mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-26 08:12:43 -04:00 
			
		
		
		
	perf: use zap's Check() to prevent useless allocs (#6560)
	
		
			
	
		
	
	
		
	
		
			Some checks failed
		
		
	
	
		
			
				
	
				Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Failing after 2m43s
				
			
		
			
				
	
				Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Failing after 2m26s
				
			
		
			
				
	
				Tests / test (s390x on IBM Z) (push) Has been skipped
				
			
		
			
				
	
				Tests / goreleaser-check (push) Successful in 40s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, aix) (push) Successful in 2m55s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Successful in 3m1s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Successful in 3m1s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Successful in 3m1s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, windows) (push) Successful in 3m1s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, darwin) (push) Failing after 13m23s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, aix) (push) Successful in 2m40s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, illumos) (push) Failing after 11m51s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, linux) (push) Failing after 11m47s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, darwin) (push) Successful in 2m29s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, linux) (push) Successful in 2m39s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Failing after 13m27s
				
			
		
			
				
	
				Cross-Build / build (~1.22.3, 1.22, solaris) (push) Failing after 13m27s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Successful in 2m41s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Successful in 2m54s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, solaris) (push) Successful in 2m40s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Failing after 14m19s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Failing after 14m10s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, illumos) (push) Failing after 14m2s
				
			
		
			
				
	
				Cross-Build / build (~1.23.0, 1.23, windows) (push) Failing after 11m58s
				
			
		
			
				
	
				Lint / lint (ubuntu-latest, linux) (push) Failing after 3m44s
				
			
		
			
				
	
				Lint / govulncheck (push) Successful in 2m18s
				
			
		
			
				
	
				Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Has been cancelled
				
			
		
			
				
	
				Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Has been cancelled
				
			
		
			
				
	
				Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Has been cancelled
				
			
		
			
				
	
				Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Has been cancelled
				
			
		
			
				
	
				Lint / lint (macos-14, mac) (push) Has been cancelled
				
			
		
			
				
	
				Lint / lint (windows-latest, windows) (push) Has been cancelled
				
			
		
		
	
	
				
					
				
			
		
			Some checks failed
		
		
	
	Tests / test (./cmd/caddy/caddy, ~1.22.3, ubuntu-latest, 0, 1.22, linux) (push) Failing after 2m43s
				
			Tests / test (./cmd/caddy/caddy, ~1.23.0, ubuntu-latest, 0, 1.23, linux) (push) Failing after 2m26s
				
			Tests / test (s390x on IBM Z) (push) Has been skipped
				
			Tests / goreleaser-check (push) Successful in 40s
				
			Cross-Build / build (~1.22.3, 1.22, aix) (push) Successful in 2m55s
				
			Cross-Build / build (~1.22.3, 1.22, dragonfly) (push) Successful in 3m1s
				
			Cross-Build / build (~1.22.3, 1.22, freebsd) (push) Successful in 3m1s
				
			Cross-Build / build (~1.22.3, 1.22, netbsd) (push) Successful in 3m1s
				
			Cross-Build / build (~1.22.3, 1.22, windows) (push) Successful in 3m1s
				
			Cross-Build / build (~1.22.3, 1.22, darwin) (push) Failing after 13m23s
				
			Cross-Build / build (~1.23.0, 1.23, aix) (push) Successful in 2m40s
				
			Cross-Build / build (~1.22.3, 1.22, illumos) (push) Failing after 11m51s
				
			Cross-Build / build (~1.22.3, 1.22, linux) (push) Failing after 11m47s
				
			Cross-Build / build (~1.23.0, 1.23, darwin) (push) Successful in 2m29s
				
			Cross-Build / build (~1.23.0, 1.23, linux) (push) Successful in 2m39s
				
			Cross-Build / build (~1.22.3, 1.22, openbsd) (push) Failing after 13m27s
				
			Cross-Build / build (~1.22.3, 1.22, solaris) (push) Failing after 13m27s
				
			Cross-Build / build (~1.23.0, 1.23, netbsd) (push) Successful in 2m41s
				
			Cross-Build / build (~1.23.0, 1.23, openbsd) (push) Successful in 2m54s
				
			Cross-Build / build (~1.23.0, 1.23, solaris) (push) Successful in 2m40s
				
			Cross-Build / build (~1.23.0, 1.23, dragonfly) (push) Failing after 14m19s
				
			Cross-Build / build (~1.23.0, 1.23, freebsd) (push) Failing after 14m10s
				
			Cross-Build / build (~1.23.0, 1.23, illumos) (push) Failing after 14m2s
				
			Cross-Build / build (~1.23.0, 1.23, windows) (push) Failing after 11m58s
				
			Lint / lint (ubuntu-latest, linux) (push) Failing after 3m44s
				
			Lint / govulncheck (push) Successful in 2m18s
				
			Tests / test (./cmd/caddy/caddy, ~1.22.3, macos-14, 0, 1.22, mac) (push) Has been cancelled
				
			Tests / test (./cmd/caddy/caddy, ~1.23.0, macos-14, 0, 1.23, mac) (push) Has been cancelled
				
			Tests / test (./cmd/caddy/caddy.exe, ~1.22.3, windows-latest, True, 1.22, windows) (push) Has been cancelled
				
			Tests / test (./cmd/caddy/caddy.exe, ~1.23.0, windows-latest, True, 1.23, windows) (push) Has been cancelled
				
			Lint / lint (macos-14, mac) (push) Has been cancelled
				
			Lint / lint (windows-latest, windows) (push) Has been cancelled
				
			* perf: use zap's Check() to prevent useless allocs * fix * fix * fix * fix * restore previous replacer behavior * fix linter
This commit is contained in:
		
							parent
							
								
									21f9c20a04
								
							
						
					
					
