commit f274998b323059fb58f5244f69eafbeb3d77826cf55cae23e370ddb0d5771bde Author: Alexandre Vicenzi Date: Mon Mar 3 08:19:35 2025 +0000 Update to version 2.9.1 OBS-URL: https://build.opensuse.org/package/show/server:http/caddy?expand=0&rev=56 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..f89c9a8 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,26 @@ +# The Caddyfile is an easy way to configure your Caddy web server. +# +# Unless the file starts with a global options block, the first +# uncommented line is always the address of your site. +# +# To use your own domain name (with automatic HTTPS), first make +# sure your domain's A/AAAA DNS records are properly pointed to +# this machine's public IP, then replace ":80" below with your +# domain name. + +:80 { + # Set this path to your site's directory. + root * /usr/share/caddy + + # Enable the static file server. + file_server + + # Another common task is to set up a reverse proxy: + # reverse_proxy localhost:8080 + + # Or serve a PHP site through php-fpm: + # php_fastcgi localhost:9000 +} + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile diff --git a/_service b/_service new file mode 100644 index 0000000..57a20da --- /dev/null +++ b/_service @@ -0,0 +1,20 @@ + + + + https://github.com/caddyserver/caddy.git + git + caddy + @PARENT_TAG@ + v(.*) + v2.9.1 + enable + + + + + *.tar + gz + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..94f264f --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/caddyserver/caddy.git + 0e570e0cc717f02cf3800ae741df70cd074c7275 \ No newline at end of file diff --git a/caddy-2.8.4.tar.gz b/caddy-2.8.4.tar.gz new file mode 100644 index 0000000..e4167cf --- /dev/null +++ b/caddy-2.8.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:687ce74e4ccca742148e4352085f82f1fe1885a6fbee26dbde84618c44012518 +size 678881 diff --git a/caddy-2.9.1.tar.gz b/caddy-2.9.1.tar.gz new file mode 100644 index 0000000..94b2a97 --- /dev/null +++ b/caddy-2.9.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d58c558a27e9b262fa5b90b12529f1294f529d5f3fdbf74531bd128b93238b45 +size 719449 diff --git a/caddy.changes b/caddy.changes new file mode 100644 index 0000000..92b7544 --- /dev/null +++ b/caddy.changes @@ -0,0 +1,1266 @@ +------------------------------------------------------------------- +Sun Jan 12 17:06:12 UTC 2025 - eric.torres@its-et.me + +- Update to version 2.9.1: + * go.mod: UPgrade CertMagic to 0.21.6 (fix ARI handshake maintenance) + * header: `match` subdirective for response matching (#6765) + * log: Only chmod if permission bits differ; make log dir (#6761) + * fix: disable h3 for unix domain socket (#6769) + * reverseproxy: buffer requests for fastcgi by default (#6759) + * core: Only initiate exit once (should fix #6707) + +------------------------------------------------------------------- +Sun Jan 12 17:05:17 UTC 2025 - eric.torres@its-et.me + +- Update to version 2.9.0: + * go.mod: Upgrade CertMagic to v0.21.5 + * testing: sort force-automated hosts (#6756) + * httpcaddyfile: Implement experimental `force_automate` option (#6712) + * encode: try to use sendfile when compression is not used (#6749) + * caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629) + * go.mod: Upgrade ACMEz to v3; and upgrade CertMagic + * cmd: Disable go1.23 tlskyber=1 experiment + * Update SECURITY.md + * fastcgi: check for CONTENT_LENGTH when sending requests (#6661) + * reverseproxy: Set Content-Length when body is fully buffered (#6638) + * core: Change ListenerFunc signature (#6651) + * reverseproxy: Only handle websocket protocol (#6740) + * encode: write status immediate for success response for CONNECT requests (#6738) + * encode: good defaults (#6737) + * fileserver: add a test for precompressed defaults (#6743) + * fileserver: good default for precompressed (#6736) + * chore: fix some typo in HTTPLoader comment (#6735) + * reverseproxy: Rewrite requests and responses for websocket over http2 (#6567) + * chore: bump golang.org/x/net to v0.32.0 (#6728) + * fileserver: Fix policy `Validate()` oversight (#6727) + * cmd: Reject multiple configs for fmt command (#6717) + * fileserver: Add `first_exist_fallback` strategy for `try_files` (#6699) + * caddyhttp: Add `{?query}` placeholder (#6714) + * ci: prevent