Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-05-21 14:26:30 -04:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity
762 Commits 40 Branches 153 Tags
5b48f784ae45cdeb7161e85f274283327cde24e7
Commit Graph

762 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mohammed Al Sahaf 5b48f784ae ci: don't run s390x tests on PRs of forks (#3494) 
* ci: don't run s390x tests on PRs of forks

* ci: check if fork by matchinging name from event against name of repo
 2020-06-12 19:51:04 +00:00
Chris Ortman d84a5d8427 httpcaddyfile: New acme_eab option (#3492) 
* Adds global options for external account bindings

* Maybe other people use ctags too?

* Use nested block to configure external account

* go format files

* Restore acme_ca directive in test file

* Change Caddyfile config syntax for acme_eab

* Update test

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2020-06-12 13:37:56 -06:00
Mohammed Al Sahaf 7da32f493a ci: skip s390x tests on forks (#3493) 2020-06-12 18:03:29 +00:00
Matthew Holt cb0d9838cb go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab) 2020-06-12 11:52:12 -06:00
Matthew Holt d81a69ef16 Merge branch 'eab-fix' 2020-06-12 11:49:45 -06:00
Mohammed Al Sahaf 99dcc10f31 ci: add CI on s390x (#3463) 
* ci: lay out foundation for s390x tests

* ci: uncomment the s390x test script & replace placeholders with real values

* ci: amend the s390x test job name to be more consistent with others
 2020-06-12 17:11:46 +00:00
Wynn Wolf Arbor fa4cdde7d8 fastcgi: Make sure splitPos handles empty SplitPath correctly (#3491) 
In commit f2ce81c, support for multiple path splitters was added. The
type of SplitPath changed from string to []string, and splitPos was
changed to loop through all values in SplitPath.

Before that commit, if SplitPath was empty, strings.Index returned 0 and
PATH_INFO was set correctly in buildEnv.

Currently, however, splitPos returns -1 for empty values of SplitPath,
behaving as if a split position could not be found at all. PATH_INFO is
then never set in buildEnv and remains empty.

Restore the old behaviour by explicitly checking whether SplitPath is
empty and returning 0 in splitPos.

Closes #3490
 2020-06-12 10:07:59 -06:00
Matthew Holt d55c3b31eb caddyhttp: Add client cert SAN placeholders 2020-06-11 16:19:07 -06:00
Matthew Holt 6d03fb48f9 caddytls: Don't decode HMAC 
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
 2020-06-11 15:33:27 -06:00
Matthew Holt b3bff13f7d reverseproxy: Close websocket conn if req context cancels 
This is a recent patch in the Go standard library
 2020-06-11 15:25:26 -06:00
Francis Lavoie 7211101c52 ci: Fix gemfury upload condition, move triggers to publish event (#3483) 2020-06-08 12:21:20 -06:00
Mohammed Al Sahaf 90dba172cb ci: fix an oopsie in the release script (#3482) v2.1.0-beta.1 2020-06-08 11:10:28 -06:00
Matthew Holt 4b10ae5ce6 reverseproxy: Add Caddyfile support for ClientCertificateAutomate 2020-06-08 10:30:26 -06:00
NWHirschfeld 1dfb11486e httpcaddyfile: Add client_auth options to tls directive (#3335) 
* reading client certificate config from Caddyfile

Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>

* Update caddyconfig/httpcaddyfile/builtins.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* added adapt test for parsing client certificate configuration from Caddyfile

Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>

* read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844

Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>

* Update modules/caddytls/connpolicy.go

* Make review adjustments

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2020-06-05 12:19:36 -06:00
Matthew Holt 11a132d48b caddytls: Configurable cache size limit 2020-06-05 11:14:39 -06:00
Matthew Holt 9dafa63933 go.mod: Update dependencies 2020-06-05 11:14:09 -06:00
Francis Lavoie 21c1da101c ci: Disable publishing .deb on beta tags (#3473) 2020-06-05 10:23:15 -06:00
Matthew Holt 7a99835dab reverseproxy: Enable changing only the status code (close #2920) 2020-06-04 12:06:38 -06:00
Matthew Holt 7b0962ba4d caddyhttp: Default to error status if found in context 
This is just a convenience if using a static_response handler in an
error route, by setting the default status code to the same one as
the error status.
 2020-06-04 10:32:01 -06:00
Matthew Holt 2d1f7b9da8 caddyhttp: Auto-redirects from all bind addresses (fix #3443) 2020-06-03 10:56:26 -06:00
Matthew Holt a285fe4129 caddypki: Add 'acme_server' Caddyfile directive 2020-06-03 09:59:36 -06:00
Matthew Holt 97e61c16a3 httpcaddyfile: Sort site blocks with wildcards last (fix #3410) 2020-06-03 09:35:13 -06:00
Matthew Holt 83551edf3e cmd: Only stop admin server on signal if it exists (fix #3470) 2020-06-03 07:31:31 -06:00
Matthew Holt e18c373064 caddytls: Actually use configured test CA 2020-06-02 11:13:44 -06:00
Matt Holt 9a7756c6e4 caddyauth: Cache basicauth results (fixes #3462) (#3465) 
Cache capacity is currently hard-coded at 1000 with random eviction.
It is enabled by default from Caddyfile configurations because I assume
this is the most common preference.
 2020-06-01 23:56:47 -06:00
Francis Lavoie fdf2a77feb caddyfile: Add args on imports (#3423) 
* caddyfile: Add support for args on imports

