1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Commit graph

866 commits

Author SHA1 Message Date
Matthew Holt
8e42661060
caddytls: Finish upgrading to libdns DNS providers for ACME challenges
Until we finish the migration to the new acme library, we have to bring
the solver type in-house. It's small and temporary.
2020-05-02 17:23:36 -06:00
Matthew Holt
86a4f2c9f4
caddytls: Fix namespace tls.dns -> dns.providers
Coulda sworn I did this already but I think I messed up my git commands
2020-05-02 16:28:10 -06:00
Matthew Holt
a507a5bbc7 reverseproxy: Remove circuitbreaker module (see #3331)
Moving to https://github.com/caddyserver/circuitbreaker

Nobody was using it anyway -- it works well, but something got fumbled
in a refactoring *months* ago. Turns out that we forgot the interface
guards AND botched a method name (my bad) - Ok() should have been OK().
So it would always have thrown a runtime panic if it tried to be loaded.
The module itself works well, but obviously nobody used it because
nobody reported the error. Fixing this while we move it to the new repo.

Removing this removes the last Bazaar/Launchpad dependency (I think).
2020-05-01 19:47:46 -06:00
Mark Sargent
d0770dbbb3
expose caddytest timeouts (#3329) 2020-05-02 10:24:35 +12:00
Matthew Holt
a77bd1d887
httpcaddyfile: Update tls parsing for DNS providers 2020-05-01 10:41:08 -06:00
Matthew Holt
bca610fbde
httpcaddyfile: Minor fixes to parsing storage options 2020-05-01 09:34:32 -06:00
Matthew Holt
1fa8c185a8
go.mod: Remove DNSProviderMaker interface; update to lego 3.6 2020-04-30 18:17:39 -06:00
Matthew Holt
a1796c2f14
caddytls: Adjust DNS challenge structure; clarify some docs 2020-04-30 16:15:20 -06:00
Matthew Holt
f931c26f68
caddyhttp: Better duration logging
Also un-nest all the error handling, that was unnecessary indentation
2020-04-28 15:38:45 -06:00
Matt Holt
10db57027d
caddyhttp: General improvements to access logging (#3301)
* httpcaddyfile: Exclude access logs written to files from default log

Even though any logs can just be ignored, most users don't seem to like
configuring an access log to go to a file only to have it doubly appear
in the default log.

Related to:
- #3294
- https://caddy.community/t/v2-logging-format/7642/4?u=matt
- https://caddy.community/t/caddyfile-questions/7651/3?u=matt

* caddyhttp: General improvements to access log controls (fixes #3310)

* caddyhttp: Move log config nil check higher

* Rename LoggerName -> DefaultLoggerName
2020-04-28 08:32:04 -06:00
Matthew Holt
c11d0e47a3
cmd: Clean up, simplify reverse proxy command; fix some edge cases
Now we take advantage of the address parsing capabilities of the HTTP
caddyfile.
2020-04-27 15:53:38 -06:00
Matthew Holt
9770ce7c9f Minor comment fix 2020-04-27 14:49:27 -06:00
Francis Lavoie
5ae1a5617c
caddyhttp: Add split_path to file matcher (used by php_fastcgi) (#3302)
* matcher: Add `split_path` option to file matcher; used in php_fastcgi

* matcher: Skip try_files split if not the final part of the filename

* matcher: Add MatchFile tests

* matcher: Clarify SplitPath godoc
2020-04-27 14:46:46 -06:00
Matthew Holt
83c85c53f5
caddyhttp: Fix listener overlap detection on Linux
Sigh, apparently Linux is incapable of distinguishing host interfaces
in socket addresses, even though it works fine on Mac. I suppose we just
have to assume that any listeners with the same port are the same
address, completely ignoring the host interface on Linux... oh well.
2020-04-26 22:28:49 -06:00
Francis Lavoie
768383a610
ci: Enable GoReleaser .deb support (#3309)
* ci: Enable GoReleaser .deb support

* ci: Test .deb build

* ci: Fix typo

* ci: Turn off snapshot (breaks due to go mod edit)

* ci: Force the tag to rc3 for now

* ci: Let's try to publish the .debs

* ci: Attempt to enable build cache, rebuild after fixed line endings

* ci: Fix yml dupe ID issue, add caddy-api.service

* ci: Split cache keys between files so they're separate

* ci: Fix bindir

* ci: Update the script files

* ci: Retrigger

* ci: Push to gemfury

* ci: Use loop, fix bad env var

* ci: Retrigger

* ci: Try to force blank password?

