22 KiB
CHANGES
0.11.2 (January 16, 2019)
- Extracted automagic TLS code into CertMagic library
- Add support for new clustering plugins
- New placeholder: '{when_iso_local}'
- New third-party plugins: s3browser, filebrowser
- Removed third-party plugins: jekyll, hugo
- bind: Support multiple interface values
- import: Can now be used within directive blocks
- proxy: Status 499 when clients close connection early
- templates: No longer emit ETag and Last-Modified headers
- tls: Support for the ACME TLS-ALPN-01 challenge
- KNOWN/UNRESOLVED REGRESSIONS: #2356, #2414
- Several bug fixes and minor improvements
0.11.1 (November 12, 2018)
- New -env-file flag to load environment from file
- New event type 'instancerestart'
- fastcgi: Strip PATH_INFO from SCRIPT_FILENAME
- fastcgi: Add REQUEST_SCHEME to environment
- gzip: Compress .m3u and .m3u8 files by default
- telemetry: Honor CADDY_UUID_FILE env variable
- templates: New .TLSVersion action
- tls: Remove remaining RSA_CBC cipher suites from defaults
- tls: Raise alert if no certificate matches exactly
- Numerous other bug fixes and improvements
0.11 (May 10, 2018)
- Built with Go 1.10.2
- Integrated optional telemetry client
- proxy: Fixed file descriptor leak
0.10.14 (April 19, 2018)
- tls: Fix error handling bug when obtaining certificates
0.10.13 (April 18, 2018)
- New third-party plugin: supervisor
- Updated QUIC
- proxy: Fix transparent pass-thru of X-Forwarded-For
- proxy: Configurable timeout to upstream
- rewrite: Now supports regular expressions on single-line
- tls: StrictHostMatching mode to prevent client auth bypass
- tls: Disable client auth when using QUIC
- tls: Require same client auth cert pools per hostname
- tls: Prevent On-Demand TLS directory traversal
- tls: Fix empty files when using ACME fails to obtain cert
- Fixed test broken by 1.1.1.1 resolving
- Improved Caddyfile parser robustness by fuzzing
0.10.12 (March 27, 2018)
- Switch to Let's Encrypt ACMEv2 production endpoint
- Support for automated wildcard certificates
- Support distributed solving of HTTP-01 challenge
- New {labelN}, {tls_cipher}, and {tls_version} placeholders
- Curly braces can now be escaped when not used as placeholders
- New third-party plugin: geoip
- Updated QUIC
- fastcgi: Add SSL_CIPHER and SSL_PROTOCOL environment variables
- log: New 'except' subdirective to exempt paths from logging
- startup/shutdown: Removed in favor of 'on'
- tls: Default minimum version is TLS 1.2
- tls: Revert to fallback cert if no cert matches SNI
- tls: New 'wildcard' subdirective to force automated wildcard cert
- Several significant bug fixes and improvements!
0.10.11 (February 20, 2018)
- Built with Go 1.10
- Reusable snippets for the Caddyfile
- Updated QUIC
- Auto-HTTPS certificates may be shared by multiple instances
- Expand globbed values in -conf flag
- Swap behavior of SIGTERM and SIGQUIT; ignore SIGHUP
- 9 new DNS provider plugins for the ACME DNS challenge
- New placeholder for {<Response-Header} values
- basicauth: Username put in {user} placeholder
- fastcgi: GET requests can now send a body
- proxy: Service discovery with DNS SRV load balancing
- request_id: Allow reusing request ID from header field
- tls: Improved efficiency of many certificates and reloads
- tls: Raise error if conflicting TLS configurations collide
- tls: Raise TLS alert if SNI used and no cert matched
- tls: Reject OCSP responses that expire after the certificate
- tls: Clients can use SNI to request a specific certificate
- tls: Add option for backend to approve on-demand certificate
- tls: Synchronize maintenance of shared, managed certificates
- Numerous fabulous bug fixes
0.10.10 (October 9, 2017)
- Built with Go 1.9.1
- Removed Caddy-Sponsors header
- New 'on' directive that deprecates 'startup' and 'shutdown'
- Changed CASE_SENSITIVE_PATH default to false
- fastcgi: Support for SRV upstreams
- redir: Rules with if statements are not checked for duplicates
- Several minor bug fixes
0.10.9 (September 12, 2017)
- EULA bundled with official binaries
- Caddy-Sponsors header to indicate personal-use license
- proxy: Support for QUIC backends
- templates: Write proper status code if proxied
- tls: Fix bug related to cert renewals
0.10.8 (September 8, 2017)
- NACL compilation support
- Merge multiple consecutive slashes when comparing paths
- A few other bug fixes
0.10.7 (August 25, 2017)
- Built with Go 1.9
- New 3rd-party plugin directives: jekyll, awses, forwardproxy
- Different exit codes
- Plan 9 support
- Graceful binary upgrades with SIGUSR2
- internal: Support X-Accel-Redir without paths to protect
