Commit Graph

223 Commits

Author SHA1 Message Date
Matthew Holt d9136fb0a0
rewrite: Caddyfile directive should always invoke a rehandle
This is unless each route's matcher is dynamically executed after
previous handlers...
2019-09-10 14:13:52 -06:00
Matthew Holt c32b7e8865
fastcgi: Make EnvVars a map instead of a slice 2019-09-10 14:12:51 -06:00
Matthew Holt 1ce10b453f
Require Go 1.13; use Go 1.13's default support for TLS 1.3 2019-09-10 13:11:27 -06:00
Matt Holt 0c8ad52be1
Experimental IETF-standard HTTP/3 support (known issue exists) (#2727)
* Begin WIP integration of HTTP/3 support

* http3: Set actual Handler, make fakeClosePacketConn type for UDP sockets

Also use latest quic-go for ALPN fix

* Manually keep track of and close HTTP/3 listeners

* Update quic-go after working through some http3 bugs

* Fix go mod

* Make http3 optional for now
2019-09-10 08:03:37 -06:00
Matthew Holt d67d8cf5a8
Fix build (sigh) 2019-09-10 07:15:36 -06:00
Matt Holt 44b7ce9850
Merge pull request #2737 from caddyserver/fastcgi (reverse proxy!)
v2: Refactor reverse proxy and add FastCGI support
2019-09-09 21:46:21 -06:00
Matthew Holt b4f4fcd437
Migrate some selection policy tests over to v2 2019-09-09 21:44:58 -06:00
Matthew Holt 50e62d06bc
reverse_proxy: Caddyfile integration (and fix blocks in Dispenser) 2019-09-09 12:23:27 -06:00
Matthew Holt 9169cd43d4
Log when auto HTTPS or auto HTTP->HTTPS redirects are disabled 2019-09-09 08:25:48 -06:00
Matthew Holt e12c62e60b
file_server: Enforce URL canonicalization (closes #2741) 2019-09-09 08:21:45 -06:00
Ingo Gottwald 3e9e7555ef Fix build (#2740)
Build was broken with commit 50961ec.
2019-09-07 14:25:04 -06:00
Matthew Holt f6126acf37
Header matchers: allow matching presence of header with empty list 2019-09-06 14:25:16 -06:00
Matthew Holt 97ace2a39e
File matcher enforces trailing-slash convention to match dirs/files 2019-09-06 13:32:02 -06:00
Matthew Holt 4bd9496525
Fix Schrodinger's file existence check in file matcher
See: https://stackoverflow.com/a/12518877/1048862

For example, trying to check the existence of "/www/index.php/index.php"
fails but not with an os.IsNotExist()-type error. So we have to assume
that a file that cannot be successfully stat'ed at all does not exist.
2019-09-06 12:57:12 -06:00
Matthew Holt 14f9662f9c
Various fixes/tweaks to HTTP placeholder variables and file matching
- Rename http.var.* -> http.vars.* to be more consistent
- Prefixing a path matcher with * now invokes simple suffix matching
- Handlers and matchers that need a root path default to {http.vars.root}
- Clean replacer output on the file matcher's file selection suffix
2019-09-06 12:36:45 -06:00
Matthew Holt 21d7b662e7
fastcgi: Use request context as base, not a new one 2019-09-06 12:02:11 -06:00
Matthew Holt d2e46c2be0
fastcgi: Set default root path; add interface guards 2019-09-05 13:42:20 -06:00
Matthew Holt 80b54f3b9d
Add original URI to request context; implement into fastcgi env 2019-09-05 13:36:42 -06:00
Matthew Holt 0830fbad03
Reconcile upstream dial addresses and request host/URL information
My goodness that was complicated

Blessed be request.Context

Sort of
2019-09-05 13:14:39 -06:00
Matthew Holt a60d54dbfd
reverse_proxy: Ignore context.Canceled errors
These happen when downstream clients cancel the request, but that's not
our problem nor a failure in our end
2019-09-03 19:10:09 -06:00
Matthew Holt acb8f0e0c2
Integrate circuit breaker modules with reverse proxy 2019-09-03 19:06:54 -06:00
Matthew Holt 652460e03e
Some cleanup and godoc 2019-09-03 16:56:09 -06:00
Matthew Holt 4a1e1649bc
reverse_proxy: Implement remaining TLS config for proxy to backend 2019-09-03 15:26:09 -06:00
Matthew Holt ccfb12347b
reverse_proxy: Implement active health checks 2019-09-03 12:10:11 -06:00
Alexandre Stein 50961ecc77 Initial implementation of TLS client authentication (#2731)
* Add support for client TLS authentication

Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com>

* make and use client authentication struct

* force StrictSNIHost if TLSConnPolicies is not empty

* Implement leafs verification

* Fixes issue when using multiple verification

* applies the comments from maintainers

* Apply comment

* Refactor/cleanup initial TLS client auth implementation
2019-09-03 09:35:36 -06:00
Matthew Holt 026df7c5cb
reverse_proxy: WIP refactor and support for FastCGI 2019-09-02 22:01:02 -06:00
Matthew Holt d242f10eda
Add query_string to HTTP replacer and use it for try_files 2019-08-27 14:38:24 -06:00
Mohammed Al Sahaf a0fd2b6c0a Fix SIV where /v2 was missing from caddyfile adapter work (#2721) 2019-08-22 12:26:48 -06:00
Matthew Holt c0da7d487a
file_server: Automatically hide all involved Caddyfiles 2019-08-21 15:50:02 -06:00
Matthew Holt c9980fd367
Refactor Caddyfile adapter and module registration
Use piles from which to draw config values.

Module values can return their name, so now we can do two-way mapping
from value to name and name to value; whereas before we could only map
name to value. This was problematic with the Caddyfile adapter since
it receives values and needs to know the name to put in the config.
2019-08-21 10:46:35 -06:00
Matthew Holt c4159ef76d
Fix module-related errors 2019-08-09 12:19:56 -06:00
Matthew Holt ab885f07b8
Implement config adapters and beginning of Caddyfile adapter
Along with several other changes, such as renaming caddyhttp.ServerRoute
to caddyhttp.Route, exporting some types that were not exported before,
and tweaking the caddytls TLS values to be more consistent.

Notably, we also now disable automatic cert management for names which
already have a cert (manually) loaded into the cache. These names no
longer need to be specified in the "skip_certificates" field of the
automatic HTTPS config, because they will be skipped automatically.
2019-08-09 12:05:47 -06:00
Dominik Braun 4950ce485f Part 1: Optimize using compiler's inliner (#2687)
* optimized functions for inlining

