pool/caddy
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
caddy/caddy.changes

1267 lines
68 KiB
Plaintext
Raw Normal View History

Update to version 2.9.1 OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=56
2025-03-03 08:19:35 +00:00
-------------------------------------------------------------------
Sun Jan 12 17:06:12 UTC 2025 - eric.torres@its-et.me
- Update to version 2.9.1:
* go.mod: UPgrade CertMagic to 0.21.6 (fix ARI handshake maintenance)
* header: `match` subdirective for response matching (#6765)
* log: Only chmod if permission bits differ; make log dir (#6761)
* fix: disable h3 for unix domain socket (#6769)
* reverseproxy: buffer requests for fastcgi by default (#6759)
* core: Only initiate exit once (should fix #6707)
-------------------------------------------------------------------
Sun Jan 12 17:05:17 UTC 2025 - eric.torres@its-et.me
- Update to version 2.9.0:
* go.mod: Upgrade CertMagic to v0.21.5
* testing: sort force-automated hosts (#6756)
* httpcaddyfile: Implement experimental `force_automate` option (#6712)
* encode: try to use sendfile when compression is not used (#6749)
* caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629)
* go.mod: Upgrade ACMEz to v3; and upgrade CertMagic
* cmd: Disable go1.23 tlskyber=1 experiment
* Update SECURITY.md
* fastcgi: check for CONTENT_LENGTH when sending requests (#6661)
* reverseproxy: Set Content-Length when body is fully buffered (#6638)
* core: Change ListenerFunc signature (#6651)
* reverseproxy: Only handle websocket protocol (#6740)
* encode: write status immediate for success response for CONNECT requests (#6738)
* encode: good defaults (#6737)
* fileserver: add a test for precompressed defaults (#6743)
* fileserver: good default for precompressed (#6736)
* chore: fix some typo in HTTPLoader comment (#6735)
* reverseproxy: Rewrite requests and responses for websocket over http2 (#6567)
* chore: bump golang.org/x/net to v0.32.0 (#6728)
* fileserver: Fix policy `Validate()` oversight (#6727)
* cmd: Reject multiple configs for fmt command (#6717)
* fileserver: Add `first_exist_fallback` strategy for `try_files` (#6699)
* caddyhttp: Add `{?query}` placeholder (#6714)
* ci: prevent jobs running on PRs from forks (#6720)
* go.mod: Upgrade quic-go to 0.48.2
* metrics: add `go` and `process` collectors (#6704)
* requestbody: Type-based error handling for `MaxBytesError` (#6701)
* fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
* caddyhttp: Set default ReadHeaderTimeout (1 min)
* cmd: ignore missing keys during storage export (#6697)
* chore: make FastAbs comment more easy to understand (#6692)
* chore: Add `provides` to `.deb` releases (#6691)
* core: Implement FastAbs to avoid repeated os.Getwd calls (#6687)
* reverseproxy: Revert #4952 - don't ignore context cancellation in stream mode
* httpcaddyfile: Implement log `sampling` config (#6682)
* reverseproxy: Allow `0` as weights for `weighted_round_robin` (#6681)
* ci: use commit sha in goreleaser-check (#6677)
* go.mod: Update certmagic
* caddytls: Allow disabling storage cleaning, avoids writing two files (#6593)
* rewrite: Don't add / in Caddyfile, do it after replacer (#6662)
* fileserver: Add `file_limit` option for browse (to be experimental) (#6648)
* go.mod: upgrade only some otel deps (#6676)
* caddyhttp: Add `MatchWithError` to replace SetVar hack (#6596)
* Fix tests
* forwardauth: Skip copying missing response headers (#6608)
* go.mod: Update dependencies
* events: Use `WithLazy` to prevent eager serialization of the event data (#6671)
* fileserver: Fix Caddyfile parsing
* httpcaddyfile: Fixes for `prefer_wildcard` mode (#6636)
* cmd: Allow `add-package` to select version of package (#6665)
* chore: compile without nosql's support for Postgres and MySQL (#6655)
* chore: Bump quic-go to 0.48.1, fixing a panic (#6654)
* reverseproxy: Sync changes from stdlib for 1xx handling (#6656)
* reverseproxy: Fix log message
* tracing: Add `spanID` field to access logs and `http.vars.span_id` placeholder (#6646)
* core: addresses.go funcs renames (#6622)
* chore: fix some function names in comment (#6650)
* fileserver: fix try_policy when instantiating file matcher from CEL (#6624)
* sigtrap: always ignore SIGPIPE (#6645)
* metrics: move `metrics` up, outside `servers` (#6606)
* caddyhttp: Close http3 server gracefully (#6213)
* chore: update quic-go to v0.48.0 (#6627)
* reverseproxy: Use correct cases for websocket related headers (#6621)
* caddyfile: Fix comma edgecase in address parsing (#6616)
* docs: expand proxy protocol docs (#6620)
* tests: fix caddyfile adapt warnings (#6619)
* caddytls: Drop `rate_limit` and `burst`, has been deprecated (#6611)
* caddyhttp: Use internal issuer for IPs when no APs configured
* go.mod: Upgrade some dependencies
* ci: install xcaddy to fix release flow (#6602)
* metrics: scope metrics to active config, add optional per-host metrics (#6531)
* caddyhttp: Implement `auto_https prefer_wildcard` option (#6146)
* caddyhttp: Escaping placeholders in CEL, add `vars` and `vars_regexp` (#6594)
* cmd: Better error handling when reloading (#6601)
* caddytls: Support new tls.context module (#6369)
* http: ReponseWriter prefer ReadFrom if available (#6565)
* chore: Adjust incorrect `reverse_proxy` Caddyfile comment (#6598)
* caddyhttp: Fix listener wrapper regression from #6573 (#6599)
* core: Implement socket activation listeners (#6573)
* doc: remove docs of deprecated directives (#6566)
* caddyhttp: Optimize logs using zap's WithLazy() (#6590)
* chore: Use slices package where possible (#6585)
* caddytls: Give a better error message when given encrypted private keys (#6591)
* caddyhttp: enable qlog, controlled by QLOGDIR env (#6581)
* update quic-go to v0.47.0 (#6582)
* ci: update the linter action version (#6575)
* perf: use zap's Check() to prevent useless allocs (#6560)
* rewrite: Avoid panic on bad arg count for `uri` (#6571)
* caddytls: Add sni_regexp matcher (#6569)
* caddyhttp: Make route provisioning idempotent (#6558)
* reverse_proxy: add placeholder http.reverse_proxy.retries (#6553)
* fileserver: browse: Configurable default sort (#6502)
* rewrite: Only serialize request if necessary (#6541)
* ci: prepare syso files for windows embedding in release (#6406)
* tls: use Go default kex for the moment that include PQC (#6542)
* ci: build and test with Go 1.23 (#6526)
* reverseproxy: allow user to define source address (#6504)
* caddyhttp: run `error` (msg) through replacer (#6536)
* chore: Fix a typo (#6534)
* cmd: Use a factory to create the caddy root command (#6533)
* reverseproxy: Change errors writing the response to warning. (#6532)
* reverseproxy: Active health checks request body option (#6520)
* ci: don't exit early on error in remote CI machine (#6519)
* cmd: ignore exec.ErrDot when starting caddy in background (#6512)
* Move PrivateRangesCIDR() back: add a pass-through function (#6514)
* matchers: fix a regression in #6480 (#6510)
* reverseproxy: Disable keep alive for h2c requests (#6343)
* go.mod: update update golang/x/net (#6500)
* replacer: `{file.*}` global placeholder strips trailing newline (#6411)
* caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480)
* go.mod: update quic-go package (#6498)
* browse: Customizable default sort options (#6468)
* proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485)
* encode: flush already compressed data from the encoder (#6471)
* chore: update golangci config (#6479)
* caddytls: Caddyfile support for TLS conn and cert sel policies (#6462)
* caddytls: Caddyfile support for TLS handshake matchers (#6461)
* ci: correct `-tags nobadger` on binary build (#6470)
* reverseproxy: Fix panic when using header-related flags (fix #6464)
* reverseproxy: add health_upstream subdirective (#6451)
* reverseproxy: Caddyfile support for health_method (#6454)
* reverseproxy: Configurable method for active health checks (#6453)
* reverseproxy: Add placeholder for networkAddr in active health check headers (#6450)
* fixed bug in resolving ip version in dynamic upstreams (#6448)
* browse: Exclude symlink target size from total, show arrow on size (#6412)
* browse: fix Content-Security-Policy warnings in Firefox (#6443)
* browse: add Content-Security-Policy w/ nonce (#6425)