- templates: Can execute templates loaded by other middleware
- A few really good bug fixes
0.10.6 (July 28, 2017)
- fastcgi: Fix runtime error for 32-bit and ARM architectures
0.10.5 (July 27, 2017)
- Renamed requestid directive to request_id
- Set default idle timeout of 5 minutes
- New 3rd-party plugin directives: cache, nobots, webdav
- New Unix timestamp placeholder {when_unix}
- Improved MITM detection on iOS clients
- errors, log: Fix log rolling parsing
- gzip: Convert any ETag header to weak etag
- fastcgi: Reverted persistent connections (issue #1736)
- proxy: Added header loaded balancing policy
- proxy: Fix hang on chunked WebSockets (e.g. with HomeAssistant)
- Several other bug fixes and minor internal improvements
0.10.4 (June 28, 2017)
- Vendor all dependencies
- Improve MITM detection, add experimental Tor browser support
- New requestid directive to add request IDs to each request
- New HTTP plugins supported: authz, grpc, gopkg, reauth, restic
- browse: Refreshed default UI and added symlink indicators
- errors, log: Added rotate_compress directive to compress rolled logs
- markdown: Template files loaded at each request instead of just once
- proxy: Allow multiple Server header fields on downstream response
- proxy: Perform health checks by body substring
- rewrite,redir: Added 'not_starts_with' and 'not_ends_with' operators
- tls: New ca subdirective to specify CA endpoint per-site
- Several bug fixes
0.10.3 (May 19, 2017)
- Replace 'maxrequestbody' directive with 'limits' directive
- proxy: Configurable port for health check
- proxy: New load balance policy: uri_hash
- templates: Renamed .Push context action to .AddLink
- tls: Allow narrower certificate renewal window at startup (#1680)
- tls: Prefer ChaCha20 if hardware does not have AES-NI
0.10.2 (May 2, 2017)
- Hot fix for rule paths of "/" so that they match every request
- fastcgi: Match request paths that don't start with "/" even if rule does
0.10.1 (May 1, 2017)
- Reduced memory usage for gzip, templates, and MITM detection
- Fixed automatic HTTP->HTTPS redirects for sites with wildcard labels
- proxy: Fix 'without' subdirective
- A few other minor bug fixes and improvements
0.10 (April 20, 2017)
- Built on Go 1.8.1
- HTTPS interception detection
- Updated QUIC
- SIGUSR1 (reload) now works with QUIC servers
- New 'push' directive for HTTP/2 server push
- New 'index' directive to change the names of index files
- New -http-port and -https-port flags to change protocol ports
- New -disable-http-challenge and -disable-tls-sni-challenge flags
- New event hook plugin type
- New listener middleware plugin type
- New placeholders for cookie, query, and rewritten URI values
- basicauth: Ability to customize realm
- browse: Default template now sorts by name with directories first
- errors, log: Roll all logs by default
- errors, log: Ability to write to remote syslog
- errors, log: Standardized, simplified directive syntax
- log: Patched common log format by adding missing "-"
- proxy: New 'max_conns' setting to limit connections to upstreams
- proxy: New 'first' load balancing policy for first available host
- proxy: Health checks respect Host and insecure_skip_verify settings
- templates: New .RandomString action to add random padding to page
- timeouts: Disabled default HTTP timeouts
- tls: Settings now apply per-site rather than for entire listener
- tls: New 'alpn' setting to disable either HTTP/2 or HTTP/1.1 on per-site basis
- tls: Added curve X25519
- tls: Added ChaCha20-Poly1305 cipher suites
- tls: Renamed muststaple to must_staple
- tls: Setting max_certs obtains certs during handshakes for all hostnames
- Dozens of miscellaneous bug fixes and improvements
- New website
- New build infrastructure
- New deployment system
0.9.5 (January 24, 2017)
- New -validate flag to only check a Caddyfile, then exit
- New {when_iso} placeholder for timestamp ISO 8601 in UTC
- New {rewrite_path} and {rewrite_path_escaped} placeholders
- New 'timeouts' directive to configure or disable HTTP timeouts
- HTTP-level timeouts enabled by default
- basicauth: Authorization header stripped upon successful login
- browse: Added textbox to filter listing in default template
- browse: Sanitize file names and links in default template
- browse: Ensure active Caddyfile is hidden regardless of cwd
- fastcgi: New 'root' property, mainly for use with containers
- markdown: Apply some front matter fields as tags
- proxy: Fixed HTTP/2 upstream to backend; honors -http CLI flag
- proxy: Fixed websockets over HTTPS
- proxy: Reduced memory usage and improved performance