jobs running on PRs from forks (#6720) + * go.mod: Upgrade quic-go to 0.48.2 + * metrics: add `go` and `process` collectors (#6704) + * requestbody: Type-based error handling for `MaxBytesError` (#6701) + * fastcgi: remove dir redirection when useless in php_fastcgi (#6698) + * caddyhttp: Set default ReadHeaderTimeout (1 min) + * cmd: ignore missing keys during storage export (#6697) + * chore: make FastAbs comment more easy to understand (#6692) + * chore: Add `provides` to `.deb` releases (#6691) + * core: Implement FastAbs to avoid repeated os.Getwd calls (#6687) + * reverseproxy: Revert #4952 - don't ignore context cancellation in stream mode + * httpcaddyfile: Implement log `sampling` config (#6682) + * reverseproxy: Allow `0` as weights for `weighted_round_robin` (#6681) + * ci: use commit sha in goreleaser-check (#6677) + * go.mod: Update certmagic + * caddytls: Allow disabling storage cleaning, avoids writing two files (#6593) + * rewrite: Don't add / in Caddyfile, do it after replacer (#6662) + * fileserver: Add `file_limit` option for browse (to be experimental) (#6648) + * go.mod: upgrade only some otel deps (#6676) + * caddyhttp: Add `MatchWithError` to replace SetVar hack (#6596) + * Fix tests + * forwardauth: Skip copying missing response headers (#6608) + * go.mod: Update dependencies + * events: Use `WithLazy` to prevent eager serialization of the event data (#6671) + * fileserver: Fix Caddyfile parsing + * httpcaddyfile: Fixes for `prefer_wildcard` mode (#6636) + * cmd: Allow `add-package` to select version of package (#6665) + * chore: compile without nosql's support for Postgres and MySQL (#6655) + * chore: Bump quic-go to 0.48.1, fixing a panic (#6654) + * reverseproxy: Sync changes from stdlib for 1xx handling (#6656) + * reverseproxy: Fix log message + * tracing: Add `spanID` field to access logs and `http.vars.span_id` placeholder (#6646) + * core: addresses.go funcs renames (#6622) + * chore: fix some function names in comment (#6650) + * fileserver: fix try_policy when instantiating file matcher from CEL (#6624) + * sigtrap: always ignore SIGPIPE (#6645) + * metrics: move `metrics` up, outside `servers` (#6606) + * caddyhttp: Close http3 server gracefully (#6213) + * chore: update quic-go to v0.48.0 (#6627) + * reverseproxy: Use correct cases for websocket related headers (#6621) + * caddyfile: Fix comma edgecase in address parsing (#6616) + * docs: expand proxy protocol docs (#6620) + * tests: fix caddyfile adapt warnings (#6619) + * caddytls: Drop `rate_limit` and `burst`, has been deprecated (#6611) + * caddyhttp: Use internal issuer for IPs when no APs configured + * go.mod: Upgrade some dependencies + * ci: install xcaddy to fix release flow (#6602) + * metrics: scope metrics to active config, add optional per-host metrics (#6531) + * caddyhttp: Implement `auto_https prefer_wildcard` option (#6146) + * caddyhttp: Escaping placeholders in CEL, add `vars` and `vars_regexp` (#6594) + * cmd: Better error handling when reloading (#6601) + * caddytls: Support new tls.context module (#6369) + * http: ReponseWriter prefer ReadFrom if available (#6565) + * chore: Adjust incorrect `reverse_proxy` Caddyfile comment (#6598) + * caddyhttp: Fix listener wrapper regression from #6573 (#6599) + * core: Implement socket activation listeners (#6573) + * doc: remove docs of deprecated directives (#6566) + * caddyhttp: Optimize logs using zap's WithLazy() (#6590) + * chore: Use slices package where possible (#6585) + * caddytls: Give a better error message when given encrypted private keys (#6591) + * caddyhttp: enable qlog, controlled by QLOGDIR env (#6581) + * update quic-go to v0.47.0 (#6582) + * ci: update the linter action version (#6575) + * perf: use zap's Check() to prevent useless allocs (#6560) + * rewrite: Avoid panic on bad arg count for `uri` (#6571) + * caddytls: Add sni_regexp matcher (#6569) + * caddyhttp: Make route provisioning idempotent (#6558) + * reverse_proxy: add placeholder http.reverse_proxy.retries (#6553) + * fileserver: browse: Configurable default sort (#6502) + * rewrite: Only serialize request if necessary (#6541) + * ci: prepare syso files for windows embedding in release (#6406) + * tls: use Go default kex for the moment that include PQC (#6542) + * ci: