme Rezende
823a7eac03 Added tls option block including: ciphers, protocols and cache options
Signed-off-by: Guilherme Rezende <guilhermebr@gmail.com>
2015-05-18 16:38:21 -03:00
Guilherme Rezende
da6a097dcc adding crypto/tls sessioncache 2015-05-05 00:25:29 -03:00
Matthew Holt
995edf0566 Bringing in latest from master; refactoring under way 2015-05-04 11:02:46 -06:00
Abiola Ibrahim
e04e06d6e2 Fix for Issue 13: Trouble running in Docker containers (or binding to 0.0.0.0) 2015-04-28 22:31:42 +01:00
Matthew Holt
c1916c0fb5 Server header in response
Version number purposefully excluded (for now?)
2015-04-26 23:09:26 -06:00
Matthew Holt
aa89b95075 Replaced cpu directive with command line flag 2015-04-24 20:08:14 -06:00
Matthew Holt
0cbaed2443 A few helpful comments 2015-04-21 16:00:16 -06:00
Matthew Holt
feec7c5b40 Virtual hosts and SNI support 2015-04-15 14:11:32 -06:00
Matthew Holt
b7c8afab2f Respond with 404 if requesting server's config file 2015-04-12 17:44:02 -06:00
Matthew Holt
d0a0216602 Added flag to disable http/2 support (still enabled by default) 2015-04-09 10:08:22 -06:00
Matthew Holt
d33256f1dc Refactor: Middleware chain uses Handler instead of HandlerFunc 2015-04-02 23:30:54 -06:00
Matthew Holt
29fec4742e Detailed godoc; better error handling convention 2015-03-29 22:01:42 -06:00
Matthew Holt
9378f38371 Major refactoring for better error handling 2015-03-28 16:37:37 -06:00
Matthew Holt
da72a5fbcd Controller can register functions to run at shutdown 2015-03-26 23:22:48 -06:00
Matthew Holt
1146a9b90b Recover from panic during requests 2015-03-26 22:52:27 -06:00
Matthew Holt
2fbfafc408 New startup and shutdown directives 2015-03-26 09:52:03 -06:00
Matthew Holt
ba0d63d722 Adapted std lib file server and gutted it 2015-03-24 21:55:51 -06:00
Matthew Holt
35225fe2d3 Docs and comments, la la 2015-03-20 18:11:54 -06:00
Matthew Holt
fb78592425 Experimental HTTP/2 support 2015-03-16 11:44:54 -06:00