454 Commits

Author	SHA1	Message	Date
newklei	2dbcdefbbe	forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4) (#7545) ... When using copy_headers in a forward_auth block, client-supplied headers with the same names were not being removed before being forwarded to the backend. This happens because PR #6608 added a MatchNot guard that skips the Set operation when the auth service does not return a given header. That guard prevents setting headers to empty strings, which is the correct behavior, but it also means a client can send X-User-Id: admin in their request and if the auth service validates the token without returning X-User-Id, Caddy skips the Set and the client value passes through unchanged to the backend. The fix adds an unconditional delete route for each copy_headers entry, placed just before the existing conditional set route. The delete always runs regardless of what the auth service returns. The conditional set still only runs when the auth service provides that header. The end result is: - Client-supplied headers are always removed - When the auth service returns the header, the backend gets that value - When the auth service does not return the header, the backend sees nothing Existing behavior is unchanged for any deployment where the auth service returns all of the configured copy_headers entries. Fixes GHSA-7r4p-vjf4-gxv4	2026-03-03 23:30:49 -05:00
Paulo Henrique	88616e86e6	api: Add all in-flight requests /reverse_proxy/upstreams (Fixes #7277) (#7517) ... This refactors the initial approach in PR #7281, replacing the UsagePool with a dedicated package-level sync.Map and atomic.Int64 to track in-flight requests without global lock contention. It also introduces a lookup map in the admin API to fix a potential O(n^2) iteration over upstreams, ensuring that draining upstreams are correctly exposed across config reloads without leaking memory. Co-authored-by: Y.Horie <u5.horie@gmail.com> reverseproxy: optimize in-flight tracking and admin API - Replaced sync.RWMutex with sync.Map and atomic.Int64 to avoid lock contention under high RPS. - Introduced a lookup map in the admin API to fix a potential O(n^2) iteration over upstreams.	2026-03-03 15:14:55 -07:00
Akın Demirci	11b56c6cfc	reverseproxy: Fix health_port being ignored in health checks (#7533)	2026-03-03 13:10:54 -05:00
WeidiDeng	2ab043b890	reverseproxy: query escape request urls when proxy protocol is enabled (#7537)	2026-03-02 02:04:06 -05:00
Oleksandr Redko	72eaf2583a	chore: Enable modernize linter (#7519)	2026-02-26 14:01:35 -07:00
Fardjad Davari	9798f6964d	caddyhttp: Avoid nil pointer dereference in proxyWrapper (#7521)	2026-02-25 04:08:41 -05:00
Mohammed Al Sahaf	d7b21c6104	reverseproxy: fix tls dialing w/ proxy protocol (#7508)	2026-02-21 21:37:10 -05:00
Matt Holt	95941a71e8	chore: Add nolints to work around haywire linters (#7493) ... * chore: Add nolints to work around haywire linters * More lint wrangling	2026-02-17 16:52:54 -07:00
WeidiDeng	47f3e8f8dc	use math/rand/v2 instead of math/rand (#7413)	2026-02-11 09:15:51 -07:00
XYenon	03e6e439dd	reverseproxy: fix X-Forwarded-* headers for Unix socket requests (#7463) ... When a request arrives via a Unix domain socket (RemoteAddr == "@"), net.SplitHostPort fails, causing addForwardedHeaders to strip all X-Forwarded-* headers even when the connection is trusted via trusted_proxies_unix. Handle Unix socket connections before parsing RemoteAddr: if untrusted, strip headers for security; if trusted, let clientIP remain empty (no peer IP for a Unix socket hop) and fall through to the shared header logic, preserving the existing XFF chain without appending a spurious entry. Amp-Thread-ID: https://ampcode.com/threads/T-019c4225-a0ad-7283-ac56-e2c01eae1103 Co-authored-by: Amp <amp@ampcode.com>	2026-02-10 13:00:20 -07:00
Kévin Dunglas	7c28c0c07a	Merge commit from fork ... * fix: FastCGI split SCRIPT_NAME/PATH_INFO confusion * fix comment	2026-02-10 11:52:36 -07:00
Francis Lavoie	2ae0f7af69	reverseproxy: Set Host to {upstream_hostport} automatically if TLS (#7454)	2026-02-09 13:06:19 -07:00
Matthew Holt	3bb22672f9	reverseproxy: Customizable dial network for SRV upstreams ... By request of a sponsor	2026-02-02 11:25:51 -07:00
Paulo Henrique	62134d65af	reverseproxy: fix error when remote address is not an IP (#7429)	2026-01-13 19:52:56 +00:00
WeidiDeng	80f2ae92cd	reverseproxy: make error chan bigger when reverse proxying websocket (#7419)	2026-01-06 04:55:47 -05:00