* added note regarding ResponseWriterWrapper

* optimzed browseWrite* methods for FileServer

* created benchmarks for comparison

* creating browseListing instance in each function

* created benchmarks for openResponseWriter

* removed benchmarks of old implementations

* implemented sync.Pool for byte buffers

* using global sync.Pool for writing JSON/HTML
2019-08-07 23:59:02 -06:00
Matthew Holt 28df6cedfe
tls: Use IANA-standard cipher suite names 2019-07-18 09:52:43 -06:00
Matthew Holt dd6aa91d72
Fix DNS provider module unmarshaling (closes #2676) 2019-07-18 09:15:23 -06:00
Matt Holt b44a22a9d4
Performance improvements to Replacer implementation (placeholders) (#2674)
Closes #2673
2019-07-16 12:27:11 -06:00
Matthew Holt bdf92ee84e
Minor tweaks 2019-07-15 17:33:47 -06:00
Matthew Holt f217181293
mod: Use blackfriday's standard v2 module import path 2019-07-15 17:33:08 -06:00
Matthew Holt ccb5d19c25
Get module name at runtime, and tidy up modules 2019-07-12 10:15:27 -06:00
Matthew Holt 63674ba081
Rename handler modules to use http.handlers namespace 2019-07-11 22:03:12 -06:00
Matthew Holt 9722dbe18a
Fix rehandling bug 2019-07-11 22:02:47 -06:00
Matthew Holt eb8625f774
Add error & subroute handlers; weakString; other minor handler changes 2019-07-11 17:02:57 -06:00
Matthew Holt 4a3a418156
Flatten HTTP handler config (#2662)
Differentiating middleware and responders has one benefit, namely that
it's clear which module provides the response, but even then it's not
a great advantage. Linear handler config makes a little more sense,
giving greater flexibility and simplifying the core a bit, even though
it's slightly awkward that handlers which are responders may not use
the 'next' handler that is passed in at all.
2019-07-09 12:58:39 -06:00
Matthew Holt 6dfba5fda8
Add path components to HTTP replacer 2019-07-08 16:46:55 -06:00
Matthew Holt d25008d2c8
Move listen address functions into caddy package; fix unix bug 2019-07-08 16:46:38 -06:00
Matthew Holt 42acdad9e5
Fix error handling with Validate when loading modules (fixes #2658)
The return statement was improperly nested in context.go
2019-07-07 14:12:22 -06:00
Matthew Holt 84f9f7cd60
Little cleanups 2019-07-05 13:59:30 -06:00
Matthew Holt 79216d356c
acmemanager: Use storage module key "module" instead of "system" 2019-07-05 09:59:46 -06:00
Matthew Holt fdd871e177
go.mod: Append /v2 to module name; update all import paths
See https://github.com/golang/go/wiki/Modules#semantic-import-versioning
2019-07-02 12:37:06 -06:00
Matthew Holt 533d1afb4b tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structs 2019-07-01 11:47:46 -06:00
Matthew Holt 9f8d3611eb encode: Add "Vary" response header 2019-06-30 23:38:36 -06:00
Matthew Holt 3177ee8010 Add license 2019-06-30 16:07:58 -06:00
Matthew Holt fee0b38b48 Fix encoder name bug; remove unused field in encode middleware struct 2019-06-29 16:57:55 -06:00
Matthew Holt d5ae3a4966 httpserver: Set default Server header 2019-06-28 19:28:47 -06:00
Matthew Holt 006dc1792f Use html/template for escaping by default
Allow HTML only with a few specific functions
2019-06-27 13:30:41 -06:00
Matthew Holt a63cb3e3fd Implement etag; fix related bugs in encode and templates middlewares 2019-06-27 13:09:10 -06:00
Matthew Holt 2b22d2e6ea Optionally enforce strict TLS SNI + HTTP Host matching, & misc. cleanup
We should look into a way to enable this by default when TLS client auth
is configured for a server
2019-06-26 16:03:29 -06:00
Matthew Holt a524bcfe78 Enable skipping just certificate management for some auto HTTPS names 2019-06-26 10:57:18 -06:00
Matthew Holt 91b03dccb0 Refactor automatic HTTPS configuration; ability to skip certain names 2019-06-26 10:49:32 -06:00
Matthew Holt 38677aaa58 caddytls: Support tags for manually-loaded certificates 2019-06-24 12:16:10 -06:00
Matthew Holt d49f762f6d Various bug fixes and minor improvements
- Fix static responder so it doesn't replace its own headers config,
  and instead replaces the actual response header values
- caddyhttp.ResponseRecorder type optionally buffers response
- Add interface guards to ensure regexp matchers get provisioned
- Use default HTTP port if one is not explicitly set
- Encode middleware writes status code 200 if not written upstream
- Templates and markdown only try to execute on text responses
- Static file server sets Content-Type based on file extension only
  (this whole thing -- MIME sniffing, etc -- needs more configurability)
2019-06-21 14:36:26 -06:00
Matthew Holt 81a9e125b5 Oops 2019-06-21 08:52:15 -06:00
Matthew Holt 70c788ce0c Minor cleanups/improvements 2019-06-21 08:08:26 -06:00
Matthew Holt 1c443beb9c caddyhttp: ResponseRecorder type for middlewares to buffer responses
Unfortunately, templates and markdown require buffering the full
response before it can be processed and written to the client
2019-06-20 21:49:45 -06:00
Matthew Holt 269b1e9aa3 tls: Improve (and fix) on-demand configuration 2019-06-20 20:36:29 -06:00
Matthew Holt 6d0350d04e caddyhttp: Fix host matching when host has a port 2019-06-20 20:24:46 -06:00
Matthew Holt 15647bdfb7 templates: Remove context functions implemented by sprig 2019-06-18 15:43:51 -06:00
Matthew Holt 2663dd176d Refactor templates execution; add sprig functions 2019-06-18 15:17:48 -06:00
Matthew Holt 6706c9225a Implement templates handler; various minor cleanups and bug fixes 2019-06-18 11:13:12 -06:00
Matthew Holt 5137859e47 Rename caddy2 -> caddy
Removes the version from the package name
2019-06-14 11:58:28 -06:00
Matthew Holt b8e7453fef Implement brotli encoder; improve validation of other encoders 2019-06-13 11:20:43 -06:00
Matthew Holt 0c8763a728 Add simple tests for static responder 2019-06-11 17:46:11 -06:00
Matt Holt f5b4f268dc
Implement encode middleware (#2)
* Implement encode middleware

