Commit graph

1329 commits

Author SHA1 Message Date
WeidiDeng
bcaa8aaf11
encode: write status immediate for success response for CONNECT requests (#6738)
* encode: write status immediate for success response for CONNECT requests

* fix compile

* fix test

* fix lint

* treat first write and flush for encode response writer to CONNECT request as success if status is not set explicitly
2024-12-11 11:15:01 -07:00
Kévin Dunglas
d0e209e1da
encode: good defaults (#6737)
* feat: good default for encode

* fix tests and add a new one
2024-12-10 16:48:30 -07:00
Kévin Dunglas
5c2617ebf9
fileserver: good default for precompressed (#6736) 2024-12-10 08:31:43 -07:00
WeidiDeng
9c0c71e577
reverseproxy: Rewrite requests and responses for websocket over http2 (#6567)
* reverse proxy: rewrite requests and responses for websocket over http2

* delete protocol pseudo-header

* modify cloned requests

* set request variable to track if it's a h2 websocket

* use request bodu

* rewrite request body

* use WebSocket instead of Websocket in the headers

* use logger check for zap loggers

* fix lint
2024-12-06 13:23:27 -07:00
Francis Lavoie
d0123bd760
fileserver: Fix policy Validate() oversight (#6727) 2024-12-04 14:01:58 -05:00
Kévin Dunglas
efd9251ad3
fileserver: Add first_exist_fallback strategy for try_files (#6699)
* feat: add first_exist_or_fallback strategy for try_files

* fix tests

* linter
2024-12-03 05:44:49 -07:00
Francis Lavoie
b116dcea3d
caddyhttp: Add {?query} placeholder (#6714)
* caddyhttp: Add `{prefixed_query}` placeholder

* fastcgi: Preserve query during canonical redirect

* Use orig_uri instead for the redirect, shorter Caddyfile shortcut
2024-12-02 08:06:38 -05:00
Rishita Shaw
8c3dd3de70
requestbody: Type-based error handling for MaxBytesError (#6701)
* fix: handle "request body too large" error using type assertion

* fix: address overlooked nil check for MaxBytesError

* fix: replace type assertion with errors.As() for MaxBytesError
2024-11-22 19:45:58 +00:00
Kévin Dunglas
eddbccd298
fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
* perf: remove dir redirection when useless in php_fastcgi

* fix test

* review

* fix

* fix

* simplify

* simplify again

* restore test

* add test
2024-11-21 10:38:31 -07:00
Matthew Holt
197c564f20
caddyhttp: Set default ReadHeaderTimeout (1 min)
Ref. #6663
2024-11-19 11:24:12 -07:00
Francis Lavoie
315715e90f
core: Implement FastAbs to avoid repeated os.Getwd calls (#6687)
* core: Implement FastAbs to avoid repeated os.Getwd calls

* Lint

* Rename files
2024-11-13 03:55:51 -05:00
Matthew Holt
238f1108e6
reverseproxy: Revert #4952 - don't ignore context cancellation in stream mode
i.e. Revert commit f5dce84a70

Two years ago, the patch in #4952 was a seemingly necessary way to fix an issue (sort of an edge case), but it broke other more common use cases (see #6666).

Now, as of #6669, it seems like the original issue can no longer be replicated, so we are reverting that patch, because it was incorrect anyway.

If it turns out the original issue returns, a more proper patch may be in #6669 (even if used as a baseline for a future fix). A potential future fix could be an opt-in setting.
2024-11-12 13:43:34 -07:00
Sucipto
825fe48e06
reverseproxy: Allow 0 as weights for weighted_round_robin (#6681)
* Allow 0 as weights

Change positive to non-negative

* reverseproxy: allow 0 as weighted round robin value

* test: add more wrr select test

---------

Co-authored-by: peanutduck <peanutduck@yahoo.com>
2024-11-07 17:58:31 -05:00
Francis Lavoie
5c8dc34418
caddytls: Allow disabling storage cleaning, avoids writing two files (#6593) 2024-11-05 10:47:41 -07:00
Francis Lavoie
5823eccf99
rewrite: Don't add / in Caddyfile, do it after replacer (#6662) 2024-11-05 10:15:31 -07:00
Atakan Yenel
cc23ad6402
fileserver: Add file_limit option for browse (to be experimental) (#6648)
* Add file_limit option for file_server browse

* Move file_limit inside browse.

