github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-06-04 19:24:42 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,902 Commits 31 Branches 145 Tags
1f4a6fa7e7d60bbcd9e29ca35072a76d61cf84c3
Commit Graph

1902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mohammed Al Sahaf
1f4a6fa7e7 ci: fix the integration test TestLeafCertLoaders (#6149) 2024-03-06 02:09:13 +03:00
Francis Lavoie
5ed8689629 vars: Allow overriding http.auth.user.id in replacer as a special case (#6108) 2024-03-05 22:25:38 +00:00
Aziz Rmadi
3ae07a73dc caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) 
* Made trusted leaf certificates pluggable into the tls.client_auth.leaf
module

* Added leaf loaders modules: file, folder, pem aand storage

* Cleaned implementation of leaf cert loader modules

* Added tests for leaf certs file and folder loaders

* cmd: fix the output of the `Usage` section (#6138)

* core: OnExit hooks (#6128)

* core: OnExit callbacks

* core: Process-global OnExit callbacks

* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added more leaf certificate loaders tests and cleaned up code

* Modified leaf cert loaders json field names and cleaned up storage loader comment

* Update modules/caddytls/leaffileloader.go

* Update LeafStorageLoader certificates field name

* Upgraded  protobuf version

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 14:55:37 -07:00
Francis Lavoie
e473ae6803 cmd: Adjust config load logs/errors (#6032) 
* cmd: Adjust config load logs/errors

* Update cmd/main.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-03-05 19:26:30 +00:00
Matt Holt
72ce78d9af reverseproxy: SRV dynamic upstream failover (#5832) 
* Implement grace period, but probably needs sync

* Update cached freshness value

* D'oh, actually use the grace period

* Fix freshness math
 2024-03-05 12:08:31 -07:00
dependabot[bot]
8f8204708a ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-02 02:38:57 +03:00
Matt Holt
46c5db92da core: OnExit hooks (#6128) 
* core: OnExit callbacks

* core: Process-global OnExit callbacks
 2024-03-01 09:57:05 -07:00
Mohammed Al Sahaf
de4959fe7b cmd: fix the output of the Usage section (#6138) 2024-03-01 19:00:29 +03:00
Mohammed Al Sahaf
03f703a00e caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) 
* caddytls: verifier: caddyfile: re-add Caddyfile support

* appease the linter

* caddytls: client_auth: verifier: change namespace to `tls.client_auth.verifier`
 2024-02-26 00:13:48 +03:00
Mohammed Al Sahaf
931656bd68 acmeserver: add policy field to define allow/deny rules (#5796) 
* acmeserver: support specifying the allowed challenge types

* add caddyfile adapt tests

* acmeserver: add `policy` field to define allow/deny rules

* allow `omitempty` to work

* add caddyfile support for `policy`

* remove "uri domain" policy

* fmt the files

* add docs

* do not support `CommonName`; the field is deprecated

* r/DNSDomains/Domains/g

* Caddyfile docs

* add tests

* move `Policy` to top of file
 2024-02-24 02:26:00 +03:00
Sam Ottenhoff
da6a569e85 reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) 
* reverseproxy: cookie should be Secure and SameSite=None when TLS

* Update modules/caddyhttp/reverseproxy/selectionpolicies_test.go

Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>

---------

Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>
 2024-02-23 12:45:58 -07:00
Francis Lavoie
4512be49a9 caddytest: Rename adapt tests to *.caddyfiletest extension (#6119) 2024-02-21 00:37:40 +00:00
José Carlos Chávez
f8143a3af1 tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) 2024-02-20 22:04:14 +00:00
bbaa
8bbf8ec629 caddyfile: Assert having a space after heredoc marker to simply check (#6117) 2024-02-20 12:29:20 +00:00
Francis Lavoie
4284e39a17 chore: Update Chroma to get the new Caddyfile lexer (#6118) 2024-02-20 06:23:39 -05:00
WeidiDeng
53f7035299 reverseproxy: use context.WithoutCancel (#6116) 2024-02-19 20:25:02 -07:00
Aziz Rmadi
b893c8c5f8 caddyfile: Reject directives in the place of site addresses (#6104) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-02-19 00:22:48 +00:00
Matt Holt
127788807f caddyhttp: Register post-shutdown callbacks (#5948) 2024-02-14 21:21:23 -07:00
Francis Lavoie
2c48dda109 caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) 2024-02-13 13:45:38 -05:00
Francis Lavoie
30d63648f5 caddyauth: Drop support for scrypt (#6091) 2024-02-12 19:33:54 +00:00
Mohammed Al Sahaf
21744b6c4c Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) 
This reverts commit e7a534d0a311d9fa75b5981879c755281c4c9fba.
 2024-02-12 18:06:22 +00:00
Francis Lavoie
f9e11158bc caddyauth: Rename basicauth to basic_auth (#6092) 2024-02-12 17:34:23 +00:00
Francis Lavoie
91ec75441a logging: Inline Caddyfile syntax for ip_mask filter (#6094) 2024-02-12 17:15:35 +00:00
Francis Lavoie
e7a534d0a3 caddyfile: Reject long heredoc markers (#6098) 
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
 2024-02-11 13:30:14 -05:00
Francis Lavoie
c78ebb3d6a chore: Rename CI jobs, run on M1 mac (#6089) 
* Try macos-14 for fun

