Commit graph

301 commits

Author SHA1 Message Date
Mohammed Al Sahaf
e965b111cd
tls: modularize trusted CA providers (#5784)
* tls: modularize client authentication trusted CA

* add `omitempty` to `CARaw`

* docs

* initial caddyfile support

* revert anything related to leaf cert validation

The certs are used differently than the CA pool flow

* complete caddyfile unmarshalling implementation

* Caddyfile syntax documentation

* enhance caddyfile parsing and documentation

Apply suggestions from code review

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* add client_auth caddyfile tests

* add caddyfile unmarshalling tests

* fix and add missed adapt tests

* fix rebase issue

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-25 11:44:41 +03:00
Francis Lavoie
750d0b8331
caddyfile: Normalize & flatten all unmarshalers (#6037) 2024-01-23 19:36:59 -05:00
Aziz Rmadi
4181c79a81
httpcaddyfile: Add optional status code argument to handle_errors directive (#5965)
Co-authored-by: Aziz Rmadi <azizrmadi@Azizs-MacBook-Air.local>
2024-01-16 01:24:17 -05:00
Francis Lavoie
5e2f1b5ced
httpcaddyfile: Rewrite root and rewrite parsing to allow omitting matcher (#5844) 2024-01-15 09:57:08 -07:00
Nebez Briefkani
cc0c0cf03e
caddyhttp: Security enhancements for client IP parsing (#5805)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-13 20:46:37 +00:00
a
c839a98ff5
filesystem: Globally declared filesystems, fs directive (#5833) 2024-01-13 20:12:43 +00:00
Subhaditya Nath
c2d889f85e
httpcaddyfile: Fix redir <to> html (#6001) 2024-01-10 12:24:47 +00:00
Zach Galvin
cb86319bd5
httpcaddyfile: Support client auth verifiers (#6022)
* Added verifier case

Update author

* Update verifier to match struct tag

* gci run
2024-01-09 23:14:51 +00:00
Rithvik Vibhu
ed41c924cf
tls: add reuse_private_keys (#6025) 2024-01-09 16:00:31 -07:00
Francis Lavoie
f976c84d9e
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) 2023-12-20 08:37:21 -07:00
Francis Lavoie
da7d8cb26d
httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)
* httpcaddyfile: Sort skip_hosts for deterministic JSON

* Update caddyconfig/httpcaddyfile/httptype.go

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* Fix test

* Bah

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-12-18 12:54:52 -07:00
Francis Lavoie
3d7d60f7cf
caddyhttp: Add uuid to access logs when used (#5859) 2023-12-13 15:40:15 -07:00
Francis Lavoie
ac1f20b9e4
httpcaddyfile: Remove port from logger names (#5881)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-16 23:57:03 -06:00
Francis Lavoie
7984e6f6fd
httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) 2023-10-14 14:23:50 -06:00
Francis Lavoie
33d8d2c6b5
httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
* httpcaddyfile: Sort TLS SNI matcher, for deterministic adapt output

* Update caddyconfig/httpcaddyfile/httptype.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-11 09:47:07 -06:00
Đỗ Trọng Hải
df99502977
httpcaddyfile: Enable TLS for catch-all site if tls directive is specified (#5808) 2023-10-10 21:46:39 +00:00
Đỗ Trọng Hải
2cac3c5491
httpcaddyfile: fix placeholder shorthands in named routes (#5791)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-09-08 14:38:44 -04:00
Francis Lavoie
38a7b6b3d0
caddyfile: Adjust error formatting (#5765) 2023-08-20 08:51:03 -06:00
Karun Agarwal
288216e1fb
httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-08-19 07:28:25 -04:00
Jacob Gadikian
d6f86cccf5
ci: use gci linter (#5708)
* use gofmput to format code

* use gci to format imports

* reconfigure gci

* linter autofixes

* rearrange imports a little

* export GOOS=windows golangci-lint run ./... --fix
2023-08-14 09:41:15 -06:00
Jacob Gadikian
b32f265eca
ci: Use gofumpt to format code (#5707) 2023-08-07 19:40:31 +00:00
Herman Slatman
4aa4f3ac70
httpcaddyfile: Fix string does not match ~[]E error (#5675)
Only happens for some people. Unable to confirm.
2023-08-03 00:41:37 +00:00
Francis Lavoie
cd486c25d1
caddyhttp: Make use of http.ResponseController (#5654)
* caddyhttp: Make use of http.ResponseController

Also syncs the reverseproxy implementation with stdlib's which now uses ResponseController as well 2449bbb5e6

* Enable full-duplex for HTTP/1.1

* Appease linter

* Add warning for builds with Go 1.20, so it's less surprising to users

* Improved godoc for EnableFullDuplex, copied text from stdlib

* Only wrap in encode if not already wrapped
2023-08-02 20:03:26 +00:00
Francis Lavoie
5c51c1db2c
httpcaddyfile: Allow hostnames & logger name overrides for log directive (#5643)
* httpcaddyfile: Allow `hostnames` override for log directive

* Implement access logger name overrides

* Fix panic & default logger clobbering edgecase
2023-08-02 03:13:46 -04:00
WeidiDeng
bbe1952a59
caddyfile: Fix comparing if two tokens are on the same line (#5626)
* fix comparing if two tokens are on the same line

* compare tokens from copies when importing
2023-07-12 14:32:22 -06:00
WeidiDeng
9cde715525
caddyfile: Track import name instead of modifying filename (#5540)
* Merge branch 'master' into import_file_stack

* remove space in log key
2023-05-25 13:05:00 -06:00
WeidiDeng
cee4441cb1
caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
* fix variadic placeholder in imported file which also imports

* fix tests.

