Matthew Holt
7bd2adf0dc
Fix edge case related to reloaded configs and ACME challenge
...
If Caddy is running but not listening on port 80, reloading Caddy with a new Caddyfile that needs to obtain a TLS cert from the CA would fail, because it was just assumed that, if reloading, port 80 as already in use. That is not always the case, so we scan the servers to see if one of them is listening on port 80, and we configure the ACME client accordingly. Kind of a hack... but it works.
2016-02-11 15:37:51 -07:00
Matthew Holt
1fe39e4633
Additional mitigation for on-demand TLS
...
After 10 certificates are issued, no new certificate requests are allowed for 10 minutes after a successful issuance.
2016-02-11 14:27:57 -07:00
Matthew Holt
216a617249
tls: Some bug fixes, basic rate limiting, max_certs setting
2016-02-11 13:48:52 -07:00
Matthew Holt
d25a3e95e4
Merge branch 'master' into getcertificate
2016-02-11 00:06:23 -07:00
Matthew Holt
11103bd8d6
Major refactor of all HTTPS/TLS/ACME code
...
Biggest change is no longer using standard library's tls.Config.getCertificate function to get a certificate during TLS handshake. Implemented our own cache which can be changed dynamically at runtime, even during TLS handshakes. As such, restarts are no longer required after certificate renewals or OCSP updates.
We also allow loading multiple certificates and keys per host, even by specifying a directory (tls got a new 'load' command for that).
Renamed the letsencrypt package to https in a gradual effort to become more generic; and https is more fitting for what the package does now.
There are still some known bugs, e.g. reloading where a new certificate is required but port 80 isn't currently listening, will cause the challenge to fail. There's still plenty of cleanup to do and tests to write. It is especially confusing right now how we enable "on-demand" TLS during setup and keep track of that. But this change should basically work so far.
2016-02-11 00:06:05 -07:00
Matt Holt
f1ba7fa343
Merge pull request #467 from eiszfuchs/feature/proxy-socket
...
proxy: Support unix sockets
2016-02-10 11:52:57 -07:00
eiszfuchs
7091a2090b
created http.Transport and tests for unix sockets
2016-02-10 19:45:31 +01:00
Matt Holt
57ffe5a619
Merge pull request #591 from Barberrrry/master
...
fastcgi: New function DialWithDialer to create FCGIClient with custom Dialer.
2016-02-10 09:06:29 -07:00
Vadim Petrov
b1208d3fdf
New function DialWithDialer to create FCGIClient with custom Dialer.
2016-02-10 18:03:43 +03:00
Matt Holt
b089d14b67
Merge pull request #548 from captncraig/register
...
Making directives externally registerable
2016-02-05 10:10:10 -07:00
Craig Peterson
e72fc20c78
making directives externally registerable
2016-02-05 10:03:20 -07:00
Matt Holt
5b7e0361dd
Merge pull request #573 from miekg/markdown-directive
...
templates: Add .Markdown directive
2016-02-04 13:59:34 -07:00
Miek Gieben
86f36bdb61
Add .Markdown directive
...
This allows any template to use:
{{.Markdown "filename"}} which will convert the markdown contents
of filename to HTML and then include the HTML in the template.
2016-02-04 20:54:19 +00:00
Matt Holt
3278106421
Merge pull request #572 from miekg/markdown-def-lists
...
markdown: enable definition lists
2016-02-04 10:20:17 -07:00
Matt Holt
f9b8e31ad7
Merge pull request #571 from incon/log-remote-host
...
When the requested host is not found, log the remote host.
2016-02-04 07:42:05 -07:00
Miek Gieben
fbdfc979ec
Markdown: enable definition lists
2016-02-04 11:21:44 +00:00
David Darrell
2acaf2fa6f
Move logic to split the port to only happen when the host is not found.
2016-02-04 16:17:10 +08:00
David Darrell
f4fcfa8793
When the requested host is not found log the remote host.
2016-02-04 12:46:24 +08:00
Matt Holt
79db939259
Merge pull request #551 from denquixote/acmehandlehost
...
letsencrypt: properly retrieve hostname from request.
