Commit Graph

1741 Commits

Author SHA1 Message Date
Francis Lavoie a8492c064d
fileserver: Don't repeat error for invalid method inside error context (#5705) 2023-08-09 17:12:09 +00:00
Matt Holt 6cdcc2a782
ci: Update to Go 1.21 (#5719)
* ci: Update to Go 1.21

* Bump quic-go to v0.37.4

* Check EnableFullDuplex err

* Linter bug suppression

See https://github.com/timakin/bodyclose/issues/52

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-08-09 12:34:28 -04:00
Aaron Dewes fbb0ecfa32
ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720)
This will add 64-bit RISC-V Linux prebuilts for Caddy.
2023-08-08 12:11:53 -06:00
Shyim 5b9c850ab3
go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718) 2023-08-08 11:23:26 -06:00
Jacob Gadikian b32f265eca
ci: Use gofumpt to format code (#5707) 2023-08-07 19:40:31 +00:00
Matthew Holt 431adc0980
templates: Fix httpInclude (fix #5698)
Allowable during feature freeze because this is a simple, non-invasive
bug fix only.
2023-08-07 12:53:21 -06:00
Matthew Holt a8cc5d1a7d go.mod: Upgrade to quic-go v0.37.3
Fixes #5680 once and for all! Hopefully :)

Thank you @marten-seemann for your excellent work!
2023-08-05 18:10:15 -06:00
Emily 8d304a4566
cmd: Split unix sockets for admin endpoint addresses (#5696)
* cmd: fix cli when admin endpoint uses new unix socket permission format

Fixes a bug where the following Caddyfile

```Caddyfile
{
	admin unix/admin.sock|0660
}
```

and `caddy reload --config Caddyfile`
would throw the following error instead of reloading it:

```
INFO    using provided configuration    {"config_file": "Caddyfile", "config_adapter": ""}
Error: sending configuration to instance: performing request: Post "http://127.0.0.1/load": dial unix admin.sock|0660: connect: no such file or directory
[ERROR] exit status 1
```

---

This bug also affected `caddy start` and `caddy stop`.

* Move splitter function to internal

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2023-08-06 00:09:16 +00:00
Mohammed Al Sahaf 65e33fc1ee
reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)
* reverseproxy: do not parse upstream address too early if it contains replaceble parts

* remove unused method

* cleanup

* accommodate partially replaceable port
2023-08-05 23:30:02 +02:00
WeidiDeng 9f34383c02
caddyfile: check that matched key is not a substring of the replacement key (#5685) 2023-08-04 10:44:38 -06:00
Mohammed Al Sahaf b07b198764
chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691) 2023-08-04 16:08:54 +00:00
Matthew Holt 51b1bfb125
go.mod: Upgrade quic-go to v0.37.2 (fix #5680) 2023-08-03 18:44:03 -06:00
Matthew Holt c049bab458
fileserver: browse: Render SVG images in grid 2023-08-03 12:53:47 -06:00
WeidiDeng e2fc08bd34
reverseproxy: Fix hijack ordering which broke websockets (#5679) 2023-08-03 04:08:12 +00:00
Herman Slatman 4aa4f3ac70
httpcaddyfile: Fix `string does not match ~[]E` error (#5675)
Only happens for some people. Unable to confirm.
2023-08-03 00:41:37 +00:00
Francis Lavoie 1913930783
encode: Fix infinite recursion (#5672) 2023-08-02 18:21:11 -06:00
Francis Lavoie cd486c25d1
caddyhttp: Make use of `http.ResponseController` (#5654)
* caddyhttp: Make use of http.ResponseController

Also syncs the reverseproxy implementation with stdlib's which now uses ResponseController as well 2449bbb5e6

* Enable full-duplex for HTTP/1.1

* Appease linter

* Add warning for builds with Go 1.20, so it's less surprising to users

* Improved godoc for EnableFullDuplex, copied text from stdlib

* Only wrap in encode if not already wrapped
2023-08-02 20:03:26 +00:00
Matthew Holt e198c605bd
go.mod: Upgrade dependencies esp. smallstep/certificates
This prevents initialization of a .step folder when it's not used.
2023-08-02 11:48:59 -06:00
Matt Holt f66493efef
core: Allow loopback hosts for admin endpoint (fix #5650) (#5664) 2023-08-02 11:13:52 -06:00
Francis Lavoie 5c51c1db2c
httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643)
* httpcaddyfile: Allow `hostnames` override for log directive

* Implement access logger name overrides

* Fix panic & default logger clobbering edgecase
2023-08-02 03:13:46 -04:00
mmm444 da23501457
reverseproxy: Connection termination cleanup (#5663) 2023-08-01 14:01:12 +00:00
Matthew Holt 94749e119a
go.mod: Use quic-go 0.37.1
Should fix panic in Go 1.21 where there was no RemoteAddr.
2023-07-31 16:31:17 -06:00
Omar Ramadan d7d16360d4
reverseproxy: Export ipVersions type (#5648)
allows AUpstreams to be instantiated externally
2023-07-25 12:50:21 -06:00
Matthew Holt 4df27a20c8
go.mod: Use latest CertMagic (v0.19.1)
Fixes race condition
2023-07-25 10:31:47 -06:00
Matthew Holt 18c309b5fa
caddyhttp: Preserve original error (fix #5652) 2023-07-25 09:41:56 -06:00
ydylla e041962b66
fileserver: add lazy image loading (#5646) 2023-07-22 15:50:36 +00:00
Marten Seemann f45a6de20d
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
* update quic-go to v0.37.0

* Bump to Go 1.20

* Bump golangci-lint version, yml syntax consistency

* Use skip-pkg-cache workaround

* Workaround needed for both?

