1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Commit graph

2070 commits

Author SHA1 Message Date
vnxme
3a48b03369
Move PrivateRangesCIDR() back: add a pass-through function (#6514) 2024-08-12 05:47:05 -04:00
vnxme
7cf8376e63
matchers: fix a regression in #6480 (#6510)
The context may have no replacer
2024-08-12 10:01:09 +03:00
WeidiDeng
21af88fefc
reverseproxy: Disable keep alive for h2c requests (#6343) 2024-08-08 06:53:30 -06:00
WeidiDeng
52bad45181
go.mod: update update golang/x/net (#6500) 2024-08-08 01:52:50 +00:00
Steffen Busch
b85b6c6469
replacer: {file.*} global placeholder strips trailing newline (#6411)
Co-authored-by: Kanashimia <chad@redpilled.dev>
2024-08-07 19:39:15 +00:00
vnxme
59cbb2c83a
caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* Runtime placeholders for caddytls matchers (1/3):

- remove IPs validation in UnmarshalCaddyfile

* Runtime placeholders for caddytls matchers (2/3):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddytls matchers (3/3):

- add placeholder replacement for other strings

* Runtime placeholders for caddyhttp matchers (1/1):

- add placeholder replacement for IPs in Provision

* Runtime placeholders for caddyhttp/caddytls matchers:

- move PrivateRandesCIDR under internal
2024-08-07 11:02:23 -06:00
WeidiDeng
a8b0dfa8da
go.mod: update quic-go package (#6498) 2024-08-06 22:08:32 -06:00
lollipopkit🏳️‍⚧️
b198678174
browse: Customizable default sort options (#6468)
* fileserver: add `sort` options

* fix: test

* fileserver: check options in `Provison`

* fileserver: more obvious err alerts in sort options
2024-08-05 08:27:45 -06:00
Prakhar Awasthi
840094ac65
proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support

* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
2024-08-03 19:51:50 +03:00
WeidiDeng
976469ca0d
encode: flush already compressed data from the encoder (#6471) 2024-07-27 17:46:56 -06:00
Mohammed Al Sahaf
9cc26ee7bf
chore: update golangci config (#6479)
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-07-27 17:20:09 -06:00
vnxme
3579815a6c
caddytls: Caddyfile support for TLS conn and cert sel policies (#6462)
* Caddyfile support for TLS custom certificate selection policy

* Caddyfile support for TLS connection policy
2024-07-24 11:01:06 -06:00
vnxme
61fe152c60
caddytls: Caddyfile support for TLS handshake matchers (#6461)
* Caddyfile support for TLS handshake matchers:

- caddytls.MatchLocalIP
- caddytls.MatchRemoteIP
- caddytls.MatchServerName

* Caddyfile support for TLS handshake matchers:

- fix imports order

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-24 09:26:09 -06:00
June 🍓🦴
3afa02ba4e
ci: correct -tags nobadger on binary build (#6470) 2024-07-22 23:37:44 +00:00
Matthew Holt
806f5b1117
reverseproxy: Fix panic when using header-related flags (fix #6464) 2024-07-18 21:31:07 -06:00
schultzie
b2492f8567
reverseproxy: add health_upstream subdirective (#6451)
* Add health_upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add health_upstream to caddyfile parsing

* Add Active Upstream case for health checks

* Update ignore health port comment

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update Upstream json doc

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Update modules/caddyhttp/reverseproxy/healthchecks.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Use error rather than log for health_port override

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

* Add comment about port being ignore if using upstream

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>

---------

Signed-off-by: Dylan Schultz <9121234+dylanschultzie@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-15 17:00:12 +00:00
Jesper Brix Rosenkilde
07c863637d
reverseproxy: Caddyfile support for health_method (#6454)
* Add Caddyfile support of setting active health check request method

* Add integration test for active health check request method
2024-07-12 17:01:58 -04:00
Jesper Brix Rosenkilde
dc2a5d5c52
reverseproxy: Configurable method for active health checks (#6453)
* Add option to set which HTTP method to use for active health checks