- proxy: Added support for HTTP trailers
- tls: Fixed deadlock that affected some background renewals
- Several other smaller bugs squashed and improvements made
0.9.4 (December 21, 2016)
- Updated QUIC
- New maxrequestbody directive to limit size of request body
- New {latency_ms} placeholder for latency always in ms
- Serve statically compressed .gz and .br files
- fastcgi: Support for multiple backends with basic load balancing
- proxy: Fixed handling of encoded 'without' paths
- proxy: Preserve trailing slash if present in request
- proxy: Fix HTTP/2 upstreams
- templates: New .Files action to list files in a directory
- templates: .Include can now pass arguments to included file
- tls: Added ability to customize preferred curves
- tls: Added support for Must-Staple on managed certificates
- tls: Fixed subtle edge case bug with TLS-SNI challenge
- Lots of minor fixes and improvements
0.9.3 (September 28, 2016)
- Updated QUIC to newer version
- import: Glob pattern matching 0 files is no longer an error
- fastcgi: Fixed persistent connections (disabled by default)
- fastcgi: Configurable connection pool size parameter
- proxy: Improved failover load balancing logic
- proxy: Avoids duplicating header fields that would be confusing
- proxy: New try_duration and try_interval parameters
- proxy: Fix for IP hash policy when downed hosts come back up
- Several other bug fixes and new tests
0.9.2 (September 20, 2016)
- New -catimeout option to customize ACME CA HTTP timeout
- import: Fix nested import absolute/relative paths
- log: Fix multiple log outputs
- proxy: Fix for keepalive in certain cases
- tls: Fix for PreferServerCipherSuites
- Numerous other bug fixes and internal improvements
0.9.1 (August 17, 2016)
- New {request_body} placeholder to log request body
- {remote} placeholder no longer uses X-Forwarded-For header
- {latency} placeholder rounds to nice looking number
- Add support for ratelimit plugin
- basicauth: Declaring realm named "Restricted"
- errors: Define catch-all/default error page with * character
- header: More control to add, set, or remove headers
- proxy: New keepalive setting to help accommodate busy servers
- proxy: New load balancing policy ip_hash
- proxy: Fixed WebSocket connections
- proxy: Fixed broken header logic
- proxy: Reuse existing connection for Upgrade requests
- proxy: Support for basic auth from header or upstream address
- templates: New .Env action to access environment variables
- tls: OCSP staples persisted to disk
- tls: ACME challenges honor bind directive
- tls: Fix default protocol version (minimum TLS 1.1)
- tls: Consume challenge requests only for names Caddy is solving for
- tls: The protocol syntax allows just one value if desired
- tls: Scoped max_certs limit to site instead of global maximum
- Many other bug fixes and minor enhancements
0.9 (July 18, 2016)
- New core
- New experimental QUIC support with -quic flag (HTTPS only)
- New -type option to specify other server types
- Moved ~/.caddy/letsencrypt to ~/.caddy/acme and reorganized assets
- Moved caddy package to top level folder, and pushed main to subfolder
- New {request} placeholder to dump entire request (without body)
- New {hostonly} placeholder for only hostname portion of host value
- Site addresses can have paths
- Site addresses can make some use of wildcards in domains
- Renamed -directives flag to -plugins
- Restarting no longer requires spawning a new process
- Removed -restart option
- fastcgi: Env variables now support placeholders
- import: Import paths now relative to Caddyfile, not current working dir
- markdown: Overhauled; removed site generation features
- proxy: More control of headers; deprecating proxy_header subdirective
- proxy: Specify multiple upstreams with optional port ranges
- proxy: New preset 'transparent' to simplify common pass-thru headers
- proxy: Chooses longest matching path; order declared is irrelevant
- redir: Added if and if_op subdirectives to make conditional redirects
- rewrite: Support for if_op to change how conditions are evaluated
- tls: Generate self-signed certificates in memory
- tls: Support for ACME DNS challenge with 10 providers
- tls: Support for TLS-SNI challenge during restarts
- Various bug fixes and enhancements
0.8.3 (April 26, 2016)
- Built with Go 1.6.2
- New pprof middleware for exposing process profiling endpoints
- New expvar middleware for exposing memory/GC performance
- New -restart option to force in-process restarts on Unix systems
- Only fail to start if managed certificate is expired (issue #642)