Petr	67a9e0657e	reverseproxy: Fix retries for requests with bodies (#7360) ... * capture the buffered body once, then reset clonedReq.Body before each retry * no copy * keep receiver name * set the buf to nil after extraction and only return it to pool if not nil --------- Co-authored-by: WeidiDeng <weidi_deng@icloud.com>	2025-11-24 12:03:18 -07:00
WeidiDeng	a6da1acdc8	reverse_proxy: use interfaces to modify the behaviors of the transports (#7353)	2025-11-17 09:51:37 -07:00
Cooper de Nicola	895b56063a	chore: fix golangci-lint error G602 in caddyhttp (#7334)	2025-11-03 03:04:55 +00:00
WeidiDeng	abe0acabb6	reverseproxy: set default values for keepalive if only some of them are set (#7318)	2025-10-25 05:15:55 -04:00
WeidiDeng	1e21b660c4	reverseproxy: use http.Protocols to handle h2c requests (#6990)	2025-10-21 16:05:43 +00:00
WeidiDeng	8aca108d2c	reverseproxy: do not disable keepalive if proxy protocol is used (#7300)	2025-10-21 05:09:37 +00:00
Anthony Biondo	7fb39ec1e5	reverseproxy: Use http1.1 upgrade for websocket for extended connect of http2 and http3 (#7305) ... Co-authored-by: WeidiDeng <weidi_deng@icloud.com>	2025-10-16 02:20:20 +00:00
wyrapeseed	d115cd1042	chore: fix some comments (#7303)	2025-10-15 03:58:53 +00:00
WeidiDeng	2ec28bca43	reverse_proxy: use http1 for outbound tls requests with placeholder that are likely websockets (#7296)	2025-10-09 10:36:49 -06:00
Mohammed Al Sahaf	25be2f26fc	chore: ugh, lint fix... (#7275) ... * chore: ugh, lint fix... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * more lint fixes Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-09-26 03:14:48 -04:00
Gilbert Gilb's	f5c3094050	cmd: prevent commas in header values from being split (#7268) ... `pflag.GetStringSlice` treats commas as delimiters, which causes issues when passing headers whose values contain commas (`X-Robots-Tag: noindex, nofollow`). These are incorrectly split into multiple headers and errors out: - `X-Robots-Tag: noindex` - ` nofollow` Switch to `pflag.GetStringArray`, which does not split on commas[1]. Note that this changes behavior for cases where multiple headers were provided in a single argument with commas (`--header-down "X-Foo: Bar,X-Bar: Foo"`). Such cases will now be treated as a single header value. If this breaking change is unacceptable, we will need a smarter fallback mechanism. [1] https://github.com/spf13/pflag/pull/90	2025-09-22 21:12:06 -06:00
WeidiDeng	1c596e3c5a	reverse_proxy: use the new KeepAliveConfig to set probe interval (#7157) ... Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-08-21 14:36:54 -06:00
joemicky	5125fbed41	use a more modern writing style to simplify code (#7182) ... Signed-off-by: joemicky <joemickychang@outlook.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-08-20 11:41:21 -06:00
WeidiDeng	1209b5c566	reverseproxy: validate versions in http transport (#7112)	2025-07-09 14:13:27 -06:00
mountdisk	c712cfcd76	docs: fix some minor issues in the comments (#7101)	2025-06-30 06:50:00 +00:00
曹家巧	070d454c0d	Use the built-in max/min to simplify the code (#7081) ... Signed-off-by: xiaoxiangirl <caojiaqiao@outlook.com>	2025-06-19 16:39:48 -06:00
Mohammed Al Sahaf	e039a5bb5c	chore: upgrade .golangci.yml and workflow to v2 (#6924) ... * chore: upgrade .golangci.yml and workflow to v2 run `golangci-lint fmt` Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * run `golangci-lint run --fix` Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * more lint fixes Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * bring back comments to .golangci.yml Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * appease the linter some more Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * oops Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * use embedded structs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * use embedded structs where they were used before Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * disable rule `-QF1006` Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * missed a spot Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-06-03 02:24:32 +03:00
tongjicoder	5b2eb66418	Use slices.Contains to simplify code (#7039) ... Signed-off-by: tongjicoder <tongjicoder@icloud.com>	2025-05-31 12:03:06 -06:00
WeidiDeng	aa3d20be3e	reverseproxy: Use DialTLSContext if ServerName has placeholder (#6955) ... Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-04-28 09:14:09 -06:00
