Matthew Holt
6db3615547
caddyhttp: Enable matching empty query string
...
Caddyfile syntax: query ""
Or a nil matcher in the JSON should also match an empty query string.
See https://caddy.community/t/v2-match-empty-query/8708?u=matt
2020-06-16 10:41:37 -06:00
Matthew Holt
32cafbb630
httpcaddyfile: Fix ordering of catch-all site blocks
...
Catch-alls should always go last. Normally this is the case, but we have
a special case for comparing one wildcard-host site block to another
non-wildcard host site block; and a catch-all site block is also a
non-wildcard host site block, so now we have to special-case the
catch-all site block. Sigh.
This could be reproduced with a Caddyfile that has two site blocks:
":80" and "*.example.com", in that order.
2020-06-16 10:02:06 -06:00
Francis Lavoie
003403ecbc
templates: Add support for dots to close yaml frontmatter ( #3498 )
...
* templates: Add support for dots to close yaml frontmatter
* templates: Fix regression in body output
2020-06-15 12:38:51 -06:00
Mohammed Al Sahaf
5b48f784ae
ci: don't run s390x tests on PRs of forks ( #3494 )
...
* ci: don't run s390x tests on PRs of forks
* ci: check if fork by matchinging name from event against name of repo
2020-06-12 19:51:04 +00:00
Chris Ortman
d84a5d8427
httpcaddyfile: New acme_eab
option ( #3492 )
...
* Adds global options for external account bindings
* Maybe other people use ctags too?
* Use nested block to configure external account
* go format files
* Restore acme_ca directive in test file
* Change Caddyfile config syntax for acme_eab
* Update test
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-12 13:37:56 -06:00
Mohammed Al Sahaf
7da32f493a
ci: skip s390x tests on forks ( #3493 )
2020-06-12 18:03:29 +00:00
Matthew Holt
cb0d9838cb
go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab)
2020-06-12 11:52:12 -06:00
Matthew Holt
d81a69ef16
Merge branch 'eab-fix'
2020-06-12 11:49:45 -06:00
Mohammed Al Sahaf
99dcc10f31
ci: add CI on s390x ( #3463 )
...
* ci: lay out foundation for s390x tests
* ci: uncomment the s390x test script & replace placeholders with real values
* ci: amend the s390x test job name to be more consistent with others
2020-06-12 17:11:46 +00:00
Wynn Wolf Arbor
fa4cdde7d8
fastcgi: Make sure splitPos handles empty SplitPath correctly ( #3491 )
...
In commit f2ce81c
, support for multiple path splitters was added. The
type of SplitPath changed from string to []string, and splitPos was
changed to loop through all values in SplitPath.
Before that commit, if SplitPath was empty, strings.Index returned 0 and
PATH_INFO was set correctly in buildEnv.
Currently, however, splitPos returns -1 for empty values of SplitPath,
behaving as if a split position could not be found at all. PATH_INFO is
then never set in buildEnv and remains empty.
Restore the old behaviour by explicitly checking whether SplitPath is
empty and returning 0 in splitPos.
Closes #3490
2020-06-12 10:07:59 -06:00
Matthew Holt
d55c3b31eb
caddyhttp: Add client cert SAN placeholders
2020-06-11 16:19:07 -06:00
Matthew Holt
6d03fb48f9
caddytls: Don't decode HMAC
...
https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt
2020-06-11 15:33:27 -06:00
Matthew Holt
b3bff13f7d
reverseproxy: Close websocket conn if req context cancels
...
This is a recent patch in the Go standard library
2020-06-11 15:25:26 -06:00
Francis Lavoie
7211101c52
ci: Fix gemfury upload condition, move triggers to publish event ( #3483 )
2020-06-08 12:21:20 -06:00
Mohammed Al Sahaf
90dba172cb
ci: fix an oopsie in the release script ( #3482 )
2020-06-08 11:10:28 -06:00
Matthew Holt
4b10ae5ce6
reverseproxy: Add Caddyfile support for ClientCertificateAutomate
2020-06-08 10:30:26 -06:00
NWHirschfeld
1dfb11486e
httpcaddyfile: Add client_auth options to tls directive ( #3335 )
...
* reading client certificate config from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update caddyconfig/httpcaddyfile/builtins.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* added adapt test for parsing client certificate configuration from Caddyfile
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844
Signed-off-by: NWHirschfeld <Niclas@NWHirschfeld.de>
* Update modules/caddytls/connpolicy.go
* Make review adjustments
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-05 12:19:36 -06:00
Matthew Holt
11a132d48b
caddytls: Configurable cache size limit
2020-06-05 11:14:39 -06:00
Matthew Holt
9dafa63933
go.mod: Update dependencies
2020-06-05 11:14:09 -06:00
Francis Lavoie
21c1da101c
ci: Disable publishing .deb on beta tags ( #3473 )
2020-06-05 10:23:15 -06:00
Matthew Holt
7a99835dab
reverseproxy: Enable changing only the status code ( close #2920 )
2020-06-04 12:06:38 -06:00
Matthew Holt
7b0962ba4d
caddyhttp: Default to error status if found in context
...
This is just a convenience if using a static_response handler in an
error route, by setting the default status code to the same one as
the error status.
