e965b111cd
tls: modularize trusted CA providers ( #5784 )
...
* tls: modularize client authentication trusted CA
* add `omitempty` to `CARaw`
* docs
* initial caddyfile support
* revert anything related to leaf cert validation
The certs are used differently than the CA pool flow
* complete caddyfile unmarshalling implementation
* Caddyfile syntax documentation
* enhance caddyfile parsing and documentation
Apply suggestions from code review
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add client_auth caddyfile tests
* add caddyfile unmarshalling tests
* fix and add missed adapt tests
* fix rebase issue
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-25 11:44:41 +03:00
b9c40e7111
logging: Automatic `wrap` default for `filter` encoder ( #5980 )
...
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
2024-01-25 04:00:22 +00:00
f5344f8cad
caddyhttp: Fix panic when request missing ClientIPVarKey ( #6040 )
2024-01-24 00:45:50 +00:00
750d0b8331
caddyfile: Normalize & flatten all unmarshalers ( #6037 )
2024-01-23 19:36:59 -05:00
54823f52bc
cmd: reverseproxy: log: use caddy logger ( #6042 )
2024-01-23 10:52:02 -07:00
ed7e3c906a
matchers: `query` now ANDs multiple keys ( #6054 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-22 02:36:44 +00:00
c0273f1f04
caddyfile: Add heredoc support to `fmt` command ( #6056 )
2024-01-22 02:24:49 +00:00
dba556fe4b
refactor: move automaxprocs init in caddycmd.Main()
2024-01-19 11:17:35 +01:00
d9aded016c
caddyfile: Allow heredoc blank lines ( #6051 )
2024-01-18 22:57:18 -05:00
4181c79a81
httpcaddyfile: Add optional status code argument to `handle_errors` directive ( #5965 )
...
Co-authored-by: Aziz Rmadi <azizrmadi@Azizs-MacBook-Air.local>
2024-01-16 01:24:17 -05:00
5e2f1b5ced
httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher ( #5844 )
2024-01-15 09:57:08 -07:00
f3e849e49f
fileserver: Implement caddyfile.Unmarshaler interface ( #5850 )
2024-01-13 21:32:44 +00:00
f658fd05ac
reverseproxy: Add `tls_curves` option to HTTP transport ( #5851 )
2024-01-13 20:56:23 +00:00
cc0c0cf03e
caddyhttp: Security enhancements for client IP parsing ( #5805 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-13 20:46:37 +00:00
80acf1bf23
replacer: Fix escaped closing braces ( #5995 )
2024-01-13 20:24:03 +00:00
c839a98ff5
filesystem: Globally declared filesystems, `fs` directive ( #5833 )
2024-01-13 20:12:43 +00:00
b359ca565c
ci/cd: use the build tag `nobadger` to exclude badgerdb ( #6031 )
...
* ci/cd: use the build tag `nobadger` to exclude badgerdb
* upgrade github.com/google/certificate-transparency-go@master
2024-01-10 21:04:11 +03:00
c2d889f85e
httpcaddyfile: Fix redir <to> html ( #6001 )
2024-01-10 12:24:47 +00:00
cb86319bd5
httpcaddyfile: Support client auth verifiers ( #6022 )
...
* Added verifier case
Update author
* Update verifier to match struct tag
* gci run
2024-01-09 23:14:51 +00:00
ed41c924cf
tls: add reuse_private_keys ( #6025 )
2024-01-09 16:00:31 -07:00
d9ff7b1872
reverseproxy: Only change Content-Length when full request is buffered ( #5830 )
...
fixes: https://github.com/caddyserver/caddy/issues/5829
Signed-off-by: Fred Cox <mcfedr@gmail.com>
2024-01-09 12:59:30 -07:00
76611fa150
Switch Solaris-derivatives away from listen_unix ( #6021 )
...
Solaris 10 and Illumos are missing SO_REUSEPORT. Treat them more like
Windows (i.e. use the listener pool).
2024-01-06 05:09:20 -05:00
8a50f191bf
build(deps): bump actions/upload-artifact from 3 to 4 ( #6013 )
...
* build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Disable compression
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-01-02 08:23:25 +00:00
4f3f6e35e8
build(deps): bump actions/setup-go from 4 to 5 ( #6012 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-02 07:13:31 +00:00
787f6b257f
chore: check against errors of `io/fs` instead of `os` ( #6011 )
...