* reverseproxy: Add placeholder for host in active health check headers (#6440)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying (#6427)
* encode: Don't compress already-compressed fonts (#6432)
* reverseproxy: Only log host is up status on change (fixes #6415) (#6419)
* intercept: fix http.intercept.header.* placeholder (#6429)
* reverseproxy: Wire up TLS options for H3 transport
* fileserver: Remove newline characters from precomputed etags (#6394)
* caddyhttp: Convert IDNs to ASCII when provisioning Host matcher
* reverseproxy: add Max-Age option to sticky cookie (#6398)
* caddyfile: Pass blocks to `import` for snippets (#6130)
* logging: set file mode when the file already exist (#6391)
* logging: Customizable zap cores (#6381)
* go.mod: update tscert package (#6384)
* logging: fix file mode configuration parsing (#6383)
* caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380)
* core: Split `run` into a public `ProvisionContext` and a private method (#6378)
* logging: Customize log file permissions (#6314)
* events: Getters for event info (close #6377)
* ci: add version key for .goreleaser.yml (#6376)
* cmd: remove zealous check of Caddyfile auto-detection (#6370)
* caddyhttp: Add test cases to corpus (#6374)
* Make it possible to configure the `DisableStorageCheck` setting for certmagic (#6368)
-------------------------------------------------------------------
Wed Jun 19 13:40:22 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Revert buildable-artifact change, fetch tarball with tar_scm
- Downgrade golang(API) version to match go.mod
- Override Caddy version during build time as suggested in caddy.go
-------------------------------------------------------------------
Fri Jun 14 10:21:50 UTC 2024 - Enrico Belleri <kilgore.trout@idesmi.eu>
- Add OBS manual service download_files
-------------------------------------------------------------------
Tue Jun 11 14:55:47 UTC 2024 - Enrico Belleri <kilgore.trout@idesmi.eu>
- Source Caddyfile and index.html from upstream
- Remove part of inaccurate description
- Package shell completion separately
- Generate shell completion during build
- Include manpages
- Remove compatibility with SLE-12
- Source buildable-artifact tar from github to embed version
information (https://github.com/golang/go/issues/29228)
- Check binary with version subcommand
- Raise golang(API) required version
-------------------------------------------------------------------
Sun Jun 02 14:15:59 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.8.4:
* cmd: fix regression in auto-detect of Caddyfile (#6362)
* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped
-------------------------------------------------------------------
Sun Jun 02 05:05:05 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.8.2:
* cmd: fix auto-detetction of .caddyfile extension (#6356)
* caddyhttp: properly sanitize requests for root path (#6360)
* caddytls: Implement certmagic.RenewalInfoGetter
* build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
-------------------------------------------------------------------
Thu May 30 16:17:13 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.8.1:
* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)
* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
-------------------------------------------------------------------
Tue May 28 00:06:54 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.8.0:
* acmeserver: Add `sign_with_root` for Caddyfile (#6345)
* caddyfile: Reject global request matchers earlier (#6339)
* core: Fix bug in AppIfConfigured (fix #6336)
* fix a typo (#6333)
* autohttps: Move log WARN to INFO, reduce confusion (#6185)
* reverseproxy: Support HTTP/3 transport to backend (#6312)
* context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)
* Fix lint error about deprecated method in smallstep/certificates/authority
* go.mod: Upgrade dependencies
* caddytls: fix permission requirement with AutomationPolicy (#6328)
* caddytls: remove ClientHelloSNICtxKey (#6326)
* caddyhttp: Trace individual middleware handlers (#6313)
* templates: Add `pathEscape` template function and use it in file browser (#6278)
* caddytls: set server name in context (#6324)
* chore: downgrade minimum Go version in go.mod (#6318)
* caddytest: normalize the JSON config (#6316)
* caddyhttp: New experimental handler for intercepting responses (#6232)
* httpcaddyfile: Set challenge ports when http_port or https_port are used
* logging: Add support for additional logger filters other than hostname (#6082)
* caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)
* Second half of 6dce493
* caddyhttp: Alter log message when request is unhandled (close #5182)
* chore: Bump Go version in CI (#6310)
* go.mod: go 1.22.3
* Fix typos (#6311)
* reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)
* tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)
* go.mod: CertMagic v0.21.0
* reverseproxy: Implement health_follow_redirects (#6302)
* caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)
* go.mod: Upgrade to quic-go v0.43.1
* reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)
* caddytls: Ability to drop connections (close #6294)
* build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)
* httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)
* caddytls: Evict internal certs from cache based on issuer (#6266)
* chore: add warn logs when using deprecated fields (#6276)
* caddyhttp: Fix linter warning about deprecation
* go.mod: Upgrade to quic-go v0.43.0
* fileserver: Set "Vary: Accept-Encoding" header (see #5849)
* events: Add debug log
* reverseproxy: handle buffered data during hijack (#6274)
* ci: remove `android` and `plan9` from cross-build workflow (#6268)
* run `golangci-lint run --fix --fast` (#6270)
* caddytls: Option to configure certificate lifetime (#6253)
* replacer: Implement `file.*` global replacements (#5463)
* caddyhttp: Address some Go 1.20 features (#6252)
* Quell linter (false positive)
* reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)
* doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)
* caddytls: Add Caddyfile support for on-demand permission module (close #6260)
* reverseproxy: Remove long-deprecated buffering properties
* reverseproxy: Reuse buffered request body even if partially drained
* reverseproxy: Accept EOF when buffering
* logging: Fix default access logger (#6251)
* fileserver: Improve Vary handling (#5849)
* cmd: Only validate config is proper JSON if config slice has data (#6250)
* staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)
* encode: Slight fix for the previous commit
* encode: Improve Etag handling (fix #5849)
* httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)
* caddyfile: Populate regexp matcher names by default (#6145)
* caddyhttp: record num. bytes read when response writer is hijacked (#6173)
* caddyhttp: Support multiple logger names per host (#6088)
* chore: fix some typos in comments (#6243)
* encode: Configurable compression level for zstd (#6140)
* caddytls: Remove shim code supporting deprecated lego-dns (#6231)
* connection policy: add `local_ip` matcher (#6074)
* reverseproxy: Wait for both ends of websocket to close (#6175)
* caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
* caddytls: Still provision permission module if ask is specified
* fileserver: read etags from precomputed files (#6222)
* fileserver: Escape # and ? in img src (fix #6237)
* reverseproxy: Implement modular CA provider for TLS transport (#6065)
* caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)
* cmd: Fix panic related to config filename (fix #5919)
* cmd: Assume Caddyfile based on filename prefix and suffix (#5919)
* admin: Make `Etag` a header, not a trailer (#6208)
* caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)
* caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)
* gitignore: Add rule for caddyfile.go (#6225)
* chore: Fix broken links in README.md (#6223)
* chore: Upgrade some dependencies (#6221)
* caddyhttp: Add plaintext response to `file_server browse` (#6093)
* admin: Use xxhash for etag (#6207)
* modules: fix some typo in conments (#6206)
* caddyhttp: Replace sensitive headers with REDACTED (close #5669)
* caddyhttp: close quic connections when server closes (#6202)
* reverseproxy: Use xxhash instead of fnv32 for LB (#6203)
* caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
