Commit graph

270 commits

Author SHA1 Message Date
Kévin Dunglas
d0e209e1da
encode: good defaults (#6737)
* feat: good default for encode

* fix tests and add a new one
2024-12-10 16:48:30 -07:00
Kévin Dunglas
290cfea08f
fileserver: add a test for precompressed defaults (#6743) 2024-12-10 16:48:02 -07:00
Kévin Dunglas
efd9251ad3
fileserver: Add first_exist_fallback strategy for try_files (#6699)
* feat: add first_exist_or_fallback strategy for try_files

* fix tests

* linter
2024-12-03 05:44:49 -07:00
Francis Lavoie
b116dcea3d
caddyhttp: Add {?query} placeholder (#6714)
* caddyhttp: Add `{prefixed_query}` placeholder

* fastcgi: Preserve query during canonical redirect

* Use orig_uri instead for the redirect, shorter Caddyfile shortcut
2024-12-02 08:06:38 -05:00
Kévin Dunglas
eddbccd298
fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
* perf: remove dir redirection when useless in php_fastcgi

* fix test

* review

* fix

* fix

* simplify

* simplify again

* restore test

* add test
2024-11-21 10:38:31 -07:00
Nikolai K
b183aec83c
httpcaddyfile: Implement log sampling config (#6682)
* Allow log sampling configuration from Caddyfile

* Add log sampling adapt tests
2024-11-11 16:42:50 -07:00
Francis Lavoie
5c8dc34418
caddytls: Allow disabling storage cleaning, avoids writing two files (#6593) 2024-11-05 10:47:41 -07:00
Atakan Yenel
cc23ad6402
fileserver: Add file_limit option for browse (to be experimental) (#6648)
* Add file_limit option for file_server browse

* Move file_limit inside browse.

* add file_server_file_limit caddyfile adapt test.
2024-11-05 09:35:32 -07:00
Francis Lavoie
05cfb121ec
forwardauth: Skip copying missing response headers (#6608) 2024-11-04 14:58:53 -07:00
Francis Lavoie
b129ed6be8
httpcaddyfile: Fixes for prefer_wildcard mode (#6636)
* httpcaddyfile: Fixes for prefer_wildcard mode

The wildcard hosts need to be collected first, then considered after, because there's no guarantee that all non-wildcards will appear after all wildcards when looping. Also we should not add a domain to Skip if it doesn't qualify for TLS anyway.

* Alternate solution by avoiding adding APs altogether if covered by wildcard
2024-10-30 17:09:12 +00:00
David Wood
1391e8ed9a
chore: fix some function names in comment (#6650) 2024-10-21 07:39:58 +00:00
Mohammed Al Sahaf
388c7e898c
metrics: move metrics up, outside servers (#6606)
* metrics: move `metrics`  up, outside `servers`

This change moves the metrics configuration from per-server level to a single config knob within the `http` app. Enabling `metrics` in any of the configured servers inside `http` enables metrics for all servers.

Fix #6604

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* normalize domain name

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-10-18 09:54:21 -06:00
Mohammed Al Sahaf
dd5decabe7
tests: fix caddyfile adapt warnings (#6619)
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-10-10 13:38:49 -06:00
Francis Lavoie
d7564d632f
caddytls: Drop rate_limit and burst, has been deprecated (#6611) 2024-10-07 17:39:47 -04:00
Mohammed Al Sahaf
41f5dd56e1
metrics: scope metrics to active config, add optional per-host metrics (#6531)
* Add per host config

* Pass host label when option is enabled

* Test per host enabled

* metrics: scope metrics per loaded config

* doc and linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* inject the custom registry into the admin handler

Co-Authored-By: Dave Henderson <dhenderson@gmail.com>

* remove `TODO` comment

* fixes

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* refactor to delay metrics admin handler provision

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Hussam Almarzooq <me@hussam.io>
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2024-10-02 08:23:26 -06:00
Francis Lavoie
16724842d9
caddyhttp: Implement auto_https prefer_wildcard option (#6146)
* Allow specifying multiple `auto_https` options

* Implement `auto_https prefer_wildcard` option

* Adapt tests, add mock DNS module for config testing

* Rebase fix
2024-10-02 07:31:58 -06:00
Aaron Paterson
4b1a9b6cc1
core: Implement socket activation listeners (#6573)
* caddy adapt for listen_protocols

* adapt listen_socket

* allow multiple listen sockets for port ranges and readd socket fd listen logic

* readd logic to start servers according to listener protocols

* gofmt

* adapt caddytest

* gosec

* fmt and rename listen to listenWithSocket

* fmt and rename listen to listenWithSocket

* more consistent error msg

* non unix listenReusableWithSocketFile

* remove unused func

* doc comment typo

* nonosec

* commit

* doc comments

* more doc comments

* comment was misleading, cardinality did not change

* addressesWithProtocols

* update test

* fd/ and fdgram/

* rm addr

* actually write...