* chore: replace `os.ErrNotExist` with `fs.ErrNotExist`
* check against permission error from `io/fs` package
2024-01-02 08:48:55 +03:00
b568a10dd4
caddyhttp: support unix sockets in `caddy respond` command ( #6010 )
...
previously the `caddy respond` command would treat the argument
passed to --listen as a TCP socket address, iterating over a possible
port range.
this patch factors the server creation out into a separate function,
allowing this to be reused in case the listen address is a unix network
address.
2023-12-31 22:34:00 -05:00
8f9ffc587e
fileserver: Add total file size to directory listing ( #6003 )
...
* browse: Add total file size to directory listing
* Apply suggestion to remove "in "
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-30 18:47:13 +00:00
f976c84d9e
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file ( #5997 )
2023-12-20 08:37:21 -07:00
1bf72db6ff
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 ( #5994 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 16:11:51 -07:00
d54dcf1598
cmd: use automaxprocs for better perf in containers ( #5711 )
...
* feat: use automaxprocs for better perf in containers
* better logs
* cs
2023-12-18 15:50:26 -07:00
3248e4c89f
logging: Add `zap.Option` support ( #5944 )
2023-12-18 20:48:34 +00:00
da7d8cb26d
httpcaddyfile: Sort skip_hosts for deterministic JSON ( #5990 )
...
* httpcaddyfile: Sort skip_hosts for deterministic JSON
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* Fix test
* Bah
---------
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-12-18 12:54:52 -07:00
387545a895
metrics: Record request metrics on HTTP errors ( #5979 )
2023-12-15 20:14:00 +00:00
b49ec05161
go.mod: Updated quic-go to v0.40.1 ( #5983 )
2023-12-14 22:42:01 -07:00
b16aba5c27
fileserver: Enable compression for command by default ( #5855 )
...
* feat: enable compression for file-server
* refactor
* const
* Update help text
* Update modules/caddyhttp/fileserver/command.go
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-13 20:44:22 -07:00
362f33daae
fileserver: New --precompressed flag ( #5880 )
...
exposes the file_server precompressed functionality to be used with the
file-server command
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-13 20:26:20 -07:00
3d7d60f7cf
caddyhttp: Add `uuid` to access logs when used ( #5859 )
2023-12-13 15:40:15 -07:00
dc12bd9743
proxyprotocol: use github.com/pires/go-proxyproto ( #5915 )
...
* proxyprotocol: use github.com/pires/go-proxyproto
* Fix typo: r/generelly/generally
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add config options for `Deny` CIDR and fallback policy
* use `netip` package & trust unix sockets
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-12-13 09:07:43 -07:00
56c6b3f673
cmd: Preserve LastModified date when exporting storage ( #5968 )
2023-12-13 09:06:06 -07:00
cbbd1df904
core: Always make AppDataDir for InstanceID ( #5976 )
2023-12-13 07:39:10 -07:00
7d919af01b
chore: cross-build for AIX ( #5971 )
2023-12-11 12:55:04 +00:00
4a09cf0dc0
caddytls: Sync distributed storage cleaning ( #5940 )
...
* caddytls: Log out remote addr to detect abuse
* caddytls: Sync distributed storage cleaning
* Handle errors
* Update certmagic to fix tiny bug
* Split off port when logging remote IP
* Upgrade CertMagic
2023-12-07 11:00:02 -07:00
b24ae63ea6
caddytls: Context to DecisionFunc ( #5923 )
...
See https://github.com/caddyserver/certmagic/pull/255
2023-12-07 10:40:13 -07:00
4173e2c77a
tls: accept placeholders in string values of certificate loaders ( #5963 )
...
* tls: loader: accept placeholders in string values
* appease the linter
2023-12-04 09:23:15 -07:00
18f34290d2
templates: Offically make templates extensible ( #5939 )
...
* templates: Offically make templates extensible
This supercedes #4757 (and #4568 ) by making template extensions
configurable.
The previous implementation was never documented AFAIK and had only
1 consumer, which I'll notify as a courtesy.
* templates: Add 'maybe' function for optional components
* Try to fix lint error
2023-11-28 09:39:14 -07:00
22eecdb90c
http2 uses new round-robin scheduler ( #5946 )
2023-11-24 01:54:27 +00:00
4de2c1c65e
panic when reading from backend failed to propagate stream error ( #5952 )
2023-11-23 03:18:18 -05:00
878d491834
chore: Bump otel to v1.21.0. ( #5949 )
...
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
2023-11-22 17:02:13 +03:00
96f638eaad
httpredirectlistener: Only set read limit for when request is HTTP ( #5917 )
2023-11-20 12:31:36 +00:00
7e52db8280
fileserver: Add .m4v for browse template icon
2023-11-14 13:39:57 -07:00
Mohammed Al Sahaf