All code relating to a caddytls.Config and setting it up from the
Caddyfile is still intact; only the certificate management-related
code was removed into a separate package.
I don't expect this to build in CI successfully; updating dependencies
and vendor is coming next.
I've also removed the ad-hoc, half-baked storage plugins that we need
to finish making first-class Caddy plugins (they were never documented
anyway). The new certmagic package has a much better storage interface,
and we can finally move toward making a new storage plugin type, but
it shouldn't be configurable in the Caddyfile, I think, since it doesn't
make sense for a Caddy instance to use more than one storage config...
We also have the option of eliminating DNS provider plugins and just
shipping all of lego's DNS providers by using a lego package (the
caddytls/setup.go file has a comment describing how) -- but it doubles
Caddy's binary size by 100% from about 19 MB to around 40 MB...!
* tls: Add support for the tls-alpn-01 challenge
Also updates lego/acme to latest on master.
TODO: This implementation of the tls-alpn challenge is not yet solvable
in a distributed Caddy cluster like the http challenge is.
* build: Allow building with the race detector
* tls: Support distributed solving of the TLS-ALPN-01 challenge
* Update vendor and add a todo in MITM checker
* Adding {when_unix_ms} requests placeholder (unix timestamp with a milliseconds precision)
* Add an 499 HTTP status code on user's cancel request as NGINX doing (instead of 502 Bad Gateway status with 'Context canceled' message)
* 499 HTTP status code was added as constant CustomStatusContextCancelled = 499
* caddytls: Raise TLS alert if no certificate matches SAN (closes#1303)
I don't love this half-baked solution to the issue raised in #1303 way
more than a year after the original issue was closed (the necro comments
are about an issue separate from the original issue that started it),
but I do like TLS alerts more than wrong certificates.
* Restore test to match
* Restore another previous test
* Updates the existing proxy and reverse proxy tests to include a new fallback delay value
* Adds a new fallback_delay sub-directive to the proxy directive and uses it in the creation of single host reverse proxies
* Add callback OnRestartFailed to caddy.Controller
* markdown: Fix 500 error (#2266)
* Addressed the comments
* Update paths for filebrowser plugins
* httpserver: update minify ordering (#2273)
* Bump required version of golang to 1.10 in README.md (#2267)
Adding TLS client cert placeholders #2217 uses features of go
v1.10. Update README requirements accordingly.
* Update CI to use Go 1.11
* caddytls: gofmt (Go 1.11) (#2241)
* Ensure assets path exists before writing UUID file
* Adding {when_unix_ms} requests placeholder (unix timestamp with a milliseconds precision) (#2260)
* update to quic-go v0.10.0 (#2288)
quic-go now vendors all of its dependencies, so we don't need to vendor
them here.
Created by running:
gvt delete github.com/lucas-clemente/quic-go
gvt delete github.com/bifurcation/mint
gvt delete github.com/lucas-clemente/aes12
gvt delete github.com/lucas-clemente/fnv128a
gvt delete github.com/lucas-clemente/quic-go-certificates
gvt delete github.com/aead/chacha20
gvt delete github.com/hashicorp/golang-lru
gvt fetch -tag v0.10.0-no-integrationtests github.com/lucas-clemente/quic-go
* fastcgi: Add default timeouts (#2265)
Default fastcgi timeout is 60 seconds
Add tests
* Fix AppVeyor builds (#2289)
* Attempting to fix AppVeyor builds
* Trying again, 2015 image this time
* Use Appveyor's Go 1.11 stack
* Restore GOPATH\bin to PATH and delete old image config
* Add gcc to path manually
* Addressed the comments
* Fix broken link to sourcegraph in README (#2285)
* Fix deadlock, ensure instances mutex unlocked (#2296)
it's a stupid mistake
* proxy: Use DualStack=true in defaultDialer (#2305)
* ci: get golint tool from `golang.org/x/lint/golint` (#2324)
* templates: TLSVersion (#2323)
* new template action: TLS protocol version
* new template action: use caddytls.GetSupportedProtocolName
Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
* Don't return error on onRestartFail. Only log it.
* new template action: TLS protocol version
* new template action: use caddytls.GetSupportedProtocolName
Avoids code duplication by reusing existing method to get TLS protocol
version used on connection. Also adds tests
* Attempting to fix AppVeyor builds
* Trying again, 2015 image this time
* Use Appveyor's Go 1.11 stack
* Restore GOPATH\bin to PATH and delete old image config
* Add gcc to path manually
quic-go now vendors all of its dependencies, so we don't need to vendor
them here.
Created by running:
gvt delete github.com/lucas-clemente/quic-go
gvt delete github.com/bifurcation/mint
gvt delete github.com/lucas-clemente/aes12
gvt delete github.com/lucas-clemente/fnv128a
gvt delete github.com/lucas-clemente/quic-go-certificates
gvt delete github.com/aead/chacha20
gvt delete github.com/hashicorp/golang-lru
gvt fetch -tag v0.10.0-no-integrationtests github.com/lucas-clemente/quic-go
* Fix 502 errors for requests without headers
* Add unexported roundRobinPolicier
We have to preserve state for fallback mode of Header policy, so
it's required to save state in some variable
* Adding TLS client cert placeholders
* Use function to get the peer certificate
* Changing SHA1 to SHA256
* Use UTC instead of GMT
* Adding tests
* Adding getters for Protocol and Cipher