						commit
						f4bf4e0097
					
				| @ -19,6 +19,7 @@ import ( | |||||||
| 	"net/http" | 	"net/http" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -76,9 +77,9 @@ func (a Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 	for provName, prov := range a.Providers { | 	for provName, prov := range a.Providers { | ||||||
| 		user, authed, err = prov.Authenticate(w, r) | 		user, authed, err = prov.Authenticate(w, r) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			a.logger.Error("auth provider returned error", | 			if c := a.logger.Check(zapcore.ErrorLevel, "auth provider returned error"); c != nil { | ||||||
| 				zap.String("provider", provName), | 				c.Write(zap.String("provider", provName), zap.Error(err)) | ||||||
| 				zap.Error(err)) | 			} | ||||||
| 			continue | 			continue | ||||||
| 		} | 		} | ||||||
| 		if authed { | 		if authed { | ||||||
|  | |||||||
| @ -33,6 +33,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -68,9 +69,9 @@ type Browse struct { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func (fsrv *FileServer) serveBrowse(fileSystem fs.FS, root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { | func (fsrv *FileServer) serveBrowse(fileSystem fs.FS, root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { | ||||||
| 	fsrv.logger.Debug("browse enabled; listing directory contents", | 	if c := fsrv.logger.Check(zapcore.DebugLevel, "browse enabled; listing directory contents"); c != nil { | ||||||
| 		zap.String("path", dirPath), | 		c.Write(zap.String("path", dirPath), zap.String("root", root)) | ||||||
| 		zap.String("root", root)) | 	} | ||||||
| 
 | 
 | ||||||
| 	// Navigation on the client-side gets messed up if the | 	// Navigation on the client-side gets messed up if the | ||||||
| 	// URL doesn't end in a trailing slash because hrefs to | 	// URL doesn't end in a trailing slash because hrefs to | ||||||
| @ -92,7 +93,9 @@ func (fsrv *FileServer) serveBrowse(fileSystem fs.FS, root, dirPath string, w ht | |||||||
| 	origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) | 	origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) | ||||||
| 	if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { | 	if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { | ||||||
| 		if !strings.HasSuffix(origReq.URL.Path, "/") { | 		if !strings.HasSuffix(origReq.URL.Path, "/") { | ||||||
| 			fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) | 			if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to trailing slash to preserve hrefs"); c != nil { | ||||||
|  | 				c.Write(zap.String("request_path", r.URL.Path)) | ||||||
|  | 			} | ||||||
| 			return redirect(w, r, origReq.URL.Path+"/") | 			return redirect(w, r, origReq.URL.Path+"/") | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|  | |||||||
| @ -28,6 +28,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	"github.com/dustin/go-humanize" | 	"github.com/dustin/go-humanize" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -57,9 +58,9 @@ func (fsrv *FileServer) directoryListing(ctx context.Context, fileSystem fs.FS, | |||||||
| 
 | 
 | ||||||
| 		info, err := entry.Info() | 		info, err := entry.Info() | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			fsrv.logger.Error("could not get info about directory entry", | 			if c := fsrv.logger.Check(zapcore.ErrorLevel, "could not get info about directory entry"); c != nil { | ||||||
| 				zap.String("name", entry.Name()), | 				c.Write(zap.String("name", entry.Name()), zap.String("root", root)) | ||||||
| 				zap.String("root", root)) | 			} | ||||||
| 			continue | 			continue | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -33,6 +33,7 @@ import ( | |||||||
| 	"github.com/google/cel-go/common/types/ref" | 	"github.com/google/cel-go/common/types/ref" | ||||||
| 	"github.com/google/cel-go/parser" | 	"github.com/google/cel-go/parser" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -326,7 +327,9 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { | |||||||
| 
 | 
 | ||||||
| 	fileSystem, ok := m.fsmap.Get(fsName) | 	fileSystem, ok := m.fsmap.Get(fsName) | ||||||
| 	if !ok { | 	if !ok { | ||||||
| 		m.logger.Error("use of unregistered filesystem", zap.String("fs", fsName)) | 		if c := m.logger.Check(zapcore.ErrorLevel, "use of unregistered filesystem"); c != nil { | ||||||
|  | 			c.Write(zap.String("fs", fsName)) | ||||||
|  | 		} | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	type matchCandidate struct { | 	type matchCandidate struct { | ||||||
| @ -356,7 +359,10 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { | |||||||
| 			return val, nil | 			return val, nil | ||||||
| 		}) | 		}) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			m.logger.Error("evaluating placeholders", zap.Error(err)) | 			if c := m.logger.Check(zapcore.ErrorLevel, "evaluating placeholders"); c != nil { | ||||||
|  | 				c.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
|  | 
 | ||||||
| 			expandedFile = file // "oh well," I guess? | 			expandedFile = file // "oh well," I guess? | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| @ -379,7 +385,9 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { | |||||||
| 		} else { | 		} else { | ||||||
| 			globResults, err = fs.Glob(fileSystem, fullPattern) | 			globResults, err = fs.Glob(fileSystem, fullPattern) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				m.logger.Error("expanding glob", zap.Error(err)) | 				if c := m.logger.Check(zapcore.ErrorLevel, "expanding glob"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -31,6 +31,7 @@ import ( | |||||||
| 	"strings" | 	"strings" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -286,11 +287,14 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 	// remove any trailing `/` as it breaks fs.ValidPath() in the stdlib | 	// remove any trailing `/` as it breaks fs.ValidPath() in the stdlib | ||||||
| 	filename := strings.TrimSuffix(caddyhttp.SanitizedPathJoin(root, r.URL.Path), "/") | 	filename := strings.TrimSuffix(caddyhttp.SanitizedPathJoin(root, r.URL.Path), "/") | ||||||
| 
 | 
 | ||||||
| 	fsrv.logger.Debug("sanitized path join", | 	if c := fsrv.logger.Check(zapcore.DebugLevel, "sanitized path join"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("site_root", root), | 			zap.String("site_root", root), | ||||||
| 			zap.String("fs", fsName), | 			zap.String("fs", fsName), | ||||||
| 			zap.String("request_path", r.URL.Path), | 			zap.String("request_path", r.URL.Path), | ||||||
| 		zap.String("result", filename)) | 			zap.String("result", filename), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	// get information about the file | 	// get information about the file | ||||||
| 	info, err := fs.Stat(fileSystem, filename) | 	info, err := fs.Stat(fileSystem, filename) | ||||||
| @ -313,9 +317,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 			indexPath := caddyhttp.SanitizedPathJoin(filename, indexPage) | 			indexPath := caddyhttp.SanitizedPathJoin(filename, indexPage) | ||||||
| 			if fileHidden(indexPath, filesToHide) { | 			if fileHidden(indexPath, filesToHide) { | ||||||
| 				// pretend this file doesn't exist | 				// pretend this file doesn't exist | ||||||
| 				fsrv.logger.Debug("hiding index file", | 				if c := fsrv.logger.Check(zapcore.DebugLevel, "hiding index file"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("filename", indexPath), | 						zap.String("filename", indexPath), | ||||||
| 					zap.Strings("files_to_hide", filesToHide)) | 						zap.Strings("files_to_hide", filesToHide), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 
 | 
 | ||||||
| @ -335,7 +342,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 			info = indexInfo | 			info = indexInfo | ||||||
| 			filename = indexPath | 			filename = indexPath | ||||||
| 			implicitIndexFile = true | 			implicitIndexFile = true | ||||||
| 			fsrv.logger.Debug("located index file", zap.String("filename", filename)) | 			if c := fsrv.logger.Check(zapcore.DebugLevel, "located index file"); c != nil { | ||||||
|  | 				c.Write(zap.String("filename", filename)) | ||||||
|  | 			} | ||||||
| 			break | 			break | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| @ -343,9 +352,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 	// if still referencing a directory, delegate | 	// if still referencing a directory, delegate | ||||||
| 	// to browse or return an error | 	// to browse or return an error | ||||||
| 	if info.IsDir() { | 	if info.IsDir() { | ||||||
| 		fsrv.logger.Debug("no index file in directory", | 		if c := fsrv.logger.Check(zapcore.DebugLevel, "no index file in directory"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("path", filename), | 				zap.String("path", filename), | ||||||
| 			zap.Strings("index_filenames", fsrv.IndexNames)) | 				zap.Strings("index_filenames", fsrv.IndexNames), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		if fsrv.Browse != nil && !fileHidden(filename, filesToHide) { | 		if fsrv.Browse != nil && !fileHidden(filename, filesToHide) { | ||||||
| 			return fsrv.serveBrowse(fileSystem, root, filename, w, r, next) | 			return fsrv.serveBrowse(fileSystem, root, filename, w, r, next) | ||||||
| 		} | 		} | ||||||
| @ -355,9 +367,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 	// one last check to ensure the file isn't hidden (we might | 	// one last check to ensure the file isn't hidden (we might | ||||||
| 	// have changed the filename from when we last checked) | 	// have changed the filename from when we last checked) | ||||||
| 	if fileHidden(filename, filesToHide) { | 	if fileHidden(filename, filesToHide) { | ||||||
| 		fsrv.logger.Debug("hiding file", | 		if c := fsrv.logger.Check(zapcore.DebugLevel, "hiding file"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("filename", filename), | 				zap.String("filename", filename), | ||||||
| 			zap.Strings("files_to_hide", filesToHide)) | 				zap.Strings("files_to_hide", filesToHide), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		return fsrv.notFound(w, r, next) | 		return fsrv.notFound(w, r, next) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -375,15 +390,21 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 		if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { | 		if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { | ||||||
| 			if implicitIndexFile && !strings.HasSuffix(origReq.URL.Path, "/") { | 			if implicitIndexFile && !strings.HasSuffix(origReq.URL.Path, "/") { | ||||||
| 				to := origReq.URL.Path + "/" | 				to := origReq.URL.Path + "/" | ||||||
| 				fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", | 				if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to canonical URI (adding trailing slash for directory"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("from_path", origReq.URL.Path), | 						zap.String("from_path", origReq.URL.Path), | ||||||
| 					zap.String("to_path", to)) | 						zap.String("to_path", to), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 				return redirect(w, r, to) | 				return redirect(w, r, to) | ||||||
| 			} else if !implicitIndexFile && strings.HasSuffix(origReq.URL.Path, "/") { | 			} else if !implicitIndexFile && strings.HasSuffix(origReq.URL.Path, "/") { | ||||||
| 				to := origReq.URL.Path[:len(origReq.URL.Path)-1] | 				to := origReq.URL.Path[:len(origReq.URL.Path)-1] | ||||||
| 				fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", | 				if c := fsrv.logger.Check(zapcore.DebugLevel, "redirecting to canonical URI (removing trailing slash for file"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("from_path", origReq.URL.Path), | 						zap.String("from_path", origReq.URL.Path), | ||||||
| 					zap.String("to_path", to)) | 						zap.String("to_path", to), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 				return redirect(w, r, to) | 				return redirect(w, r, to) | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| @ -411,13 +432,19 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 		compressedFilename := filename + precompress.Suffix() | 		compressedFilename := filename + precompress.Suffix() | ||||||
| 		compressedInfo, err := fs.Stat(fileSystem, compressedFilename) | 		compressedInfo, err := fs.Stat(fileSystem, compressedFilename) | ||||||
| 		if err != nil || compressedInfo.IsDir() { | 		if err != nil || compressedInfo.IsDir() { | ||||||
| 			fsrv.logger.Debug("precompressed file not accessible", zap.String("filename", compressedFilename), zap.Error(err)) | 			if c := fsrv.logger.Check(zapcore.DebugLevel, "precompressed file not accessible"); c != nil { | ||||||
|  | 				c.Write(zap.String("filename", compressedFilename), zap.Error(err)) | ||||||
|  | 			} | ||||||
| 			continue | 			continue | ||||||
| 		} | 		} | ||||||
| 		fsrv.logger.Debug("opening compressed sidecar file", zap.String("filename", compressedFilename), zap.Error(err)) | 		if c := fsrv.logger.Check(zapcore.DebugLevel, "opening compressed sidecar file"); c != nil { | ||||||
|  | 			c.Write(zap.String("filename", compressedFilename), zap.Error(err)) | ||||||
|  | 		} | ||||||
| 		file, err = fsrv.openFile(fileSystem, compressedFilename, w) | 		file, err = fsrv.openFile(fileSystem, compressedFilename, w) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			fsrv.logger.Warn("opening precompressed file failed", zap.String("filename", compressedFilename), zap.Error(err)) | 			if c := fsrv.logger.Check(zapcore.WarnLevel, "opening precompressed file failed"); c != nil { | ||||||
|  | 				c.Write(zap.String("filename", compressedFilename), zap.Error(err)) | ||||||
|  | 			} | ||||||