* Seeding weakrand is no longer necessary

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-07-21 22:00:48 -06:00
Matt Holt b51dc5d5d0
core: Refine mutex during reloads (fix #5628) (#5645)
Separate currentCtxMu to protect currentCtx, and a new
rawCfgMu to protect rawCfg and synchronize loads.
2023-07-21 15:32:20 -06:00
bt90 f857b32d65
go.mod: update quic-go to v0.36.2 (#5636) 2023-07-17 14:16:43 -06:00
Matthew Holt 4e36b4c9d1
fileserver: Tweak grid view of browse template
All cells on row have same height.
Center-align vertically.
2023-07-17 11:18:40 -06:00
Mohammed Al Sahaf 27bc16abed
fileserver: add `export-template` sub-command to `file-server` (#5630) 2023-07-13 15:54:48 -06:00
WeidiDeng bbe1952a59
caddyfile: Fix comparing if two tokens are on the same line (#5626)
* fix comparing if two tokens are on the same line

* compare tokens from copies when importing
2023-07-12 14:32:22 -06:00
Matt Holt 0e2c7e1d35
caddytls: Reuse certificate cache through reloads (#5623)
* caddytls: Don't purge cert cache on config reload

* Update CertMagic

This actually avoids reloading managed certs from storage
when already in the cache, d'oh.

* Fix bug; re-implement HasCertificateForSubject

* Update go.mod: CertMagic tag
2023-07-11 19:10:58 +00:00
Matt Holt 7ceef91295
Minor tweaks to security.md 2023-07-08 14:02:09 -06:00
Matthew Holt 5dec11f2a0
reverseproxy: Pointer receiver
This avoids copying the Upstream, which has an atomically-accessed value
in it.
2023-07-08 13:42:51 -06:00
Matthew Holt 66114cb155
caddyhttp: Trim dot/space only on Windows (fix #5613)
Follow-up to #2917. Path matcher needs to trim dots and spaces but only
on Windows.
2023-07-08 13:42:13 -06:00
Marten Seemann 7914ba3573
update quic-go to v0.36.1 (#5611) 2023-07-01 19:34:27 -04:00
Matthew Holt dfe17c33ef
caddyconfig: Specify config adapter for HTTP loader (close #5607) 2023-06-30 20:04:32 -06:00
WeidiDeng 710824c3ce
core: Embed net.UDPConn to gain optimizations (#5606)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-06-30 16:31:26 -06:00
Mohammed Al Sahaf d8ae801068
chore: remove deprecated property `rlcp` in goreleaser config (#5608) 2023-06-30 16:53:56 -04:00
Emily 119e8794bc
core: Skip `chmod` for abstract unix sockets (#5596)
because those aren't real paths on the filesystem and thus can't be `chmod`ed
2023-06-24 18:25:02 -06:00
Emily 22927e278d
core: Add optional unix socket file permissions (#4741)
* core: Add optional unix socket file permissions

This commit also changes the default unix socket file permissions to `u=w,g=,o=` (octal: `0200`).
It used to default to the shell's umask (usually `u=rwx,g=rx,o=rx`, octal: `0755`).

`/run/caddy.sock` -> `/run/caddy.sock` with `0200` default perms
`/run/caddy.sock|0222` -> `/run/caddy.sock` with `0222` perms

`|` instead of `:` is used as a separator, to account for the `:` in Windows drive letters (e.g. `C:\absolute\path.sock`)

Fun fact:
The old unix(7) man page (pre Jun 2016) stated a socket needs both read and write perms.
Turns out, only write perms are needed.
Corrected in 7578ea2f85
Despite this, most implementations still default to read+write to this date.

* Add cases with Windows paths to test

* Require write perms for the owning user
2023-06-23 14:49:41 -06:00
Francis Lavoie 7a69ae7571
reverseproxy: Honor `tls_except_port` for active health checks (#5591) 2023-06-22 16:20:30 -06:00
Matthew Holt 2b2addebb8
Appease linter 2023-06-21 17:59:54 -06:00
Matthew Holt 9563666bfb
Fix compile on Windows, hopefully 2023-06-21 17:47:23 -06:00
Matthew Holt 806341e089
core: Properly preserve unix sockets (fix #5568) 2023-06-21 17:16:01 -06:00
Matthew Holt 0468508e92 go.mod: Upgrade CertMagic for hotfix 2023-06-21 13:25:38 -06:00
Matthew Holt 415d1e7b6f go.mod: Upgrade some dependencies 2023-06-21 13:25:38 -06:00
Omer Demirok 1a36b06cd4
chore: upgrade otel (#5586) 2023-06-21 11:46:42 -06:00
Marten Seemann 398c12ae9b
go.mod: Update quic-go to v0.36.0 (#5584) 2023-06-21 06:56:12 -04:00