* caddyfile: Add more import args tests
 2020-06-01 10:43:06 -06:00
Georges Haidar a496308f6e httpcaddyfile: Let modules add listener wrappers (#3397) 
* httpcaddyfile: allow modules to customize listener wrappers

* Update caddyconfig/httpcaddyfile/httptype.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* Update caddyconfig/httpcaddyfile/httptype.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* Update caddyconfig/httpcaddyfile/httptype.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* Update caddyconfig/httpcaddyfile/httptype.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2020-06-01 09:50:00 -06:00
Matthew Holt d5d7fb5954 go.mod: Update dependencies 2020-06-01 09:31:08 -06:00
Matt Holt 996af0915d cmd: Support admin endpoint on unix socket (#3320) 2020-05-29 14:21:55 -06:00
Matthew Holt 6c051cd27d caddyconfig: Minor internal and godoc tweaks 2020-05-29 11:49:25 -06:00
Matt Holt 9415feca7c logging: Net writer redials if write fails (#3453) 
* logging: Net writer redials if write fails

https://caddy.community/t/v2-log-output-net-does-not-reconnect-after-lost-connection/8386?u=matt

* Only replace connection if redial succeeds

* Fix error handling
 2020-05-28 10:40:14 -06:00
Matthew Holt 881b826fb5 reverseproxy: Pool copy buffers (minor optimization) 2020-05-27 11:42:19 -06:00
Matthew Holt 538ddb8587 reverseproxy: Enable response interception (#1447, #2920) 
It's a raw, low-level implementation for now, but it's very flexible.
More sugar-coating can be added after error handling is more developed.
 2020-05-27 10:17:45 -06:00
Francis Lavoie 69b5643130 chore: Fix typo in dispenser.go (#3456) 2020-05-27 08:13:57 -06:00
Matthew Holt e5bbed1046 caddyhttp: Refactor header matching 
This allows response matchers to benefit from the same matching logic
as the request header matchers (mainly prefix/suffix wildcards).
 2020-05-26 17:35:27 -06:00
Matthew Holt 294910c68c caddyhttp: Add client.public_key(_sha256) placeholders 2020-05-26 15:52:53 -06:00
Francis Lavoie 8c5d00b2bc httpcaddyfile: New handle_path directive (#3281) 
* caddyconfig: WIP implementation of handle_path

* caddyconfig: Complete the implementation - h.NewRoute was key

* caddyconfig: Add handle_path integration test

* caddyhttp: Use the path matcher as-is, strip the trailing *, update test
 2020-05-26 15:27:51 -06:00
Rui Lopes aa20878887 cmd: file-server: add --access-log flag (#3454) 2020-05-26 15:04:04 -06:00
Francis Lavoie c1e5c09294 reverseproxy: Improve error message when using scheme+placeholder (#3393) 
* reverseproxy: Improve error message when using scheme+placeholder

* reverseproxy: Simplify error message

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2020-05-26 14:13:15 -06:00
Francis Lavoie ffc125d6f5 caddyfile: Move NewTestDispenser into non-test file (#3439) 2020-05-26 13:45:22 -06:00
AndyBan 22055c5e0f reverseproxy: Fix https active health checks #3450 (#3451) 2020-05-26 12:40:57 -06:00
Mohammed Al Sahaf dfe802aed3 chore: forego the use of deprecated cel func NewIdent in favor of NewVar (#3444) 2020-05-25 03:59:38 +00:00
Mohammed Al Sahaf 7a365af5df chore: simplify goreleaser flow, add bash completions to .deb (#3436) 2020-05-22 15:13:31 -04:00
Matthew Holt 0cbf467b3f caddyhttp: Add time.now placeholder and update cel-go (closes #2594) 2020-05-21 18:19:01 -06:00
Francis Lavoie bb67e19d7b cmd: hash-password: Fix broken terminal state on SIGINT (#3416) 
* caddyauth: Fix hash-password broken terminal state on SIGINT

* caddycmd: Move TrapSignals calls to only subcommands that run long
 2020-05-21 13:09:49 -06:00
Matthew Holt 1dc4ec2d77 admin: Disallow websockets 
No currently-known exploit here, just being conservative
 2020-05-21 12:29:19 -06:00
Matt Holt 452d4726f7 Update SECURITY.md 2020-05-20 14:24:47 -06:00
Matthew Holt 2a8a198568 reverseproxy: Don't overwrite existing X-Forwarded-Proto header 
Correct behavior is not well defined because this is a non-standard
header field. This could be a "hop-by-hop" field much like
X-Forwarded-For is, but even our X-Forwarded-For implementation
preserves prior entries. Or, it could be best to preserve the original
value from the first hop, representing the protocol as facing the
client.

Let's try it the other way for a bit and see how it goes.

See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt
 2020-05-20 11:33:17 -06:00
Francis Lavoie cc8fb488d3 httpcaddyfile: Improve error on matcher declared outside site block (#3431) 2020-05-20 10:37:48 -06:00
Francis Lavoie fae064262d httpcaddyfile: Add auto_https global option (#3284) 2020-05-19 16:59:51 -06:00