Mohammed Al Sahaf	737936c06b	reverseproxy: reference correct field name in LoadModule (#6978) ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-04-21 08:43:27 -06:00
Matt Holt	1bfa111552	caddytls: Prefer managed wildcard certs over individual subdomain certs (#6959) ... * caddytls: Prefer managed wildcard certs over individual subdomain certs * Repurpose force_automate as no_wildcard * Fix a couple bugs * Restore force_automate and use automate loader as wildcard override	2025-04-18 11:44:23 -06:00
Jesper Brix Rosenkilde	6c38ae7381	reverseproxy: Add valid Upstream to DialInfo in active health checks (#6949) ... Currently if we extract the DialInfo from a Request Context during an active health check, then the Upstream in the DialInfo is nil. This PR attempts to set the Upstream to a sensible value, based on wether or not the Upstream has been overriden in the active health check's config.	2025-04-15 08:44:53 -06:00
Mohammed Al Sahaf	173573035c	core: add modular network_proxy support (#6399) ... * core: add modular `network_proxy` support Co-authored-by: @ImpostorKeanu Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * move modules around Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * add caddyfile implementation Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * address feedbcak * Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> * adapt ForwardProxyURL to use the NetworkProxyRaw Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * remove redundant `url` in log Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * code review Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * remove `.source` from the module ID Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-03-21 17:06:15 +00:00
WeidiDeng	220cd1c2bc	reverseproxy: more comments about buffering and add new tests (#6778) ... Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-03-07 11:22:43 -07:00
Mohammed Al Sahaf	9283770f68	reverseproxy: ignore duplicate collector registration error (#6820) ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-02-04 10:55:30 +03:00
Mohammed Al Sahaf	904a0fa368	reverse_proxy: re-add healthy upstreams metric (#6806) ... * reverse_proxy: re-add healthy upstreams metric Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * lint Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2025-01-27 14:30:54 -07:00
Matthew Holt	e7da3b267b	reverseproxy: Via header (#6275)	2025-01-17 06:49:01 -07:00
Kévin Dunglas	1f35a8a402	fastcgi: improve parsePHPFastCGI docs (#6779)	2025-01-09 11:54:44 -07:00
WeidiDeng	1bd567d7ad	reverseproxy: buffer requests for fastcgi by default (#6759) ... * buffer requests for fastcgi by default * fix import cycle * fix the return value of bufferedBody * more comments about fastcgi buffering --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2025-01-02 11:18:25 -07:00
WeidiDeng	6790c0e38a	fastcgi: check for CONTENT_LENGTH when sending requests (#6661) ... * fastcgi: check for CONTENT_LENGTH when sending requests * order imports * use strconv.ParseUint instead of strconv.ParseInt Co-authored-by: Kévin Dunglas <kevin@dunglas.fr> --------- Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>	2024-12-18 00:22:12 +00:00
WeidiDeng	c864b82ae1	reverseproxy: Set Content-Length when body is fully buffered (#6638)	2024-12-17 23:36:13 +00:00
bt90	328fb614f0	reverseproxy: Only handle websocket protocol (#6740)	2024-12-11 11:17:05 -07:00
WeidiDeng	9c0c71e577	reverseproxy: Rewrite requests and responses for websocket over http2 (#6567) ... * reverse proxy: rewrite requests and responses for websocket over http2 * delete protocol pseudo-header * modify cloned requests * set request variable to track if it's a h2 websocket * use request bodu * rewrite request body * use WebSocket instead of Websocket in the headers * use logger check for zap loggers * fix lint	2024-12-06 13:23:27 -07:00
Kévin Dunglas	efd9251ad3	fileserver: Add first_exist_fallback strategy for try_files (#6699) ... * feat: add first_exist_or_fallback strategy for try_files * fix tests * linter	2024-12-03 05:44:49 -07:00
Francis Lavoie	b116dcea3d	caddyhttp: Add {?query} placeholder (#6714) ... * caddyhttp: Add `{prefixed_query}` placeholder * fastcgi: Preserve query during canonical redirect * Use orig_uri instead for the redirect, shorter Caddyfile shortcut	2024-12-02 08:06:38 -05:00