* chore: upgrade deps (#6198)
* chore: remove repetitive word (#6193)
* Added a null check to avoid segfault on rewrite query ops (#6191)
* rewrite: `uri query` replace operation (#6165)
* logging: support `ms` duration format and add docs (#6187)
* replacer: use RWMutex to protect static provider (#6184)
* caddyhttp: Allow `header` replacement with empty string (#6163)
* vars: Make nil values act as empty string instead of `"<nil>"` (#6174)
* chore: Update quic-go to v0.42.0 (#6176)
* caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)
* reverseproxy: configurable active health_passes and health_fails (#6154)
* reverseproxy: Configurable forward proxy URL (#6114)
* caddyhttp: upgrade to cel v0.20.0 (#6161)
* chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169)
* caddyhttp: suppress flushing if the response is being buffered (#6150)
* chore: encode: use FlushError instead of Flush (#6168)
* encode: write status immediately when status code is informational (#6164)
* httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153)
* httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865)
* rewrite: Implement `uri query` operations (#6120)
* fix struct names (#6151)
* fileserver: Preserve query during canonicalization redirect (#6109)
* logging: Implement `log_append` handler (#6066)
* httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)
* logging: Implement `append` encoder, allow flatter filters config (#6069)
* ci: fix the integration test `TestLeafCertLoaders` (#6149)
* vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108)
* caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)
* cmd: Adjust config load logs/errors (#6032)
* reverseproxy: SRV dynamic upstream failover (#5832)
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
* core: OnExit hooks (#6128)
* cmd: fix the output of the `Usage` section (#6138)
* caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)
* acmeserver: add policy field to define allow/deny rules (#5796)
* reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)
* caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119)
* tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103)
* caddyfile: Assert having a space after heredoc marker to simply check (#6117)
* chore: Update Chroma to get the new Caddyfile lexer (#6118)
* reverseproxy: use context.WithoutCancel (#6116)
* caddyfile: Reject directives in the place of site addresses (#6104)
* caddyhttp: Register post-shutdown callbacks (#5948)
* caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)
* caddyauth: Drop support for `scrypt` (#6091)
* Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100)
* caddyauth: Rename `basicauth` to `basic_auth` (#6092)
* logging: Inline Caddyfile syntax for `ip_mask` filter (#6094)
* caddyfile: Reject long heredoc markers (#6098)
* chore: Rename CI jobs, run on M1 mac (#6089)
* update comment
* improved list
* fix: add back text/*
* fix: add more media types to the compressed by default list
* acmeserver: support specifying the allowed challenge types (#5794)
* matchers: Drop `forwarded` option from `remote_ip` matcher (#6085)
* caddyhttp: Test cases for `%2F` and `%252F` (#6084)
* bump to golang 1.22 (#6083)
* fileserver: Browse can show symlink target if enabled (#5973)
* core: Support NO_COLOR env var to disable log coloring (#6078)
* build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)
* Update comment in setcap helper script
* caddytls: Make on-demand 'ask' permission modular (#6055)
* core: Add `ctx.Slogger()` which returns an `slog` logger (#5945)
* chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043)
* chore: enabling a few more linters (#5961)
* caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)
* caddyfile: Switch to slices.Equal for better performance (#6061)
* tls: modularize trusted CA providers (#5784)
* logging: Automatic `wrap` default for `filter` encoder (#5980)
* caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)
* caddyfile: Normalize & flatten all unmarshalers (#6037)
* cmd: reverseproxy: log: use caddy logger (#6042)
* matchers: `query` now ANDs multiple keys (#6054)
* caddyfile: Add heredoc support to `fmt` command (#6056)
* refactor: move automaxprocs init in caddycmd.Main()
* caddyfile: Allow heredoc blank lines (#6051)
* httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965)
* httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
* fileserver: Implement caddyfile.Unmarshaler interface (#5850)
* reverseproxy: Add `tls_curves` option to HTTP transport (#5851)
* caddyhttp: Security enhancements for client IP parsing (#5805)
* replacer: Fix escaped closing braces (#5995)
* filesystem: Globally declared filesystems, `fs` directive (#5833)
* ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031)
* httpcaddyfile: Fix redir <to> html (#6001)
* httpcaddyfile: Support client auth verifiers (#6022)
* tls: add reuse_private_keys (#6025)
* reverseproxy: Only change Content-Length when full request is buffered (#5830)
* Switch Solaris-derivatives away from listen_unix (#6021)
* build(deps): bump actions/upload-artifact from 3 to 4 (#6013)
* build(deps): bump actions/setup-go from 4 to 5 (#6012)
* chore: check against errors of `io/fs` instead of `os` (#6011)
* caddyhttp: support unix sockets in `caddy respond` command (#6010)
* fileserver: Add total file size to directory listing (#6003)
* httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
* build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)
* cmd: use automaxprocs for better perf in containers (#5711)
* logging: Add `zap.Option` support (#5944)
* httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)
* metrics: Record request metrics on HTTP errors (#5979)
* go.mod: Updated quic-go to v0.40.1 (#5983)
* fileserver: Enable compression for command by default (#5855)
* fileserver: New --precompressed flag (#5880)
* caddyhttp: Add `uuid` to access logs when used (#5859)
* proxyprotocol: use github.com/pires/go-proxyproto (#5915)
* cmd: Preserve LastModified date when exporting storage (#5968)
* core: Always make AppDataDir for InstanceID (#5976)
* chore: cross-build for AIX (#5971)
* caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Context to DecisionFunc (#5923)
* tls: accept placeholders in string values of certificate loaders (#5963)
* templates: Offically make templates extensible (#5939)
* http2 uses new round-robin scheduler (#5946)
* panic when reading from backend failed to propagate stream error (#5952)
* chore: Bump otel to v1.21.0. (#5949)
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
* fileserver: Add .m4v for browse template icon
* Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924)
* go.mod: update quic-go version to v0.40.0 (#5922)
* update quic-go to v0.39.3 (#5918)
* chore: Fix usage pool comment (#5916)
* test: acmeserver: add smoke test for the ACME server directory (#5914)
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
* go.mod: Upgrade quic-go to v0.39.1
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
* httpcaddyfile: Remove port from logger names (#5881)
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* cmd: Add newline character to version string in CLI output (#5895)
* core: quic listener will manage the underlying socket by itself (#5749)
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
* cmd: upgrade: resolve symlink of the executable (#5891)
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
- Packaging improvements:
* Update to BuildRequires: golang(API) >= 1.21 matching go.mod
- CVEs:
* CVE-2024-22189 (bsc#1222468)
* CVE-2023-45142
-------------------------------------------------------------------
Sun Mar 31 12:39:10 UTC 2024 - Bernhard Wiedemann <bwiedemann@suse.com>
- Fix --no-check build
-------------------------------------------------------------------
Tue Feb 6 13:22:22 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Packaging improvements:
* Remove define github project name components no longer needed
* Remove define gname and uname for user and group creation, use
package name macro with identical value
* Drop BuildRequires: golang-packaging. The original macros for
file movements into GOPATH are obsolete with Go modules. Macro
go_nostrip is no longer needed with current binutils and Go.