build and test with Go 1.23 (#6526) + * reverseproxy: allow user to define source address (#6504) + * caddyhttp: run `error` (msg) through replacer (#6536) + * chore: Fix a typo (#6534) + * cmd: Use a factory to create the caddy root command (#6533) + * reverseproxy: Change errors writing the response to warning. (#6532) + * reverseproxy: Active health checks request body option (#6520) + * ci: don't exit early on error in remote CI machine (#6519) + * cmd: ignore exec.ErrDot when starting caddy in background (#6512) + * Move PrivateRangesCIDR() back: add a pass-through function (#6514) + * matchers: fix a regression in #6480 (#6510) + * reverseproxy: Disable keep alive for h2c requests (#6343) + * go.mod: update update golang/x/net (#6500) + * replacer: `{file.*}` global placeholder strips trailing newline (#6411) + * caddytls,caddyhttp: Placeholders for some TLS and HTTP matchers (#6480) + * go.mod: update quic-go package (#6498) + * browse: Customizable default sort options (#6468) + * proxyprotocol: Update WrapListener to use ConnPolicyFunc for PROXY protocol (#6485) + * encode: flush already compressed data from the encoder (#6471) + * chore: update golangci config (#6479) + * caddytls: Caddyfile support for TLS conn and cert sel policies (#6462) + * caddytls: Caddyfile support for TLS handshake matchers (#6461) + * ci: correct `-tags nobadger` on binary build (#6470) + * reverseproxy: Fix panic when using header-related flags (fix #6464) + * reverseproxy: add health_upstream subdirective (#6451) + * reverseproxy: Caddyfile support for health_method (#6454) + * reverseproxy: Configurable method for active health checks (#6453) + * reverseproxy: Add placeholder for networkAddr in active health check headers (#6450) + * fixed bug in resolving ip version in dynamic upstreams (#6448) + * browse: Exclude symlink target size from total, show arrow on size (#6412) + * browse: fix Content-Security-Policy warnings in Firefox (#6443) + * browse: add Content-Security-Policy w/ nonce (#6425) + * reverseproxy: Add placeholder for host in active health check headers (#6440) + * caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying (#6427) + * encode: Don't compress already-compressed fonts (#6432) + * reverseproxy: Only log host is up status on change (fixes #6415) (#6419) + * intercept: fix http.intercept.header.* placeholder (#6429) + * reverseproxy: Wire up TLS options for H3 transport + * fileserver: Remove newline characters from precomputed etags (#6394) + * caddyhttp: Convert IDNs to ASCII when provisioning Host matcher + * reverseproxy: add Max-Age option to sticky cookie (#6398) + * caddyfile: Pass blocks to `import` for snippets (#6130) + * logging: set file mode when the file already exist (#6391) + * logging: Customizable zap cores (#6381) + * go.mod: update tscert package (#6384) + * logging: fix file mode configuration parsing (#6383) + * caddyhttp: Write header if needed in responseRecorder.WriteResponse (#6380) + * core: Split `run` into a public `ProvisionContext` and a private method (#6378) + * logging: Customize log file permissions (#6314) + * events: Getters for event info (close #6377) + * ci: add version key for .goreleaser.yml (#6376) + * cmd: remove zealous check of Caddyfile auto-detection (#6370) + * caddyhttp: Add test cases to corpus (#6374) + * Make it possible to configure the `DisableStorageCheck` setting for certmagic (#6368) + +------------------------------------------------------------------- +Wed Jun 19 13:40:22 UTC 2024 - Alexandre Vicenzi + +- Revert buildable-artifact change, fetch tarball with tar_scm +- Downgrade golang(API) version to match go.mod +- Override Caddy version during build time as suggested in caddy.go + +------------------------------------------------------------------- +Fri Jun 14 10:21:50 UTC 2024 - Enrico Belleri + +- Add OBS manual service download_files + +------------------------------------------------------------------- +Tue Jun 11 14:55:47 UTC 2024 - Enrico Belleri + +- Source Caddyfile and index.html from upstream +- Remove part of inaccurate description +- Package shell completion separately +- Generate shell completion during build +- Include manpages +- Remove compatibility with SLE-12 +- Source buildable-artifact