| 			if caddyErr, ok := err.(caddyhttp.HandlerError); ok && caddyErr.StatusCode == http.StatusServiceUnavailable { | 			if caddyErr, ok := err.(caddyhttp.HandlerError); ok && caddyErr.StatusCode == http.StatusServiceUnavailable { | ||||||
| 				return err | 				return err | ||||||
| 			} | 			} | ||||||
| @ -448,7 +475,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c | |||||||
| 
 | 
 | ||||||
| 	// no precompressed file found, use the actual file | 	// no precompressed file found, use the actual file | ||||||
| 	if file == nil { | 	if file == nil { | ||||||
| 		fsrv.logger.Debug("opening file", zap.String("filename", filename)) | 		if c := fsrv.logger.Check(zapcore.DebugLevel, "opening file"); c != nil { | ||||||
|  | 			c.Write(zap.String("filename", filename)) | ||||||
|  | 		} | ||||||
| 
 | 
 | ||||||
| 		// open the file | 		// open the file | ||||||
| 		file, err = fsrv.openFile(fileSystem, filename, w) | 		file, err = fsrv.openFile(fileSystem, filename, w) | ||||||
| @ -548,10 +577,14 @@ func (fsrv *FileServer) openFile(fileSystem fs.FS, filename string, w http.Respo | |||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		err = fsrv.mapDirOpenError(fileSystem, err, filename) | 		err = fsrv.mapDirOpenError(fileSystem, err, filename) | ||||||
| 		if errors.Is(err, fs.ErrNotExist) { | 		if errors.Is(err, fs.ErrNotExist) { | ||||||
| 			fsrv.logger.Debug("file not found", zap.String("filename", filename), zap.Error(err)) | 			if c := fsrv.logger.Check(zapcore.DebugLevel, "file not found"); c != nil { | ||||||
|  | 				c.Write(zap.String("filename", filename), zap.Error(err)) | ||||||
|  | 			} | ||||||
| 			return nil, caddyhttp.Error(http.StatusNotFound, err) | 			return nil, caddyhttp.Error(http.StatusNotFound, err) | ||||||
| 		} else if errors.Is(err, fs.ErrPermission) { | 		} else if errors.Is(err, fs.ErrPermission) { | ||||||
| 			fsrv.logger.Debug("permission denied", zap.String("filename", filename), zap.Error(err)) | 			if c := fsrv.logger.Check(zapcore.DebugLevel, "permission denied"); c != nil { | ||||||
|  | 				c.Write(zap.String("filename", filename), zap.Error(err)) | ||||||
|  | 			} | ||||||
| 			return nil, caddyhttp.Error(http.StatusForbidden, err) | 			return nil, caddyhttp.Error(http.StatusForbidden, err) | ||||||
| 		} | 		} | ||||||
| 		// maybe the server is under load and ran out of file descriptors? | 		// maybe the server is under load and ran out of file descriptors? | ||||||
| @ -559,7 +592,9 @@ func (fsrv *FileServer) openFile(fileSystem fs.FS, filename string, w http.Respo | |||||||
| 		//nolint:gosec | 		//nolint:gosec | ||||||
| 		backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff | 		backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff | ||||||
| 		w.Header().Set("Retry-After", strconv.Itoa(backoff)) | 		w.Header().Set("Retry-After", strconv.Itoa(backoff)) | ||||||
| 		fsrv.logger.Debug("retry after backoff", zap.String("filename", filename), zap.Int("backoff", backoff), zap.Error(err)) | 		if c := fsrv.logger.Check(zapcore.DebugLevel, "retry after backoff"); c != nil { | ||||||
|  | 			c.Write(zap.String("filename", filename), zap.Int("backoff", backoff), zap.Error(err)) | ||||||
|  | 		} | ||||||
| 		return nil, caddyhttp.Error(http.StatusServiceUnavailable, err) | 		return nil, caddyhttp.Error(http.StatusServiceUnavailable, err) | ||||||
| 	} | 	} | ||||||
| 	return file, nil | 	return file, nil | ||||||
|  | |||||||
| @ -23,6 +23,7 @@ import ( | |||||||
| 	"sync" | 	"sync" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -165,7 +166,9 @@ func (ir Intercept) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy | |||||||
| 	} | 	} | ||||||
| 	repl.Set("http.intercept.status_code", rec.Status()) | 	repl.Set("http.intercept.status_code", rec.Status()) | ||||||
| 
 | 
 | ||||||
| 	ir.logger.Debug("handling response", zap.Int("handler", rec.handlerIndex)) | 	if c := ir.logger.Check(zapcore.DebugLevel, "handling response"); c != nil { | ||||||
|  | 		c.Write(zap.Int("handler", rec.handlerIndex)) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	// pass the request through the response handler routes | 	// pass the request through the response handler routes | ||||||
| 	return rec.handler.Routes.Compile(next).ServeHTTP(w, r) | 	return rec.handler.Routes.Compile(next).ServeHTTP(w, r) | ||||||
|  | |||||||
| @ -26,6 +26,7 @@ import ( | |||||||
| 	"github.com/google/cel-go/cel" | 	"github.com/google/cel-go/cel" | ||||||
| 	"github.com/google/cel-go/common/types/ref" | 	"github.com/google/cel-go/common/types/ref" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -150,12 +151,17 @@ func (m MatchRemoteIP) Match(r *http.Request) bool { | |||||||
| 	address := r.RemoteAddr | 	address := r.RemoteAddr | ||||||
| 	clientIP, zoneID, err := parseIPZoneFromString(address) | 	clientIP, zoneID, err := parseIPZoneFromString(address) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		m.logger.Error("getting remote IP", zap.Error(err)) | 		if c := m.logger.Check(zapcore.ErrorLevel, "getting remote "); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	matches, zoneFilter := matchIPByCidrZones(clientIP, zoneID, m.cidrs, m.zones) | 	matches, zoneFilter := matchIPByCidrZones(clientIP, zoneID, m.cidrs, m.zones) | ||||||
| 	if !matches && !zoneFilter { | 	if !matches && !zoneFilter { | ||||||
| 		m.logger.Debug("zone ID from remote IP did not match", zap.String("zone", zoneID)) | 		if c := m.logger.Check(zapcore.DebugLevel, "zone ID from remote IP did not match"); c != nil { | ||||||
|  | 			c.Write(zap.String("zone", zoneID)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	return matches | 	return matches | ||||||
| } | } | ||||||
|  | |||||||
| @ -193,7 +193,7 @@ func (sa *StringArray) UnmarshalJSON(b []byte) error { | |||||||
| // to use, the error log message, and any extra fields. | // to use, the error log message, and any extra fields. | ||||||
| // If err is a HandlerError, the returned values will | // If err is a HandlerError, the returned values will | ||||||
| // have richer information. | // have richer information. | ||||||
| func errLogValues(err error) (status int, msg string, fields []zapcore.Field) { | func errLogValues(err error) (status int, msg string, fields func() []zapcore.Field) { | ||||||
| 	var handlerErr HandlerError | 	var handlerErr HandlerError | ||||||
| 	if errors.As(err, &handlerErr) { | 	if errors.As(err, &handlerErr) { | ||||||
| 		status = handlerErr.StatusCode | 		status = handlerErr.StatusCode | ||||||
| @ -202,11 +202,13 @@ func errLogValues(err error) (status int, msg string, fields []zapcore.Field) { | |||||||
| 		} else { | 		} else { | ||||||
| 			msg = handlerErr.Err.Error() | 			msg = handlerErr.Err.Error() | ||||||
| 		} | 		} | ||||||
| 		fields = []zapcore.Field{ | 		fields = func() []zapcore.Field { | ||||||
|  | 			return []zapcore.Field{ | ||||||
| 				zap.Int("status", handlerErr.StatusCode), | 				zap.Int("status", handlerErr.StatusCode), | ||||||
| 				zap.String("err_id", handlerErr.ID), | 				zap.String("err_id", handlerErr.ID), | ||||||
| 				zap.String("err_trace", handlerErr.Trace), | 				zap.String("err_trace", handlerErr.Trace), | ||||||
| 			} | 			} | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 	status = http.StatusInternalServerError | 	status = http.StatusInternalServerError | ||||||
|  | |||||||
| @ -20,6 +20,7 @@ import ( | |||||||
| 	"strings" | 	"strings" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -92,14 +93,17 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt | |||||||
| 
 | 
 | ||||||
| 	// push first! | 	// push first! | ||||||
| 	for _, resource := range h.Resources { | 	for _, resource := range h.Resources { | ||||||
| 		h.logger.Debug("pushing resource", | 		if c := h.logger.Check(zapcore.DebugLevel, "pushing resource"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("uri", r.RequestURI), | 				zap.String("uri", r.RequestURI), | ||||||
| 				zap.String("push_method", resource.Method), | 				zap.String("push_method", resource.Method), | ||||||
| 				zap.String("push_target", resource.Target), | 				zap.String("push_target", resource.Target), | ||||||
| 				zap.Object("push_headers", caddyhttp.LoggableHTTPHeader{ | 				zap.Object("push_headers", caddyhttp.LoggableHTTPHeader{ | ||||||
| 					Header:               hdr, | 					Header:               hdr, | ||||||
| 					ShouldLogCredentials: shouldLogCredentials, | 					ShouldLogCredentials: shouldLogCredentials, | ||||||
| 			})) | 				}), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		err := pusher.Push(repl.ReplaceAll(resource.Target, "."), &http.PushOptions{ | 		err := pusher.Push(repl.ReplaceAll(resource.Target, "."), &http.PushOptions{ | ||||||
| 			Method: resource.Method, | 			Method: resource.Method, | ||||||
| 			Header: hdr, | 			Header: hdr, | ||||||
| @ -209,7 +213,9 @@ func (lp linkPusher) WriteHeader(statusCode int) { | |||||||
| 	if links, ok := lp.ResponseWriter.Header()["Link"]; ok { | 	if links, ok := lp.ResponseWriter.Header()["Link"]; ok { | ||||||
| 		// only initiate these pushes if it hasn't been done yet | 		// only initiate these pushes if it hasn't been done yet | ||||||
| 		if val := caddyhttp.GetVar(lp.request.Context(), pushedLink); val == nil { | 		if val := caddyhttp.GetVar(lp.request.Context(), pushedLink); val == nil { | ||||||
| 			lp.handler.logger.Debug("pushing Link resources", zap.Strings("linked", links)) | 			if c := lp.handler.logger.Check(zapcore.DebugLevel, "pushing Link resources"); c != nil { | ||||||
|  | 				c.Write(zap.Strings("linked", links)) | ||||||
|  | 			} | ||||||
| 			caddyhttp.SetVar(lp.request.Context(), pushedLink, true) | 			caddyhttp.SetVar(lp.request.Context(), pushedLink, true) | ||||||
| 			lp.handler.servePreloadLinks(lp.pusher, lp.header, links) | 			lp.handler.servePreloadLinks(lp.pusher, lp.header, links) | ||||||
| 		} | 		} | ||||||
|  | |||||||
| @ -20,6 +20,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -69,12 +70,16 @@ func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad | |||||||
| 		rc := http.NewResponseController(w) | 		rc := http.NewResponseController(w) | ||||||
| 		if rb.ReadTimeout > 0 { | 		if rb.ReadTimeout > 0 { | ||||||
| 			if err := rc.SetReadDeadline(time.Now().Add(rb.ReadTimeout)); err != nil { | 			if err := rc.SetReadDeadline(time.Now().Add(rb.ReadTimeout)); err != nil { | ||||||
| 				rb.logger.Error("could not set read deadline", zap.Error(err)) | 				if c := rb.logger.Check(zapcore.ErrorLevel, "could not set read deadline"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		if rb.WriteTimeout > 0 { | 		if rb.WriteTimeout > 0 { | ||||||
| 			if err := rc.SetWriteDeadline(time.Now().Add(rb.WriteTimeout)); err != nil { | 			if err := rc.SetWriteDeadline(time.Now().Add(rb.WriteTimeout)); err != nil { | ||||||
| 				rb.logger.Error("could not set write deadline", zap.Error(err)) | 				if c := rb.logger.Check(zapcore.ErrorLevel, "could not set write deadline"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|  | |||||||
| @ -40,6 +40,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // FCGIListenSockFileno describes listen socket file number. | // FCGIListenSockFileno describes listen socket file number. | ||||||
| @ -184,10 +185,13 @@ func (f clientCloser) Close() error { | |||||||
| 		return f.rwc.Close() | 		return f.rwc.Close() | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | 	logLevel := zapcore.WarnLevel | ||||||
| 	if f.status >= 400 { | 	if f.status >= 400 { | ||||||
| 		f.logger.Error("stderr", zap.ByteString("body", stderr)) | 		logLevel = zapcore.ErrorLevel | ||||||
| 	} else { | 	} | ||||||
| 		f.logger.Warn("stderr", zap.ByteString("body", stderr)) | 
 | ||||||
|  | 	if c := f.logger.Check(logLevel, "stderr"); c != nil { | ||||||
|  | 		c.Write(zap.ByteString("body", stderr)) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	return f.rwc.Close() | 	return f.rwc.Close() | ||||||
|  | |||||||
| @ -148,10 +148,13 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { | |||||||
| 		zap.Object("request", loggableReq), | 		zap.Object("request", loggableReq), | ||||||
| 		zap.Object("env", loggableEnv), | 		zap.Object("env", loggableEnv), | ||||||
| 	) | 	) | ||||||
| 	logger.Debug("roundtrip", | 	if c := t.logger.Check(zapcore.DebugLevel, "roundtrip"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("dial", address), | 			zap.String("dial", address), | ||||||
| 			zap.Object("env", loggableEnv), | 			zap.Object("env", loggableEnv), | ||||||
| 		zap.Object("request", loggableReq)) | 			zap.Object("request", loggableReq), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	// connect to the backend | 	// connect to the backend | ||||||
| 	dialer := net.Dialer{Timeout: time.Duration(t.DialTimeout)} | 	dialer := net.Dialer{Timeout: time.Duration(t.DialTimeout)} | ||||||
|  | |||||||
| @ -28,6 +28,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -270,9 +271,12 @@ type CircuitBreaker interface { | |||||||
| func (h *Handler) activeHealthChecker() { | func (h *Handler) activeHealthChecker() { | ||||||
| 	defer func() { | 	defer func() { | ||||||
| 		if err := recover(); err != nil { | 		if err := recover(); err != nil { | ||||||
| 			h.HealthChecks.Active.logger.Error("active health checker panicked", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health checker panicked"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.Any("error", err), | 					zap.Any("error", err), | ||||||
| 				zap.ByteString("stack", debug.Stack())) | 					zap.ByteString("stack", debug.Stack()), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	}() | 	}() | ||||||