* Use autosetup -a 1 to unpack source and vendored dependencies
* Drop export CGO_ENABLED="0". Use the default unless there is a
defined requirement or benefit.
* Build PIE with pattern that may become recommended procedure:
%%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build
A go toolchain buildmode default config would be preferable
but none exist at this time.
* Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
* Remove ldflags -s (Omit symbol table and debug info) and -w
(Omit DWARF symbol table). This information is used to produce
separate debuginfo packages and binaries are stripped for
reduced size by GNU strip during RPM build.
* Add basic %check to execute binary --help
-------------------------------------------------------------------
Tue Feb 6 08:23:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop deprecated go_provides macro: even though it tries to guard
on suse_version <= 1110, it has entirely disarms the dep scanner.
- Remove the manual user/group provides: the package uses
sysusers.d; the auto-provides were not working due to the broken
go_provides.
-------------------------------------------------------------------
Mon Feb 5 13:40:52 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Provide user and group (due to RPM 4.19)
- Update caddy.sysusers to also create a group
-------------------------------------------------------------------
Fri Dec 08 02:07:42 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.7.6:
* caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Context to DecisionFunc (#5923)
* tls: accept placeholders in string values of certificate loaders (#5963)
* templates: Offically make templates extensible (#5939)
* http2 uses new round-robin scheduler (#5946)
* panic when reading from backend failed to propagate stream error (#5952)
* chore: Bump otel to v1.21.0. (#5949)
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
* fileserver: Add .m4v for browse template icon
* Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924)
* go.mod: update quic-go version to v0.40.0 (#5922)
* update quic-go to v0.39.3 (#5918)
* chore: Fix usage pool comment (#5916)
* test: acmeserver: add smoke test for the ACME server directory (#5914)
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
* go.mod: Upgrade quic-go to v0.39.1
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
* httpcaddyfile: Remove port from logger names (#5881)
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* cmd: Add newline character to version string in CLI output (#5895)
* core: quic listener will manage the underlying socket by itself (#5749)
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
* cmd: upgrade: resolve symlink of the executable (#5891)
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
-------------------------------------------------------------------
Fri Oct 13 20:05:08 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 2.7.5:
* admin: Respond with 4xx on non-existing config path (#5870)
* ci: Force the Go version for govulncheck (#5879)
* fileserver: Set canonical URL on browse template (#5867)
* tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)
* reverseproxy: Add more debug logs (#5793)
* reverseproxy: Fix `least_conn` policy regression (#5862)
* reverseproxy: Add logging for dynamic A upstreams (#5857)
* reverseproxy: Replace health header placeholders (#5861)
* httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
* cmd: Fix exiting with custom status code, add `caddy -v` (#5874)
* reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)
* reverseproxy: Fix retries on "upstreams unavailable" error (#5841)
* httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808)
* encode: Add `application/wasm*` to the default content types (#5869)
* fileserver: Add command shortcuts `-l` and `-a` (#5854)
* go.mod: Upgrade dependencies incl. x/net/http
* templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845)
* reverseproxy: Allow fallthrough for response handlers without routes (#5780)
* fix: caddytest.AssertResponseCode error message (#5853)
* build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
* build(deps): bump actions/checkout from 3 to 4 (#5846)
* caddyhttp: Use LimitedReader for HTTPRedirectListener
* fileserver: browse template SVG icons and UI tweaks (#5812)
* reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)
* httpcaddyfile: fix placeholder shorthands in named routes (#5791)
* cmd: Prevent overwriting existing env vars with `--envfile` (#5803)
* ci: Run govulncheck (#5790)
* logging: query filter for array of strings (#5779)
* logging: Clone array on log filters, prevent side-effects (#5786)
* fileserver: Export BrowseTemplate
* ci: ensure short-sha is exported correctly on all platforms (#5781)
* caddyfile: Fix case where heredoc marker is empty after newline (#5769)
* go.mod: Update quic-go to v0.38.0 (#5772)
* chore: Appease gosec linter (#5777)
* replacer: change timezone to UTC for "time.now.http" placeholders (#5774)
* caddyfile: Adjust error formatting (#5765)
* update quic-go to v0.37.6 (#5767)
* httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)
* caddyfile: Loosen heredoc parsing (#5761)
* fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751)
* fix package typo (#5764)
-------------------------------------------------------------------
Thu Sep 21 14:20:37 UTC 2023 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Switch to sysuser for user setup
-------------------------------------------------------------------
Thu Aug 17 22:55:36 UTC 2023 - jkowalczyk@suse.com
- Update to version 2.7.4:
* go.mod: Upgrade CertMagic and quic-go
* reverseproxy: Always return new upstreams (fix #5736) (#5752)
* ci: use gci linter (#5708)
* fileserver: Slightly more fitting icons
* cmd: Require config for caddy validate (fix #5612) (#5614)
* Fix tests
* caddytls: Update docs for on-demand config
* fileserver: Don't repeat error for invalid method inside error context (#5705)
* ci: Update to Go 1.21 (#5719)
* ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720)
* go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)
* ci: Use gofumpt to format code (#5707)
* templates: Fix httpInclude (fix #5698)
-------------------------------------------------------------------
Thu Aug 17 22:54:37 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Use _service mode manual as better alias name than disabled
* osc reports service mode disabled as obsolete
-------------------------------------------------------------------
Sun Aug 06 01:06:42 UTC 2023 - jkowalczyk@suse.com
- Update to version 2.7.3:
* go.mod: Upgrade to quic-go v0.37.3
* cmd: Split unix sockets for admin endpoint addresses (#5696)
* reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)
* caddyfile: check that matched key is not a substring of the replacement key (#5685)
* chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691)
* go.mod: Upgrade quic-go to v0.37.2 (fix #5680)
* fileserver: browse: Render SVG images in grid
-------------------------------------------------------------------
Fri Aug 04 19:12:07 UTC 2023 - elimat@opensuse.org
- Update to version 2.7.2:
* reverseproxy: Fix hijack ordering which broke websockets (#5679)
* httpcaddyfile: Fix `string does not match ~[]E` error (#5675)
* encode: Fix infinite recursion (#5672)
* caddyhttp: Make use of `http.ResponseController` (#5654)
* go.mod: Upgrade dependencies esp. smallstep/certificates
* core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)
* httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643)
* reverseproxy: Connection termination cleanup (#5663)