tar from github to embed version + information (https://github.com/golang/go/issues/29228) +- Check binary with version subcommand +- Raise golang(API) required version + +------------------------------------------------------------------- +Sun Jun 02 14:15:59 UTC 2024 - Jeff Kowalczyk + +- Update to version 2.8.4: + * cmd: fix regression in auto-detect of Caddyfile (#6362) + * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped + +------------------------------------------------------------------- +Sun Jun 02 05:05:05 UTC 2024 - Jeff Kowalczyk + +- Update to version 2.8.2: + * cmd: fix auto-detetction of .caddyfile extension (#6356) + * caddyhttp: properly sanitize requests for root path (#6360) + * caddytls: Implement certmagic.RenewalInfoGetter + * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) + +------------------------------------------------------------------- +Thu May 30 16:17:13 UTC 2024 - Jeff Kowalczyk + +- Update to version 2.8.1: + * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) + * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) + +------------------------------------------------------------------- +Tue May 28 00:06:54 UTC 2024 - Jeff Kowalczyk + +- Update to version 2.8.0: + * acmeserver: Add `sign_with_root` for Caddyfile (#6345) + * caddyfile: Reject global request matchers earlier (#6339) + * core: Fix bug in AppIfConfigured (fix #6336) + * fix a typo (#6333) + * autohttps: Move log WARN to INFO, reduce confusion (#6185) + * reverseproxy: Support HTTP/3 transport to backend (#6312) + * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) + * Fix lint error about deprecated method in smallstep/certificates/authority + * go.mod: Upgrade dependencies + * caddytls: fix permission requirement with AutomationPolicy (#6328) + * caddytls: remove ClientHelloSNICtxKey (#6326) + * caddyhttp: Trace individual middleware handlers (#6313) + * templates: Add `pathEscape` template function and use it in file browser (#6278) + * caddytls: set server name in context (#6324) + * chore: downgrade minimum Go version in go.mod (#6318) + * caddytest: normalize the JSON config (#6316) + * caddyhttp: New experimental handler for intercepting responses (#6232) + * httpcaddyfile: Set challenge ports when http_port or https_port are used + * logging: Add support for additional logger filters other than hostname (#6082) + * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) + * Second half of 6dce493 + * caddyhttp: Alter log message when request is unhandled (close #5182) + * chore: Bump Go version in CI (#6310) + * go.mod: go 1.22.3 + * Fix typos (#6311) + * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) + * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) + * go.mod: CertMagic v0.21.0 + * reverseproxy: Implement health_follow_redirects (#6302) + * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) + * go.mod: Upgrade to quic-go v0.43.1 + * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) + * caddytls: Ability to drop connections (close #6294) + * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) + * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) + * caddytls: Evict internal certs from cache based on issuer (#6266) + * chore: add warn logs when using deprecated fields (#6276) + * caddyhttp: Fix linter warning about deprecation + * go.mod: Upgrade to quic-go v0.43.0 + * fileserver: Set "Vary: Accept-Encoding" header (see #5849) + * events: Add debug log + * reverseproxy: handle buffered data during hijack (#6274) + * ci: remove `android` and `plan9` from cross-build workflow (#6268) + * run `golangci-lint run --fix --fast` (#6270) + * caddytls: Option to configure certificate lifetime (#6253) + * replacer: Implement `file.