* Decouple OS names and VM names

* Shorten `cross-build-test` to `build`
 2024-02-09 15:31:26 -07:00
Kévin Dunglas
a6d9f9be5b Merge pull request #6081 from dunglas/fix/encode-match 2024-02-09 09:41:44 +01:00
Kévin Dunglas
2348ac897a update comment 2024-02-09 09:35:55 +01:00
Kévin Dunglas
d3f23a8eeb improved list 2024-02-09 09:35:55 +01:00
Kévin Dunglas
60abd72c7a fix: add back text/* 2024-02-09 09:35:55 +01:00
Kévin Dunglas
b8f729b88f fix: add more media types to the compressed by default list 2024-02-09 09:35:55 +01:00
Mohammed Al Sahaf
e1aa862e6a acmeserver: support specifying the allowed challenge types (#5794) 
* acmeserver: support specifying the allowed challenge types

* add caddyfile adapt tests

* introduce basic acme_server test

* skip acme test on unsuitable environments

* skip integration tests of ACME

* documentation

* add negative-scenario test for mismatched allowed challenges

* a bit more docs

* fix tests for ACME challenges

* appease the linter

* skip ACME tests on s390x

* enable ACME challenge tests on all machines

* Apply suggestions from code review

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-02-08 11:42:03 +03:00
Francis Lavoie
8c2a72ad07 matchers: Drop forwarded option from remote_ip matcher (#6085) 2024-02-07 10:09:29 -05:00
Francis Lavoie
bde46211e3 caddyhttp: Test cases for %2F and %252F (#6084) 2024-02-07 05:13:17 -05:00
WeidiDeng
bc1e63198d bump to golang 1.22 (#6083) 2024-02-07 02:13:58 -05:00
Aziz Rmadi
feb07a7b59 fileserver: Browse can show symlink target if enabled (#5973) 
* Added optional subdirective to browse allowing to reveal symlink paths.

* Update modules/caddyhttp/fileserver/browsetplcontext.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-02-06 04:31:26 +00:00
Aziz Rmadi
a7479302fc core: Support NO_COLOR env var to disable log coloring (#6078) 2024-02-01 19:12:42 -07:00
dependabot[bot]
223f314331 build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) 
Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) from 2 to 3.
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3)

---
updated-dependencies:
- dependency-name: peter-evans/repository-dispatch
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 18:34:40 -05:00
Matthew Holt
1919c08ecc Update comment in setcap helper script 2024-01-31 12:59:26 -07:00
Matt Holt
57c5b921a4 caddytls: Make on-demand 'ask' permission modular (#6055) 
* caddytls: Make on-demand 'ask' permission modular

This makes the 'ask' endpoint a module, which means that developers can
write custom plugins for granting permission for on-demand certificates.

Kicking myself that we didn't do it this way at the beginning, but who coulda known...

* Lint

* Error on conflicting config

* Fix bad merge

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-01-30 16:11:29 -07:00
Francis Lavoie
e1b9a9d7b0 core: Add ctx.Slogger() which returns an slog logger (#5945) 2024-01-25 12:31:15 -07:00
Marten Seemann
697cc593a1 chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
 2024-01-25 13:58:19 -05:00
Yolan Romailler
2fe69a828f chore: enabling a few more linters (#5961) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-01-25 15:24:58 +00:00
bbaa
c369df5c37 caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) 2024-01-25 14:55:00 +00:00
bbaa
7c48b5fdbb caddyfile: Switch to slices.Equal for better performance (#6061) 2024-01-25 14:46:08 +00:00
Mohammed Al Sahaf
e965b111cd tls: modularize trusted CA providers (#5784) 
* tls: modularize client authentication trusted CA

* add `omitempty` to `CARaw`

* docs

* initial caddyfile support

* revert anything related to leaf cert validation

The certs are used differently than the CA pool flow

* complete caddyfile unmarshalling implementation

* Caddyfile syntax documentation

* enhance caddyfile parsing and documentation

Apply suggestions from code review

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* add client_auth caddyfile tests

* add caddyfile unmarshalling tests

* fix and add missed adapt tests

* fix rebase issue

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-01-25 11:44:41 +03:00
Francis Lavoie
b9c40e7111 logging: Automatic wrap default for filter encoder (#5980) 
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
 2024-01-25 04:00:22 +00:00
Francis Lavoie
f5344f8cad caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) 2024-01-24 00:45:50 +00:00
Francis Lavoie
750d0b8331 caddyfile: Normalize & flatten all unmarshalers (#6037) 2024-01-23 19:36:59 -05:00
Mohammed Al Sahaf
54823f52bc cmd: reverseproxy: log: use caddy logger (#6042) 2024-01-23 10:52:02 -07:00
Aziz Rmadi
ed7e3c906a matchers: query now ANDs multiple keys (#6054) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2024-01-22 02:36:44 +00:00