OrgGo
/
caddy
mirror of https://github.com/caddyserver/caddy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,118 Commits 30 Branches 138 Tags 28 MiB
Commit Graph

263 Commits

Author SHA1 Message Date
Marten Seemann a211c656f1
chore: update quic-go to v0.48.0 (#6627) 2024-10-15 09:38:10 -04:00
Matthew Holt 2ae58ac13e
go.mod: Upgrade some dependencies 2024-10-02 16:00:48 -06:00
Francis Lavoie 792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add `vars` and `vars_regexp` (#6594) 
* caddyhttp: Escaping placeholders in CEL

* Simplify some of the test cases

* Implement vars and vars_regexp in CEL

* dupl lint is dumb

* Better consts for the placeholder CEL shortcut

* Bump CEL version, register a few extensions

* Refactor s390x test script for readability

* Add retries for s390x to smooth over flakiness

* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
 2024-10-02 06:34:04 -06:00
Marten Seemann ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) 2024-09-21 05:47:18 +02:00
Marten Seemann 5b44d6cea8
update quic-go to v0.47.0 (#6582) 2024-09-20 17:00:13 -04:00
Kévin Dunglas 2028da4e74
ci: build and test with Go 1.23 (#6526) 
* chore: build and test with Go 1.23

* ci: bump golangci-lint to v1.60

* fix: make properly wrap errors

* ci: remove Go 1.21
 2024-08-23 11:01:28 -06:00
WeidiDeng 52bad45181
go.mod: update update golang/x/net (#6500) 2024-08-08 01:52:50 +00:00
WeidiDeng a8b0dfa8da
go.mod: update quic-go package (#6498) 2024-08-06 22:08:32 -06:00
Prakhar Awasthi 840094ac65
proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485) 
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support

* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
 2024-08-03 19:51:50 +03:00
Will Norris 04fb9fe87f
go.mod: update tscert package (#6384) 
The latest tscert allows callers to provide a custom http.Transport for
calling Tailscale's local API.

Updates tailscale/caddy-tailscale#66
 2024-06-10 07:28:30 -06:00
Matthew Holt b7280e6949 caddytls: Implement certmagic.RenewalInfoGetter 
Fixes ARI errors reported here:
https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
 2024-06-01 18:02:49 -06:00
Matthew Holt d79c0f0dec
go.mod: Upgrade dependencies 2024-05-20 10:35:27 -06:00
Will Norris e66040a6f0
caddytls: set server name in context (#6324) 
Set the requested server name in a context value for CertGetter
implementations to use. Pass ctx to tscert.GetCertificateWithContext.

Signed-off-by: Will Norris <will@tailscale.com>
 2024-05-18 03:52:19 -06:00
Mohammed Al Sahaf 44860482d2
chore: downgrade minimum Go version in go.mod (#6318) 
* chore: downgrade minimum Go version in go.mod

* Upgrade certmagic and zerossl

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
 2024-05-15 19:28:34 +00:00
Matthew Holt abdf1ae15c
go.mod: go 1.22.3 
Seeing if this assists with some Go tooling logic
 2024-05-10 08:32:44 -06:00
Matthew Holt dd203ad41f
go.mod: CertMagic v0.21.0 2024-05-07 10:17:10 -06:00
Matthew Holt b52271061d
go.mod: Upgrade to quic-go v0.43.1 2024-05-06 20:15:43 -06:00
Matt Holt d129ae6aec
caddytls: Evict internal certs from cache based on issuer (#6266) 
* caddytls: Evict internal certs from cache based on issuer

During a config reload, we would keep certs in the cache fi they were used  by the next config. If one config uses InternalIssuer and the other uses a public CA, this behavior is problematic / unintuitive, because there is a big difference between private/public CAs.

This change should ensure that internal issuers are considered when deciding whether to keep or evict from the cache during a reload, by making them distinct from each other and certs from public CAs.

* Make sure new TLS app manages configured certs

* Actually make it work
 2024-04-30 16:15:54 -06:00
Matthew Holt a46ff50a1c
go.mod: Upgrade to quic-go v0.43.0 2024-04-27 12:01:30 -06:00
clauverjat 76c4cf5a56
caddytls: Option to configure certificate lifetime (#6253) 
* Add option to configure certificate lifetime

* Bump CertMagic dep to latest master commit

* Apply suggestions and ran go mod tidy

* Update modules/caddytls/acmeissuer.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-04-24 14:35:14 -06:00
Matt Holt 6d97d8d87b
caddyhttp: Address some Go 1.20 features (#6252) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-04-24 00:05:57 +00:00
Matt Holt 81413caea2
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) 
* WIP: acmez v2, CertMagic, and ZeroSSL issuer upgrades

* caddytls: ZeroSSLIssuer now uses ZeroSSL API instead of ACME

* Fix go.mod

* caddytls: Fix automation related to managers (fix #6060)

* Fix typo (appease linter)

* Fix HTTP validation with ZeroSSL API
 2024-04-13 21:31:43 -04:00
Francis Lavoie 1c4a807667
chore: Upgrade some dependencies (#6221) 2024-04-04 18:27:52 -04:00
Mohammed Al Sahaf 7f227b9d39
chore: upgrade deps (#6198) 2024-03-27 14:24:18 -04:00
Marten Seemann 32f7dd44ae
chore: Update quic-go to v0.42.0 (#6176) 
* update quic-go to v0.42.0

* use a rate limiter to control QUIC source address verification

* Lint

* remove deprecated ListenQUIC

* remove number of requests tracking

* increase the number of handshakes before source address verification is needed

* remove references to request counters

* remove deprecated listen*

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
 2024-03-21 10:56:10 -06:00
jbrown-stripe 52822a41cb
caddyhttp: upgrade to cel v0.20.0 (#6161) 
* upgrade to cel v0.20.0

* Attempt to address feedback and fix linter

* Let's try this

* Take that, you linter!