2020-06-04 10:32:01 -06:00
Matthew Holt
2d1f7b9da8
caddyhttp: Auto-redirects from all bind addresses ( fix #3443 )
2020-06-03 10:56:26 -06:00
Matthew Holt
a285fe4129
caddypki: Add 'acme_server' Caddyfile directive
2020-06-03 09:59:36 -06:00
Matthew Holt
97e61c16a3
httpcaddyfile: Sort site blocks with wildcards last ( fix #3410 )
2020-06-03 09:35:13 -06:00
Matthew Holt
83551edf3e
cmd: Only stop admin server on signal if it exists ( fix #3470 )
2020-06-03 07:31:31 -06:00
Matthew Holt
e18c373064
caddytls: Actually use configured test CA
2020-06-02 11:13:44 -06:00
Matt Holt
9a7756c6e4
caddyauth: Cache basicauth results ( fixes #3462 ) ( #3465 )
...
Cache capacity is currently hard-coded at 1000 with random eviction.
It is enabled by default from Caddyfile configurations because I assume
this is the most common preference.
2020-06-01 23:56:47 -06:00
Francis Lavoie
fdf2a77feb
caddyfile: Add args on imports ( #3423 )
...
* caddyfile: Add support for args on imports
* caddyfile: Add more import args tests
2020-06-01 10:43:06 -06:00
Georges Haidar
a496308f6e
httpcaddyfile: Let modules add listener wrappers ( #3397 )
...
* httpcaddyfile: allow modules to customize listener wrappers
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* Update caddyconfig/httpcaddyfile/httptype.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-06-01 09:50:00 -06:00
Matthew Holt
d5d7fb5954
go.mod: Update dependencies
2020-06-01 09:31:08 -06:00
Matt Holt
996af0915d
cmd: Support admin endpoint on unix socket ( #3320 )
2020-05-29 14:21:55 -06:00
Matthew Holt
6c051cd27d
caddyconfig: Minor internal and godoc tweaks
2020-05-29 11:49:25 -06:00
Matt Holt
9415feca7c
logging: Net writer redials if write fails ( #3453 )
...
* logging: Net writer redials if write fails
https://caddy.community/t/v2-log-output-net-does-not-reconnect-after-lost-connection/8386?u=matt
* Only replace connection if redial succeeds
* Fix error handling
2020-05-28 10:40:14 -06:00
Matthew Holt
881b826fb5
reverseproxy: Pool copy buffers (minor optimization)
2020-05-27 11:42:19 -06:00
Matthew Holt
538ddb8587
reverseproxy: Enable response interception ( #1447 , #2920 )
...
It's a raw, low-level implementation for now, but it's very flexible.
More sugar-coating can be added after error handling is more developed.
2020-05-27 10:17:45 -06:00
Francis Lavoie
69b5643130
chore: Fix typo in dispenser.go ( #3456 )
2020-05-27 08:13:57 -06:00
Matthew Holt
e5bbed1046
caddyhttp: Refactor header matching
...
This allows response matchers to benefit from the same matching logic
as the request header matchers (mainly prefix/suffix wildcards).
2020-05-26 17:35:27 -06:00
Matthew Holt
294910c68c
caddyhttp: Add client.public_key(_sha256) placeholders
2020-05-26 15:52:53 -06:00
Francis Lavoie
8c5d00b2bc
httpcaddyfile: New handle_path
directive ( #3281 )
...
* caddyconfig: WIP implementation of handle_path
* caddyconfig: Complete the implementation - h.NewRoute was key
* caddyconfig: Add handle_path integration test
* caddyhttp: Use the path matcher as-is, strip the trailing *, update test
2020-05-26 15:27:51 -06:00
Rui Lopes
aa20878887
cmd: file-server: add --access-log flag ( #3454 )
2020-05-26 15:04:04 -06:00
Francis Lavoie
c1e5c09294
reverseproxy: Improve error message when using scheme+placeholder ( #3393 )
...
* reverseproxy: Improve error message when using scheme+placeholder
* reverseproxy: Simplify error message
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-05-26 14:13:15 -06:00
Francis Lavoie
ffc125d6f5
caddyfile: Move NewTestDispenser into non-test file ( #3439 )
2020-05-26 13:45:22 -06:00
AndyBan
22055c5e0f
reverseproxy: Fix https active health checks #3450 ( #3451 )
2020-05-26 12:40:57 -06:00
Mohammed Al Sahaf
dfe802aed3
chore: forego the use of deprecated cel func NewIdent in favor of NewVar ( #3444 )
2020-05-25 03:59:38 +00:00
Mohammed Al Sahaf
7a365af5df
chore: simplify goreleaser flow, add bash completions to .deb ( #3436 )
2020-05-22 15:13:31 -04:00
Matthew Holt
0cbf467b3f
caddyhttp: Add time.now placeholder and update cel-go ( closes #2594 )
2020-05-21 18:19:01 -06:00
Francis Lavoie
bb67e19d7b
cmd: hash-password: Fix broken terminal state on SIGINT ( #3416 )
...
* caddyauth: Fix hash-password broken terminal state on SIGINT
* caddycmd: Move TrapSignals calls to only subcommands that run long
2020-05-21 13:09:49 -06:00
Matthew Holt
1dc4ec2d77
admin: Disallow websockets
...
No currently-known exploit here, just being conservative
2020-05-21 12:29:19 -06:00
Matt Holt
452d4726f7
Update SECURITY.md
2020-05-20 14:24:47 -06:00