* Default Method to GET if not set
2024-07-11 09:24:13 -04:00
schultzie
4943a4fc52
reverseproxy: Add placeholder for networkAddr in active health check headers (#6450)
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-07-09 18:08:25 +00:00
Aziz Rmadi
630c62b313
fixed bug in resolving ip version in dynamic upstreams (#6448) 2024-07-09 03:06:30 -04:00
Francis Lavoie
9338741ca7
browse: Exclude symlink target size from total, show arrow on size (#6412)
* fileserver: Exclude symlink target size from total, show arrow on size

* Keep both totals

* Linter doesn't like my spelling :(

* Stop parallelizing tests for now

* Update modules/caddyhttp/fileserver/browse.html

* Minor renamings

---------

Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2024-07-07 07:01:07 -06:00
Steffen Busch
88c7e53da5
browse: fix Content-Security-Policy warnings in Firefox (#6443)
* Remove 'strict-dynamic' + block-all-mixed-content

* CSP: remove 'unsafe-inline' from script-src
2024-07-07 06:56:47 -06:00
Steffen Busch
4ef360745d
browse: add Content-Security-Policy w/ nonce (#6425)
* browse: add Content-Security-Policy w/ nonce

* Add backward-compat values to script-src

* Remove dummy "#" href from layout anchors
2024-07-06 10:46:08 -06:00
Francis Lavoie
7142d7c1e4
reverseproxy: Add placeholder for host in active health check headers (#6440) 2024-07-06 10:43:19 -06:00
Matt Holt
c3fb5f4d3f
caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying (#6427)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying

See RFC 8470: https://httpwg.org/specs/rfc8470.html

Thanks to Michael Wedl (@MWedl)  at the University of Applied Sciences St. Poelten for reporting this.

* Don't return value for {remote} placeholder in early data

* Add Caddyfile support
2024-07-05 10:46:20 -06:00
Kévin Dunglas
15d986e1c9
encode: Don't compress already-compressed fonts (#6432)
* fix: don't compress already compressed fonts

* fix: remove WOFF
2024-07-04 14:57:13 -06:00
klaxa
f350e001b6
reverseproxy: Only log host is up status on change (fixes #6415) (#6419) 2024-07-03 19:05:52 +00:00
Kévin Dunglas
0287009ee5
intercept: fix http.intercept.header.* placeholder (#6429) 2024-07-03 08:43:13 -06:00
Matthew Holt
f8861ca16b
reverseproxy: Wire up TLS options for H3 transport 2024-06-28 12:15:41 -06:00
Aziz Rmadi
c2ccf8690f
fileserver: Remove newline characters from precomputed etags (#6394)
* Removed newline characters from precomputed etags

* Update modules/caddyhttp/fileserver/staticfiles.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-06-19 13:27:10 +00:00
Matthew Holt
99dcdf7e42 caddyhttp: Convert IDNs to ASCII when provisioning Host matcher 2024-06-18 14:44:05 -06:00
Jason Yuan
fab6375a8b
reverseproxy: add Max-Age option to sticky cookie (#6398)
* reverseproxy: add Max-Age option to sticky cookie

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Update selectionpolicies.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2024-06-15 07:50:31 -06:00
a
aca4002fd8
caddyfile: Pass blocks to import for snippets (#6130)
* a

* a

* a

* a

* a

* a
2024-06-14 11:27:51 -06:00
Ririsoft
8e0d3e1ec5
logging: set file mode when the file already exist (#6391)
101d3e7 introduced a configuration option to set the log file mode.
This option was not taken into account if the file already exists,
making users having to delete their logs to have new logs created
with the right mode.
2024-06-12 15:17:46 -06:00
Omar Ramadan
d85cc2ec10
logging: Customizable zap cores (#6381) 2024-06-10 09:03:24 -06:00
Will Norris
04fb9fe87f
go.mod: update tscert package (#6384)
The latest tscert allows callers to provide a custom http.Transport for
calling Tailscale's local API.

Updates tailscale/caddy-tailscale#66
2024-06-10 07:28:30 -06:00
Ririsoft
0bc27e5fb1
logging: fix file mode configuration parsing (#6383)
Commit 101d3e7 introduced file mode setting,
but was missing a JSON Marshaller so that
CaddyFile can be converted to JSON safely.
2024-06-08 11:34:18 -06:00
Andreas Kohn
9be4f194e0
caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380) 2024-06-07 07:25:36 -06:00
Andreas Kohn
a10117f8bd
core: Split run into a public ProvisionContext and a private method (#6378)
* Split `run` into a public `BuildContext` and a private part

`BuildContext` can be used to set up a caddy context from a config, but not start any listeners
or active components: The returned context has the configured apps provisioned, but otherwise is
inert.