| 	ticker := time.NewTicker(time.Duration(h.HealthChecks.Active.Interval)) | 	ticker := time.NewTicker(time.Duration(h.HealthChecks.Active.Interval)) | ||||||
| @ -295,26 +299,33 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { | |||||||
| 		go func(upstream *Upstream) { | 		go func(upstream *Upstream) { | ||||||
| 			defer func() { | 			defer func() { | ||||||
| 				if err := recover(); err != nil { | 				if err := recover(); err != nil { | ||||||
| 					h.HealthChecks.Active.logger.Error("active health check panicked", | 					if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health checker panicked"); c != nil { | ||||||
|  | 						c.Write( | ||||||
| 							zap.Any("error", err), | 							zap.Any("error", err), | ||||||
| 						zap.ByteString("stack", debug.Stack())) | 							zap.ByteString("stack", debug.Stack()), | ||||||
|  | 						) | ||||||
|  | 					} | ||||||
| 				} | 				} | ||||||
| 			}() | 			}() | ||||||
| 
 | 
 | ||||||
| 			networkAddr, err := caddy.NewReplacer().ReplaceOrErr(upstream.Dial, true, true) | 			networkAddr, err := caddy.NewReplacer().ReplaceOrErr(upstream.Dial, true, true) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				h.HealthChecks.Active.logger.Error("invalid use of placeholders in dial address for active health checks", | 				if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "invalid use of placeholders in dial address for active health checks"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("address", networkAddr), | 						zap.String("address", networkAddr), | ||||||
| 						zap.Error(err), | 						zap.Error(err), | ||||||
| 					) | 					) | ||||||
|  | 				} | ||||||
| 				return | 				return | ||||||
| 			} | 			} | ||||||
| 			addr, err := caddy.ParseNetworkAddress(networkAddr) | 			addr, err := caddy.ParseNetworkAddress(networkAddr) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				h.HealthChecks.Active.logger.Error("bad network address", | 				if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "bad network address"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("address", networkAddr), | 						zap.String("address", networkAddr), | ||||||
| 						zap.Error(err), | 						zap.Error(err), | ||||||
| 					) | 					) | ||||||
|  | 				} | ||||||
| 				return | 				return | ||||||
| 			} | 			} | ||||||
| 			if hcp := uint(upstream.activeHealthCheckPort); hcp != 0 { | 			if hcp := uint(upstream.activeHealthCheckPort); hcp != 0 { | ||||||
| @ -324,9 +335,11 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { | |||||||
| 				addr.StartPort, addr.EndPort = hcp, hcp | 				addr.StartPort, addr.EndPort = hcp, hcp | ||||||
| 			} | 			} | ||||||
| 			if addr.PortRangeSize() != 1 { | 			if addr.PortRangeSize() != 1 { | ||||||
| 				h.HealthChecks.Active.logger.Error("multiple addresses (upstream must map to only one address)", | 				if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "multiple addresses (upstream must map to only one address)"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("address", networkAddr), | 						zap.String("address", networkAddr), | ||||||
| 					) | 					) | ||||||
|  | 				} | ||||||
| 				return | 				return | ||||||
| 			} | 			} | ||||||
| 			hostAddr := addr.JoinHostPort(0) | 			hostAddr := addr.JoinHostPort(0) | ||||||
| @ -339,11 +352,13 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { | |||||||
| 			} | 			} | ||||||
| 			err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, networkAddr, upstream) | 			err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, networkAddr, upstream) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				h.HealthChecks.Active.logger.Error("active health check failed", | 				if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "active health check failed"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("address", hostAddr), | 						zap.String("address", hostAddr), | ||||||
| 						zap.Error(err), | 						zap.Error(err), | ||||||
| 					) | 					) | ||||||
| 				} | 				} | ||||||
|  | 			} | ||||||
| 		}(upstream) | 		}(upstream) | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| @ -441,9 +456,12 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ | |||||||
| 		// increment failures and then check if it has reached the threshold to mark unhealthy | 		// increment failures and then check if it has reached the threshold to mark unhealthy | ||||||
| 		err := upstream.Host.countHealthFail(1) | 		err := upstream.Host.countHealthFail(1) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			h.HealthChecks.Active.logger.Error("could not count active health failure", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count active health failure"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("host", upstream.Dial), | 					zap.String("host", upstream.Dial), | ||||||
| 				zap.Error(err)) | 					zap.Error(err), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 			return | 			return | ||||||
| 		} | 		} | ||||||
| 		if upstream.Host.activeHealthFails() >= h.HealthChecks.Active.Fails { | 		if upstream.Host.activeHealthFails() >= h.HealthChecks.Active.Fails { | ||||||
| @ -459,14 +477,19 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ | |||||||
| 		// increment passes and then check if it has reached the threshold to be healthy | 		// increment passes and then check if it has reached the threshold to be healthy | ||||||
| 		err := upstream.Host.countHealthPass(1) | 		err := upstream.Host.countHealthPass(1) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			h.HealthChecks.Active.logger.Error("could not count active health pass", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count active health pass"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("host", upstream.Dial), | 					zap.String("host", upstream.Dial), | ||||||
| 				zap.Error(err)) | 					zap.Error(err), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 			return | 			return | ||||||
| 		} | 		} | ||||||
| 		if upstream.Host.activeHealthPasses() >= h.HealthChecks.Active.Passes { | 		if upstream.Host.activeHealthPasses() >= h.HealthChecks.Active.Passes { | ||||||
| 			if upstream.setHealthy(true) { | 			if upstream.setHealthy(true) { | ||||||
| 				h.HealthChecks.Active.logger.Info("host is up", zap.String("host", hostAddr)) | 				if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "host is up"); c != nil { | ||||||
|  | 					c.Write(zap.String("host", hostAddr)) | ||||||
|  | 				} | ||||||
| 				h.events.Emit(h.ctx, "healthy", map[string]any{"host": hostAddr}) | 				h.events.Emit(h.ctx, "healthy", map[string]any{"host": hostAddr}) | ||||||
| 				upstream.Host.resetHealth() | 				upstream.Host.resetHealth() | ||||||
| 			} | 			} | ||||||
| @ -476,10 +499,12 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ | |||||||
| 	// do the request, being careful to tame the response body | 	// do the request, being careful to tame the response body | ||||||
| 	resp, err := h.HealthChecks.Active.httpClient.Do(req) | 	resp, err := h.HealthChecks.Active.httpClient.Do(req) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		h.HealthChecks.Active.logger.Info("HTTP request failed", | 		if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "HTTP request failed"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("host", hostAddr), | 				zap.String("host", hostAddr), | ||||||
| 				zap.Error(err), | 				zap.Error(err), | ||||||
| 			) | 			) | ||||||
|  | 		} | ||||||
| 		markUnhealthy() | 		markUnhealthy() | ||||||
| 		return nil | 		return nil | ||||||
| 	} | 	} | ||||||
| @ -496,18 +521,22 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ | |||||||
| 	// if status code is outside criteria, mark down | 	// if status code is outside criteria, mark down | ||||||
| 	if h.HealthChecks.Active.ExpectStatus > 0 { | 	if h.HealthChecks.Active.ExpectStatus > 0 { | ||||||
| 		if !caddyhttp.StatusCodeMatches(resp.StatusCode, h.HealthChecks.Active.ExpectStatus) { | 		if !caddyhttp.StatusCodeMatches(resp.StatusCode, h.HealthChecks.Active.ExpectStatus) { | ||||||
| 			h.HealthChecks.Active.logger.Info("unexpected status code", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "unexpected status code"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.Int("status_code", resp.StatusCode), | 					zap.Int("status_code", resp.StatusCode), | ||||||
| 					zap.String("host", hostAddr), | 					zap.String("host", hostAddr), | ||||||
| 				) | 				) | ||||||
|  | 			} | ||||||
| 			markUnhealthy() | 			markUnhealthy() | ||||||
| 			return nil | 			return nil | ||||||
| 		} | 		} | ||||||
| 	} else if resp.StatusCode < 200 || resp.StatusCode >= 300 { | 	} else if resp.StatusCode < 200 || resp.StatusCode >= 300 { | ||||||
| 		h.HealthChecks.Active.logger.Info("status code out of tolerances", | 		if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "status code out of tolerances"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.Int("status_code", resp.StatusCode), | 				zap.Int("status_code", resp.StatusCode), | ||||||
| 				zap.String("host", hostAddr), | 				zap.String("host", hostAddr), | ||||||
| 			) | 			) | ||||||
|  | 		} | ||||||
| 		markUnhealthy() | 		markUnhealthy() | ||||||
| 		return nil | 		return nil | ||||||
| 	} | 	} | ||||||
| @ -516,17 +545,21 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, networ | |||||||
| 	if h.HealthChecks.Active.bodyRegexp != nil { | 	if h.HealthChecks.Active.bodyRegexp != nil { | ||||||
| 		bodyBytes, err := io.ReadAll(body) | 		bodyBytes, err := io.ReadAll(body) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			h.HealthChecks.Active.logger.Info("failed to read response body", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "failed to read response body"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("host", hostAddr), | 					zap.String("host", hostAddr), | ||||||
| 					zap.Error(err), | 					zap.Error(err), | ||||||
| 				) | 				) | ||||||
|  | 			} | ||||||
| 			markUnhealthy() | 			markUnhealthy() | ||||||
| 			return nil | 			return nil | ||||||
| 		} | 		} | ||||||
| 		if !h.HealthChecks.Active.bodyRegexp.Match(bodyBytes) { | 		if !h.HealthChecks.Active.bodyRegexp.Match(bodyBytes) { | ||||||
| 			h.HealthChecks.Active.logger.Info("response body failed expectations", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.InfoLevel, "response body failed expectations"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("host", hostAddr), | 					zap.String("host", hostAddr), | ||||||
| 				) | 				) | ||||||
|  | 			} | ||||||
| 			markUnhealthy() | 			markUnhealthy() | ||||||
| 			return nil | 			return nil | ||||||
| 		} | 		} | ||||||
| @ -556,9 +589,12 @@ func (h *Handler) countFailure(upstream *Upstream) { | |||||||
| 	// count failure immediately | 	// count failure immediately | ||||||
| 	err := upstream.Host.countFail(1) | 	err := upstream.Host.countFail(1) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		h.HealthChecks.Passive.logger.Error("could not count failure", | 		if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not count failure"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("host", upstream.Dial), | 				zap.String("host", upstream.Dial), | ||||||
| 			zap.Error(err)) | 				zap.Error(err), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -566,9 +602,12 @@ func (h *Handler) countFailure(upstream *Upstream) { | |||||||
| 	go func(host *Host, failDuration time.Duration) { | 	go func(host *Host, failDuration time.Duration) { | ||||||
| 		defer func() { | 		defer func() { | ||||||
| 			if err := recover(); err != nil { | 			if err := recover(); err != nil { | ||||||
| 				h.HealthChecks.Passive.logger.Error("passive health check failure forgetter panicked", | 				if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "passive health check failure forgetter panicked"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.Any("error", err), | 						zap.Any("error", err), | ||||||
| 					zap.ByteString("stack", debug.Stack())) | 						zap.ByteString("stack", debug.Stack()), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		}() | 		}() | ||||||
| 		timer := time.NewTimer(failDuration) | 		timer := time.NewTimer(failDuration) | ||||||
| @ -581,9 +620,12 @@ func (h *Handler) countFailure(upstream *Upstream) { | |||||||
| 		} | 		} | ||||||
| 		err := host.countFail(-1) | 		err := host.countFail(-1) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			h.HealthChecks.Passive.logger.Error("could not forget failure", | 			if c := h.HealthChecks.Active.logger.Check(zapcore.ErrorLevel, "could not forget failure"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("host", upstream.Dial), | 					zap.String("host", upstream.Dial), | ||||||
| 				zap.Error(err)) | 					zap.Error(err), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	}(upstream.Host, failDuration) | 	}(upstream.Host, failDuration) | ||||||
| } | } | ||||||
|  | |||||||
| @ -33,6 +33,7 @@ import ( | |||||||
| 	"github.com/pires/go-proxyproto" | 	"github.com/pires/go-proxyproto" | ||||||
| 	"github.com/quic-go/quic-go/http3" | 	"github.com/quic-go/quic-go/http3" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 	"golang.org/x/net/http2" | 	"golang.org/x/net/http2" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| @ -750,7 +751,9 @@ func (c *tcpRWTimeoutConn) Read(b []byte) (int, error) { | |||||||
| 	if c.readTimeout > 0 { | 	if c.readTimeout > 0 { | ||||||
| 		err := c.TCPConn.SetReadDeadline(time.Now().Add(c.readTimeout)) | 		err := c.TCPConn.SetReadDeadline(time.Now().Add(c.readTimeout)) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			c.logger.Error("failed to set read deadline", zap.Error(err)) | 			if ce := c.logger.Check(zapcore.ErrorLevel, "failed to set read deadline"); ce != nil { | ||||||