*` global replacements (#5463) + * caddyhttp: Address some Go 1.20 features (#6252) + * Quell linter (false positive) + * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) + * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) + * caddytls: Add Caddyfile support for on-demand permission module (close #6260) + * reverseproxy: Remove long-deprecated buffering properties + * reverseproxy: Reuse buffered request body even if partially drained + * reverseproxy: Accept EOF when buffering + * logging: Fix default access logger (#6251) + * fileserver: Improve Vary handling (#5849) + * cmd: Only validate config is proper JSON if config slice has data (#6250) + * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) + * encode: Slight fix for the previous commit + * encode: Improve Etag handling (fix #5849) + * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) + * caddyfile: Populate regexp matcher names by default (#6145) + * caddyhttp: record num. bytes read when response writer is hijacked (#6173) + * caddyhttp: Support multiple logger names per host (#6088) + * chore: fix some typos in comments (#6243) + * encode: Configurable compression level for zstd (#6140) + * caddytls: Remove shim code supporting deprecated lego-dns (#6231) + * connection policy: add `local_ip` matcher (#6074) + * reverseproxy: Wait for both ends of websocket to close (#6175) + * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) + * caddytls: Still provision permission module if ask is specified + * fileserver: read etags from precomputed files (#6222) + * fileserver: Escape # and ? in img src (fix #6237) + * reverseproxy: Implement modular CA provider for TLS transport (#6065) + * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) + * cmd: Fix panic related to config filename (fix #5919) + * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) + * admin: Make `Etag` a header, not a trailer (#6208) + * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) + * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) + * gitignore: Add rule for caddyfile.go (#6225) + * chore: Fix broken links in README.md (#6223) + * chore: Upgrade some dependencies (#6221) + * caddyhttp: Add plaintext response to `file_server browse` (#6093) + * admin: Use xxhash for etag (#6207) + * modules: fix some typo in conments (#6206) + * caddyhttp: Replace sensitive headers with REDACTED (close #5669) + * caddyhttp: close quic connections when server closes (#6202) + * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) + * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) + * chore: upgrade deps (#6198) + * chore: remove repetitive word (#6193) + * Added a null check to avoid segfault on rewrite query ops (#6191) + * rewrite: `uri query` replace operation (#6165) + * logging: support `ms` duration format and add docs (#6187) + * replacer: use RWMutex to protect static provider (#6184) + * caddyhttp: Allow `header` replacement with empty string (#6163) + * vars: Make nil values act as empty string instead of `""` (#6174) + * chore: Update quic-go to v0.42.0 (#6176) + * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) + * reverseproxy: configurable active health_passes and health_fails (#6154) + * reverseproxy: Configurable forward proxy URL (#6114) + * caddyhttp: upgrade to cel v0.20.0 (#6161) + * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) + * caddyhttp: suppress flushing if the response is being buffered (#6150) + * chore: encode: use FlushError instead of Flush (#6168) + * encode: write status immediately when status code is informational (#6164) + * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) + * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) + * rewrite: Implement `uri query` operations (#6120) + * fix struct names (#6151) + * fileserver: Preserve query during canonicalization redirect (#6109) + * logging: Implement `log_append` handler (#6066) + * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) + * logging: Implement `append` encoder, allow flatter filters config (#6069) + * ci: fix the integration test `TestLeafCertLoaders` (#6149) + * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) + * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) + * cmd: Adjust config load logs/errors (#6032) + * reverseproxy: SRV dynamic upstream failover (#5832) + * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) + * core: OnExit hooks (#6128) + * cmd: fix the output of the `Usage` section (#6138) + * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) + * acmeserver: add policy field to define allow/deny rules (#5796) + * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) + * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) + * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) + * caddyfile: Assert