* Add missing break; and add missing JSON struct field tag
2019-06-10 10:21:25 -06:00
Matthew Holt ef5f29cfb2 Do not allow Go standard lib to sniff Content-Type header 2019-06-07 19:59:25 -06:00
dev 878ae0002a fix goroutine leak in healthcheckers 2019-06-07 15:52:10 -04:00
Matthew Holt b79f86f256 Fix bugs related to auto HTTPS and alternate port configurations 2019-06-04 22:43:21 -06:00
Matthew Holt 613aecb898 Change import paths to GitHub package names 2019-06-04 13:52:37 -06:00
Matthew Holt 39db06d9c4 Implement IP/CIDR matcher and Not (negated) matcher 2019-06-04 13:42:54 -06:00
Matthew Holt f064889a4f Customize admin endpoint address with -listen flag
This is a temporary holdover for development purposes
2019-06-03 15:35:14 -06:00
Matthew Holt 3439933235 Implement session ticket keys; default STEK module with rotation 2019-05-29 23:11:46 -06:00
Matthew Holt bf54615efc ResponseMatcher for conditional logic of response headers 2019-05-28 18:53:08 -06:00
Matthew Holt da6a8cfc86 Minor cleanups 2019-05-28 18:52:21 -06:00
Matthew Holt 9cd6f35e9d Separate out certificate selection 2019-05-27 11:31:47 -06:00
Matthew Holt 210d0cf7f1 Implement custom cert selection policies; optimize matching for SNI 2019-05-24 13:18:45 -06:00
Matthew Holt 5a4a1421de Fix error handling and matching catch-all routes 2019-05-23 14:42:14 -06:00
Matthew Holt 34a25dd558 Add very simple markdown middleware for now 2019-05-23 14:41:43 -06:00
Matthew Holt 9e576c76e7 Add request_body middleware and some limits to HTTP servers 2019-05-23 13:16:34 -06:00
Matthew Holt 869fbac632 Don't use auto HTTPS for servers with only HTTP port listeners 2019-05-22 14:14:26 -06:00
Matthew Holt 284fb3a98c Allow multiple matcher sets in routes (OR'ed together)
Also export MatchRegexp in case other matcher modules find it useful.
Add comments to the exported matchers.
2019-05-22 13:13:39 -06:00
Matthew Holt bc00d840e8 Export types and fields necessary to build configs (for config adapters)
Also flag most fields with 'omitempty' for JSON marshaling
2019-05-22 12:32:36 -06:00
Matthew Holt be9b6e7b57 Honor the configured CA value 2019-05-21 14:22:33 -06:00
Matthew Holt 2fd98cb040 Module.New() does not need to return an error 2019-05-21 14:22:21 -06:00
Matthew Holt 67d32e6779 Fix up matchers tests and take care of TODO in rewrite 2019-05-21 13:10:14 -06:00
Matthew Holt 9d54f655aa Take care of remaining TODOs in the browse responder 2019-05-21 13:03:52 -06:00
Matthew Holt 65195a726d Implement rewrite middleware; fix middleware stack bugs 2019-05-20 23:48:43 -06:00
Matthew Holt b84cb05848 Fix deferred header ops 2019-05-20 22:00:54 -06:00
Matthew Holt a969872850 Default error handler; rename StaticFiles -> FileServer 2019-05-20 21:21:33 -06:00
Matthew Holt aaacab1bc3 Sanitize paths in static file server; some cleanup
Also remove AutomaticHTTPSError for now
2019-05-20 17:15:38 -06:00
Matthew Holt d22f64e6d4 Implement headers middleware 2019-05-20 15:46:52 -06:00
Matthew Holt 22995e5655 Implement most of browse; fix a couple obvious bugs; some cleanup 2019-05-20 15:46:52 -06:00
dev 043eb1d9e5 move internal packages to pkg folder and update reverse proxy
* set automatic https error type for cert-magic failures
* add state to onload and unload methods
* update reverse proxy to use Provision() and Cleanup()
2019-05-20 14:48:26 -04:00