* i guess we doin' "skip": now

* wrong var in placeholder

* wrong var in placeholder II

* update param name in comment

* dont save nil file pointers

* windows

* key -> parsedKey

* osx

* multiple default_bind with protocols

* check for h1 and h2 listener netw
2024-09-30 10:55:03 -06:00
lollipopkit🏳️‍⚧️
5c47c2f147
fileserver: browse: Configurable default sort (#6502)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options

* fileserver: move `sort` to `browse`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-08-30 09:01:37 -06:00
Mohammed Al Sahaf
4ade967005
reverseproxy: allow user to define source address (#6504)
* reverseproxy: allow user to define source address

Closes #6503

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reverse_proxy: caddyfile support for local_address

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 19:52:05 +00:00
Jesper Brix Rosenkilde
54a0c8f948
reverseproxy: Active health checks request body option (#6520)
* Add an option to specify the body used for active health checks

* Replacer on request body
2024-08-19 10:55:55 -06:00
Steffen Busch
b85b6c6469
replacer: {file.*} global placeholder strips trailing newline (#6411)
Co-authored-by: Kanashimia <chad@redpilled.dev>
2024-08-07 19:39:15 +00:00
lollipopkit🏳️‍⚧️
b198678174
browse: Customizable default sort options (#6468)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options
2024-08-05 08:27:45 -06:00
Jesper Brix Rosenkilde
07c863637d
reverseproxy: Caddyfile support for health_method (#6454)
* Add Caddyfile support of setting active health check request method

* Add integration test for active health check request method
2024-07-12 17:01:58 -04:00
Kévin Dunglas
0287009ee5
intercept: fix http.intercept.header.* placeholder (#6429) 2024-07-03 08:43:13 -06:00
a
aca4002fd8
caddyfile: Pass blocks to import for snippets (#6130)
* a

* a

* a

* a

* a

* a
2024-06-14 11:27:51 -06:00
Francis Lavoie
40c582ce82
caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350) 2024-05-30 07:32:17 -06:00
Ranveer Avhad
e6f46c8d78
acmeserver: Add sign_with_root for Caddyfile (#6345)
* Added sign_with_root option available in the Caddyfile

* Added tests for sign_with_root to validate the adapted JSON config
2024-05-27 20:06:54 -04:00
Kévin Dunglas
fb63e2e40c
caddyhttp: New experimental handler for intercepting responses (#6232)
* feat: add generic response interceptors

* fix: cs

* rename intercept

* add some docs

* @francislavoie review (first round)

* Update modules/caddyhttp/intercept/intercept.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* shorthands: ir to resp

* mark exported symbols as experimental

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-13 17:38:18 +00:00
Matthew Holt
583c585c81 httpcaddyfile: Set challenge ports when http_port or https_port are used 2024-05-11 21:39:56 -06:00
Aziz Rmadi
4356635d12
logging: Add support for additional logger filters other than hostname (#6082)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-05-11 13:31:44 +00:00
Francis Lavoie
feeb6af403
httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) 2024-05-01 07:43:05 -04:00
Francis Lavoie
797973944f
replacer: Implement file.* global replacements (#5463)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-04-24 16:26:18 -04:00
Aziz Rmadi
868af6a062
reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) 2024-04-23 07:12:57 -06:00
Mohammed Al Sahaf
c6673ad4d8
staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) 2024-04-18 20:31:00 +00:00
Francis Lavoie
9cd472c031
caddyfile: Populate regexp matcher names by default (#6145)
* caddyfile: Populate regexp matcher names by default

* Some lint cleanup that my VSCode complained about

* Pass down matcher name through expression matcher

* Compat with #6113: fix adapt test, set both styles in replacer
2024-04-17 12:19:14 -06:00
Francis Lavoie
70953e873a
caddyhttp: Support multiple logger names per host (#6088)
* caddyhttp: Support multiple logger names per host

* Lint

* Add adapt test

* Implement "string or array" parsing, keep original `logger_names`

* Rewrite adapter test to be more representative of the usecase
2024-04-16 22:26:18 +00:00
coderwander
eafc875ea9
chore: fix some typos in comments (#6243) 2024-04-16 04:10:11 +00:00
Matt Holt
81413caea2
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades

* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME

* Fix go.mod

* caddytls: Fix automation related to managers (fix #6060)

* Fix typo (appease linter)

* Fix HTTP validation with ZeroSSL API
2024-04-13 21:31:43 -04:00
Aziz Rmadi
567d96c624
fileserver: read etags from precomputed files (#6222) 2024-04-13 06:49:55 -04:00
Aziz Rmadi
0b381eb766
reverseproxy: Implement modular CA provider for TLS transport (#6065)
* added new modular ca providers to caddy tls HttpTransport

* reverse-proxy, httptransport: added tests and caddyfile support for ca module

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-04-12 07:19:14 -06:00
Emily
ddb1d2c2b1
caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
* caddyhttp: add `http.request.local{,.host,.port}` placeholder

This is the counterpart of `http.request.remote{,.host,.port}`.

`http.request.remote` operates on the remote client's address, while
`http.request.local` operates on the address the connection arrived on.

Take the following example:

- Caddy serving on `203.0.113.1:80`
- Client on `203.0.113.2`

`http.request.remote.host` would return `203.0.113.2` (client IP)

`http.request.local.host` would return `203.0.113.1` (server IP)
`http.request.local.port` would return `80` (server port)

I find this helpful for debugging setups with multiple servers and/or
multiple network paths (multiple IPs, AnyIP, Anycast).

Co-authored-by: networkException <git@nwex.de>

* caddyhttp: add unit test for `http.request.local{,.host,.port}`

* caddyhttp: add integration test for `http.request.local.port`

* caddyhttp: fix `http.request.local.host` placeholder handling with unix sockets

The implementation matches the one of `http.request.remote.host` now and
returns the unix socket path (just like `http.request.local` already did)
instead of an empty string.

---------

Co-authored-by: networkException <git@nwex.de>
2024-03-27 21:36:53 +00:00
Aziz Rmadi
29f57faa86
rewrite: uri query replace operation (#6165)
* Implemented query replace oeration

* Modified replace operation to use regexes in caddyfile

* Added more tests to uri query operations
2024-03-22 02:23:42 +00:00
Sam Ottenhoff
e65b97f55b
reverseproxy: configurable active health_passes and health_fails (#6154)
* reverseproxy: active health check allows configurable health_passes and health_fails

* Need to reset counters after recovery

* rename methods to be more clear that these are coming from active health checks

* do not export methods
2024-03-20 11:13:35 -06:00
Aziz Rmadi
69290d232d
rewrite: Implement uri query operations (#6120)
* Implemented basic uri query operations

* Added support for query operations block

* Applied Replacer on all query keys and values

* Implemented rename query key opration

* Rewrite struct: Changed QueryOperations field to Query and comments cleanup

* Cleaned up comments, changed the order of operations and added more tests

* Changed order of fields in queryOps struct to match the operations order
2024-03-06 10:08:46 -05:00
Francis Lavoie
0d44e3ecba
logging: Implement log_append handler (#6066)
* logging: Implement `extra_log` handler

* Rename to `log_append`

* Rename `skip_log` to `log_skip`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-05 17:03:59 -07:00
Francis Lavoie
2a78c9c5e4
httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-03-05 23:37:14 +00:00
Francis Lavoie
01d5568b20
logging: Implement append encoder, allow flatter filters config (#6069)
* logging: Implement `add` encoder

* Allow flatter config structure for `filter` & `add`

* Rename to append

* govulncheck was unhappy
2024-03-05 16:24:32 -07:00
Mohammed Al Sahaf
1f4a6fa7e7
ci: fix the integration test TestLeafCertLoaders (#6149) 2024-03-06 02:09:13 +03:00
Aziz Rmadi
3ae07a73dc
caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module

* Added leaf loaders modules: file, folder, pem aand storage

* Cleaned implementation of leaf cert loader modules

* Added tests for leaf certs file and folder loaders

* cmd: fix the output of the `Usage` section (#6138)

* core: OnExit hooks (#6128)

* core: OnExit callbacks

* core: Process-global OnExit callbacks

* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added more leaf certificate loaders tests and cleaned up code

* Modified leaf cert loaders json field names and cleaned up storage loader comment

* Update modules/caddytls/leaffileloader.go

* Update LeafStorageLoader certificates field name

* Upgraded  protobuf version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-05 14:55:37 -07:00
Mohammed Al Sahaf
03f703a00e
caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)
* caddytls: verifier: caddyfile: re-add Caddyfile support

* appease the linter

* caddytls: client_auth: verifier: change namespace to `tls.client_auth.verifier`
2024-02-26 00:13:48 +03:00