Commit Graph

1387 Commits

Author SHA1 Message Date
2ab2d5bf9e Forgot to commit caddyfile.go changes in last commit 2019-09-13 23:38:52 -06:00
c09e86fddc headers: Add ability to replace substrings in header fields
This will probably be useful so the proxy can rewrite header values.
2019-09-13 16:24:51 -06:00
46aaf02371 encode: Fix bug where default status code was being written
for small responses.

See https://caddy.community/t/v2-permanent-redirect-prompt/6190?u=matt
2019-09-13 16:00:03 -06:00
839507e24e http: Consider wildcards when evaluating automatic HTTPS 2019-09-13 11:46:58 -06:00
ed40a5dcab tls: Do away with SetDefaults which did nothing useful
CertMagic uses the same defaults for us
2019-09-12 17:31:54 -06:00
7799554baa go.mod: Use lego v3 and CertMagic 0.7.0 2019-09-12 17:31:10 -06:00
2cb01d43cf tls: Remove support for TLS 1.0 and TLS 1.1 2019-09-11 22:26:06 -06:00
758269124e reverseproxy: Fix host and port on requests; fix Caddyfile parser 2019-09-11 18:53:44 -06:00
b4dce74e59 tls: Use Let's Encrypt production endpoint
We're done testing this in staging
2019-09-11 18:52:07 -06:00
fe389fcbd7 http: Set Alt-Svc header if experimental HTTP3 server is enabled 2019-09-11 18:49:21 -06:00
005a11cf4b headers: New 'request_header' directive; handle Host header specially
Before this change, only response headers could be manipulated with the
Caddyfile's 'header' directive.

Also handle the request Host header specially, since the Go standard
library treats it separately from the other header fields...
2019-09-11 18:48:37 -06:00
194df652eb reverseproxy: Add 'tls' option to enable HTTPS with HTTP transport 2019-09-11 18:46:32 -06:00
2459c292a4 caddyfile: Improve Dispenser.NextBlock() to support nesting 2019-09-10 19:21:52 -06:00
0cf592fa2e New 'php_fastcgi' directive for convenient PHP+FastCGI reverse proxy 2019-09-10 14:16:41 -06:00
d9136fb0a0 rewrite: Caddyfile directive should always invoke a rehandle
This is unless each route's matcher is dynamically executed after
previous handlers...
2019-09-10 14:13:52 -06:00
c32b7e8865 fastcgi: Make EnvVars a map instead of a slice 2019-09-10 14:12:51 -06:00
1ce10b453f Require Go 1.13; use Go 1.13's default support for TLS 1.3 2019-09-10 13:11:27 -06:00
0c8ad52be1 Experimental IETF-standard HTTP/3 support (known issue exists) (#2727)
* Begin WIP integration of HTTP/3 support

* http3: Set actual Handler, make fakeClosePacketConn type for UDP sockets

Also use latest quic-go for ALPN fix

* Manually keep track of and close HTTP/3 listeners

* Update quic-go after working through some http3 bugs

* Fix go mod

* Make http3 optional for now
2019-09-10 08:03:37 -06:00
d67d8cf5a8 Fix build (sigh) 2019-09-10 07:15:36 -06:00
44b7ce9850 Merge pull request #2737 from caddyserver/fastcgi (reverse proxy!)
v2: Refactor reverse proxy and add FastCGI support
2019-09-09 21:46:21 -06:00
b4f4fcd437 Migrate some selection policy tests over to v2 2019-09-09 21:44:58 -06:00
50e62d06bc reverse_proxy: Caddyfile integration (and fix blocks in Dispenser) 2019-09-09 12:23:27 -06:00
9169cd43d4 Log when auto HTTPS or auto HTTP->HTTPS redirects are disabled 2019-09-09 08:25:48 -06:00
e12c62e60b file_server: Enforce URL canonicalization (closes #2741) 2019-09-09 08:21:45 -06:00
3e9e7555ef Fix build (#2740)
Build was broken with commit 50961ec.
2019-09-07 14:25:04 -06:00
f6126acf37 Header matchers: allow matching presence of header with empty list 2019-09-06 14:25:16 -06:00
97ace2a39e File matcher enforces trailing-slash convention to match dirs/files 2019-09-06 13:32:02 -06:00
4bd9496525 Fix Schrodinger's file existence check in file matcher
See: https://stackoverflow.com/a/12518877/1048862