* ci: Check if the token is actually present

* ci: Cleanup, remove debugging stuff

* ci: Remove useless comment
2020-04-26 20:20:14 -06:00
Mark Sargent
570d84f7d3
refactored caddytest helpers (#3285)
* refactored caddytest helpers
* added cookie jar support. Added support for more http verbs
2020-04-27 13:23:46 +12:00
Christoffer Andersson
a6761153cb
Fix misspelling in onDemandAskRequest error (#3308) 2020-04-25 10:34:56 -06:00
Matthew Holt
02845bc9fd
docs: Improve template documentation slightly; use const, not literal 2020-04-24 21:05:09 -06:00
Matthew Holt
97ed9e111d
httpcaddyfile: Add nil check to prevent panic, fix validation logic
Panic would happen if an automation policy was specified in a singular
server block that had no hostnames in its address. Definitely an edge
case.

Fixed a bug related to checking for server blocks with a host-less key
that tried to make an automation policy. Previously if you had only two
server blocks like ":443" and another one at ":80", the one at ":443"
could not create a TLS automation policy because it thought it would
interfere with TLS automation for the block at ":80", but obviously that
key doesn't enable TLS because it is on the HTTP port. So now we are a
little smarter and count only non-HTTP-empty-hostname keys.

Also fixed a bug so that a key like "https://:1234" is sure to have TLS
enabled by giving it a TLS connection policy. (Relaxed conditions
slightly; the previous conditions were too strict, requiring there to be
a TLS conn policy already or a default SNI to be non-empty.)

Also clarified a comment thanks to feedback from @Mohammed90
2020-04-24 20:57:51 -06:00
Matthew Holt
100d19e3af
dangit, of course I would bork my git commit 2020-04-24 17:48:33 -06:00
Matthew Holt
ebf07f853b
caddyhttp: Fix auto redirects for catch-all HTTPS sites
Prior logic was not setting up redirects for the case when domain names
are not known, but the server still clearly has TLS enabled.
2020-04-24 17:36:52 -06:00
Matthew Holt
1b061815b2
reverseproxy: Don't forget to provision embedded headers handler
https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt
2020-04-22 19:57:06 -06:00
Matthew Holt
026937fab5
caddyhttp: Fix trailers when recording responses (fixes #3236) 2020-04-22 11:10:13 -06:00
Matthew Holt
295604d6df
httpcaddyfile: Why was this code repeated?? 2020-04-22 09:20:39 -06:00
Francis Lavoie
bacf50a59e
caddyhttp: Fix common_log format's user ID placeholder (#3300) 2020-04-22 09:05:26 -06:00
westwin
da8686c4b9
reverseproxy: always set req.URL.Host with upstream (#3297) 2020-04-21 20:34:00 -06:00
Matthew Holt
e3a8f72f1c
docs: Minor improvements 2020-04-21 19:30:04 -06:00
Mohammed Al Sahaf
bae4f15fad
ci: fuzz: remove the fuzzer of the Caddyfile parser (#3288) 2020-04-20 15:21:19 -06:00
Francis Lavoie
0798459e44
readme: Fix broken links (#3283)
Credit to @kanagawa41 for spotting these!

Fixes #3282
2020-04-19 17:37:03 -06:00
Matthew Holt
f980170909
doc: Improve comment 2020-04-17 12:03:57 -06:00
Francis Lavoie
6963a72a63
ci: Cache the GOCACHE directory to speed up builds and tests (#3273)
* ci: Let's see if caching GOCACHE helps...