Matthew Holt fec7fa8bfd Implement most of static file server; refactor and improve Replacer 2019-05-20 10:59:20 -06:00
Matthew Holt 1f0c061ce3 Architectural shift to using context for config and module state 2019-05-16 16:05:38 -06:00
Matthew Holt ff5b4639d5 Some minor updates, and get rid of OnLoad/OnUnload 2019-05-16 11:46:17 -06:00
Matthew Holt f9d93ead4e Rename and export some types, other minor changes 2019-05-14 14:14:05 -06:00
Matthew Holt 8ae0d6a509 caddyhttp: Implement better HTTP matchers including regexp; add tests 2019-05-10 21:07:02 -06:00
Matthew Holt 48b5a80320 Remove (unimplemented) enterprise TLS matchers 2019-05-07 11:58:58 -06:00
Matthew Holt ad3d408067 Add some tests and fix vet warning 2019-05-07 10:15:46 -06:00
Matthew Holt e40bbecb16 Rough implementation of auto HTTP->HTTPS redirects
Also added GracePeriod for server shutdowns
2019-05-07 09:56:18 -06:00
Matthew Holt 2eb3593327 Begin implementing HTTP replacer and static responder 2019-05-04 13:21:20 -06:00
Matthew Holt 1136e2cfee Add reverse proxy 2019-05-04 10:49:50 -06:00
Matthew Holt 5859cd8dad Instantiate apps that are needed but not explicitly configured 2019-04-29 09:22:00 -06:00
Matthew Holt 43961b542b General cleanup and more godocs 2019-04-26 12:35:39 -06:00
Matthew Holt 2d056fbe66 Initial commit of Storage, TLS, and automatic HTTPS implementations 2019-04-25 13:54:48 -06:00
Matthew Holt 545f28008e Begin implementing error handling and re-handling 2019-04-11 20:42:55 -06:00
dev 27ecc7f384 Protocol and Caddyscript matchers
* Added matcher to determine what protocol the request is being made by
  - grpc, tls, http
* Added ability to run caddyscript in a matcher to evaluate the http request
* Added TLS field to caddyscript request time
* Added a library to manipulate and compare a new caddyscript time type
* Library for regex in starlark
2019-04-08 09:58:11 -04:00
Matthew Holt 402f423693 Implement "global" state for modules, OnLoad and OnUnload callbacks
Tested for memory leaks and performance. Obviously the added locking and
global state is not awesome, but the alternative is a little uglier IMO:
we'd have to make some sort of "liaison" value which stores the state,
then pass it around to every module, and so LoadModule becomes a lot
less accessible, and each module would need to maintain a reference to
it... nope, just ugly. I think this is the cleaner solution: just make
sure only one Start() happens at a time, and keep global things global.

Very simple log middleware is an example.

Might need to reorder the operations in Start() and handle errors
differently, etc. Otherwise, I'm mostly happy with this solution...
2019-04-08 00:00:14 -06:00
Matt Holt f976aa7443 Merged in deadlines (pull request #1)
Cleanly fake-close listeners

* WIP debugging listener deadlines

* Fix listener deadlines
2019-04-02 20:58:24 +00:00
Matthew Holt 6621406fa8 Very basic middleware and route matching functionality 2019-03-31 20:41:29 -06:00
Matthew Holt 27ff6aeccb Fix goroutine leak in Run
D'oh, the servers' Shutdown() would never be called because they were
never added to the list of servers.

Thanks Danny for finding this.
2019-03-27 12:36:30 -06:00
Matthew Holt a8dc73b4d9 Performance testing Load function 2019-03-26 19:42:52 -06:00
Matthew Holt 86e2d1b0a4 Rudimentary start of HTTP servers 2019-03-26 15:45:51 -06:00
Matthew Holt 859b5d7ea3 Initial commit 2019-03-26 12:00:54 -06:00