For example, trying to check the existence of "/www/index.php/index.php"
fails but not with an os.IsNotExist()-type error. So we have to assume
that a file that cannot be successfully stat'ed at all does not exist.
2019-09-06 12:57:12 -06:00
14f9662f9c Various fixes/tweaks to HTTP placeholder variables and file matching
- Rename http.var.* -> http.vars.* to be more consistent
- Prefixing a path matcher with * now invokes simple suffix matching
- Handlers and matchers that need a root path default to {http.vars.root}
- Clean replacer output on the file matcher's file selection suffix
2019-09-06 12:36:45 -06:00
21d7b662e7 fastcgi: Use request context as base, not a new one 2019-09-06 12:02:11 -06:00
d2e46c2be0 fastcgi: Set default root path; add interface guards 2019-09-05 13:42:20 -06:00
80b54f3b9d Add original URI to request context; implement into fastcgi env 2019-09-05 13:36:42 -06:00
0830fbad03 Reconcile upstream dial addresses and request host/URL information
My goodness that was complicated

Blessed be request.Context

Sort of
2019-09-05 13:14:39 -06:00
a60d54dbfd reverse_proxy: Ignore context.Canceled errors
These happen when downstream clients cancel the request, but that's not
our problem nor a failure in our end
2019-09-03 19:10:09 -06:00
acb8f0e0c2 Integrate circuit breaker modules with reverse proxy 2019-09-03 19:06:54 -06:00
652460e03e Some cleanup and godoc 2019-09-03 16:56:09 -06:00
4a1e1649bc reverse_proxy: Implement remaining TLS config for proxy to backend 2019-09-03 15:26:09 -06:00
ccfb12347b reverse_proxy: Implement active health checks 2019-09-03 12:10:11 -06:00
50961ecc77 Initial implementation of TLS client authentication (#2731)
* Add support for client TLS authentication

Signed-off-by: Alexandre Stein <alexandre_stein@interlab-net.com>

* make and use client authentication struct

* force StrictSNIHost if TLSConnPolicies is not empty

* Implement leafs verification

* Fixes issue when using multiple verification

* applies the comments from maintainers

* Apply comment

* Refactor/cleanup initial TLS client auth implementation
2019-09-03 09:35:36 -06:00
026df7c5cb reverse_proxy: WIP refactor and support for FastCGI 2019-09-02 22:01:02 -06:00
d242f10eda Add query_string to HTTP replacer and use it for try_files 2019-08-27 14:38:24 -06:00
a0fd2b6c0a Fix SIV where /v2 was missing from caddyfile adapter work (#2721) 2019-08-22 12:26:48 -06:00
c0da7d487a file_server: Automatically hide all involved Caddyfiles 2019-08-21 15:50:02 -06:00
c9980fd367 Refactor Caddyfile adapter and module registration
Use piles from which to draw config values.

Module values can return their name, so now we can do two-way mapping
from value to name and name to value; whereas before we could only map
name to value. This was problematic with the Caddyfile adapter since
it receives values and needs to know the name to put in the config.
2019-08-21 10:46:35 -06:00
c4159ef76d Fix module-related errors 2019-08-09 12:19:56 -06:00
ab885f07b8 Implement config adapters and beginning of Caddyfile adapter
Along with several other changes, such as renaming caddyhttp.ServerRoute
to caddyhttp.Route, exporting some types that were not exported before,
and tweaking the caddytls TLS values to be more consistent.

Notably, we also now disable automatic cert management for names which
already have a cert (manually) loaded into the cache. These names no
longer need to be specified in the "skip_certificates" field of the
automatic HTTPS config, because they will be skipped automatically.
2019-08-09 12:05:47 -06:00
4950ce485f Part 1: Optimize using compiler's inliner (#2687)
* optimized functions for inlining

* added note regarding ResponseWriterWrapper

* optimzed browseWrite* methods for FileServer

* created benchmarks for comparison

* creating browseListing instance in each function

* created benchmarks for openResponseWriter

* removed benchmarks of old implementations

* implemented sync.Pool for byte buffers

* using global sync.Pool for writing JSON/HTML
2019-08-07 23:59:02 -06:00
28df6cedfe tls: Use IANA-standard cipher suite names 2019-07-18 09:52:43 -06:00
dd6aa91d72 Fix DNS provider module unmarshaling (closes #2676) 2019-07-18 09:15:23 -06:00
b44a22a9d4 Performance improvements to Replacer implementation (placeholders) (#2674)
Closes #2673
2019-07-16 12:27:11 -06:00