having a space after heredoc marker to simply check (#6117) + * chore: Update Chroma to get the new Caddyfile lexer (#6118) + * reverseproxy: use context.WithoutCancel (#6116) + * caddyfile: Reject directives in the place of site addresses (#6104) + * caddyhttp: Register post-shutdown callbacks (#5948) + * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) + * caddyauth: Drop support for `scrypt` (#6091) + * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) + * caddyauth: Rename `basicauth` to `basic_auth` (#6092) + * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) + * caddyfile: Reject long heredoc markers (#6098) + * chore: Rename CI jobs, run on M1 mac (#6089) + * update comment + * improved list + * fix: add back text/* + * fix: add more media types to the compressed by default list + * acmeserver: support specifying the allowed challenge types (#5794) + * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) + * caddyhttp: Test cases for `%2F` and `%252F` (#6084) + * bump to golang 1.22 (#6083) + * fileserver: Browse can show symlink target if enabled (#5973) + * core: Support NO_COLOR env var to disable log coloring (#6078) + * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) + * Update comment in setcap helper script + * caddytls: Make on-demand 'ask' permission modular (#6055) + * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) + * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) + * chore: enabling a few more linters (#5961) + * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) + * caddyfile: Switch to slices.Equal for better performance (#6061) + * tls: modularize trusted CA providers (#5784) + * logging: Automatic `wrap` default for `filter` encoder (#5980) + * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) + * caddyfile: Normalize & flatten all unmarshalers (#6037) + * cmd: reverseproxy: log: use caddy logger (#6042) + * matchers: `query` now ANDs multiple keys (#6054) + * caddyfile: Add heredoc support to `fmt` command (#6056) + * refactor: move automaxprocs init in caddycmd.Main() + * caddyfile: Allow heredoc blank lines (#6051) + * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) + * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) + * fileserver: Implement caddyfile.Unmarshaler interface (#5850) + * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) + * caddyhttp: Security enhancements for client IP parsing (#5805) + * replacer: Fix escaped closing braces (#5995) + * filesystem: Globally declared filesystems, `fs` directive (#5833) + * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) + * httpcaddyfile: Fix redir html (#6001) + * httpcaddyfile: Support client auth verifiers (#6022) + * tls: add reuse_private_keys (#6025) + * reverseproxy: Only change Content-Length when full request is buffered (#5830) + * Switch Solaris-derivatives away from listen_unix (#6021) + * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) + * build(deps): bump actions/setup-go from 4 to 5 (#6012) + * chore: check against errors of `io/fs` instead of `os` (#6011) + * caddyhttp: support unix sockets in `caddy respond` command (#6010) + * fileserver: Add total file size to directory listing (#6003) + * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) + * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) + * cmd: use automaxprocs for better perf in containers (#5711) + * logging: Add `zap.Option` support (#5944) + * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) + * metrics: Record request metrics on HTTP errors (#5979) + * go.mod: Updated quic-go to v0.40.1 (#5983) + * fileserver: Enable compression for command by default (#5855) + * fileserver: New --precompressed flag (#5880) + * caddyhttp: Add `uuid` to access logs when used (#5859) + * proxyprotocol: use github.com/pires/go-proxyproto (#5915) + * cmd: Preserve LastModified date when exporting storage (#5968) + * core: Always make AppDataDir for InstanceID (#5976) + * chore: cross-build for AIX (#5971) + * caddytls: Sync distributed storage cleaning (#5940) + * caddytls: Context to DecisionFunc (#5923) + * tls: accept placeholders in string values of certificate loaders (#5963) + * templates: Offically make templates extensible (#5939) + * http2 uses new round-robin