* go.mod: Use quic-go 0.37.1
* reverseproxy: Export ipVersions type (#5648)
* go.mod: Use latest CertMagic (v0.19.1)
* caddyhttp: Preserve original error (fix #5652)
* fileserver: add lazy image loading (#5646)
* go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
* core: Refine mutex during reloads (fix #5628) (#5645)
* go.mod: update quic-go to v0.36.2 (#5636)
* fileserver: Tweak grid view of browse template
* fileserver: add `export-template` sub-command to `file-server` (#5630)
* caddyfile: Fix comparing if two tokens are on the same line (#5626)
* caddytls: Reuse certificate cache through reloads (#5623)
* Minor tweaks to security.md
* reverseproxy: Pointer receiver
* caddyhttp: Trim dot/space only on Windows (fix #5613)
* update quic-go to v0.36.1 (#5611)
* caddyconfig: Specify config adapter for HTTP loader (close #5607)
* core: Embed net.UDPConn to gain optimizations (#5606)
* chore: remove deprecated property `rlcp` in goreleaser config (#5608)
* core: Skip `chmod` for abstract unix sockets (#5596)
* core: Add optional unix socket file permissions (#4741)
* reverseproxy: Honor `tls_except_port` for active health checks (#5591)
* Appease linter
* Fix compile on Windows, hopefully
* core: Properly preserve unix sockets (fix #5568)
* go.mod: Upgrade CertMagic for hotfix
* go.mod: Upgrade some dependencies
* chore: upgrade otel (#5586)
* go.mod: Update quic-go to v0.36.0 (#5584)
* reverseproxy: weighted_round_robin load balancing policy (#5579)
* reverseproxy: Experimental streaming timeouts (#5567)
* chore: remove refs of deprecated io/ioutil (#5576)
* headers: Allow `>` to defer shortcut for replacements (#5574)
* caddyhttp: Support custom network for HTTP/3 (#5573)
* reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)
* fileserver: browse: Better grid layout (#5564)
* caddytls: Clarify some JSON config docs
* cmd: Implement storage import/export (#5532)
* go.mod: Upgrade quic-go to 0.35.1
* update quic-go to v0.35.0 (#5560)
* templates: Add `readFile` action that does not evaluate templates (#5553)
* caddyfile: Track import name instead of modifying filename (#5540)
* core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
* caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
* fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)
* fileserver: browse: minor tweaks for grid view, dark mode (#5545)
* fileserver: Only set Etag if not already set (fix #5546) (#5547)
* fileserver: Fix file browser breadcrumb font (#5543)
* caddyhttp: Fix h3 shutdown (#5541)
* fileserver: More filetypes for browse icons
* fileserver: Fix file browser footer in grid mode (#5536)
* cmd: Avoid spammy log messages (fix #5538)
* httpcaddyfile: Sort Caddyfile slice
* caddyhttp: Implement named routes, `invoke` directive (#5107)
* rewrite: use escaped path, fix #5278 (#5504)
* headers: Add > Caddyfile shortcut for enabling defer (#5535)
* go.mod: Upgrade several dependencies
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* fileserver: Use EscapedPath for browse (#5534)
* caddyhttp: Refactor cert Managers (fix #5415) (#5533)
* Slightly more helpful error message
* caddytls: Check for nil ALPN; close #5470 (#5473)
* cmd: Reduce spammy logs from --watch
* caddyhttp: Add a getter for Server.name (#5531)
* caddytls: Configurable fallback SNI (#5527)
* caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
* Add doc comment about changing admin endpoint
* feature: watch include directory (#5521)
* chore: remove deprecated linters (#5525)
* go.mod: Upgrade CertMagic again
* go.mod: Upgrade CertMagic
* reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
* reverseproxy: Fix active health check header canonicalization, refactor (#5446)
* reverseproxy: Add `fallback` for some policies, instead of always random (#5488)
* logging: Actually honor the SoftStart parameter
* logging: Soft start for net writer (close #5520)
* fastcgi: Fix `capture_stderr` (#5515)
* acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)
* go.mod: Update some dependencies
* logging: Add traceID field to access logs when tracing is active (#5507)
* caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)
* reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
* fix some comments (#5508)
* templates: Add `fileStat` function (#5497)
* caddyfile: Stricter parsing, error for brace on new line (#5505)
* core: Return default logger if no modules loaded
* celmatcher: Implement `pkix.Name` conversion to string (#5492)
* chore: Adjustments to CI caching (#5495)
* reverseproxy: Remove deprecated `lookup_srv` (#5396)
* cmd: Support `'` quotes in envfile parsing (#5437)
* Update contributing guidelines (#5466)
* caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
* reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)
* cmd: Create pidfile before config load (close #5477)
* fileserver: Add color-scheme meta tag (#5475)
* build(deps): bump actions/setup-go from 3 to 4 (#5474)
* proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)
* reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
* caddyhttp: Log request body bytes read (#5461)
* log: Make sink logs encodable (#5441)
* caddytls: Eval replacer on automation policy subjects (#5459)
* headers: Support deleting all headers as first op (#5464)
* replacer: Add HTTP time format (#5458)
* reverseproxy: Header up/down support for CLI command (#5460)
* caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
* caddytls: Zero out throttle window first (#5443)
* ci: add `--yes` to cosign arguments (#5440)
* reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
* caddytls: Allow on-demand w/o ask for internal-only
* caddytls: Require 'ask' endpoint for on-demand TLS
* fileserver: New file browse template (#5427)
* go.mod: Upgrade dependencies
* tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
* caddyhttp: Enable 0-RTT QUIC (#5425)
* encode: flush status code when hijacked. (#5419)
* fileserver: Remove trailing slash on fs filenames (#5417)
* core: Eliminate unnecessary shutdown delay on Unix (#5413)
* caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)
* context: Rename func to `AppIfConfigured` (#5397)
* reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)
* ci/cd: ship tarballs with vendored deps (#5403)
* caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
* caddyfile: Implement heredoc support (#5385)
* cmd: Expand cobra support, add short flags (#5379)
* ci: Update minimum Go version to 1.19
* go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
* reverseproxy: refactor HTTP transport layer (#5369)
* caddytls: Relax the warning for on-demand (#5384)
* cmd: Strict unmarshal for validate (#5383)
* caddyfile: Implement variadics for import args placeholders (#5249)
* cmd: make `caddy fmt` hints more clear (#5378)
* cmd: Adjust documentation for commands (#5377)
- BuildRequires: golang(API) >= 1.20 for guic-go bump
-------------------------------------------------------------------
Sun Apr 30 18:17:39 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Fix failing build on SLE-12 by defining _sharedstatedir /var/lib
on SLE-12 consistent with SLE-15, openSUSE and upstream RPM docs.
* SLE-12 _sharedstatedir was /usr/com, _localstatedir is /var as expected
* SLE-15+ _sharedstatedir is /var/lib, _localstatedir is /var
* _sharedstatedir used here as home directory for newly created user caddy
* If not redefined build fails with empty /usr/com not owned by any package
* Switch to useradd -d %{_sharedstatedir} from %{_localstatedir}/lib
The latter is common in Factory packages possibly for historical reasons,
opt for the less common option here for equivalence and clarity.
