Mirrors/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-03-19 12:08:58 +01:00
Code Issues Projects Releases Packages Wiki Activity
2232 commits 27 branches 142 tags 38 MiB
Commit graph

1370 commits

Author SHA1 Message Date
Matthew Holt
55c89ccf2a
caddytls: Convert AP subjects to punycode 
Fixes bugs related to TLS automation
 2025-03-14 15:44:20 -06:00
Matthew Holt
1f8dab572c caddytls: Don't publish ECH configs if other records don't exist 
Publishing a DNS record for a name that doesn't have any could make wildcards ineffective, which would be surprising for site owners and could lead to downtime.
 2025-03-12 16:33:14 -06:00
Steffen Busch
2ac09fdb20
requestbody: Fix ContentLength calculation after body replacement (#6896) 2025-03-12 22:18:02 +00:00
Adrien Pensart
dccf3d8982
requestbody: Add set option to replace request body (#5795) 
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2025-03-12 19:38:51 +00:00
Matthew Holt
af2d33afbb
headers: Allow nil HeaderOps (fix #6893) 2025-03-11 08:52:15 -06:00
Matthew Holt
39262f8663 caddytls: Minor fixes for ECH 2025-03-11 08:12:48 -06:00
jjiang-stripe
49f9af9a4a
caddytls: Fix TrustedCACerts backwards compatibility (#6889) 
* add failing test

* fix ca pool provisioning

* remove unused param
 2025-03-10 12:50:47 -06:00
Matthew Holt
d57ab215a2 caddytls: Pointer receiver (fix #6885) 2025-03-08 14:19:06 -07:00
Steffen Busch
f4432a306a
caddyfile: add error handling for unrecognized subdirective/options in various modules (#6884) 2025-03-08 23:45:05 +03:00
WeidiDeng
220cd1c2bc
reverseproxy: more comments about buffering and add new tests (#6778) 
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2025-03-07 11:22:43 -07:00
Matthew Holt
1975408d89 chore: Remove unnecessary explicit type parameters 2025-03-07 11:18:00 -07:00
Matthew Holt
4ebcfed9c9 caddytls: Reorder provisioning steps (fix #6877) 
Also add a quick check to allow users to load their own certs for ECH (outer) domains.
 2025-03-07 11:18:00 -07:00
Matthew Holt
adbe7f87e6
caddytls: Only make DNS solver if not already set (fix #6880) 2025-03-07 09:46:43 -07:00
Matthew Holt
84364ffcd0
caddypki: Remove lifetime check at Caddyfile parse (fix #6878) 
The same check is done at provision time of the ACME server, and that is the correct place to do it.
 2025-03-06 11:40:03 -07:00
Matthew Holt
bc3d497739
caddytls: Fix broken refactor 
Not sure how that happened...
 2025-03-06 08:54:40 -07:00
Matthew Holt
a807fe0659
caddytls: Enhance ECH documentation 2025-03-06 08:52:52 -07:00
Matt Holt
d7764dfdbb
caddytls: Encrypted ClientHello (ECH) (#6862) 
* caddytls: Initial commit of Encrypted ClientHello (ECH)

* WIP Caddyfile

* Fill out Caddyfile support

* Enhance godoc comments

* Augment, don't overwrite, HTTPS records

* WIP

* WIP: publication history

* Fix republication logic

* Apply global DNS module to ACME challenges

This allows DNS challenges to be enabled without locally-configured DNS modules

* Ignore false positive from prealloc linter

* ci: Use only latest Go version (1.24 currently)

We no longer support older Go versions, for security benefits.

* Remove old commented code

Static ECH keys for now

* Implement SendAsRetry
 2025-03-05 17:04:10 -07:00
Matthew Holt
ca37c0b05f Fix typo in TLS group x25519mlkem768 2025-03-03 10:26:42 -07:00
Matthew Holt
172136a0a0
caddytls: Support post-quantum key exchange mechanism X25519MLKEM768 
Also bump minimum Go version to 1.24.
 2025-02-11 22:43:54 -07:00
WeidiDeng
22563a70eb
file_server: use the UTC timezone for modified time (#6830) 
* use UTC timezone for modified time

* use http.ParseTime to handle If-Modified-Since

* use time.Compare to simplify comparison

* take the directory's modtime into consideration when calculating lastModified

* update comments about If-Modified-Since's handling
 2025-02-10 08:39:43 -07:00
Matthew Holt
9b74a53e51
Revert "logging: Always set fields func; fix #6829" 
This reverts commit 932dac157a.

Somehow the code I was looking at changed when I committed, without realizing it. This has already been fixed in #6777.
 2025-02-07 06:23:43 -07:00
Matthew Holt
932dac157a logging: Always set fields func; fix #6829 2025-02-07 06:18:37 -07:00
Mohammed Al Sahaf
9283770f68
reverseproxy: ignore duplicate collector registration error (#6820) 
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
 2025-02-04 10:55:30 +03:00
Mohammed Al Sahaf
904a0fa368
reverse_proxy: re-add healthy upstreams metric (#6806) 
* reverse_proxy: re-add healthy upstreams metric

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* lint

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
 2025-01-27 14:30:54 -07:00
vnxme
d7872c3bfa
caddytls: Refactor sni matcher (#6812) 2025-01-27 11:42:09 -07:00
Matthew Holt
1115158616 caddyhttp: ResponseRecorder sets stream regardless of 1xx 
Fixes a panic where rr.stream is not true when it should be in the event of 1xx, because the buf is nil
 2025-01-27 08:18:37 -07:00
vnxme
7b8f3505e3
caddytls: Fix sni_regexp matcher to obtain layer4 contexts (#6804) 
* caddytls: Fix sni_regexp matcher