|  | 				ce.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return c.TCPConn.Read(b) | 	return c.TCPConn.Read(b) | ||||||
| @ -760,7 +763,9 @@ func (c *tcpRWTimeoutConn) Write(b []byte) (int, error) { | |||||||
| 	if c.writeTimeout > 0 { | 	if c.writeTimeout > 0 { | ||||||
| 		err := c.TCPConn.SetWriteDeadline(time.Now().Add(c.writeTimeout)) | 		err := c.TCPConn.SetWriteDeadline(time.Now().Add(c.writeTimeout)) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			c.logger.Error("failed to set write deadline", zap.Error(err)) | 			if ce := c.logger.Check(zapcore.ErrorLevel, "failed to set write deadline"); ce != nil { | ||||||
|  | 				ce.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	return c.TCPConn.Write(b) | 	return c.TCPConn.Write(b) | ||||||
|  | |||||||
| @ -8,6 +8,7 @@ import ( | |||||||
| 	"github.com/prometheus/client_golang/prometheus" | 	"github.com/prometheus/client_golang/prometheus" | ||||||
| 	"github.com/prometheus/client_golang/prometheus/promauto" | 	"github.com/prometheus/client_golang/prometheus/promauto" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| var reverseProxyMetrics = struct { | var reverseProxyMetrics = struct { | ||||||
| @ -48,9 +49,12 @@ func (m *metricsUpstreamsHealthyUpdater) Init() { | |||||||
| 	go func() { | 	go func() { | ||||||
| 		defer func() { | 		defer func() { | ||||||
| 			if err := recover(); err != nil { | 			if err := recover(); err != nil { | ||||||
| 				reverseProxyMetrics.logger.Error("upstreams healthy metrics updater panicked", | 				if c := reverseProxyMetrics.logger.Check(zapcore.ErrorLevel, "upstreams healthy metrics updater panicked"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.Any("error", err), | 						zap.Any("error", err), | ||||||
| 					zap.ByteString("stack", debug.Stack())) | 						zap.ByteString("stack", debug.Stack()), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		}() | 		}() | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -33,6 +33,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 	"golang.org/x/net/http/httpguts" | 	"golang.org/x/net/http/httpguts" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| @ -439,7 +440,9 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht | |||||||
| 			if h.LoadBalancing != nil { | 			if h.LoadBalancing != nil { | ||||||
| 				lbWait = time.Duration(h.LoadBalancing.TryInterval) | 				lbWait = time.Duration(h.LoadBalancing.TryInterval) | ||||||
| 			} | 			} | ||||||
| 			h.logger.Debug("retrying", zap.Error(proxyErr), zap.Duration("after", lbWait)) | 			if c := h.logger.Check(zapcore.DebugLevel, "retrying"); c != nil { | ||||||
|  | 				c.Write(zap.Error(proxyErr), zap.Duration("after", lbWait)) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 		retries++ | 		retries++ | ||||||
| 	} | 	} | ||||||
| @ -466,13 +469,17 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h | |||||||
| 	if h.DynamicUpstreams != nil { | 	if h.DynamicUpstreams != nil { | ||||||
| 		dUpstreams, err := h.DynamicUpstreams.GetUpstreams(r) | 		dUpstreams, err := h.DynamicUpstreams.GetUpstreams(r) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			h.logger.Error("failed getting dynamic upstreams; falling back to static upstreams", zap.Error(err)) | 			if c := h.logger.Check(zapcore.ErrorLevel, "failed getting dynamic upstreams; falling back to static upstreams"); c != nil { | ||||||
|  | 				c.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
| 		} else { | 		} else { | ||||||
| 			upstreams = dUpstreams | 			upstreams = dUpstreams | ||||||
| 			for _, dUp := range dUpstreams { | 			for _, dUp := range dUpstreams { | ||||||
| 				h.provisionUpstream(dUp) | 				h.provisionUpstream(dUp) | ||||||
| 			} | 			} | ||||||
| 			h.logger.Debug("provisioned dynamic upstreams", zap.Int("count", len(dUpstreams))) | 			if c := h.logger.Check(zapcore.DebugLevel, "provisioned dynamic upstreams"); c != nil { | ||||||
|  | 				c.Write(zap.Int("count", len(dUpstreams))) | ||||||
|  | 			} | ||||||
| 			defer func() { | 			defer func() { | ||||||
| 				// these upstreams are dynamic, so they are only used for this iteration | 				// these upstreams are dynamic, so they are only used for this iteration | ||||||
| 				// of the proxy loop; be sure to let them go away when we're done with them | 				// of the proxy loop; be sure to let them go away when we're done with them | ||||||
| @ -503,9 +510,12 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h | |||||||
| 		return true, fmt.Errorf("making dial info: %v", err) | 		return true, fmt.Errorf("making dial info: %v", err) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	h.logger.Debug("selected upstream", | 	if c := h.logger.Check(zapcore.DebugLevel, "selected upstream"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("dial", dialInfo.Address), | 			zap.String("dial", dialInfo.Address), | ||||||
| 		zap.Int("total_upstreams", len(upstreams))) | 			zap.Int("total_upstreams", len(upstreams)), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	// attach to the request information about how to dial the upstream; | 	// attach to the request information about how to dial the upstream; | ||||||
| 	// this is necessary because the information cannot be sufficiently | 	// this is necessary because the information cannot be sufficiently | ||||||
| @ -811,16 +821,22 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe | |||||||
| 			ShouldLogCredentials: shouldLogCredentials, | 			ShouldLogCredentials: shouldLogCredentials, | ||||||
| 		}), | 		}), | ||||||
| 	) | 	) | ||||||
|  | 
 | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		logger.Debug("upstream roundtrip", zap.Error(err)) | 		if c := logger.Check(zapcore.DebugLevel, "upstream roundtrip"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 		return err | 		return err | ||||||
| 	} | 	} | ||||||
| 	logger.Debug("upstream roundtrip", | 	if c := logger.Check(zapcore.DebugLevel, "upstream roundtrip"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.Object("headers", caddyhttp.LoggableHTTPHeader{ | 			zap.Object("headers", caddyhttp.LoggableHTTPHeader{ | ||||||
| 				Header:               res.Header, | 				Header:               res.Header, | ||||||
| 				ShouldLogCredentials: shouldLogCredentials, | 				ShouldLogCredentials: shouldLogCredentials, | ||||||
| 			}), | 			}), | ||||||
| 		zap.Int("status", res.StatusCode)) | 			zap.Int("status", res.StatusCode), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	// duration until upstream wrote response headers (roundtrip duration) | 	// duration until upstream wrote response headers (roundtrip duration) | ||||||
| 	repl.Set("http.reverse_proxy.upstream.latency", duration) | 	repl.Set("http.reverse_proxy.upstream.latency", duration) | ||||||
| @ -879,7 +895,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe | |||||||
| 		repl.Set("http.reverse_proxy.status_code", res.StatusCode) | 		repl.Set("http.reverse_proxy.status_code", res.StatusCode) | ||||||
| 		repl.Set("http.reverse_proxy.status_text", res.Status) | 		repl.Set("http.reverse_proxy.status_text", res.Status) | ||||||
| 
 | 
 | ||||||
| 		logger.Debug("handling response", zap.Int("handler", i)) | 		if c := logger.Check(zapcore.DebugLevel, "handling response"); c != nil { | ||||||
|  | 			c.Write(zap.Int("handler", i)) | ||||||
|  | 		} | ||||||
| 
 | 
 | ||||||
| 		// we make some data available via request context to child routes | 		// we make some data available via request context to child routes | ||||||
| 		// so that they may inherit some options and functions from the | 		// so that they may inherit some options and functions from the | ||||||
| @ -975,7 +993,9 @@ func (h *Handler) finalizeResponse( | |||||||
| 	err := h.copyResponse(rw, res.Body, h.flushInterval(req, res), logger) | 	err := h.copyResponse(rw, res.Body, h.flushInterval(req, res), logger) | ||||||
| 	errClose := res.Body.Close() // close now, instead of defer, to populate res.Trailer | 	errClose := res.Body.Close() // close now, instead of defer, to populate res.Trailer | ||||||
| 	if h.VerboseLogs || errClose != nil { | 	if h.VerboseLogs || errClose != nil { | ||||||
| 		logger.Debug("closed response body from upstream", zap.Error(errClose)) | 		if c := logger.Check(zapcore.DebugLevel, "closed response body from upstream"); c != nil { | ||||||
|  | 			c.Write(zap.Error(errClose)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		// we're streaming the response and we've already written headers, so | 		// we're streaming the response and we've already written headers, so | ||||||
| @ -983,7 +1003,9 @@ func (h *Handler) finalizeResponse( | |||||||
| 		// we'll just log the error and abort the stream here and panic just as | 		// we'll just log the error and abort the stream here and panic just as | ||||||
| 		// the standard lib's proxy to propagate the stream error. | 		// the standard lib's proxy to propagate the stream error. | ||||||
| 		// see issue https://github.com/caddyserver/caddy/issues/5951 | 		// see issue https://github.com/caddyserver/caddy/issues/5951 | ||||||
| 		logger.Warn("aborting with incomplete response", zap.Error(err)) | 		if c := logger.Check(zapcore.WarnLevel, "aborting with incomplete response"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 		// no extra logging from stdlib | 		// no extra logging from stdlib | ||||||
| 		panic(http.ErrAbortHandler) | 		panic(http.ErrAbortHandler) | ||||||
| 	} | 	} | ||||||
|  | |||||||
| @ -31,6 +31,7 @@ import ( | |||||||
| 	"unsafe" | 	"unsafe" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 	"golang.org/x/net/http/httpguts" | 	"golang.org/x/net/http/httpguts" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| @ -41,14 +42,18 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup, | |||||||
| 	// Taken from https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a | 	// Taken from https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a | ||||||
| 	// We know reqUpType is ASCII, it's checked by the caller. | 	// We know reqUpType is ASCII, it's checked by the caller. | ||||||
| 	if !asciiIsPrint(resUpType) { | 	if !asciiIsPrint(resUpType) { | ||||||
| 		logger.Debug("backend tried to switch to invalid protocol", | 		if c := logger.Check(zapcore.DebugLevel, "backend tried to switch to invalid protocol"); c != nil { | ||||||
| 			zap.String("backend_upgrade", resUpType)) | 			c.Write(zap.String("backend_upgrade", resUpType)) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 	if !asciiEqualFold(reqUpType, resUpType) { | 	if !asciiEqualFold(reqUpType, resUpType) { | ||||||
| 		logger.Debug("backend tried to switch to unexpected protocol via Upgrade header", | 		if c := logger.Check(zapcore.DebugLevel, "backend tried to switch to unexpected protocol via Upgrade header"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("backend_upgrade", resUpType), | 				zap.String("backend_upgrade", resUpType), | ||||||
| 			zap.String("requested_upgrade", reqUpType)) | 				zap.String("requested_upgrade", reqUpType), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -68,12 +73,16 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup, | |||||||
| 	//nolint:bodyclose | 	//nolint:bodyclose | ||||||
| 	conn, brw, hijackErr := http.NewResponseController(rw).Hijack() | 	conn, brw, hijackErr := http.NewResponseController(rw).Hijack() | ||||||
| 	if errors.Is(hijackErr, http.ErrNotSupported) { | 	if errors.Is(hijackErr, http.ErrNotSupported) { | ||||||
| 		h.logger.Error("can't switch protocols using non-Hijacker ResponseWriter", zap.String("type", fmt.Sprintf("%T", rw))) | 		if c := logger.Check(zapcore.ErrorLevel, "can't switch protocols using non-Hijacker ResponseWriter"); c != nil { | ||||||
|  | 			c.Write(zap.String("type", fmt.Sprintf("%T", rw))) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	if hijackErr != nil { | 	if hijackErr != nil { | ||||||
| 		h.logger.Error("hijack failed on protocol switch", zap.Error(hijackErr)) | 		if c := logger.Check(zapcore.ErrorLevel, "hijack failed on protocol switch"); c != nil { | ||||||
|  | 			c.Write(zap.Error(hijackErr)) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -93,11 +102,15 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup, | |||||||
| 	start := time.Now() | 	start := time.Now() | ||||||
| 	defer func() { | 	defer func() { | ||||||
| 		conn.Close() | 		conn.Close() | ||||||
| 		logger.Debug("connection closed", zap.Duration("duration", time.Since(start))) | 		if c := logger.Check(zapcore.DebugLevel, "hijack failed on protocol switch"); c != nil { | ||||||
|  | 			c.Write(zap.Duration("duration", time.Since(start))) | ||||||
|  | 		} | ||||||
| 	}() | 	}() | ||||||
| 
 | 
 | ||||||
| 	if err := brw.Flush(); err != nil { | 	if err := brw.Flush(); err != nil { | ||||||
| 		logger.Debug("response flush", zap.Error(err)) | 		if c := logger.Check(zapcore.DebugLevel, "response flush"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -107,7 +120,9 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup, | |||||||
| 		data, _ := brw.Peek(buffered) | 		data, _ := brw.Peek(buffered) | ||||||
| 		_, err := backConn.Write(data) | 		_, err := backConn.Write(data) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			logger.Debug("backConn write failed", zap.Error(err)) | 			if c := logger.Check(zapcore.DebugLevel, "backConn write failed"); c != nil { | ||||||
|  | 				c.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