-------------------------------------------------------------------
Sat Apr 29 22:23:15 UTC 2023 - jkowalczyk@suse.com
- Update to version 2.6.4:
* go.mod: Upgrade acmez and x/net
* reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
-------------------------------------------------------------------
Thu Feb 09 10:19:47 UTC 2023 - alexandre.vicenzi@suse.com
- Update to version 2.6.3:
* New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally
* Unix sockets on Windows now supported as proxy upstreams
* Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written)
* The quic-go package has received significant optimizations and HTTP/3 should be more efficient now
* CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207)
-------------------------------------------------------------------
Thu Oct 13 19:10:18 UTC 2022 - jkowalczyk@suse.com
- Update to version 2.6.2:
* httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120)
* httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* fileserver: stop listing dir when request context is cancelled (#5131)
* replacer: working directory global placeholder (#5127)
* httpcaddyfile: Fix `metrics` global option parsing (#5126)
* caddyconfig: Implement retries into HTTPLoader (#5077)
* Fix typo in comment (#5121)
* logging: Fix `skip_hosts` with wildcards (#5102)
* caddytest: Revise sleep durations
* core: Set version manually via CustomVersion (#5072)
* forwardauth: Canonicalize header fields (fix #5038) (#5097)
* logging: Perform filtering on arrays of strings (where possible) (#5101)
* logging: Add `time_local` option to use local time instead of UTC (#5108)
* fileserver: Treat invalid file path as NotFound (#5099)
* logging: Better `console` encoder defaults (#5109)
* httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110)
* core: Chdir to executable location on Windows (#5115)
* ci: enhance the CI/CD flow (#5118)
* Fix inverted logic in Windows service detection (#5106)
* fileserver: better dark mode visited link contrast (#5105)
* go.mod: Upgrade select dependencies
* caddyhttp: Remote IP prefix placeholders
* map: Remove infinite recursion check (#5094)
* reverseproxy: Parse humanized byte size (fix #5095)
* admin: Use replacer on listen addresses (#5071)
* core: Fix ListenQUIC listener key conflict
* reverseproxy: On 103 don't delete own headers (#5091)
* caddyhttp: replace placeholders in map defaults (#5081)
* core: Refactor and improve listener logic (#5089)
* rewrite: Only trim prefix if matched
* reverseproxy: fix upstream scheme handling in command (#5088)
* ci: fix integration tests (#5079)
* headers: Support repeated WriteHeader if 1xx (fix #5074)
* fastcgi: Redirect using original URI path (fix #5073)
* ci: extend goreleaser timeout to 1-hour (#5067)
-------------------------------------------------------------------
Fri Sep 23 19:30:59 UTC 2022 - jkowalczyk@suse.com
- Update to version 2.6.1:
* core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063)
* encode: don't WriteHeader unless called (#5060)
* fileserver: Reinstate --debug flag
-------------------------------------------------------------------
Tue Sep 20 20:44:58 UTC 2022 - jkowalczyk@suse.com
- Update to version 2.6.0:
* httpcaddyfile: Fix `protocols` global option parsing (#5054)
* caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051)
* caddyhttp: Honor grace period in background (#5043)
* events: Make event data exported
* caddyhttp: responseRecorder save status in all cases (#5049)
* caddyhttp: Fix write header on responseRecorder
* ci: fix the name template of singing certificate and sboms (#5046)
* core: Variadic Context.Logger(); soft deprecation
* caddyhttp: Support configuring Server from handler provisioning (#4933)
* caddyhttp: Support TLS key logging for debugging (#4808)
* caddyhttp: Make metrics opt-in (#5042)
* caddytls: Debug log on implicit tailscale error (#5041)
* caddyhttp: Add --debug flag to commands
* encode: Fix Accept-Ranges header; HEAD requests (#5039)
* Reject absurdly long duration strings (fix #4175)
* Fix #4169 (correct e6c58fd)
* caddyfile: Prevent infinite nesting on fmt (fix #4175)
* Limit unclosed placeholder tolerance (fix #4170)
* reverseproxy: Support repeated --to flags in command (#4693)
* caddyhttp: Add 'skip_log' var to omit request from logs (#4691)
* httpcaddyfile: Fix bind when IPv6 is specified with network (#4950)
* cmd: Improve error message if config missing
* cmd: Customizable user agent (close #2795)
* httpcaddyfile: Fix sorting of repeated directives
* caddyhttp: Very minor optimization to path matcher
* caddyhttp: Explicitly disallow multiple regexp matchers (#5030)
* caddytls: Error if placeholder is empty in 'ask'
* supplychain: publish signing cert, sbom, and signatures of sbom (#5027)
* go.mod: Update truststore
* Very minor tweaks
* core: Check error on ListenQUIC
* fileserver: Ignore EOF when browsing empty dir
* caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022)
* cmd: Enhance some help text
* httpcaddyfile: Add a couple more placeholder shortcuts (#5015)
* Drop requirement for filesystems to implement fs.StatFS
* ci: grant the `release` workflow the `write` permission to `contents` (#5017)
* ci: add `id-token` permission and update the signing command (#5016)
* go.mod: Upgrade CertMagic (v0.17.1)
* fileserver: Support glob expansion in file matcher (#4993)
* caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006)
* Remove unnecessary error check
* caddyauth: Speed up basicauth provision, deprecate scrypt (#4720)
* ci: generate SBOM and sign artifacts using cosign (#4910)
* reverseproxy: Close hijacked conns on reload/quit (#4895)
* core: Refactor listeners; use SO_REUSEPORT on Unix (#4705)
* fastcgi: Optimize FastCGI transport (#4978)
* Minor style adjustments for HTTP redir logging
* Update readme
* Minor fix of error log
* notify: Don't send ready after error (fix #5003)
* templates: Document `httpError` function (#4972)
* fastcgi: allow users to log stderr output (#4967) (#5004)
* cmd: Don't print long help text on error
* Fix failing test
* dist: deb package manpages and bash completion scripts (#5007)
* caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990)
* map: Coerce val to string, fix #4987
* httpcaddyfile: Add shortcut for expression matchers (#4976)
* caddyhttp: Accept placeholders in vars matcher key
* core: Plugins can register listener networks (#5002)
* caddyhttp: Disable draft versions of QUIC
* events: Tune logging and context cancellation
* events: Implement event system (#4912)
* httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001)
* caddyhttp: Set Content-Type for static response (#4999)
* cmd: Enhance CLI docs
* cmd: add completion command (#4994)
* cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565)
* Minor cleanup, resolve a couple lint warnings
* Remove duplicate words in comments (#4986)
* reverseproxy: Add upstreams healthy metrics (#4935)
* admin: Don't stop old server if new one fails (#4964)
* reverseproxy: Multiple dynamic upstreams
* Fix comment indentation
* zstd: fix typo in comment (#4985)
* httpcaddyfile: Add ocsp_interval global option (#4980)
* caddytls: Log error if ask request fails
* ci: Increase linter timeout (#4981)
* templates: cap of slice should not be smaller than length (#4975)
* caddyhttp: Fix for nil `handlerErr.Err` (#4977)
* caddyhttp: Set `http.error.message` to the HandlerError message (#4971)
