1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Commit graph

2164 commits

Author SHA1 Message Date
WeidiDeng
c6f2979986
caddyhttp: Close http3 server gracefully (#6213)
* close http3 server gracefully

* update server field

* update from upstream

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-15 21:28:20 -04:00
Marten Seemann
a211c656f1
chore: update quic-go to v0.48.0 (#6627) 2024-10-15 09:38:10 -04:00
WeidiDeng
48ce47f1d4
reverseproxy: Use correct cases for websocket related headers (#6621)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-10-11 09:02:23 +00:00
Francis Lavoie
ef4e0224a8
caddyfile: Fix comma edgecase in address parsing (#6616) 2024-10-10 20:26:59 +00:00
Mohammed Al Sahaf
c8a76d003f
docs: expand proxy protocol docs (#6620) 2024-10-10 16:21:26 -04:00
Mohammed Al Sahaf
dd5decabe7
tests: fix caddyfile adapt warnings (#6619)
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-10-10 13:38:49 -06:00
Francis Lavoie
d7564d632f
caddytls: Drop rate_limit and burst, has been deprecated (#6611) 2024-10-07 17:39:47 -04:00
Matthew Holt
88fd5f3491
caddyhttp: Use internal issuer for IPs when no APs configured
This fixes a regression in 2.8 where IP addresses
would be considered qualifying for public certs
by auto-HTTPS. The default issuers do not issue
IP certs at this time, so if no APs are explicitly
configured, we assign them to the internal
issuer. We have to add a couple lines of code because
CertMagic can no longer consider IPs as not
qualifying for public certs, since there are public CAs
that issue IP certs. This edge case is specific to Caddy's
auto-HTTPS.

Without this patch, Caddy will try using Let's Encrypt
or ZeroSSL's ACME endpoint to get IP certs, neither
of which support that.
2024-10-04 10:23:30 -06:00
Matthew Holt
2ae58ac13e
go.mod: Upgrade some dependencies 2024-10-02 16:00:48 -06:00
Mohammed Al Sahaf
01be1b54a8
ci: install xcaddy to fix release flow (#6602) 2024-10-02 16:12:29 +00:00
Mohammed Al Sahaf
41f5dd56e1
metrics: scope metrics to active config, add optional per-host metrics (#6531)
* Add per host config

* Pass host label when option is enabled

* Test per host enabled

* metrics: scope metrics per loaded config

* doc and linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* inject the custom registry into the admin handler

Co-Authored-By: Dave Henderson <dhenderson@gmail.com>

* remove `TODO` comment

* fixes

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* refactor to delay metrics admin handler provision

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Hussam Almarzooq <me@hussam.io>
Co-authored-by: Dave Henderson <dhenderson@gmail.com>
2024-10-02 08:23:26 -06:00
Francis Lavoie
16724842d9
caddyhttp: Implement auto_https prefer_wildcard option (#6146)
* Allow specifying multiple `auto_https` options

* Implement `auto_https prefer_wildcard` option

* Adapt tests, add mock DNS module for config testing

* Rebase fix
2024-10-02 07:31:58 -06:00
Francis Lavoie
792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add vars and vars_regexp (#6594)
* caddyhttp: Escaping placeholders in CEL

* Simplify some of the test cases

* Implement vars and vars_regexp in CEL

* dupl lint is dumb

* Better consts for the placeholder CEL shortcut

* Bump CEL version, register a few extensions

* Refactor s390x test script for readability

* Add retries for s390x to smooth over flakiness

* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-02 06:34:04 -06:00
Matt Holt
c8adb1b553
cmd: Better error handling when reloading (#6601)
* caddyhttp: Limit auto-HTTPS error logs to 100 domains

* Improve error message and increase error size limit
2024-10-01 20:31:30 -06:00
Matt Holt
9b4acc2449
caddytls: Support new tls.context module (#6369)
* caddytls: Support new tls.context module

This allows modules to manipulate the context passed into CertMagic's GetCertificate function, which can be useful for tracing/metrics, or other
custom logic.