- Toggle case-sensitive path matching with environment variable
- File server now adds ETag header for static files
- browse: Replace .LinkedPath action with .BreadcrumbMap
- fastcgi: New except clause to exclude paths
- proxy: New max_conns setting to limit max connections per upstream
- proxy: New replaceable value for name of upstream host
- templates: New utility actions for dealing with strings
- tls: Customize certificate key with key_type (+ECC)
- tls: Session ticket keys are now rotated
- Many other minor internal improvements and bug fixes
0.8.2 (February 25, 2016)
- On-demand TLS can obtain certificates during handshakes
- Built with Go 1.6
- Process log (-log) is rotated when it gets large
- Managed certificates get renewed 30 days early instead of just 14
- fastcgi: Allow scheme prefix before address
- markdown: Support for definition lists
- proxy: Allow proxy to insecure HTTPS backends
- proxy: Support proxy to unix socket
- rewrite: Status code can be 2xx or 4xx
- templates: New .Markdown action to interpret included file as Markdown
- templates: .Truncate now truncates from end of string when length is negative
- tls: Set hard limit for certificates obtained with on-demand TLS
- tls: Load certificates from directory
- tls: Add SHA384 cipher suites
- Multiple bug fixes and internal changes
0.8.1 (January 12, 2016)
- Improved OCSP stapling
- Better graceful reload when new hosts need certificates from Let's Encrypt
- Current pidfile is now deleted when Caddy exits
- browse: New default template
- gzip: Added min_length setting
- import: Support for glob patterns (*) to import multiple files
- rewrite: New complex rules with conditions, regex captures, and status code
- tls: Removed DES ciphers from default cipher suite list
- tls: All supported certificates are OCSP-stapled
- tls: Allow custom configuration without specifying certificate and key
- tls: No longer allow HTTPS over port 80
- Dozens of bug fixes, improvements, and more tests across the board
0.8 (December 4, 2015)
- HTTPS by default via Let's Encrypt (certs & keys are fully managed)
- Graceful restarts (on POSIX-compliant systems)
- Major internal refactoring to allow use of Caddy as library
- New directive 'mime' to customize Content-Type based on file extension
- New -accept flag to accept Let's Encrypt SA without prompt
- New -email flag to customize default email used for ACME transactions
- New -ca flag to customize ACME CA server URL
- New -revoke flag to revoke a certificate
- New -log flag to enable process log
- New -pidfile flag to enable writing pidfile
- New -grace flag to customize the graceful shutdown timeout
- New support for SIGHUP, SIGTERM, and SIGQUIT signals
- browse: Render filenames with multiple whitespace properly
- core: Use environment variables in Caddyfile
- markdown: Include Last-Modified header in response
- markdown: Render tables, strikethrough, and fenced code blocks
- proxy: Ability to exclude/ignore paths from proxying
- startup, shutdown: Better Windows support
- templates: Bug fix for .Host when port is absent
- templates: Include Last-Modified header in response
- templates: Support for custom delimiters
- tls: For non-local hosts, default port is now 443 unless specified
- tls: Force-disable HTTPS
- tls: Specify Let's Encrypt email address
- Many, many more tests and numerous bug fixes and improvements
0.7.6 (September 28, 2015)
- Pass in simple Caddyfile as command line arguments
- basicauth: Support for legacy htpasswd files
- browse: JSON response with file listing
- core: Caddyfile as command line argument
- errors: Can write full stack trace to HTTP response for debugging
- errors, log: Roll log files after certain size or age
- proxy: Fix for 32-bit architectures
- rewrite: Better compatibility with fastcgi and PHP apps
- templates: Added .StripExt and .StripHTML methods
- Internal improvements and minor bug fixes
0.7.5 (August 5, 2015)
- core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
- fastcgi: Set HTTPS env variable if connection is secure
- log: Output to system log (except Windows)
- markdown: Added dev command to disable caching during development
- markdown: Fixed error reporting during initial site generation
- markdown: Fixed crash if path does not exist when server starts
- markdown: Fixed site generation and link indexing when files change
- templates: Added .NowDate for use in date-related functions
- Several bug fixes related to startup and shutdown functions
0.7.4 (July 30, 2015)
- browse: Sorting preference persisted in cookie
- browse: Added index.txt and default.txt to list of default files