| 			return | 			return | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| @ -148,9 +163,13 @@ func (h *Handler) handleUpgradeResponse(logger *zap.Logger, wg *sync.WaitGroup, | |||||||
| 	go spc.copyFromBackend(errc) | 	go spc.copyFromBackend(errc) | ||||||
| 	select { | 	select { | ||||||
| 	case err := <-errc: | 	case err := <-errc: | ||||||
| 		logger.Debug("streaming error", zap.Error(err)) | 		if c := logger.Check(zapcore.DebugLevel, "streaming error"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	case time := <-timeoutc: | 	case time := <-timeoutc: | ||||||
| 		logger.Debug("stream timed out", zap.Time("timeout", time)) | 		if c := logger.Check(zapcore.DebugLevel, "stream timed out"); c != nil { | ||||||
|  | 			c.Write(zap.Time("timeout", time)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| @ -247,7 +266,9 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za | |||||||
| 		logger.Debug("waiting to read from upstream") | 		logger.Debug("waiting to read from upstream") | ||||||
| 		nr, rerr := src.Read(buf) | 		nr, rerr := src.Read(buf) | ||||||
| 		logger := logger.With(zap.Int("read", nr)) | 		logger := logger.With(zap.Int("read", nr)) | ||||||
| 		logger.Debug("read from upstream", zap.Error(rerr)) | 		if c := logger.Check(zapcore.DebugLevel, "read from upstream"); c != nil { | ||||||
|  | 			c.Write(zap.Error(rerr)) | ||||||
|  | 		} | ||||||
| 		if rerr != nil && rerr != io.EOF && rerr != context.Canceled { | 		if rerr != nil && rerr != io.EOF && rerr != context.Canceled { | ||||||
| 			// TODO: this could be useful to know (indeed, it revealed an error in our | 			// TODO: this could be useful to know (indeed, it revealed an error in our | ||||||
| 			// fastcgi PoC earlier; but it's this single error report here that necessitates | 			// fastcgi PoC earlier; but it's this single error report here that necessitates | ||||||
| @ -256,7 +277,9 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za | |||||||
| 			// something we need to report to the client, but read errors are a problem on our | 			// something we need to report to the client, but read errors are a problem on our | ||||||
| 			// end for sure. so we need to decide what we want.) | 			// end for sure. so we need to decide what we want.) | ||||||
| 			// p.logf("copyBuffer: ReverseProxy read error during body copy: %v", rerr) | 			// p.logf("copyBuffer: ReverseProxy read error during body copy: %v", rerr) | ||||||
| 			h.logger.Error("reading from backend", zap.Error(rerr)) | 			if c := logger.Check(zapcore.ErrorLevel, "reading from backend"); c != nil { | ||||||
|  | 				c.Write(zap.Error(rerr)) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 		if nr > 0 { | 		if nr > 0 { | ||||||
| 			logger.Debug("writing to downstream") | 			logger.Debug("writing to downstream") | ||||||
| @ -264,10 +287,13 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte, logger *za | |||||||
| 			if nw > 0 { | 			if nw > 0 { | ||||||
| 				written += int64(nw) | 				written += int64(nw) | ||||||
| 			} | 			} | ||||||
| 			logger.Debug("wrote to downstream", | 			if c := logger.Check(zapcore.DebugLevel, "wrote to downstream"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.Int("written", nw), | 					zap.Int("written", nw), | ||||||
| 					zap.Int64("written_total", written), | 					zap.Int64("written_total", written), | ||||||
| 				zap.Error(werr)) | 					zap.Error(werr), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 			if werr != nil { | 			if werr != nil { | ||||||
| 				return written, fmt.Errorf("writing: %w", werr) | 				return written, fmt.Errorf("writing: %w", werr) | ||||||
| 			} | 			} | ||||||
| @ -347,13 +373,17 @@ func (h *Handler) cleanupConnections() error { | |||||||
| 	if len(h.connections) > 0 { | 	if len(h.connections) > 0 { | ||||||
| 		delay := time.Duration(h.StreamCloseDelay) | 		delay := time.Duration(h.StreamCloseDelay) | ||||||
| 		h.connectionsCloseTimer = time.AfterFunc(delay, func() { | 		h.connectionsCloseTimer = time.AfterFunc(delay, func() { | ||||||
| 			h.logger.Debug("closing streaming connections after delay", | 			if c := h.logger.Check(zapcore.DebugLevel, "closing streaming connections after delay"); c != nil { | ||||||
| 				zap.Duration("delay", delay)) | 				c.Write(zap.Duration("delay", delay)) | ||||||
|  | 			} | ||||||
| 			err := h.closeConnections() | 			err := h.closeConnections() | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				h.logger.Error("failed to closed connections after delay", | 				if c := h.logger.Check(zapcore.ErrorLevel, "failed to closed connections after delay"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.Error(err), | 						zap.Error(err), | ||||||
| 					zap.Duration("delay", delay)) | 						zap.Duration("delay", delay), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		}) | 		}) | ||||||
| 	} | 	} | ||||||
| @ -494,7 +524,9 @@ func (m *maxLatencyWriter) Write(p []byte) (n int, err error) { | |||||||
| 	m.mu.Lock() | 	m.mu.Lock() | ||||||
| 	defer m.mu.Unlock() | 	defer m.mu.Unlock() | ||||||
| 	n, err = m.dst.Write(p) | 	n, err = m.dst.Write(p) | ||||||
| 	m.logger.Debug("wrote bytes", zap.Int("n", n), zap.Error(err)) | 	if c := m.logger.Check(zapcore.DebugLevel, "wrote bytes"); c != nil { | ||||||
|  | 		c.Write(zap.Int("n", n), zap.Error(err)) | ||||||
|  | 	} | ||||||
| 	if m.latency < 0 { | 	if m.latency < 0 { | ||||||
| 		m.logger.Debug("flushing immediately") | 		m.logger.Debug("flushing immediately") | ||||||
| 		//nolint:errcheck | 		//nolint:errcheck | ||||||
| @ -510,7 +542,9 @@ func (m *maxLatencyWriter) Write(p []byte) (n int, err error) { | |||||||
| 	} else { | 	} else { | ||||||
| 		m.t.Reset(m.latency) | 		m.t.Reset(m.latency) | ||||||
| 	} | 	} | ||||||
| 	m.logger.Debug("timer set for delayed flush", zap.Duration("duration", m.latency)) | 	if c := m.logger.Check(zapcore.DebugLevel, "timer set for delayed flush"); c != nil { | ||||||
|  | 		c.Write(zap.Duration("duration", m.latency)) | ||||||
|  | 	} | ||||||
| 	m.flushPending = true | 	m.flushPending = true | ||||||
| 	return | 	return | ||||||
| } | } | ||||||
|  | |||||||
| @ -12,6 +12,7 @@ import ( | |||||||
| 	"time" | 	"time" | ||||||
| 
 | 
 | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| ) | ) | ||||||
| @ -136,10 +137,13 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { | |||||||
| 		return allNew(cached.upstreams), nil | 		return allNew(cached.upstreams), nil | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	su.logger.Debug("refreshing SRV upstreams", | 	if c := su.logger.Check(zapcore.DebugLevel, "refreshing SRV upstreams"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("service", service), | 			zap.String("service", service), | ||||||
| 			zap.String("proto", proto), | 			zap.String("proto", proto), | ||||||
| 		zap.String("name", name)) | 			zap.String("name", name), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	_, records, err := su.resolver.LookupSRV(r.Context(), service, proto, name) | 	_, records, err := su.resolver.LookupSRV(r.Context(), service, proto, name) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @ -148,23 +152,30 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { | |||||||
| 		// only return an error if no records were also returned. | 		// only return an error if no records were also returned. | ||||||
| 		if len(records) == 0 { | 		if len(records) == 0 { | ||||||
| 			if su.GracePeriod > 0 { | 			if su.GracePeriod > 0 { | ||||||
| 				su.logger.Error("SRV lookup failed; using previously cached", zap.Error(err)) | 				if c := su.logger.Check(zapcore.ErrorLevel, "SRV lookup failed; using previously cached"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 				cached.freshness = time.Now().Add(time.Duration(su.GracePeriod) - time.Duration(su.Refresh)) | 				cached.freshness = time.Now().Add(time.Duration(su.GracePeriod) - time.Duration(su.Refresh)) | ||||||
| 				srvs[suAddr] = cached | 				srvs[suAddr] = cached | ||||||
| 				return allNew(cached.upstreams), nil | 				return allNew(cached.upstreams), nil | ||||||
| 			} | 			} | ||||||
| 			return nil, err | 			return nil, err | ||||||
| 		} | 		} | ||||||
| 		su.logger.Warn("SRV records filtered", zap.Error(err)) | 		if c := su.logger.Check(zapcore.WarnLevel, "SRV records filtered"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	upstreams := make([]Upstream, len(records)) | 	upstreams := make([]Upstream, len(records)) | ||||||
| 	for i, rec := range records { | 	for i, rec := range records { | ||||||
| 		su.logger.Debug("discovered SRV record", | 		if c := su.logger.Check(zapcore.DebugLevel, "discovered SRV record"); c != nil { | ||||||
|  | 			c.Write( | ||||||
| 				zap.String("target", rec.Target), | 				zap.String("target", rec.Target), | ||||||
| 				zap.Uint16("port", rec.Port), | 				zap.Uint16("port", rec.Port), | ||||||
| 				zap.Uint16("priority", rec.Priority), | 				zap.Uint16("priority", rec.Priority), | ||||||
| 			zap.Uint16("weight", rec.Weight)) | 				zap.Uint16("weight", rec.Weight), | ||||||
|  | 			) | ||||||
|  | 		} | ||||||
| 		addr := net.JoinHostPort(rec.Target, strconv.Itoa(int(rec.Port))) | 		addr := net.JoinHostPort(rec.Target, strconv.Itoa(int(rec.Port))) | ||||||
| 		upstreams[i] = Upstream{Dial: addr} | 		upstreams[i] = Upstream{Dial: addr} | ||||||
| 	} | 	} | ||||||
| @ -361,10 +372,13 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { | |||||||
| 	name := repl.ReplaceAll(au.Name, "") | 	name := repl.ReplaceAll(au.Name, "") | ||||||
| 	port := repl.ReplaceAll(au.Port, "") | 	port := repl.ReplaceAll(au.Port, "") | ||||||
| 
 | 
 | ||||||
| 	au.logger.Debug("refreshing A upstreams", | 	if c := au.logger.Check(zapcore.DebugLevel, "refreshing A upstreams"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("version", ipVersion), | 			zap.String("version", ipVersion), | ||||||
| 			zap.String("name", name), | 			zap.String("name", name), | ||||||
| 		zap.String("port", port)) | 			zap.String("port", port), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	ips, err := au.resolver.LookupIP(r.Context(), ipVersion, name) | 	ips, err := au.resolver.LookupIP(r.Context(), ipVersion, name) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @ -373,8 +387,9 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { | |||||||
| 
 | 
 | ||||||
| 	upstreams := make([]Upstream, len(ips)) | 	upstreams := make([]Upstream, len(ips)) | ||||||
| 	for i, ip := range ips { | 	for i, ip := range ips { | ||||||
| 		au.logger.Debug("discovered A record", | 		if c := au.logger.Check(zapcore.DebugLevel, "discovered A record"); c != nil { | ||||||
| 			zap.String("ip", ip.String())) | 			c.Write(zap.String("ip", ip.String())) | ||||||
|  | 		} | ||||||
| 		upstreams[i] = Upstream{ | 		upstreams[i] = Upstream{ | ||||||
| 			Dial: net.JoinHostPort(ip.String(), port), | 			Dial: net.JoinHostPort(ip.String(), port), | ||||||
| 		} | 		} | ||||||
| @ -467,11 +482,16 @@ func (mu MultiUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { | |||||||
| 
 | 
 | ||||||
| 		up, err := src.GetUpstreams(r) | 		up, err := src.GetUpstreams(r) | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			mu.logger.Error("upstream source returned error", | 			if c := mu.logger.Check(zapcore.ErrorLevel, "upstream source returned error"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.Int("source_idx", i), | 					zap.Int("source_idx", i), | ||||||
| 				zap.Error(err)) | 					zap.Error(err), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 		} else if len(up) == 0 { | 		} else if len(up) == 0 { | ||||||
| 			mu.logger.Warn("upstream source returned 0 upstreams", zap.Int("source_idx", i)) | 			if c := mu.logger.Check(zapcore.WarnLevel, "upstream source returned 0 upstreams"); c != nil { | ||||||
|  | 				c.Write(zap.Int("source_idx", i)) | ||||||
|  | 			} | ||||||
| 		} else { | 		} else { | ||||||
| 			upstreams = append(upstreams, up...) | 			upstreams = append(upstreams, up...) | ||||||
| 		} | 		} | ||||||
|  | |||||||
| @ -133,19 +133,17 @@ func (rewr Rewrite) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy | |||||||
| 	repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) | 	repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) | ||||||
| 	const message = "rewrote request" | 	const message = "rewrote request" | ||||||
| 
 | 
 | ||||||
| 	if rewr.logger.Check(zap.DebugLevel, message) == nil { | 	c := rewr.logger.Check(zap.DebugLevel, message) | ||||||
|  | 	if c == nil { | ||||||
| 		rewr.Rewrite(r, repl) | 		rewr.Rewrite(r, repl) | ||||||
| 		return next.ServeHTTP(w, r) | 		return next.ServeHTTP(w, r) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	logger := rewr.logger.With( |  | ||||||
| 		zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}), |  | ||||||
| 	) |  | ||||||
| 
 |  | ||||||
| 	changed := rewr.Rewrite(r, repl) | 	changed := rewr.Rewrite(r, repl) | ||||||
| 
 | 
 | ||||||
| 	if changed { | 	if changed { | ||||||
| 		logger.Debug(message, | 		c.Write( | ||||||
|  | 			zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}), | ||||||
| 			zap.String("method", r.Method), | 			zap.String("method", r.Method), | ||||||
| 			zap.String("uri", r.RequestURI), | 			zap.String("uri", r.RequestURI), | ||||||
| 		) | 		) | ||||||
|  | |||||||
| @ -275,7 +275,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 		if r.ProtoMajor < 3 { | 		if r.ProtoMajor < 3 { | ||||||
| 			err := s.h3server.SetQUICHeaders(w.Header()) | 			err := s.h3server.SetQUICHeaders(w.Header()) | ||||||
| 			if err != nil { | 			if err != nil { | ||||||
