* tls: modularize client authentication trusted CA
* add `omitempty` to `CARaw`
* docs
* initial caddyfile support
* revert anything related to leaf cert validation
The certs are used differently than the CA pool flow
* complete caddyfile unmarshalling implementation
* Caddyfile syntax documentation
* enhance caddyfile parsing and documentation
Apply suggestions from code review
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* add client_auth caddyfile tests
* add caddyfile unmarshalling tests
* fix and add missed adapt tests
* fix rebase issue
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
previously the `caddy respond` command would treat the argument
passed to --listen as a TCP socket address, iterating over a possible
port range.
this patch factors the server creation out into a separate function,
allowing this to be reused in case the listen address is a unix network
address.
* browse: Add total file size to directory listing
* Apply suggestion to remove "in "
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* templates: Offically make templates extensible
This supercedes #4757 (and #4568) by making template extensions
configurable.
The previous implementation was never documented AFAIK and had only
1 consumer, which I'll notify as a courtesy.
* templates: Add 'maybe' function for optional components
* Try to fix lint error
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.
Fixes#5911
Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
* core: quic listener will manage the underlying socket by itself.
* format code
* rename sharedQUICTLSConfig to sharedQUICState, and it will now manage the number of active requests
* add comment
* strict unwrap type
* fix unwrap
* remove comment
* Browse.html: Add canonical URL and home-link
When contents are equal, but maybe just a sort order is different, it is good to add `<link rel="canonical" href="base-path/" />`. This helps search engines propeely index the page.
I also added a link to the home page with the name of `{{.Host}}` just above the bread crumbs to make the page clearer.
https://paste.tnonline.net/files/28Wun5CQZiqA_Screenshot_20231007_134435_Opera.png
* Update browse.html
* reverseproxy: Add more debug logs
This makes debug logging very noisy when reverse proxying, but I guess
that's the point.
This has shown to be useful in troubleshooting infrastructure issues.
* Update modules/caddyhttp/reverseproxy/streaming.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Update modules/caddyhttp/reverseproxy/streaming.go
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Add opt-in `trace_logs` option
* Rename to VerboseLogs
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* Enhancement: Allow X-Forwarded-For Header in httpInclude Virtual Requests
The goal of this enhancement is to modify the funcHTTPInclude function in the Caddy codebase to include the X-Forwarded-For header in the virtual request. This change will enable reverse proxies to set the X-Forwarded-For header, ensuring that the client's IP address is correctly provided to the target endpoint. This modification is essential for applications that depend on the X-Forwarded-For header for various functionalities, such as authentication, logging, or content customization.
* Updated tplcontext.go - set `virtReq.RemoteAddr = "127.0.0.1"`
i have made the suggested changes
* Apply suggestions from code review
* Update modules/caddyhttp/templates/tplcontext.go
---------
Co-authored-by: Francis Lavoie <lavofr@gmail.com>