* add file_server_file_limit caddyfile adapt test.
2024-11-05 09:35:32 -07:00
Francis Lavoie
09b2cbcf4d
caddyhttp: Add MatchWithError to replace SetVar hack (#6596)
* caddyhttp: Add `MatchWithError` to replace SetVar hack

* Error in IP matchers on TLS handshake not complete

* Use MatchWithError everywhere possible

* Move implementations to MatchWithError versions

* Looser interface checking to allow fallback

* CEL factories can return RequestMatcherWithError

* Clarifying comment since it's subtle that an err is returned

* Return 425 Too Early status in IP matchers

* Keep AnyMatch signature the same for now

* Apparently Deprecated can't be all-uppercase to get IDE linting

* Linter
2024-11-04 23:18:50 +00:00
Francis Lavoie
05cfb121ec
forwardauth: Skip copying missing response headers (#6608) 2024-11-04 14:58:53 -07:00
Andreas Kohn
1d156527ea
events: Use WithLazy to prevent eager serialization of the event data (#6671) 2024-11-01 11:28:50 -06:00
Matthew Holt
350ad38f63
fileserver: Fix Caddyfile parsing
Reported at https://github.com/mholt/caddy-sqlite-fs/issues/3
2024-10-31 10:37:37 -06:00
Francis Lavoie
fbf0f4c425
reverseproxy: Sync changes from stdlib for 1xx handling (#6656)
* reverseproxy: Sync changes from stdlib for 1xx handling

Sourced from 960654be0c

* Use clear()

3bc28402fa
2024-10-22 12:10:46 -06:00
Matthew Holt
5e6024c48d
reverseproxy: Fix log message
Fixes regression from #6560
2024-10-21 12:19:04 -06:00
Yifan Yang
669fc41e63
tracing: Add spanID field to access logs and http.vars.span_id placeholder (#6646)
* logging: Add spanID field to access logs when tracing is enabled

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>

* tracing: add `http.vars.span_id` placeholder when tracing is enabled

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>

---------

Signed-off-by: YifanYang6 <yifanyang6@link.cuhk.edu.cn>
2024-10-21 11:06:55 -06:00
Logan Fleur
9753c44510
fileserver: fix try_policy when instantiating file matcher from CEL (#6624)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-10-20 14:08:30 +00:00
Mohammed Al Sahaf
388c7e898c
metrics: move metrics up, outside servers (#6606)
* metrics: move `metrics`  up, outside `servers`

This change moves the metrics configuration from per-server level to a single config knob within the `http` app. Enabling `metrics` in any of the configured servers inside `http` enables metrics for all servers.

Fix #6604

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* normalize domain name

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-10-18 09:54:21 -06:00
WeidiDeng
c6f2979986
caddyhttp: Close http3 server gracefully (#6213)
* close http3 server gracefully

* update server field

* update from upstream

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-15 21:28:20 -04:00
Marten Seemann
a211c656f1
chore: update quic-go to v0.48.0 (#6627) 2024-10-15 09:38:10 -04:00
WeidiDeng
48ce47f1d4
reverseproxy: Use correct cases for websocket related headers (#6621)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-10-11 09:02:23 +00:00
Mohammed Al Sahaf
c8a76d003f
docs: expand proxy protocol docs (#6620) 2024-10-10 16:21:26 -04:00
Francis Lavoie
d7564d632f
caddytls: Drop rate_limit and burst, has been deprecated (#6611) 2024-10-07 17:39:47 -04:00
Matthew Holt
88fd5f3491
caddyhttp: Use internal issuer for IPs when no APs configured
This fixes a regression in 2.8 where IP addresses
would be considered qualifying for public certs
by auto-HTTPS. The default issuers do not issue
IP certs at this time, so if no APs are explicitly
configured, we assign them to the internal
issuer. We have to add a couple lines of code because
CertMagic can no longer consider IPs as not
qualifying for public certs, since there are public CAs
that issue IP certs. This edge case is specific to Caddy's
auto-HTTPS.

Without this patch, Caddy will try using Let's Encrypt
or ZeroSSL's ACME endpoint to get IP certs, neither
of which support that.
2024-10-04 10:23:30 -06:00
Mohammed Al Sahaf
41f5dd56e1
metrics: scope metrics to active config, add optional per-host metrics (#6531)
* Add per host config

* Pass host label when option is enabled

* Test per host enabled

* metrics: scope metrics per loaded config

* doc and linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* inject the custom registry into the admin handler

Co-Authored-By: Dave Henderson <dhenderson@gmail.com>

* remove `TODO` comment

* fixes

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* refactor to delay metrics admin handler provision

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Hussam Almarzooq <me@hussam.io>
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2024-10-02 08:23:26 -06:00
Francis Lavoie
16724842d9
caddyhttp: Implement auto_https prefer_wildcard option (#6146)
* Allow specifying multiple `auto_https` options