* ci: Use GOCACHE env instead (fixes windows), remove build -a

* ci: Hack to pull the GOCACHE env up to CI vars

* ci: Change cache key (mainly to wipe cache now)
2020-04-17 11:54:35 -06:00
Matt Holt
76bbb473a5
reverseproxy: Set X-Forwarded-Proto (closes #3275) (#3276) 2020-04-17 09:53:06 -06:00
Francis Lavoie
3c70950fa1
docs: Pull contributing document from v1 branch (#3270)
* docs: Pull contributing document from v1 branch

* Update .github/CONTRIBUTING.md

Co-Authored-By: Matt Holt <mholt@users.noreply.github.com>

* docs: [Responsible -> Coordinated] Disclosure

* docs: Link to the new security policy page

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-04-16 18:32:42 -06:00
Matthew Holt
7c171542ed
Add security policy 2020-04-16 17:20:03 -06:00
Matthew Holt
9a572635f5
admin: Close admin endpoint when shutting down (fixes #3269) 2020-04-16 12:34:28 -06:00
Matthew Holt
f5ccb904a3
admin: Disable host checking if wildcard interface is specified
To clarify, listening on wildcard interfaces is NOT the default and
should only be done under certain circumstances and when you know
what you're doing. Emits a warning in the log.

Fixes https://github.com/caddyserver/caddy-docker/issues/71
2020-04-16 11:41:32 -06:00
Matthew Holt
829e36d535
httpcaddyfile: Don't lowercase placeholder contents (fixes #3264) 2020-04-14 16:11:46 -06:00
Matthew Holt
2609a72893
go.mod: Update dependencies including CertMagic (fixes #3202) 2020-04-14 11:28:41 -06:00
Matthew Holt
ec456811bb
core: Don't return error on RegisterModule() and RegisterAdapter()
These functions are called at init-time, and their inputs are hard-coded
so there are no environmental or user factors that could make it fail
or succeed; the error return values are often ignored, and when they're
not, they are usually a fatal error anyway. To ensure that a programmer
mistake is not missed, we now panic instead.

Last breaking change 🤞
2020-04-13 09:48:54 -06:00
Matthew Holt
68cebb28d0
Fix some godocs 2020-04-11 09:01:40 -06:00
Matthew Holt
a3bdc22234
admin: Always enforce Host header checks
With a simple heuristic for loopback addresses, we can enable this by
default without adding unnecessary inconvenience.
2020-04-10 17:31:38 -06:00
Matthew Holt
d3383ced2a
Update link in readme 2020-04-10 09:19:03 -06:00
Matthew Holt
c024ae096d
tests: Clean up redundant type declarations 2020-04-10 08:48:21 -06:00
Matthew Holt
3bee569a8a
httpcaddyfile: Don't remove empty TLS conn policies (fix #3249)
Not sure why I thought that would be a good idea
2020-04-10 08:24:12 -06:00
Matthew Holt
999ab22b8c
caddyhttp: Add nil check (fixes #3248 and fixes #3250) 2020-04-10 08:12:42 -06:00
Matthew Holt
9991fdc495
Update readme 2020-04-10 08:10:35 -06:00
Matthew Holt
f29023bf8f
reverseproxy: Minor tweaks
We'll need that context in v2.1 when the transport can manage its own
client certificates; see #3198
2020-04-09 13:22:05 -06:00
Matthew Holt
85f5f47f31
caddytls: Don't initialize default internal issuer unless necessary
Otherwise, a password prompt can occur unnecessarily.
2020-04-09 13:09:48 -06:00
Matthew Holt
6e4132eb89
logging: Colorize output in all cases of stdout/stderr 2020-04-09 13:06:06 -06:00
Matt Holt
d89ad2fd5b
caddytls: Fix for TLS conn policy being applied to HTTP-only servers (#3243)
* httpcaddyfile: Don't add TLS policy to HTTP-only server (#3193, #3223)

* Account for HTTP port

* Add integration test written by @sarge
2020-04-09 12:39:05 -06:00