* go.mod: Upgrade CertMagic to v0.16.3
* core: Change net.IP to netip.Addr; use netip.Prefix (#4966)
* Clean up metrics test code
* caddyhttp: Smarter path matching and rewriting (#4948)
* fileserver: reset buffer before using it (#4962) (#4963)
* caddyhttp: Enable HTTP/3 by default (#4707)
* reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953)
* reverseproxy: Ignore context cancel in stream mode (#4952)
* reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951)
* httpcaddyfile: redir with "html" emits 200, no Location (fix #4940)
* reverseproxy: Support 1xx status codes (HTTP early hints) (#4882)
* logging: Fix `cookie` filter (#4943)
* go.mod: Upgrade OpenTelemetry dependencies (#4937)
* fileserver: Better fix for Etag of compressed files
* fileserver: Generate Etag from sidecar file
* Improve docs for ZeroSSL issuer
* Replace strings.Index with strings.Cut (#4932)
* Replace strings.Index usages with strings.Cut (#4930)
* cmd: Use newly-available version information (#4931)
* httpserver: Configurable shutdown delay (#4906)
* go.mod: Upgrade CertMagic and acmez
* chore: Bump up to Go 1.19, minimum 1.18 (#4925)
* Oops (sigh)
* caddyhttp: Implement `caddy respond` command (#4870)
* fileserver: Support virtual file system in Caddyfile
* fileserver: Support virtual file systems (#4909)
* Minor docs clarification
* core: Windows service integration (#4790)
* chore: Add .gitattributes to force *.go to LF (#4919)
* Fix compilation on Windows
* Ignore linter warnings
* Fix deprecation notice by using UTF16PtrFromString
* caddyhttp: Clear out matcher error immediately after grabbing it (#4916)
* Finish fixing lint errors from ea8df6ff
* caddytls: Remove PreferServerCipherSuites
* caddyhttp: Use new CEL APIs (fix #4915)
* ci: Run golangci-lint on multiple os(#4875) (#4913)
* go.mod: Upgrade dependencies
* httpcaddyfile: Detect ambiguous site definitions (fix #4635)
* caddyhttp: Log shutdown errors, don't return (fix #4908)
* reverseproxy: Implement read & write timeouts for HTTP transport (#4905)
* cmd: Fix reload with stdin (#4900)
* caddyhttp: Enhance comment
* reverseproxy: Implement retry count, alternative to try_duration (#4756)
* caddyhttp: Make query matcher more efficient
* reverseproxy: Export SetScheme() again
- BuildRequires: golang(API) >= 1.18 for new net/netip package
-------------------------------------------------------------------
Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- Update to version 2.5.2:
* admin: expect quoted ETags (#4879)
* headers: Only replace known placeholders (#4880)
* reverseproxy: Err 503 if all upstreams unavailable
* reverseproxy: Adjust new TLS Caddyfile directive names (#4872)
* fileserver: Use safe redirects in file browser
* admin: support ETag on config endpoints (#4579)
* go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867)
* caddytls: Reuse issuer between PreCheck and Issue (#4866)
* admin: Implement /adapt endpoint (close #4465) (#4846)
* forwardauth: Fix case when `copy_headers` is omitted (#4856)
* Expose several Caddy HTTP Matchers to the CEL Matcher (#4715)
* reverseproxy: Fix double headers in response handlers (#4847)
* reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Skip TLS for certain configured ports (#4843)
* go.mod: Update some dependencies
* forwardauth: Support renaming copied headers, block support (#4783)
* Add comment about xcaddy to main
* headers: Support wildcards for delete ops (close #4830) (#4831)
* reverseproxy: Dynamic ServerName for TLS upstreams (#4836)
* reverseproxy: Make TLS renegotiation optional
* reverseproxy: Add renegotiation param in TLS client (#4784)
* caddyhttp: Log error from CEL evaluation (fix #4832)
* reverseproxy: Correct the `tls_server_name` docs (#4827)
* reverseproxy: HTTP 504 for upstream timeouts (#4824)
* caddytls: Make peer certificate verification pluggable (#4389)
* reverseproxy: api: Remove misleading 'healthy' value
* go.mod: Update go-yaml to v3
* Fix #4822 and fix #4779
* reverseproxy: Add --internal-certs CLI flag #3589 (#4817)
* ci: Fix build caching on Windows (#4811)
* templates: Add `humanize` function (#4767)
* core: Micro-optim in run() (#4810)
* go.mod: Upgrade some dependencies
* httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798)
* templates: Documentation consistency (#4796)
* chore: Bump quic-go to v0.27.0 (#4782)
* reverseproxy: Support http1.1>h2c (close #4777) (#4778)
* rewrite: Handle fragment before query (fix #4775) [bsc#1201822, CVE-2022-34037]
* httpcaddyfile: Support multiple values for `default_bind` (#4774)
-------------------------------------------------------------------
Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.5.1:
* Fixed regression in Unix socket admin endpoints.
* Fixed regression in caddy trust commands.
* Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
use an improved highest-random-weight (HRW) algorithm for increased
consistency.
* Dynamic upstreams, which is the ability to get the list of upstreams at
every request (more specifically, every iteration in the proxy loop of
every request) rather than just once at config-load time.
* Caddy will automatically try to get relevant certificates from the local
Tailscale instance.
* New OpenTelemetry integration.
* Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs.
* Rename _caddy to zsh-completion
* Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718]
-------------------------------------------------------------------
Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com
- Update to version 2.4.6:
* caddycmd: Add `--keep-backup` to upgrade commands (#4387)
* caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386)
* caddycmd: fix caddy validate/fmt help message (#4377)
* caddyhttp: Add support for triggering errors from `try_files` (#4346)
* caddyhttp: Placeholder for client cert in DER + base64 format (#4241)
* caddyhttp: reverseproxy: clarify warning for -insecure (#4379)
* caddyhttp: Sanitize the path before evaluating path matchers (#4407)
* caddytls: Mark storage clean timestamp at end of routine (#4401)
* docs: General minor improvements
* fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342)
* fastcgi: Implement `try_files` override in Caddyfile directive (#4347)
* fileserver: Fix compression breaks using httpInclude (#4352) (#4358)
* fileserver: Fix displayed file size if it is symlink (#4354)
* fileserver: Make file listing links purple once visited (#4356)
* fileserver: Prevent focusing filter from scrolling on page load (#4393)
* fileserver: properly handle escaped/non-ascii paths (#4332)
* headers: Canonicalize case in replace (fix #4330)
* httpcaddyfile: Empty tls policy for internal http localhost (#4398)
* httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381)
* map: Fix 95c03506 (avoid repeated expansions)
* map: Fix regex mappings
* reverseproxy: Log error at error level (fix #4360)
* reverseproxy: Prevent copying the response if a response handler ran (#4388)
* reverseproxy: Sanitize scheme and host on incoming requests (#4237)
* templates: Add 'import' action (#4321)
* templates: Add tests for funcInclude and funcImport (#4357)
* templates: Propagate httpError to HTTP response
-------------------------------------------------------------------
Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.4.5:
* Hotfix for a regression introduced in 2.4.4 related to
combining the encode and reverse_proxy directives.