* Implement `auto_https prefer_wildcard` option

* Adapt tests, add mock DNS module for config testing

* Rebase fix
2024-10-02 07:31:58 -06:00
Francis Lavoie
792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add vars and vars_regexp (#6594)
* caddyhttp: Escaping placeholders in CEL

* Simplify some of the test cases

* Implement vars and vars_regexp in CEL

* dupl lint is dumb

* Better consts for the placeholder CEL shortcut

* Bump CEL version, register a few extensions

* Refactor s390x test script for readability

* Add retries for s390x to smooth over flakiness

* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-02 06:34:04 -06:00
Matt Holt
c8adb1b553
cmd: Better error handling when reloading (#6601)
* caddyhttp: Limit auto-HTTPS error logs to 100 domains

* Improve error message and increase error size limit
2024-10-01 20:31:30 -06:00
Matt Holt
9b4acc2449
caddytls: Support new tls.context module (#6369)
* caddytls: Support new tls.context module

This allows modules to manipulate the context passed into CertMagic's GetCertificate function, which can be useful for tracing/metrics, or other
custom logic.

This is experimental and may resolve the request of a sponsor, so we'll see how it goes!

* Derpy derp
2024-10-01 17:18:17 -06:00
WeidiDeng
f3aead0e4d
http: ReponseWriter prefer ReadFrom if available (#6565)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-01 11:19:03 -06:00
Francis Lavoie
571f88d86f
chore: Adjust incorrect reverse_proxy Caddyfile comment (#6598) 2024-10-01 10:56:30 -06:00
Aaron Paterson
0e829bc418
caddyhttp: Fix listener wrapper regression from #6573 (#6599) 2024-10-01 01:47:21 -04:00
Aaron Paterson
4b1a9b6cc1
core: Implement socket activation listeners (#6573)
* caddy adapt for listen_protocols

* adapt listen_socket

* allow multiple listen sockets for port ranges and readd socket fd listen logic

* readd logic to start servers according to listener protocols

* gofmt

* adapt caddytest

* gosec

* fmt and rename listen to listenWithSocket

* fmt and rename listen to listenWithSocket

* more consistent error msg

* non unix listenReusableWithSocketFile

* remove unused func

* doc comment typo

* nonosec

* commit

* doc comments

* more doc comments

* comment was misleading, cardinality did not change

* addressesWithProtocols

* update test

* fd/ and fdgram/

* rm addr

* actually write...

* i guess we doin' "skip": now

* wrong var in placeholder

* wrong var in placeholder II

* update param name in comment

* dont save nil file pointers

* windows

* key -> parsedKey

* osx

* multiple default_bind with protocols

* check for h1 and h2 listener netw
2024-09-30 10:55:03 -06:00
Mohammed Al Sahaf
1a345b4fa6
doc: remove docs of deprecated directives (#6566)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-09-29 09:12:52 +00:00
Alexander Stecher
22c98ea165
caddyhttp: Optimize logs using zap's WithLazy() (#6590)
* uses zap's .WithLazy with a cloned request

* fixes the cloning

* adds comment explaining why cloning is faster
2024-09-26 12:23:12 -06:00
Francis Lavoie
2faeac0a10
chore: Use slices package where possible (#6585)
* chore: Use slices package where possible

* More, mostly using ContainsFunc

* Even more slice operations
2024-09-25 14:30:56 -06:00
Francis Lavoie
9dda8fbf84
caddytls: Give a better error message when given encrypted private keys (#6591) 2024-09-25 06:00:48 -06:00
Marten Seemann
ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) 2024-09-21 05:47:18 +02:00
Mohammed Al Sahaf
6ab9fb6f74
ci: update the linter action version (#6575)
* ci: update the linter action version

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* exclude rule `G115`; disable deprecated linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-09-16 07:50:26 -06:00
Kévin Dunglas
f4bf4e0097
perf: use zap's Check() to prevent useless allocs (#6560)
* perf: use zap's Check() to prevent useless allocs

* fix

* fix

* fix

* fix

* restore previous replacer behavior

* fix linter
2024-09-13 11:16:37 -06:00
mister-turtle
21f9c20a04
rewrite: Avoid panic on bad arg count for uri (#6571) 2024-09-13 03:22:03 -04:00
vnxme
2d12fb7ac6
caddytls: Add sni_regexp matcher (#6569) 2024-09-11 20:51:59 -06:00
Jesper Brix Rosenkilde
91e62db666
caddyhttp: Make route provisioning idempotent (#6558)
ref: https://github.com/caddyserver/caddy/issues/6551
2024-09-03 11:57:55 -06:00