* Oh there's more

---------


Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Tristan Swadell @TristonianJones
 2024-03-13 21:32:42 -06:00
Francis Lavoie 5b5f8feaf7
chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) 2024-03-12 12:07:23 +03:00
Aziz Rmadi 3ae07a73dc
caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module

* Added leaf loaders modules: file, folder, pem aand storage

* Cleaned implementation of leaf cert loader modules

* Added tests for leaf certs file and folder loaders

* cmd: fix the output of the `Usage` section (#6138)

* core: OnExit hooks (#6128)

* core: OnExit callbacks

* core: Process-global OnExit callbacks

* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added more leaf certificate loaders tests and cleaned up code

* Modified leaf cert loaders json field names and cleaned up storage loader comment

* Update modules/caddytls/leaffileloader.go

* Update LeafStorageLoader certificates field name

* Upgraded  protobuf version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 14:55:37 -07:00
Francis Lavoie 4284e39a17
chore: Update Chroma to get the new Caddyfile lexer (#6118) 2024-02-20 06:23:39 -05:00
Francis Lavoie e1b9a9d7b0
core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) 2024-01-25 12:31:15 -07:00
Marten Seemann 697cc593a1
chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-01-25 13:58:19 -05:00
Mohammed Al Sahaf b359ca565c
ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) 
* ci/cd: use the build tag `nobadger` to exclude badgerdb

* upgrade github.com/google/certificate-transparency-go@master
 2024-01-10 21:04:11 +03:00
dependabot[bot] 1bf72db6ff
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-18 16:11:51 -07:00
Kévin Dunglas d54dcf1598
cmd: use automaxprocs for better perf in containers (#5711) 
* feat: use automaxprocs for better perf in containers

* better logs

* cs
 2023-12-18 15:50:26 -07:00
Aziz Rmadi b49ec05161
go.mod: Updated quic-go to v0.40.1 (#5983) 2023-12-14 22:42:01 -07:00
Mohammed Al Sahaf dc12bd9743
proxyprotocol: use github.com/pires/go-proxyproto (#5915) 
* proxyprotocol: use github.com/pires/go-proxyproto

* Fix typo: r/generelly/generally

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* add config options for `Deny` CIDR and fallback policy

* use `netip` package & trust unix sockets

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2023-12-13 09:07:43 -07:00
Matt Holt 4a09cf0dc0
caddytls: Sync distributed storage cleaning (#5940) 
* caddytls: Log out remote addr to detect abuse

* caddytls: Sync distributed storage cleaning

* Handle errors

* Update certmagic to fix tiny bug

* Split off port when logging remote IP

* Upgrade CertMagic
 2023-12-07 11:00:02 -07:00
Andreas Kohn b24ae63ea6
caddytls: Context to DecisionFunc (#5923) 
See https://github.com/caddyserver/certmagic/pull/255
 2023-12-07 10:40:13 -07:00
dlorenc 878d491834
chore: Bump otel to v1.21.0. (#5949) 
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
 2023-11-22 17:02:13 +03:00
WeidiDeng ee358550e4
go.mod: update quic-go version to v0.40.0 (#5922) 2023-10-31 14:05:34 -04:00
Marten Seemann 3f55efcfde
update quic-go to v0.39.3 (#5918) 2023-10-27 07:52:12 -04:00
Mariano Cano ac0ad4da84
Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) 
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.

Fixes #5911

Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
 2023-10-23 21:02:11 -04:00
Matthew Holt fe2a02bf7a
go.mod: Upgrade quic-go to v0.39.1 2023-10-20 15:23:35 -06:00
Ethan Brown (Domino) 9fc55a9792
go.mod: CVE-2023-45142 Update opentelemetry (#5908) 2023-10-20 21:15:48 +00:00
Matthew Holt 88b4fbf244
go.mod: Upgrade dependencies incl. x/net/http 
Possibly important for the HTTP/2 Rapid Reset issue.
 2023-10-10 12:01:20 -06:00
WeidiDeng 888c6d7e93
go.mod: Update quic-go to v0.38.0 (#5772) 
* go.mod: Update quic-go to v0.38.0

* run "go mod tidy"

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2023-08-24 02:55:28 +00:00
Marten Seemann 84d5e1c5d6
update quic-go to v0.37.6 (#5767) 2023-08-19 23:34:15 +00:00
Matthew Holt f11c3c9f5a
go.mod: Upgrade CertMagic and quic-go 2023-08-17 11:34:48 -06:00
Matt Holt 6cdcc2a782
ci: Update to Go 1.21 (#5719) 
* ci: Update to Go 1.21

* Bump quic-go to v0.37.4

* Check EnableFullDuplex err

* Linter bug suppression

See https://github.com/timakin/bodyclose/issues/52

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2023-08-09 12:34:28 -04:00
Shyim 5b9c850ab3
go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718) 2023-08-08 11:23:26 -06:00