This is experimental and may resolve the request of a sponsor, so we'll see how it goes!

* Derpy derp
2024-10-01 17:18:17 -06:00
WeidiDeng
f3aead0e4d
http: ReponseWriter prefer ReadFrom if available (#6565)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-10-01 11:19:03 -06:00
Francis Lavoie
571f88d86f
chore: Adjust incorrect reverse_proxy Caddyfile comment (#6598) 2024-10-01 10:56:30 -06:00
Aaron Paterson
0e829bc418
caddyhttp: Fix listener wrapper regression from #6573 (#6599) 2024-10-01 01:47:21 -04:00
Aaron Paterson
4b1a9b6cc1
core: Implement socket activation listeners (#6573)
* caddy adapt for listen_protocols

* adapt listen_socket

* allow multiple listen sockets for port ranges and readd socket fd listen logic

* readd logic to start servers according to listener protocols

* gofmt

* adapt caddytest

* gosec

* fmt and rename listen to listenWithSocket

* fmt and rename listen to listenWithSocket

* more consistent error msg

* non unix listenReusableWithSocketFile

* remove unused func

* doc comment typo

* nonosec

* commit

* doc comments

* more doc comments

* comment was misleading, cardinality did not change

* addressesWithProtocols

* update test

* fd/ and fdgram/

* rm addr

* actually write...

* i guess we doin' "skip": now

* wrong var in placeholder

* wrong var in placeholder II

* update param name in comment

* dont save nil file pointers

* windows

* key -> parsedKey

* osx

* multiple default_bind with protocols

* check for h1 and h2 listener netw
2024-09-30 10:55:03 -06:00
Mohammed Al Sahaf
1a345b4fa6
doc: remove docs of deprecated directives (#6566)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-09-29 09:12:52 +00:00
Alexander Stecher
22c98ea165
caddyhttp: Optimize logs using zap's WithLazy() (#6590)
* uses zap's .WithLazy with a cloned request

* fixes the cloning

* adds comment explaining why cloning is faster
2024-09-26 12:23:12 -06:00
Francis Lavoie
2faeac0a10
chore: Use slices package where possible (#6585)
* chore: Use slices package where possible

* More, mostly using ContainsFunc

* Even more slice operations
2024-09-25 14:30:56 -06:00
Francis Lavoie
9dda8fbf84
caddytls: Give a better error message when given encrypted private keys (#6591) 2024-09-25 06:00:48 -06:00
Marten Seemann
ff67b97126
caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) 2024-09-21 05:47:18 +02:00
Marten Seemann
5b44d6cea8
update quic-go to v0.47.0 (#6582) 2024-09-20 17:00:13 -04:00
Mohammed Al Sahaf
6ab9fb6f74
ci: update the linter action version (#6575)
* ci: update the linter action version

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* exclude rule `G115`; disable deprecated linter

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-09-16 07:50:26 -06:00
Kévin Dunglas
f4bf4e0097
perf: use zap's Check() to prevent useless allocs (#6560)
* perf: use zap's Check() to prevent useless allocs

* fix

* fix

* fix

* fix

* restore previous replacer behavior

* fix linter
2024-09-13 11:16:37 -06:00
mister-turtle
21f9c20a04
rewrite: Avoid panic on bad arg count for uri (#6571) 2024-09-13 03:22:03 -04:00
vnxme
2d12fb7ac6
caddytls: Add sni_regexp matcher (#6569) 2024-09-11 20:51:59 -06:00
Jesper Brix Rosenkilde
91e62db666
caddyhttp: Make route provisioning idempotent (#6558)
ref: https://github.com/caddyserver/caddy/issues/6551
2024-09-03 11:57:55 -06:00
Steffen Busch
c050a37e1c
reverse_proxy: add placeholder http.reverse_proxy.retries (#6553)
* Add placeholder http.reverse_proxy.lb.retries

* Renamed placeholder to http.reverse_proxy.retries
2024-08-30 11:53:56 -06:00
lollipopkit🏳️‍⚧️
5c47c2f147
fileserver: browse: Configurable default sort (#6502)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options

* fileserver: move `sort` to `browse`

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-08-30 09:01:37 -06:00
Alexander Stecher
ffd28be90a
rewrite: Only serialize request if necessary (#6541)
* Prevents serializing the caddy request if log level is not debug.