| 				s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err)) | 				if c := s.logger.Check(zapcore.ErrorLevel, "setting HTTP/3 Alt-Svc header"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| @ -283,9 +285,12 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 	// reject very long methods; probably a mistake or an attack | 	// reject very long methods; probably a mistake or an attack | ||||||
| 	if len(r.Method) > 32 { | 	if len(r.Method) > 32 { | ||||||
| 		if s.shouldLogRequest(r) { | 		if s.shouldLogRequest(r) { | ||||||
| 			s.accessLogger.Debug("rejecting request with long method", | 			if c := s.accessLogger.Check(zapcore.DebugLevel, "rejecting request with long method"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.String("method_trunc", r.Method[:32]), | 					zap.String("method_trunc", r.Method[:32]), | ||||||
| 				zap.String("remote_addr", r.RemoteAddr)) | 					zap.String("remote_addr", r.RemoteAddr), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 		w.WriteHeader(http.StatusMethodNotAllowed) | 		w.WriteHeader(http.StatusMethodNotAllowed) | ||||||
| 		return | 		return | ||||||
| @ -300,7 +305,9 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 		//nolint:bodyclose | 		//nolint:bodyclose | ||||||
| 		err := http.NewResponseController(w).EnableFullDuplex() | 		err := http.NewResponseController(w).EnableFullDuplex() | ||||||
| 		if err != nil { | 		if err != nil { | ||||||
| 			s.logger.Warn("failed to enable full duplex", zap.Error(err)) | 			if c := s.logger.Check(zapcore.WarnLevel, "failed to enable full duplex"); c != nil { | ||||||
|  | 				c.Write(zap.Error(err)) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -379,6 +386,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 	// add HTTP error information to request context | 	// add HTTP error information to request context | ||||||
| 	r = s.Errors.WithError(r, err) | 	r = s.Errors.WithError(r, err) | ||||||
| 
 | 
 | ||||||
|  | 	var fields []zapcore.Field | ||||||
| 	if s.Errors != nil && len(s.Errors.Routes) > 0 { | 	if s.Errors != nil && len(s.Errors.Routes) > 0 { | ||||||
| 		// execute user-defined error handling route | 		// execute user-defined error handling route | ||||||
| 		err2 := s.errorHandlerChain.ServeHTTP(w, r) | 		err2 := s.errorHandlerChain.ServeHTTP(w, r) | ||||||
| @ -386,17 +394,28 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 			// user's error route handled the error response | 			// user's error route handled the error response | ||||||
| 			// successfully, so now just log the error | 			// successfully, so now just log the error | ||||||
| 			for _, logger := range errLoggers { | 			for _, logger := range errLoggers { | ||||||
| 				logger.Debug(errMsg, errFields...) | 				if c := logger.Check(zapcore.DebugLevel, errMsg); c != nil { | ||||||
|  | 					if fields == nil { | ||||||
|  | 						fields = errFields() | ||||||
|  | 					} | ||||||
|  | 
 | ||||||
|  | 					c.Write(fields...) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} else { | 		} else { | ||||||
| 			// well... this is awkward | 			// well... this is awkward | ||||||
| 			errFields = append([]zapcore.Field{ | 			for _, logger := range errLoggers { | ||||||
|  | 				if c := logger.Check(zapcore.ErrorLevel, "error handling handler error"); c != nil { | ||||||
|  | 					if fields == nil { | ||||||
|  | 						fields = errFields() | ||||||
|  | 						fields = append([]zapcore.Field{ | ||||||
| 							zap.String("error", err2.Error()), | 							zap.String("error", err2.Error()), | ||||||
| 							zap.Namespace("first_error"), | 							zap.Namespace("first_error"), | ||||||
| 							zap.String("msg", errMsg), | 							zap.String("msg", errMsg), | ||||||
| 			}, errFields...) | 						}, fields...) | ||||||
| 			for _, logger := range errLoggers { | 					} | ||||||
| 				logger.Error("error handling handler error", errFields...) | 					c.Write(fields...) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 			if handlerErr, ok := err.(HandlerError); ok { | 			if handlerErr, ok := err.(HandlerError); ok { | ||||||
| 				w.WriteHeader(handlerErr.StatusCode) | 				w.WriteHeader(handlerErr.StatusCode) | ||||||
| @ -405,11 +424,17 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { | |||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} else { | 	} else { | ||||||
| 		for _, logger := range errLoggers { | 		logLevel := zapcore.DebugLevel | ||||||
| 		if errStatus >= 500 { | 		if errStatus >= 500 { | ||||||
| 				logger.Error(errMsg, errFields...) | 			logLevel = zapcore.ErrorLevel | ||||||
| 			} else { | 		} | ||||||
| 				logger.Debug(errMsg, errFields...) | 
 | ||||||
|  | 		for _, logger := range errLoggers { | ||||||
|  | 			if c := logger.Check(logLevel, errMsg); c != nil { | ||||||
|  | 				if fields == nil { | ||||||
|  | 					fields = errFields() | ||||||
|  | 				} | ||||||
|  | 				c.Write(fields...) | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		w.WriteHeader(errStatus) | 		w.WriteHeader(errStatus) | ||||||
| @ -746,7 +771,9 @@ func (s *Server) logTrace(mh MiddlewareHandler) { | |||||||
| 	if s.Logs == nil || !s.Logs.Trace { | 	if s.Logs == nil || !s.Logs.Trace { | ||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 	s.traceLogger.Debug(caddy.GetModuleName(mh), zap.Any("module", mh)) | 	if c := s.traceLogger.Check(zapcore.DebugLevel, caddy.GetModuleName(mh)); c != nil { | ||||||
|  | 		c.Write(zap.Any("module", mh)) | ||||||
|  | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // logRequest logs the request to access logs, unless skipped. | // logRequest logs the request to access logs, unless skipped. | ||||||
| @ -759,11 +786,38 @@ func (s *Server) logRequest( | |||||||
| 		return | 		return | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	repl.Set("http.response.status", wrec.Status()) // will be 0 if no response is written by us (Go will write 200 to client) | 	status := wrec.Status() | ||||||
| 	repl.Set("http.response.size", wrec.Size()) | 	size := wrec.Size() | ||||||
|  | 
 | ||||||
|  | 	repl.Set("http.response.status", status) // will be 0 if no response is written by us (Go will write 200 to client) | ||||||
|  | 	repl.Set("http.response.size", size) | ||||||
| 	repl.Set("http.response.duration", duration) | 	repl.Set("http.response.duration", duration) | ||||||
| 	repl.Set("http.response.duration_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) | 	repl.Set("http.response.duration_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) | ||||||
| 
 | 
 | ||||||
|  | 	loggers := []*zap.Logger{accLog} | ||||||
|  | 	if s.Logs != nil { | ||||||
|  | 		loggers = s.Logs.wrapLogger(accLog, r) | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	message := "handled request" | ||||||
|  | 	if nop, ok := GetVar(r.Context(), "unhandled").(bool); ok && nop { | ||||||
|  | 		message = "NOP" | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	logLevel := zapcore.InfoLevel | ||||||
|  | 	if status >= 500 { | ||||||
|  | 		logLevel = zapcore.ErrorLevel | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	var fields []zapcore.Field | ||||||
|  | 	for _, logger := range loggers { | ||||||
|  | 		c := logger.Check(logLevel, message) | ||||||
|  | 		if c == nil { | ||||||
|  | 			continue | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
|  | 		if fields == nil { | ||||||
|  | 
 | ||||||
| 			userID, _ := repl.GetString("http.auth.user.id") | 			userID, _ := repl.GetString("http.auth.user.id") | ||||||
| 
 | 
 | ||||||
| 			reqBodyLength := 0 | 			reqBodyLength := 0 | ||||||
| @ -774,35 +828,22 @@ func (s *Server) logRequest( | |||||||
| 			extra := r.Context().Value(ExtraLogFieldsCtxKey).(*ExtraLogFields) | 			extra := r.Context().Value(ExtraLogFieldsCtxKey).(*ExtraLogFields) | ||||||
| 
 | 
 | ||||||
| 			fieldCount := 6 | 			fieldCount := 6 | ||||||
| 	fields := make([]zapcore.Field, 0, fieldCount+len(extra.fields)) | 			fields = make([]zapcore.Field, 0, fieldCount+len(extra.fields)) | ||||||
| 			fields = append(fields, | 			fields = append(fields, | ||||||
| 				zap.Int("bytes_read", reqBodyLength), | 				zap.Int("bytes_read", reqBodyLength), | ||||||
| 				zap.String("user_id", userID), | 				zap.String("user_id", userID), | ||||||
| 				zap.Duration("duration", *duration), | 				zap.Duration("duration", *duration), | ||||||
| 		zap.Int("size", wrec.Size()), | 				zap.Int("size", size), | ||||||
| 		zap.Int("status", wrec.Status()), | 				zap.Int("status", status), | ||||||
| 				zap.Object("resp_headers", LoggableHTTPHeader{ | 				zap.Object("resp_headers", LoggableHTTPHeader{ | ||||||
| 					Header:               wrec.Header(), | 					Header:               wrec.Header(), | ||||||
| 					ShouldLogCredentials: shouldLogCredentials, | 					ShouldLogCredentials: shouldLogCredentials, | ||||||
| 		})) | 				}), | ||||||
|  | 			) | ||||||
| 			fields = append(fields, extra.fields...) | 			fields = append(fields, extra.fields...) | ||||||
| 
 |  | ||||||
| 	loggers := []*zap.Logger{accLog} |  | ||||||
| 	if s.Logs != nil { |  | ||||||
| 		loggers = s.Logs.wrapLogger(accLog, r) |  | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 	// wrapping may return multiple loggers, so we log to all of them | 		c.Write(fields...) | ||||||
| 	for _, logger := range loggers { |  | ||||||
| 		logAtLevel := logger.Info |  | ||||||
| 		if wrec.Status() >= 500 { |  | ||||||
| 			logAtLevel = logger.Error |  | ||||||
| 		} |  | ||||||
| 		message := "handled request" |  | ||||||
| 		if nop, ok := GetVar(r.Context(), "unhandled").(bool); ok && nop { |  | ||||||
| 			message = "NOP" |  | ||||||
| 		} |  | ||||||
| 		logAtLevel(message, fields...) |  | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -121,6 +121,29 @@ func BenchmarkServer_LogRequest(b *testing.B) { | |||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | func BenchmarkServer_LogRequest_NopLogger(b *testing.B) { | ||||||
|  | 	s := &Server{} | ||||||
|  | 
 | ||||||
|  | 	extra := new(ExtraLogFields) | ||||||
|  | 	ctx := context.WithValue(context.Background(), ExtraLogFieldsCtxKey, extra) | ||||||
|  | 
 | ||||||
|  | 	req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) | ||||||
|  | 	rec := httptest.NewRecorder() | ||||||
|  | 	wrec := NewResponseRecorder(rec, nil, nil) | ||||||
|  | 
 | ||||||
|  | 	duration := 50 * time.Millisecond | ||||||
|  | 	repl := NewTestReplacer(req) | ||||||
|  | 	bodyReader := &lengthReader{Source: req.Body} | ||||||
|  | 
 | ||||||
|  | 	accLog := zap.NewNop() | ||||||
|  | 
 | ||||||
|  | 	b.ResetTimer() | ||||||
|  | 
 | ||||||
|  | 	for i := 0; i < b.N; i++ { | ||||||
|  | 		s.logRequest(accLog, req, wrec, &duration, repl, bodyReader, false) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  | 
 | ||||||
| func BenchmarkServer_LogRequest_WithTraceID(b *testing.B) { | func BenchmarkServer_LogRequest_WithTraceID(b *testing.B) { | ||||||
| 	s := &Server{} | 	s := &Server{} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -7,6 +7,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	sdktrace "go.opentelemetry.io/otel/sdk/trace" | 	sdktrace "go.opentelemetry.io/otel/sdk/trace" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // globalTracerProvider stores global tracer provider and is responsible for graceful shutdown when nobody is using it. | // globalTracerProvider stores global tracer provider and is responsible for graceful shutdown when nobody is using it. | ||||||
| @ -47,7 +48,9 @@ func (t *tracerProvider) cleanupTracerProvider(logger *zap.Logger) error { | |||||||
| 		if t.tracerProvider != nil { | 		if t.tracerProvider != nil { | ||||||
| 			// tracerProvider.ForceFlush SHOULD be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#forceflush | 			// tracerProvider.ForceFlush SHOULD be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#forceflush | ||||||
| 			if err := t.tracerProvider.ForceFlush(context.Background()); err != nil { | 			if err := t.tracerProvider.ForceFlush(context.Background()); err != nil { | ||||||
| 				logger.Error("forcing flush", zap.Error(err)) | 				if c := logger.Check(zapcore.ErrorLevel, "forcing flush"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 
 | 
 | ||||||
| 			// tracerProvider.Shutdown MUST be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#shutdown | 			// tracerProvider.Shutdown MUST be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#shutdown | ||||||
|  | |||||||
| @ -35,6 +35,7 @@ import ( | |||||||
| 	"github.com/smallstep/certificates/db" | 	"github.com/smallstep/certificates/db" | ||||||
| 	"github.com/smallstep/nosql" | 	"github.com/smallstep/nosql" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | 	"github.com/caddyserver/caddy/v2/modules/caddyhttp" | ||||||
| @ -243,10 +244,14 @@ func (ash Handler) Cleanup() error { | |||||||
| 	key := ash.getDatabaseKey() | 	key := ash.getDatabaseKey() | ||||||
| 	deleted, err := databasePool.Delete(key) | 	deleted, err := databasePool.Delete(key) | ||||||
| 	if deleted { | 	if deleted { | ||||||
| 		ash.logger.Debug("unloading unused CA database", zap.String("db_key", key)) | 		if c := ash.logger.Check(zapcore.DebugLevel, "unloading unused CA database"); c != nil { | ||||||
|  | 			c.Write(zap.String("db_key", key)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		ash.logger.Error("closing CA database", zap.String("db_key", key), zap.Error(err)) | 		if c := ash.logger.Check(zapcore.ErrorLevel, "closing CA database"); c != nil { | ||||||
|  | 			c.Write(zap.String("db_key", key), zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	return err | 	return err | ||||||
| } | } | ||||||
| @ -271,7 +276,9 @@ func (ash Handler) openDatabase() (*db.AuthDB, error) { | |||||||
| 	}) | 	}) | ||||||
| 
 | 
 | ||||||
| 	if loaded { | 	if loaded { | ||||||