- browse: Template files may now use Caddy template actions
- markdown: Template files may now use Caddy template actions
- markdown: Several bug fixes, especially for large and empty Markdown files
- markdown: Generate index pages to link to markdown pages (sitegen only)
- markdown: Flatten structure of front matter, changed template variables
- redir: Can use variables (placeholders) like log formats can
- redir: Catch-all redirects no longer preserve path; use {uri} instead
- redir: Syntax supports redirect tables by opening a block
- templates: Renamed .Date to .Now and added .Truncate, .Replace actions
- Other minor internal improvements and more tests
0.7.3 (July 15, 2015)
- errors: Error log now shows timestamp with each entry
- gzip: Fixed; Default filtering is by extension; removed MIME type filter
- import: Fixed; works inside and outside server blocks
- redir: Query string preserved on catch-all redirects
- templates: Proper 403 or 404 errors for restricted or missing files
0.7.2 (July 1, 2015)
- Custom builds through caddyserver.com - extend Caddy by writing addons
- browse: Sort by clicking column heading or using query string
- core: Serving hostname that doesn't resolve issues warning then listens on 0.0.0.0
- errors: Missing error page during parse time is warning, not error
- ext: Extension only appended if request path does not end in /
- fastcgi: Fix for backend responding without status text
- fastcgi: Fix PATH_TRANSLATED when PATH_INFO is empty (RFC 3875)
- git: Removed from core (available as add-on)
- gzip: Enable by file path and/or extension
- gzip: Customize compression level
- log: Fix for missing status in log entry when error unhandled
- proxy: Strip prefix from path for proxy to path
- redir: Meta tag redirects
- templates: Support for nested includes
- Internal improvements and more tests
0.7.1 (June 2, 2015)
- basicauth: Patched timing vulnerability
- proxy: Support for WebSocket backends
- tls: Client authentication
0.7 (May 25, 2015)
- New directive 'internal' to protect resources with X-Accel-Redirect
- New -version flag to show program name and version
- core: Fixed escaped backslash characters inside quoted strings
- core: Fixed parsing Caddyfile for IPv6 addresses missing ports
- core: A notice is shown when non-local address resolves to loopback interface
- core: Warns if file descriptor limit is too low for production site (Mac/Linux)
- fastcgi: Support for Unix sockets
- git: Fixed issue that prevented pulling at designated interval
- header: Remove a header field by prefixing field name with "-"
- markdown: Simple static site generation
- markdown: Support for metadata ("front matter") at beginning of files
- rewrite: Experimental support for regular expressions
- tls: Customize cipher suites and protocols
- tls: Removed RC4 ciphers
- Other internal improvements that are not user-facing (more tests, etc.)
0.6 (May 7, 2015)
- New directive 'git' to automatically pull changes
- New directive 'bind' to override host server binds to
- New -root flag to specify root path to default site
- Ability to receive config data piped through stdin
- core: Warning if root directory doesn't exist at startup
- core: Entire process dies if any server fails to start
- gzip: Fixed Content-Length value when proxying requests
- errors: Error log now includes file and line number of panics
- fastcgi: Pass custom environment variables
- fastcgi: Support for HEAD, OPTIONS, PUT, PATCH, and DELETE methods
- fastcgi: Fixed SERVER_SOFTWARE variables
- markdown: Support for index files when URL points to a directory
- proxy: Load balancing with multiple backends, health checks, failovers, and multiple policies
- proxy: Add custom headers
- startup/shutdown: Run command in background with '&' at end
- templates: Added .tpl and .tmpl as default extensions
- templates: Support for index files when URL points to a directory
- templates: Changed .RemoteAddr to .IP and stripped out remote port
- tls: TLS disabled (with warning) for servers that are explicitly http://
- websocket: Fixed SERVER_SOFTWARE and GATEWAY_INTERFACE variables
- Many internal improvements
0.5.1 (April 30, 2015)
- Default host is now 0.0.0.0 (wildcard)
- New -host and -port flags to override default host and port
- core: Support for binding to 0.0.0.0
- core: Graceful error handling during heavy load; proper error responses
- errors: Fixed file path handling
- errors: Fixed panic due to nil log file
- fastcgi: Support for index files
- fastcgi: Fix for handling errors that come from responder
0.5 (April 28, 2015)
- Initial release