2016-02-01 09:23:03 -07:00
Matt Holt
f9b6ede92b
Merge pull request #543 from DenBeke/master
...
fastcgi: IPv6 when parsing r.RemoteAddr
2016-02-01 08:26:21 -07:00
Abiola Ibrahim
184abe3bc8
Merge pull request #561 from DenBeke/fix-vet
...
basicauth: fixed 'go vet' printing function value
2016-02-01 11:31:04 +01:00
MathiasB
fde9bbeb32
basicauth: fixed 'go vet' printing function value
2016-02-01 11:17:16 +01:00
MathiasB
c59fd1c76e
Defined test function in TestBuildEnv
2016-02-01 09:39:13 +01:00
Matthew Holt
600ee9a89f
fastcgi: Accept any other methods as a POST-style request
2016-01-31 21:36:39 -07:00
Matthew Holt
c5983e305f
Merge branch 'master' of github.com:mholt/caddy
2016-01-30 21:05:18 -07:00
Den Quixote
8d057c8614
letsencrypt: properly retrieve hostname from request.
2016-01-30 02:20:34 +01:00
MathiasB
ac197f1694
FastCGI: some simple tests for buildEnv
...
More tests are needed for the other environmental variables.
These tests were specifically made for testing of IP addresses.
2016-01-29 11:46:15 +01:00
MathiasB
d8be787f39
FastCGI: IPv6 when parsing r.RemoteAddr
2016-01-28 15:26:33 +01:00
Matt Holt
a8c8b48390
Merge pull request #542 from cudevmaxwell/master
...
fastcgi: Parse address from fastcgi directive, pass results to Dial()
2016-01-28 00:21:06 -07:00
Kevin Bowrin
4d4ea94465
Parse address from fastcgi directive, and pass results to fcgiclient Dial().
...
This allows scheme prefixes "tcp://" and "fastcgi://" in configuration.
Fixes #540
2016-01-28 00:19:00 -05:00
Matt Holt
aeaf58b16a
Merge pull request #541 from jungle-boogie/patch-5
...
wrap lines to 80
2016-01-27 12:34:38 -07:00
jungle-boogie
73ed286309
wrap lines to 80
...
also update copyright year.
2016-01-27 11:28:49 -08:00
Matthew Holt
9e900b0a08
godoc
2016-01-25 20:45:23 -07:00
Matthew Holt
f1b2637d44
letsencrypt: Enable activation on empty hosts; fix email bug
2016-01-25 20:21:08 -07:00
Matthew Holt
178c4d11d9
Merge branch 'master' into getcertificate
2016-01-25 13:47:13 -07:00
Matthew Holt
7613ae3bf0
Change to Windows line endings for poor Notepad
2016-01-25 13:46:07 -07:00
Matthew Holt
ad664e5bba
browse: Render names with multiple consecutive spaces correctly
2016-01-25 13:43:35 -07:00
Matthew Holt
cf06abd691
Log restarts
2016-01-25 13:41:51 -07:00
Matthew Holt
a6abec8210
letsencrypt: Update to match upstream refactor
...
Challenge names now have their own type and constants
2016-01-25 08:47:28 -07:00
Matthew Holt
82b049229b
proxy: Add basic proxying test and InsecureSkipVerify transport test
2016-01-23 10:14:13 -07:00
Matt Holt
fae612d53b
Merge pull request #529 from FiloSottile/filippo/insecure
...
proxy: add a insecure_skip_verify option - closes #320
2016-01-23 09:13:30 -07:00
Filippo Valsorda
bae4ac9764
proxy: add a insecure_skip_verify option - closes #320
2016-01-23 03:26:31 +00:00
Matt Holt
6e340cb1d6
Merge pull request #514 from upsuper/fix-user-key-perm
...
letsencrypt: Fix perm of user key
2016-01-16 00:46:45 -07:00
Xidorn Quan
0d8d0ba5a0
letsencrypt: Fix perm of user key
2016-01-16 13:12:03 +11:00
Matt Holt
8655ea671b
Merge pull request #510 from alehano/master
...
gzip: Add .svg to default ext list
2016-01-15 15:33:15 -07:00
Matthew Holt
0d8526b7d9
gzip: Allow empty extension ( #509 )
2016-01-15 11:59:05 -07:00
Alexey Khalyapin
c9e0517e5e
Add .svg to default ext list in gzip middleware
2016-01-14 11:52:03 +03:00
Matthew Holt
e74558eaea
browse: Fix for files and dirs with ':' in name
2016-01-13 13:17:58 -07:00
Matthew Holt
b0ccab7b4a
tls: Fix failing test
2016-01-13 09:24:03 -07:00
Matthew Holt
47079c3d24
PoC: on-demand TLS
...
Implements "on-demand TLS" as I call it, which means obtaining TLS certificates on-the-fly during TLS handshakes if a certificate for the requested hostname is not already available. Only the first request for a new hostname will experience higher latency; subsequent requests will get the new certificates right out of memory.
Code still needs lots of cleanup but the feature is basically working.
2016-01-13 00:32:46 -07:00