| 		ash.logger.Debug("loaded preexisting CA database", zap.String("db_key", key)) | 		if c := ash.logger.Check(zapcore.DebugLevel, "loaded preexisting CA database"); c != nil { | ||||||
|  | 			c.Write(zap.String("db_key", key)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	return database.(databaseCloser).DB, err | 	return database.(databaseCloser).DB, err | ||||||
|  | |||||||
| @ -30,6 +30,7 @@ import ( | |||||||
| 	"github.com/caddyserver/zerossl" | 	"github.com/caddyserver/zerossl" | ||||||
| 	"github.com/mholt/acmez/v2/acme" | 	"github.com/mholt/acmez/v2/acme" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig" | 	"github.com/caddyserver/caddy/v2/caddyconfig" | ||||||
| @ -321,7 +322,9 @@ func (iss *ACMEIssuer) generateZeroSSLEABCredentials(ctx context.Context, acct a | |||||||
| 		return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode) | 		return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode) | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID)) | 	if c := iss.logger.Check(zapcore.InfoLevel, "generated EAB credentials"); c != nil { | ||||||
|  | 		c.Write(zap.String("key_id", result.EABKID)) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	return &acme.EAB{ | 	return &acme.EAB{ | ||||||
| 		KeyID:  result.EABKID, | 		KeyID:  result.EABKID, | ||||||
|  | |||||||
| @ -26,6 +26,7 @@ import ( | |||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
| 	"github.com/mholt/acmez/v2" | 	"github.com/mholt/acmez/v2" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| ) | ) | ||||||
| @ -292,21 +293,30 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { | |||||||
| 						remoteIP, _, _ = net.SplitHostPort(remote.String()) | 						remoteIP, _, _ = net.SplitHostPort(remote.String()) | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
| 				tlsApp.logger.Debug("asking for permission for on-demand certificate", | 				if c := tlsApp.logger.Check(zapcore.DebugLevel, "asking for permission for on-demand certificate"); c != nil { | ||||||
|  | 					c.Write( | ||||||
| 						zap.String("remote_ip", remoteIP), | 						zap.String("remote_ip", remoteIP), | ||||||
| 					zap.String("domain", name)) | 						zap.String("domain", name), | ||||||
|  | 					) | ||||||
|  | 				} | ||||||
| 
 | 
 | ||||||
| 				// ask the permission module if this cert is allowed | 				// ask the permission module if this cert is allowed | ||||||
| 				if err := tlsApp.Automation.OnDemand.permission.CertificateAllowed(ctx, name); err != nil { | 				if err := tlsApp.Automation.OnDemand.permission.CertificateAllowed(ctx, name); err != nil { | ||||||
| 					// distinguish true errors from denials, because it's important to elevate actual errors | 					// distinguish true errors from denials, because it's important to elevate actual errors | ||||||
| 					if errors.Is(err, ErrPermissionDenied) { | 					if errors.Is(err, ErrPermissionDenied) { | ||||||
| 						tlsApp.logger.Debug("on-demand certificate issuance denied", | 						if c := tlsApp.logger.Check(zapcore.DebugLevel, "on-demand certificate issuance denied"); c != nil { | ||||||
|  | 							c.Write( | ||||||
| 								zap.String("domain", name), | 								zap.String("domain", name), | ||||||
| 							zap.Error(err)) | 								zap.Error(err), | ||||||
|  | 							) | ||||||
|  | 						} | ||||||
| 					} else { | 					} else { | ||||||
| 						tlsApp.logger.Error("failed to get permission for on-demand certificate", | 						if c := tlsApp.logger.Check(zapcore.ErrorLevel, "failed to get permission for on-demand certificate"); c != nil { | ||||||
|  | 							c.Write( | ||||||
| 								zap.String("domain", name), | 								zap.String("domain", name), | ||||||
| 							zap.Error(err)) | 								zap.Error(err), | ||||||
|  | 							) | ||||||
|  | 						} | ||||||
| 					} | 					} | ||||||
| 					return err | 					return err | ||||||
| 				} | 				} | ||||||
|  | |||||||
| @ -12,6 +12,7 @@ import ( | |||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
| 	"github.com/tailscale/tscert" | 	"github.com/tailscale/tscert" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -46,7 +47,9 @@ func (ts Tailscale) GetCertificate(ctx context.Context, hello *tls.ClientHelloIn | |||||||
| 		return nil, nil // pass-thru: Tailscale can't offer a cert for this name | 		return nil, nil // pass-thru: Tailscale can't offer a cert for this name | ||||||
| 	} | 	} | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		ts.logger.Warn("could not get status; will try to get certificate anyway", zap.Error(err)) | 		if c := ts.logger.Check(zapcore.WarnLevel, "could not get status; will try to get certificate anyway"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	return tscert.GetCertificateWithContext(ctx, hello) | 	return tscert.GetCertificateWithContext(ctx, hello) | ||||||
| } | } | ||||||
|  | |||||||
| @ -28,6 +28,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	"github.com/mholt/acmez/v2" | 	"github.com/mholt/acmez/v2" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig" | 	"github.com/caddyserver/caddy/v2/caddyconfig" | ||||||
| @ -338,8 +339,9 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { | |||||||
| 
 | 
 | ||||||
| 		cfg.KeyLogWriter = logFile.(io.Writer) | 		cfg.KeyLogWriter = logFile.(io.Writer) | ||||||
| 
 | 
 | ||||||
| 		tlsApp.logger.Warn("TLS SECURITY COMPROMISED: secrets logging is enabled!", | 		if c := tlsApp.logger.Check(zapcore.WarnLevel, "TLS SECURITY COMPROMISED: secrets logging is enabled!"); c != nil { | ||||||
| 			zap.String("log_filename", filename)) | 			c.Write(zap.String("log_filename", filename)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	setDefaultTLSParams(cfg) | 	setDefaultTLSParams(cfg) | ||||||
|  | |||||||
| @ -25,6 +25,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -291,7 +292,9 @@ func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool { | |||||||
| 	} | 	} | ||||||
| 	ipAddr, err := netip.ParseAddr(ipStr) | 	ipAddr, err := netip.ParseAddr(ipStr) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		m.logger.Error("invalid client IP address", zap.String("ip", ipStr)) | 		if c := m.logger.Check(zapcore.ErrorLevel, "invalid client IP address"); c != nil { | ||||||
|  | 			c.Write(zap.String("ip", ipStr)) | ||||||
|  | 		} | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) && | 	return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) && | ||||||
| @ -408,7 +411,9 @@ func (m MatchLocalIP) Match(hello *tls.ClientHelloInfo) bool { | |||||||
| 	} | 	} | ||||||
| 	ipAddr, err := netip.ParseAddr(ipStr) | 	ipAddr, err := netip.ParseAddr(ipStr) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		m.logger.Error("invalid local IP address", zap.String("ip", ipStr)) | 		if c := m.logger.Check(zapcore.ErrorLevel, "invalid local IP address"); c != nil { | ||||||
|  | 			c.Write(zap.String("ip", ipStr)) | ||||||
|  | 		} | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| 	return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) | 	return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) | ||||||
|  | |||||||
| @ -26,6 +26,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" | ||||||
| @ -156,10 +157,13 @@ func (p PermissionByHTTP) CertificateAllowed(ctx context.Context, name string) e | |||||||
| 		remote = chi.Conn.RemoteAddr().String() | 		remote = chi.Conn.RemoteAddr().String() | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	p.logger.Debug("asking permission endpoint", | 	if c := p.logger.Check(zapcore.DebugLevel, "asking permission endpoint"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("remote", remote), | 			zap.String("remote", remote), | ||||||
| 			zap.String("domain", name), | 			zap.String("domain", name), | ||||||
| 		zap.String("url", askURLString)) | 			zap.String("url", askURLString), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	resp, err := onDemandAskClient.Get(askURLString) | 	resp, err := onDemandAskClient.Get(askURLString) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| @ -168,11 +172,14 @@ func (p PermissionByHTTP) CertificateAllowed(ctx context.Context, name string) e | |||||||
| 	} | 	} | ||||||
| 	resp.Body.Close() | 	resp.Body.Close() | ||||||
| 
 | 
 | ||||||
| 	p.logger.Debug("response from permission endpoint", | 	if c := p.logger.Check(zapcore.DebugLevel, "response from permission endpoint"); c != nil { | ||||||
|  | 		c.Write( | ||||||
| 			zap.String("remote", remote), | 			zap.String("remote", remote), | ||||||
| 			zap.String("domain", name), | 			zap.String("domain", name), | ||||||
| 			zap.String("url", askURLString), | 			zap.String("url", askURLString), | ||||||
| 		zap.Int("status", resp.StatusCode)) | 			zap.Int("status", resp.StatusCode), | ||||||
|  | 		) | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 	if resp.StatusCode < 200 || resp.StatusCode > 299 { | 	if resp.StatusCode < 200 || resp.StatusCode > 299 { | ||||||
| 		return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, ErrPermissionDenied, askEndpoint, resp.StatusCode) | 		return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, ErrPermissionDenied, askEndpoint, resp.StatusCode) | ||||||
|  | |||||||
| @ -27,6 +27,7 @@ import ( | |||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/certmagic" | 	"github.com/caddyserver/certmagic" | ||||||
| 	"go.uber.org/zap" | 	"go.uber.org/zap" | ||||||
|  | 	"go.uber.org/zap/zapcore" | ||||||
| 
 | 
 | ||||||
| 	"github.com/caddyserver/caddy/v2" | 	"github.com/caddyserver/caddy/v2" | ||||||
| 	"github.com/caddyserver/caddy/v2/modules/caddyevents" | 	"github.com/caddyserver/caddy/v2/modules/caddyevents" | ||||||
| @ -323,8 +324,9 @@ func (t *TLS) Start() error { | |||||||
| 	if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.permission == nil) { | 	if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.permission == nil) { | ||||||
| 		for _, ap := range t.Automation.Policies { | 		for _, ap := range t.Automation.Policies { | ||||||
| 			if ap.OnDemand && ap.isWildcardOrDefault() { | 			if ap.OnDemand && ap.isWildcardOrDefault() { | ||||||
| 				t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place", | 				if c := t.logger.Check(zapcore.WarnLevel, "YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place"); c != nil { | ||||||
| 					zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) | 					c.Write(zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) | ||||||
|  | 				} | ||||||
| 				break | 				break | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| @ -408,9 +410,12 @@ func (t *TLS) Cleanup() error { | |||||||
| 		// give the new TLS app a "kick" to manage certs that it is configured for | 		// give the new TLS app a "kick" to manage certs that it is configured for | ||||||
| 		// with its own configuration instead of the one we just evicted | 		// with its own configuration instead of the one we just evicted | ||||||
| 		if err := nextTLSApp.Manage(reManage); err != nil { | 		if err := nextTLSApp.Manage(reManage); err != nil { | ||||||
| 			t.logger.Error("re-managing unloaded certificates with new config", | 			if c := t.logger.Check(zapcore.ErrorLevel, "re-managing unloaded certificates with new config"); c != nil { | ||||||
|  | 				c.Write( | ||||||
| 					zap.Strings("subjects", reManage), | 					zap.Strings("subjects", reManage), | ||||||
| 				zap.Error(err)) | 					zap.Error(err), | ||||||
|  | 				) | ||||||
|  | 			} | ||||||
| 		} | 		} | ||||||
| 	} else { | 	} else { | ||||||
| 		// no more TLS app running, so delete in-memory cert cache | 		// no more TLS app running, so delete in-memory cert cache | ||||||
| @ -653,7 +658,9 @@ func (t *TLS) cleanStorageUnits() { | |||||||
| 
 | 
 | ||||||
| 	id, err := caddy.InstanceID() | 	id, err := caddy.InstanceID() | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		t.logger.Warn("unable to get instance ID; storage clean stamps will be incomplete", zap.Error(err)) | 		if c := t.logger.Check(zapcore.WarnLevel, "unable to get instance ID; storage clean stamps will be incomplete"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 	options := certmagic.CleanStorageOptions{ | 	options := certmagic.CleanStorageOptions{ | ||||||
| 		Logger:                 t.logger, | 		Logger:                 t.logger, | ||||||
| @ -669,7 +676,9 @@ func (t *TLS) cleanStorageUnits() { | |||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		// probably don't want to return early, since we should still | 		// probably don't want to return early, since we should still | ||||||
| 		// see if any other storages can get cleaned up | 		// see if any other storages can get cleaned up | ||||||
| 		t.logger.Error("could not clean default/global storage", zap.Error(err)) | 		if c := t.logger.Check(zapcore.ErrorLevel, "could not clean default/global storage"); c != nil { | ||||||
|  | 			c.Write(zap.Error(err)) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	// then clean each storage defined in ACME automation policies | 	// then clean each storage defined in ACME automation policies | ||||||
| @ -679,7 +688,9 @@ func (t *TLS) cleanStorageUnits() { | |||||||
| 				continue | 				continue | ||||||
| 			} | 			} | ||||||
| 			if err := certmagic.CleanStorage(t.ctx, ap.storage, options); err != nil { | 			if err := certmagic.CleanStorage(t.ctx, ap.storage, options); err != nil { | ||||||
| 				t.logger.Error("could not clean storage configured in automation policy", zap.Error(err)) | 				if c := t.logger.Check(zapcore.ErrorLevel, "could not clean storage configured in automation policy"); c != nil { | ||||||
|  | 					c.Write(zap.Error(err)) | ||||||
|  | 				} | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user