* Extracts message to const.
2024-08-30 08:46:51 -06:00
WeidiDeng
141c785420
ci: prepare syso files for windows embedding in release (#6406)
* prepare syso files for windows embedding

* don't specify main so version info will be embedded correctly

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-29 20:11:25 +00:00
Bas Westerbaan
dcbf38d0b3
tls: use Go default kex for the moment that include PQC (#6542)
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.

A consequence of this is that by default Caddy will enable support
for P-384 and P-521.

This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.

Cf #6540
2024-08-27 17:08:16 -06:00
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 (#6526)
* chore: build and test with Go 1.23

* ci: bump golangci-lint to v1.60

* fix: make properly wrap errors

* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
4ade967005
reverseproxy: allow user to define source address (#6504)
* reverseproxy: allow user to define source address

Closes #6503

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reverse_proxy: caddyfile support for local_address

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 19:52:05 +00:00
Mohammed Al Sahaf
8af646730b
caddyhttp: run error (msg) through replacer (#6536)
* error: run `error` (msg) through replacer

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* fix integration test

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-22 11:32:44 -06:00
Cuckoo Chickoo
098897bdea
chore: Fix a typo (#6534)
Fixes Typo in Docs
2024-08-22 13:15:58 +03:00
a
8ccfedf2bb
cmd: Use a factory to create the caddy root command (#6533)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-08-22 03:29:42 +00:00
Jens-Uwe Mager
2bb2ecc549
reverseproxy: Change errors writing the response to warning. (#6532)
Most of the errors that can be seen here are write errors due to clients
aborting the request from their side. Often seen ones include:

	* writing: ... write: broken pipe
	* writing: ... connection timed out
	* writing: http2: stream closed
	* writing: timeout...
	* writing: h3 error...

Most of these errors are beyond of the control of caddy on the client side,
probably nothing can be done on the server side. It still warrants
researching when these errors occur very often, so a change in level from
error to warn is better here to not polute the logs with errors in the
normal case.
2024-08-21 11:39:20 -06:00
Jesper Brix Rosenkilde
54a0c8f948
reverseproxy: Active health checks request body option (#6520)
* Add an option to specify the body used for active health checks

* Replacer on request body
2024-08-19 10:55:55 -06:00
Mohammed Al Sahaf
043fe41ab8
ci: don't exit early on error in remote CI machine (#6519) 2024-08-18 12:54:12 +03:00
WeidiDeng
9ddb78fadc
cmd: ignore exec.ErrDot when starting caddy in background (#6512)
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-08-12 20:26:20 -06:00
vnxme
3a48b03369
Move PrivateRangesCIDR() back: add a pass-through function (#6514) 2024-08-12 05:47:05 -04:00
vnxme
7cf8376e63
matchers: fix a regression in #6480 (#6510)
The context may have no replacer
2024-08-12 10:01:09 +03:00
WeidiDeng
21af88fefc
reverseproxy: Disable keep alive for h2c requests (#6343) 2024-08-08 06:53:30 -06:00
WeidiDeng
52bad45181
go.mod: update update golang/x/net (#6500) 2024-08-08 01:52:50 +00:00
Steffen Busch
b85b6c6469
replacer: {file.*} global placeholder strips trailing newline (#6411)
Co-authored-by: Kanashimia <chad@redpilled.dev>
2024-08-07 19:39:15 +00:00
vnxme
59cbb2c83a
caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* Runtime placeholders for caddytls matchers (1/3):

- remove IPs validation in UnmarshalCaddyfile

* Runtime placeholders for caddytls matchers (2/3):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddytls matchers (3/3):

- add placeholder replacement for other strings

* Runtime placeholders for caddyhttp matchers (1/1):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddyhttp/caddytls matchers:

- move PrivateRandesCIDR under internal
2024-08-07 11:02:23 -06:00