This is EXPERIMENTAL: Minimally it's missing documentation and the example for how this can be
used to run unit tests.

* Use the config from the context

The config passed into `BuildContext` can be nil, in which case `BuildContext` will just make one
up that works. In either case that will end up in the finished context.

* Rename `BuildContext` to `ProvisionContext` to better match the function

* Hide the `replaceAdminServer` parts

The admin server is a global thing, and in the envisioned use case for `ProvisionContext`
shouldn't actually exist. Hide this detail in a private `provisionContext` instead, and
only expose it publicly with `replaceAdminServer` set to `false`.

This should reduce foot-shooting potential further; in addition the documentation comment
now clearly spells out that the exact interface and implementation details of `ProvisionContext`
are experimental and subject to change.
2024-06-06 14:36:06 -06:00
Ririsoft
101d3e7407
logging: Customize log file permissions (#6314)
Adding a "mode" option to overwrite the default logfile permissions.
Default remains "0600" which is the one currently used by lumberjack.
2024-06-06 08:33:34 -06:00
Matthew Holt
3f1add6c9f
events: Getters for event info (close #6377) 2024-06-06 07:11:28 -06:00
Mohammed Al Sahaf
5db2f81695
ci: add version key for .goreleaser.yml (#6376)
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-06-06 11:33:19 +03:00
Mohammed Al Sahaf
243351b2b1
cmd: remove zealous check of Caddyfile auto-detection (#6370)
* cmd: remove zealous check of Caddyfile auto-detection

* add test case

* remove redundant check, add comment

* one more case
2024-06-05 08:57:15 -06:00
Matt Holt
198f4385d2
caddyhttp: Add test cases to corpus (#6374)
* caddyhttp: Add test case to corpus

* One more test case

* Clean up stray comment

* More tests
2024-06-04 14:23:55 -06:00
Andreas Kohn
e7ecc7ede2
Make it possible to configure the DisableStorageCheck setting for certmagic (#6368)
See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
2024-06-04 07:00:15 -06:00
Mohammed Al Sahaf
7088605cc1
cmd: fix regression in auto-detect of Caddyfile (#6362)
* cmd: fix regression in auto-detect of Caddyfile

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* fix typo

Co-authored-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

* add tests

* address review comments

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2024-06-02 11:40:56 +00:00
Mohammed Al Sahaf
15faeacb60
cmd: fix auto-detetction of .caddyfile extension (#6356)
* cmd: fix auto-detetction of .caddyfile extension

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* move conditions around and add clarifying comment

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* reject ambiguous config file name

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2024-06-02 03:49:38 +00:00
Will Norris
f8a2c60297
caddyhttp: properly sanitize requests for root path (#6360)
SanitizePathJoin protects against directory traversal attacks by
checking for requests whose URL path look like they are trying to
request something other than a local file, and returns the root
directory in those cases.

The method is also careful to ensure that requests which contain a
trailing slash include a trailing slash in the returned value.  However,
for requests that contain only a slash (requests for the root path), the
IsLocal check returns early before the matching trailing slash is
re-added.

This change updates SanitizePathJoin to only perform the
filepath.IsLocal check if the cleaned request URL path is non-empty.

---

This change also updates the existing SanitizePathJoin tests to use
filepath.FromSlash rather than filepath.Join. This makes the expected
value a little easier to read, but also has the advantage of not being
processed by filepath.Clean like filepath.Join is. This means that the
exact expect value will be compared, not the result of first cleaning
it.

Fixes #6352
2024-06-02 03:40:59 +00:00
Matthew Holt
01308b4bae
I'm so tired of typos 2024-06-01 20:43:35 -06:00
Matthew Holt
b7280e6949 caddytls: Implement certmagic.RenewalInfoGetter
Fixes ARI errors reported here:
https://caddy.community/t/error-in-logs-with-updating-ari-after-upgrading-to-caddy-v2-8-1/24320
2024-06-01 18:02:49 -06:00