* skip replacing args when imported token may be part of a snippet
2023-05-22 15:36:55 -06:00
Matthew Holt
ca14b6edd9
httpcaddyfile: Sort Caddyfile slice
Makes list deterministic. See #5538
2023-05-17 13:50:32 -06:00
Francis Lavoie
cbf16f6d9e
caddyhttp: Implement named routes, invoke directive (#5107)
* caddyhttp: Implement named routes, `invoke` directive

* gofmt

* Add experimental marker

* Adjust route compile comments
2023-05-16 15:27:52 +00:00
Matt Holt
96919acc9d
caddyhttp: Refactor cert Managers (fix #5415) (#5533) 2023-05-15 10:47:30 -06:00
Matthew Holt
e96aafe1ca
Slightly more helpful error message 2023-05-13 08:04:42 -06:00
Matt Holt
faf0399e80
caddytls: Configurable fallback SNI (#5527)
* Initial implementation of fallback_sni

* Apply upstream patch
2023-05-10 14:29:29 -06:00
Mohammed Al Sahaf
1aef807c71
log: Make sink logs encodable (#5441)
* log: make `sink` encodable

* deduplicate logger fields

* extract common fields into `BaseLog` and embed it into `SinkLog`

* amend godoc on `BaseLog` and `SinkLog`

* minor style change

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-03-27 21:41:24 +00:00
Francis Lavoie
e16a886814
caddytls: Eval replacer on automation policy subjects (#5459)
Also renamed the field to SubjectsRaw, which can be considered a breaking change but I don't expect this to affect much.
2023-03-27 21:16:22 +00:00
Francis Lavoie
05e9974570
caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* caddyhttp: Determine real client IP if trusted proxies configured

* Support customizing client IP header

* Implement client_ip matcher, deprecate remote_ip's forwarded option
2023-03-27 20:22:59 +00:00
Francis Lavoie
330be2d8c7
httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462) 2023-03-27 15:43:44 -04:00
WeidiDeng
8bc05e598d
caddyfile: Implement variadics for import args placeholders (#5249)
* implement variadic placeholders
imported snippets reflect actual lines in file

* add import directive line number for imported snippets
add tests for parsing

* add realfile field to help debug import cycle detection.

* use file field to reflect import chain

* Switch syntax, deprecate old syntax, refactoring

- Moved the import args handling to a separate file
- Using {args[0:1]} syntax now
- Deprecate {args.*} syntax
- Use a replacer map for better control over the parsing
- Add plenty of warnings when invalid placeholders are detected
- Renaming variables, cleanup comments for readability
- More tests to cover edgecases I could think of
- Minor cleanup to snippet tracking in tokens, drop a redundant boolean field in tokens

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-02-16 17:08:36 -07:00
Francis Lavoie
12bcbe2c49
caddyhttp: Pluggable trusted proxy IP range sources (#5328)
* caddyhttp: Pluggable trusted proxy IP range sources

* Add request to the IPRangeSource interface
2023-02-06 12:44:11 -07:00
Y.Horie
d73660f7c3
httpcaddyfile: Add persist_config global option (#5339)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-01-27 23:31:37 -05:00
Francis Lavoie
7f2a93e6c3
caddyfile: Allow overriding server names (#5323) 2023-01-27 14:56:39 -05:00
WeidiDeng
c38a040e85
httpcaddyfile: Fix handle grouping inside route (#5315)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-01-18 16:04:41 -05:00
Francis Lavoie
223cbe3d0b
caddyhttp: Add server-level trusted_proxies config (#5103) 2023-01-10 00:08:23 -05:00
Yannick Ihmels
55035d327a
caddytls: Add dns_ttl config, improve Caddyfile tls options (#5287) 2023-01-06 14:44:00 -05:00
Kyle McCullough
bfaf2a8201
acme_server: Configurable default lifetime for issued certificates (#5232)
* acme_server: add certificate lifetime configuration option

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

* pki: allow intermediate cert lifetime to be configured

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>

Signed-off-by: Kyle McCullough <kylemcc@gmail.com>
2022-12-06 00:12:26 -07:00
Francis Lavoie
ee7c92ec9b
reverseproxy: Mask the WS close message when we're the client (#5199)
* reverseproxy: Mask the WS close message when we're the client

* weakrand

* Bump golangci-lint version so path ignores work on Windows

* gofmt

* ugh, gofmt everything, I guess
2022-11-14 09:38:02 -07:00
Matt Holt
6bad878a22
httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
* httpcaddyfile: Skip some logic if auto_https off

* Try removing this check altogether...

* Refine test timeouts slightly, sigh

* caddyhttp: Assume udp for unrecognized network type

Seems like the reasonable thing to do if a plugin registers its own
network type.

* Add comment to document my lack of knowledge

* Clean up and prepare to merge

Add comments to try to explain what happened
2022-10-13 11:30:57 -06:00
Matt Holt
3e1fd2a8d4
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124)

* Correct boolean logic (oops)
2022-10-12 09:27:08 -06:00
Francis Lavoie
d46ba2e27f
httpcaddyfile: Fix metrics global option parsing (#5126) 2022-10-06 19:40:08 -06:00
Francis Lavoie
99ffe93388
logging: Fix skip_hosts with wildcards (#5102)
Fix #4859
2022-10-05 12:14:13 -06:00
Francis Lavoie
2808de1e30
httpcaddyfile: Skip automate when auto_https off is specified (#5110) 2022-10-04 20:58:19 -06:00