Matthew Holt
bc9f944837
host matcher: Strip [ ] from IPv6 addresses
2019-09-18 09:45:21 -06:00
Matthew Holt
4c289fc6ad
Allow domain fronting with TLS client auth if explicitly configured
2019-09-17 23:13:21 -06:00
Matthew Holt
19f36667f7
tls: Clean up expired OCSP staples and certificates
2019-09-17 16:00:15 -06:00
Matt Holt
484cee1ac1
fastcgi: Implement / redirect for index.php with php_fastcgi directive ( #2754 )
...
* fastcgi: Implement / redirect for index.php with php_fastcgi directive
See #2752 and https://caddy.community/t/v2-redirect-path-to-path-index-php-with-assets/6196?u=matt
* caddyhttp: MatchNegate implements json.Marshaler
* fastcgi: Add /index.php element to try_files matcher
* fastcgi: Make /index.php redirect permanent
2019-09-17 15:16:17 -06:00
Matthew Holt
d030bfdae0
httpcaddyfile: static_response -> respond; minor cleanups
2019-09-16 11:04:18 -06:00
Matthew Holt
db4c73dd58
reverse_proxy: Close idle connections on module unload
2019-09-14 18:10:29 -06:00
Matthew Holt
f15f0d5839
Eliminate some TODOs
2019-09-14 18:05:45 -06:00
Matthew Holt
e73b117332
reverse_proxy: Ability to mutate headers; set upstream placeholders
2019-09-14 13:25:26 -06:00
Matthew Holt
2fd22139c6
headers: Ability to mutate request headers including http.Request.Host
...
Also a few bug fixes
2019-09-14 13:22:48 -06:00
Matthew Holt
2ab2d5bf9e
Forgot to commit caddyfile.go changes in last commit
2019-09-13 23:38:52 -06:00
Matthew Holt
c09e86fddc
headers: Add ability to replace substrings in header fields
...
This will probably be useful so the proxy can rewrite header values.
2019-09-13 16:24:51 -06:00
Matthew Holt
46aaf02371
encode: Fix bug where default status code was being written
...
for small responses.
See https://caddy.community/t/v2-permanent-redirect-prompt/6190?u=matt
2019-09-13 16:00:03 -06:00
Matthew Holt
839507e24e
http: Consider wildcards when evaluating automatic HTTPS
2019-09-13 11:46:58 -06:00
Matthew Holt
ed40a5dcab
tls: Do away with SetDefaults which did nothing useful
...
CertMagic uses the same defaults for us
2019-09-12 17:31:54 -06:00
Matthew Holt
7799554baa
go.mod: Use lego v3 and CertMagic 0.7.0
2019-09-12 17:31:10 -06:00
Matthew Holt
2cb01d43cf
tls: Remove support for TLS 1.0 and TLS 1.1
2019-09-11 22:26:06 -06:00
Matthew Holt
758269124e
reverseproxy: Fix host and port on requests; fix Caddyfile parser
2019-09-11 18:53:44 -06:00
Matthew Holt
b4dce74e59
tls: Use Let's Encrypt production endpoint
...
We're done testing this in staging
2019-09-11 18:52:07 -06:00
Matthew Holt
fe389fcbd7
http: Set Alt-Svc header if experimental HTTP3 server is enabled
2019-09-11 18:49:21 -06:00
Matthew Holt
005a11cf4b
headers: New 'request_header' directive; handle Host header specially
...
Before this change, only response headers could be manipulated with the
Caddyfile's 'header' directive.
Also handle the request Host header specially, since the Go standard
library treats it separately from the other header fields...
2019-09-11 18:48:37 -06:00
Matthew Holt
194df652eb
reverseproxy: Add 'tls' option to enable HTTPS with HTTP transport
2019-09-11 18:46:32 -06:00
Matthew Holt
2459c292a4
caddyfile: Improve Dispenser.NextBlock() to support nesting
2019-09-10 19:21:52 -06:00
Matthew Holt
0cf592fa2e
New 'php_fastcgi' directive for convenient PHP+FastCGI reverse proxy
2019-09-10 14:16:41 -06:00
Matthew Holt
d9136fb0a0
rewrite: Caddyfile directive should always invoke a rehandle
...
This is unless each route's matcher is dynamically executed after
previous handlers...
2019-09-10 14:13:52 -06:00
Matthew Holt
c32b7e8865
fastcgi: Make EnvVars a map instead of a slice
2019-09-10 14:12:51 -06:00
Matthew Holt
1ce10b453f
Require Go 1.13; use Go 1.13's default support for TLS 1.3
2019-09-10 13:11:27 -06:00
Matt Holt
0c8ad52be1
Experimental IETF-standard HTTP/3 support (known issue exists) ( #2727 )
...