* cmd: export CaddyVersion(), Commands()
* encode: ignore flushing until after first write
* go.mod: Update CertMagic
-------------------------------------------------------------------
Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.4:
* acmeserver: Don't set host for directory links by default
* acmeserver: Trim slashes from path prefix
* admin: Implement load_interval to pull config on a timer
* admin: Replace admin cert cache when reloading
* admin: Sync server variables
* caddyfile: Better error message for missing site block braces
* caddyfile: Error on invalid site addresses containing comma
* caddyfile: keep error chain info in Dispenser.Errf
* caddyhttp: Fix edgecase with auto HTTP->HTTPS logic
* caddyhttp: Fix incorrect determination of gRPC protocol
* caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi
* caddyhttp: Updated the documentation for MatchQuery
* caddytls: Add Caddyfile support for propagation_timeout
* caddytls: Remove "IssuerRaw" field
* cmd: Fix paths when using an env file
* cmd: New add-package and remove-package commands
* cmd: use net.ErrClosed for matching returned error
* core: Unix ns and Unix ms time placeholders
* encode: Tweak compression settings
* fileserver: Add disable_canonical_uris Caddyfile subdirective
* fileserver: Clarify docs about canonicalization
* fileserver: Don't persist parsed template
* fileserver: Fix browse name_dir_first sorting
* fileserver: Fix browse not redirecting query parameters
* fileserver: Only redirect if filename not rewritten
* fileserver: Redirect within the original URL
* go.mod: Update dependencies
* httpcaddyfile: Add preferred_chains global option and issuer subdirective
* httpcaddyfile: Add shortcut for proxy hostport placeholder
* httpcaddyfile: Add skip_install_trust global option
* httpcaddyfile: Don't add HTTP hosts to TLS APs
* httpcaddyfile: Don't put localhost in public APs
* httpcaddyfile: Ensure hosts to skip for logs can always be collected
* httpcaddyfile: Improve unrecognized directive errors
* httpcaddyfile: Reorder some directives
* logging: Actually use level_key
* logging: Add missing interface guards for replace filter
* logging: Prep for common_log removal
* logging: Warn for deprecated single_field encoder
* metrics: use buildinfo collector from new collectors pkg
* reverseproxy: Adjust test related to #4201
* reverseproxy: Always remove hop-by-hop headers
* reverseproxy: Fix overwriting of max_idle_conns_per_host
* reverseproxy: Incorporate latest proxy changes from stdlib
* reverseproxy: Keep path to unix socket as dial address
* reverseproxy: Remove redundant flushing
-------------------------------------------------------------------
Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Modified:
* caddy.service
-------------------------------------------------------------------
Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com
- Update to version 2.4.1:
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
* admin: Reinstate internal redirect for /id/ requests
* caddyfile: Add parse error on site address with trailing `{` (#4163)
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
* ci: Run CI on PRs targeting minor version branches (#4164)
* cmd: upgrade: inherit the permissions of the original executable (#4160)
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
* encode: Drop `prefer` from Caddyfile (#4156)
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
* caddytls: Run replacer on ask URL, for env vars (#4154)
* httpcaddyfile: Add `grace_period` global option (#4152)
* caddyhttp: Fix fallback for the error handler chain (#4131)
* reverseproxy: Minor logging improvements
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
* go.mod: CertMagic v0.13.1
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
* cmd: Add --envfile flag to `start` command (#4141)
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
* caddytls: Implement remote IP connection matcher (#4123)
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
* reverseproxy: fix hash selection policy (#4137)
* fileserver: Better handling of HTTP status override (#4132)
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
* caddytls: Add `load_storage` module (#4055)
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
* httpcaddyfile: Take into account host scheme/port (fix #4113)
* fuzz: fix the FuzzFormat comparison (#4117)
* caddytls: Disable OCSP stapling for manual certs (#4064)
* caddytls: Configurable storage clean interval
* caddyfile: reject cyclic imports (#4022)
* ci: fuzz: add 4 more fuzzing targets (#4105)
* fileserver: Add status code override (#4076)
* notify: Send all sd_notify signals from main caddy process (#4060)
* go.mod: Update quic-go to v0.20.1 (#4075)
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
* caddyfile: Normalize line endings before comparing fmt result (#4103)
* ci: accommodate go1.16 changes to go mod (#4102)
* Minor tweaks
* go.mod: Use latest CertMagic
* Use 600 instead of 644 for UUID file
* Change os to ioutil for now
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
* caddy: Add InstanceID() method
* encode,staticfiles: Content negotiation, precompressed files (#4045)
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
* go.mod: Migrate to golang.org/x/term (#4073)
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
* cmd: Use formatted logger for config adapter warnings (#4080)
* cmd: main: fix minor doc typos (#4082)
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
* .gitignore: add IDE files (#4087)
* fileserver: Add a few more debug lines (#4063)
* fileserver: Browse listing supports dark mode (#4066)
* CONTRIBUTING: fix spelling (#4070)
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
* logging: add replace filter for static value replacement (#4029)
* caddyconfig: add global option for configuring loggers (#4028)
* map: Accept regex substitution in outputs (#3991)
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
* rewrite: Implement regex path replacements
* fileserver: Don't replace in request paths (fix #4027)
* caddypki: Add SignWithRoot option for ACME server
* reverseproxy: Fix round robin data race (#4038)
* Update docs; commit setcap.sh
* go.mod: Latest CertMagic (updated libdns conventions)
* core: Initialize logging before admin
* caddytls: Remove old asset migration code (close #3894)
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
* httpcaddyfile: Fix catch-all site block sorting
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
* Improve security warnings
* httpcaddyfile: Configure other apps from global options (#3990)
* cmd: Clean up `build-info` and `upgrade` output
* caddyhttp: Support placeholders in header matcher values (close #3916)
* caddytls: Save email with account if not already specified
* reverseproxy: Response buffering & configurable buffer size
* httpcaddyfile: Fix automation policies
* ci: deflake integration tests (#3966)
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
* acmeserver: Support custom CAs from Caddyfile
* caddyhttp: Check for invalid subdirectives of static_response
* httpcaddyfile: Fix default issuers when email provided
* cmd: Add --force flag to reload command (close #4005)
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
* ci: update the command to run tests on the s390x machine (#3995)
* caddyhttp: Fix redir html status code, improve flow (#3987)
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
* admin: Identity management, remote admin, config loaders (#3994)
* caddycmd: Add upgrade command (#3972)
* Revert "requestbody: Allow overwriting remote address"
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
* cmd: Print more detailed version with --environ
* map: Add missing json struct tag
* tests: use actual admin port value in error message (#3973)
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
* templates: Add fileExists and httpError template actions
* requestbody: Allow overwriting remote address
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
* Update docs
* caddytls: Configurable OCSP stapling; global option (closes #3714)
* logging: Remove logfmt encoder (close #3575)
* httpcaddyfile: Support repeated use of cert_issuer global option
* caddytls: add 'key_type' subdirective (#3956)
* caddyfile: Refactor unmarshaling of module tokens
* go.mod: Update CertMagic and acmez (improved IDN support)
* reverseproxy: Caddyfile health check headers, host header support (#3948)
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
* cmd: Organize list-modules output; --packages flag (#3925)
* caddyfile: Introduce basic linting and fmt check (#3923)
-------------------------------------------------------------------
Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Create Caddy package
Reference in New Issue Copy Permalink