* caddytls: Refactor sni_regexp matcher
 2025-01-25 07:45:41 -07:00
Matthew Holt
e7da3b267b
reverseproxy: Via header (#6275) 2025-01-17 06:49:01 -07:00
Omar Ramadan
9e0e5a4b4c
logging: Fix crash if logging error is not HandlerError (#6777) 
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2025-01-16 10:06:29 -07:00
Matthew Holt
2c4295ee48
caddytls: Initial support for ACME profiles 
Still very experimental; only deployed to LE staging so far.
 2025-01-09 13:57:00 -07:00
Kévin Dunglas
1f35a8a402
fastcgi: improve parsePHPFastCGI docs (#6779) 2025-01-09 11:54:44 -07:00
Arsh
e48b75843b
header: match subdirective for response matching (#6765) 2025-01-07 22:48:06 -07:00
Matt Holt
1f927d6b07
log: Only chmod if permission bits differ; make log dir (#6761) 
* log: Only chmod if permission bits differ

Follow-up to #6314 and https://caddy.community/t/caddy-2-9-0-breaking-change/27576/11

* Fix test

* Refactor FileWriter

* Ooooh octal... right...
 2025-01-07 21:51:03 -07:00
Hyeonggeun Oh
50778b5542
fix: disable h3 for unix domain socket (#6769) 2025-01-07 17:21:57 -07:00
WeidiDeng
1bd567d7ad
reverseproxy: buffer requests for fastcgi by default (#6759) 
* buffer requests for fastcgi by default

* fix import cycle

* fix the return value of bufferedBody

* more comments about fastcgi buffering

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2025-01-02 11:18:25 -07:00
WeidiDeng
5ba1e06fd6
encode: try to use sendfile when compression is not used (#6749) 
* try to use sendfile when encode is enabled

* change variable name

* add comments

* remove connect check since it's done in Write method
 2024-12-20 21:37:16 +00:00
Francis Lavoie
c216cf551d
caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629) 
* caddyhttp: Allow matching Transfer-Encoding

* Log transfer_encoding on the request

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-12-20 11:16:34 -07:00
Matthew Holt
ed1c594cdb go.mod: Upgrade ACMEz to v3; and upgrade CertMagic 2024-12-19 12:17:07 -07:00
WeidiDeng
6790c0e38a
fastcgi: check for CONTENT_LENGTH when sending requests (#6661) 
* fastcgi: check for CONTENT_LENGTH when sending requests

* order imports

* use strconv.ParseUint instead of strconv.ParseInt

Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>

---------

Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
 2024-12-18 00:22:12 +00:00
WeidiDeng
c864b82ae1
reverseproxy: Set Content-Length when body is fully buffered (#6638) 2024-12-17 23:36:13 +00:00
bt90
328fb614f0
reverseproxy: Only handle websocket protocol (#6740) 2024-12-11 11:17:05 -07:00
WeidiDeng
bcaa8aaf11
encode: write status immediate for success response for CONNECT requests (#6738) 
* encode: write status immediate for success response for CONNECT requests

* fix compile

* fix test

* fix lint

* treat first write and flush for encode response writer to CONNECT request as success if status is not set explicitly
 2024-12-11 11:15:01 -07:00
Kévin Dunglas
d0e209e1da
encode: good defaults (#6737) 
* feat: good default for encode

* fix tests and add a new one
 2024-12-10 16:48:30 -07:00
Kévin Dunglas
5c2617ebf9
fileserver: good default for precompressed (#6736) 2024-12-10 08:31:43 -07:00
WeidiDeng
9c0c71e577
reverseproxy: Rewrite requests and responses for websocket over http2 (#6567) 
* reverse proxy: rewrite requests and responses for websocket over http2

* delete protocol pseudo-header

* modify cloned requests

* set request variable to track if it's a h2 websocket

* use request bodu

* rewrite request body

* use WebSocket instead of Websocket in the headers

* use logger check for zap loggers

* fix lint
 2024-12-06 13:23:27 -07:00
Francis Lavoie
d0123bd760
fileserver: Fix policy Validate() oversight (#6727) 2024-12-04 14:01:58 -05:00
Kévin Dunglas
efd9251ad3
fileserver: Add first_exist_fallback strategy for try_files (#6699) 
* feat: add first_exist_or_fallback strategy for try_files

* fix tests

* linter
 2024-12-03 05:44:49 -07:00
Francis Lavoie
b116dcea3d
caddyhttp: Add {?query} placeholder (#6714) 
* caddyhttp: Add `{prefixed_query}` placeholder

* fastcgi: Preserve query during canonical redirect

* Use orig_uri instead for the redirect, shorter Caddyfile shortcut
 2024-12-02 08:06:38 -05:00
Rishita Shaw
8c3dd3de70
requestbody: Type-based error handling for MaxBytesError (#6701) 
* fix: handle "request body too large" error using type assertion

* fix: address overlooked nil check for MaxBytesError

* fix: replace type assertion with errors.As() for MaxBytesError
 2024-11-22 19:45:58 +00:00
Kévin Dunglas
eddbccd298
fastcgi: remove dir redirection when useless in php_fastcgi (#6698) 
* perf: remove dir redirection when useless in php_fastcgi

* fix test

* review

* fix

* fix

* simplify

* simplify again

* restore test

* add test
 2024-11-21 10:38:31 -07:00