* Begin WIP integration of HTTP/3 support
* http3: Set actual Handler, make fakeClosePacketConn type for UDP sockets
Also use latest quic-go for ALPN fix
* Manually keep track of and close HTTP/3 listeners
* Update quic-go after working through some http3 bugs
* Fix go mod
* Make http3 optional for now
2019-09-10 08:03:37 -06:00
Matthew Holt
d67d8cf5a8
Fix build (sigh)
2019-09-10 07:15:36 -06:00
Matt Holt
44b7ce9850
Merge pull request #2737 from caddyserver/fastcgi (reverse proxy!)
...
v2: Refactor reverse proxy and add FastCGI support
2019-09-09 21:46:21 -06:00
Matthew Holt
b4f4fcd437
Migrate some selection policy tests over to v2
2019-09-09 21:44:58 -06:00
Matthew Holt
50e62d06bc
reverse_proxy: Caddyfile integration (and fix blocks in Dispenser)
2019-09-09 12:23:27 -06:00
Matthew Holt
9169cd43d4
Log when auto HTTPS or auto HTTP->HTTPS redirects are disabled
2019-09-09 08:25:48 -06:00
Matthew Holt
e12c62e60b
file_server: Enforce URL canonicalization ( closes #2741 )
2019-09-09 08:21:45 -06:00
Ingo Gottwald
3e9e7555ef
Fix build ( #2740 )
...
Build was broken with commit 50961ec
.
2019-09-07 14:25:04 -06:00
Matthew Holt
f6126acf37
Header matchers: allow matching presence of header with empty list
2019-09-06 14:25:16 -06:00
Matthew Holt
97ace2a39e
File matcher enforces trailing-slash convention to match dirs/files
2019-09-06 13:32:02 -06:00
Matthew Holt
4bd9496525
Fix Schrodinger's file existence check in file matcher
...
See: https://stackoverflow.com/a/12518877/1048862
For example, trying to check the existence of "/www/index.php/index.php"
fails but not with an os.IsNotExist()-type error. So we have to assume
that a file that cannot be successfully stat'ed at all does not exist.
2019-09-06 12:57:12 -06:00
Matthew Holt
14f9662f9c
Various fixes/tweaks to HTTP placeholder variables and file matching
...
- Rename http.var.* -> http.vars.* to be more consistent
- Prefixing a path matcher with * now invokes simple suffix matching
- Handlers and matchers that need a root path default to {http.vars.root}
- Clean replacer output on the file matcher's file selection suffix
2019-09-06 12:36:45 -06:00
Matthew Holt
21d7b662e7
fastcgi: Use request context as base, not a new one
2019-09-06 12:02:11 -06:00
Matthew Holt
d2e46c2be0
fastcgi: Set default root path; add interface guards
2019-09-05 13:42:20 -06:00
Matthew Holt
80b54f3b9d
Add original URI to request context; implement into fastcgi env
2019-09-05 13:36:42 -06:00
Matthew Holt
0830fbad03
Reconcile upstream dial addresses and request host/URL information
...
My goodness that was complicated
Blessed be request.Context
Sort of
2019-09-05 13:14:39 -06:00
Matthew Holt
a60d54dbfd
reverse_proxy: Ignore context.Canceled errors
...
These happen when downstream clients cancel the request, but that's not
our problem nor a failure in our end
2019-09-03 19:10:09 -06:00
Matthew Holt
acb8f0e0c2
Integrate circuit breaker modules with reverse proxy
2019-09-03 19:06:54 -06:00
Matthew Holt
652460e03e
Some cleanup and godoc
2019-09-03 16:56:09 -06:00
Matthew Holt
4a1e1649bc
reverse_proxy: Implement remaining TLS config for proxy to backend
2019-09-03 15:26:09 -06:00
Matthew Holt
ccfb12347b
reverse_proxy: Implement active health checks
2019-09-03 12:10:11 -06:00
Alexandre Stein
50961ecc77
Initial implementation of TLS client authentication ( #2731 )
...
* Add support for client TLS authentication
Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com>
* make and use client authentication struct
* force StrictSNIHost if TLSConnPolicies is not empty
* Implement leafs verification
* Fixes issue when using multiple verification
* applies the comments from maintainers
* Apply comment
* Refactor/cleanup initial TLS client auth implementation
2019-09-03 09:35:36 -06:00
Matthew Holt
026df7c5cb
reverse_proxy: WIP refactor and support for FastCGI
2019-09-02 22:01:02 -06:00
Matthew Holt
d242f10eda
Add query_string to HTTP replacer and use it for try_files
2019-08-27 14:38:24 -06:00