scheduler (#5946) + * panic when reading from backend failed to propagate stream error (#5952) + * chore: Bump otel to v1.21.0. (#5949) + * httpredirectlistener: Only set read limit for when request is HTTP (#5917) + * fileserver: Add .m4v for browse template icon + * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) + * go.mod: update quic-go version to v0.40.0 (#5922) + * update quic-go to v0.39.3 (#5918) + * chore: Fix usage pool comment (#5916) + * test: acmeserver: add smoke test for the ACME server directory (#5914) + * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) + * caddyhttp: Adjust `scheme` placeholder docs (#5910) + * go.mod: Upgrade quic-go to v0.39.1 + * go.mod: CVE-2023-45142 Update opentelemetry (#5908) + * templates: Delete headers on `httpError` to reset to clean slate (#5905) + * httpcaddyfile: Remove port from logger names (#5881) + * core: Apply SO_REUSEPORT to UDP sockets (#5725) + * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) + * cmd: Add newline character to version string in CLI output (#5895) + * core: quic listener will manage the underlying socket by itself (#5749) + * templates: Clarify `include` args docs, add `.ClientIP` (#5898) + * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) + * cmd: upgrade: resolve symlink of the executable (#5891) + * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) + +- Packaging improvements: + * Update to BuildRequires: golang(API) >= 1.21 matching go.mod + +- CVEs: + * CVE-2024-22189 (bsc#1222468) + * CVE-2023-45142 + +------------------------------------------------------------------- +Sun Mar 31 12:39:10 UTC 2024 - Bernhard Wiedemann + +- Fix --no-check build + +------------------------------------------------------------------- +Tue Feb 6 13:22:22 UTC 2024 - Jeff Kowalczyk + +- Packaging improvements: + * Remove define github project name components no longer needed + * Remove define gname and uname for user and group creation, use + package name macro with identical value + * Drop BuildRequires: golang-packaging. The original macros for + file movements into GOPATH are obsolete with Go modules. Macro + go_nostrip is no longer needed with current binutils and Go. + * Use autosetup -a 1 to unpack source and vendored dependencies + * Drop export CGO_ENABLED="0". Use the default unless there is a + defined requirement or benefit. + * Build PIE with pattern that may become recommended procedure: + %%ifnarch ppc64 GOFLAGS="-buildmode=pie" %%endif go build + A go toolchain buildmode default config would be preferable + but none exist at this time. + * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable + * Remove ldflags -s (Omit symbol table and debug info) and -w + (Omit DWARF symbol table). This information is used to produce + separate debuginfo packages and binaries are stripped for + reduced size by GNU strip during RPM build. + * Add basic %check to execute binary --help + +------------------------------------------------------------------- +Tue Feb 6 08:23:06 UTC 2024 - Dominique Leuenberger + +- Drop deprecated go_provides macro: even though it tries to guard + on suse_version <= 1110, it has entirely disarms the dep scanner. +- Remove the manual user/group provides: the package uses + sysusers.d; the auto-provides were not working due to the broken + go_provides. + +------------------------------------------------------------------- +Mon Feb 5 13:40:52 UTC 2024 - Alexandre Vicenzi + +- Provide user and group (due to RPM 4.19) +- Update caddy.sysusers to also create a group + +------------------------------------------------------------------- +Fri Dec 08 02:07:42 UTC 2023 - Jeff Kowalczyk + +- Update to version 2.7.6: + * caddytls: Sync distributed storage cleaning (#5940) + * caddytls: Context to DecisionFunc (#5923) + * tls: accept placeholders in string values of certificate loaders (#5963) + * templates: Offically make templates extensible (#5939) + * http2 uses new round-robin scheduler (#5946) + * panic when reading from backend failed to propagate stream error (#5952) + * chore: Bump otel to v1.21.0. (#5949) + * httpredirectlistener: Only set read limit for when request is HTTP (#5917) + * fileserver: Add .m4v for browse template icon + * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) + * go.mod: update quic-go version to v0.40.0 (#5922) + * update quic-go to v0.39.3 (#5918) + * chore: Fix usage pool comment (#5916) + * test: acmeserver: add smoke test for the ACME server directory (#5914) + * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) + * caddyhttp: Adjust `scheme` placeholder docs (#5910) + * go.mod: Upgrade quic-go to v0.39.1 + * go.mod: CVE-2023-45142 Update opentelemetry (#5908) + * templates: Delete headers on `httpError` to reset to clean slate (#5905) + * httpcaddyfile: Remove port from logger names (#5881) + * core: Apply SO_REUSEPORT to UDP sockets (#5725) + * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) + * cmd: Add newline character to version string in CLI output (#5895) + * core: quic listener will manage the underlying socket by itself (#5749) + * templates: Clarify `include` args docs, add `.ClientIP` (#5898) + * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) + * cmd: upgrade: resolve symlink of the executable (#5891) + * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) + +------------------------------------------------------------------- +Fri Oct 13 20:05:08 UTC 2023 - Jeff Kowalczyk + +- Update to version 2.7.5: + * admin: Respond with 4xx on non-existing config path (#5870) + * ci: Force the Go version for govulncheck (#5879) + * fileserver: Set canonical URL on browse template (#5867) + * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) + * reverseproxy: Add more debug logs (#5793) + * reverseproxy: Fix `least_conn` policy regression (#5862) + * reverseproxy: Add logging for dynamic A upstreams (#5857) + * reverseproxy: Replace health header placeholders (#5861) + * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) + * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) + * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) + * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) + * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) + * encode: Add `application/wasm*` to the default content types (#5869) + * fileserver: Add command shortcuts `-l` and `-a` (#5854) + * go.mod: Upgrade dependencies incl. x/net/http + * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) + * reverseproxy: Allow fallthrough for response handlers without routes (#5780) + * fix: caddytest.AssertResponseCode error message (#5853) + * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) + * build(deps): bump actions/checkout from 3 to 4 (#5846) + * caddyhttp: Use LimitedReader for HTTPRedirectListener + * fileserver: browse template SVG icons and UI tweaks (#5812) + * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) + * httpcaddyfile: fix placeholder shorthands in named routes (#5791) + * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) + * ci: Run govulncheck (#5790) + * logging: query filter for array of strings (#5779) + * logging: Clone array on log filters, prevent side-effects (#5786) + * fileserver: Export BrowseTemplate + * ci: ensure short-sha is exported correctly on all platforms (#5781) + * caddyfile: Fix case where heredoc marker is empty after newline (#5769) + * go.mod: Update quic-go to v0.38.0 (#5772) + * chore: Appease gosec linter (#5777) + * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) + * caddyfile: Adjust error formatting (#5765) + * update quic-go to v0.37.6 (#5767) + * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) + * caddyfile: Loosen heredoc parsing (#5761) + * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) + * fix package typo (#5764) + +------------------------------------------------------------------- +Thu Sep 21 14:20:37 UTC 2023 - Alexandre Vicenzi + +- Switch to sysuser for user setup + +------------------------------------------------------------------- +Thu Aug 17 22:55:36 UTC 2023 - jkowalczyk@suse.com + +- Update to version 2.7.4: + * go.mod: Upgrade CertMagic and quic-go + * reverseproxy: Always return new upstreams (fix #5736) (#5752) + * ci: use gci linter (#5708) + * fileserver: Slightly more fitting icons + * cmd: Require config for caddy validate (fix #5612) (#5614) + * Fix tests + * caddytls: Update docs for on-demand config + * fileserver: Don't repeat error for invalid method inside error context (#5705) + * ci: Update to Go 1.21 (#5719) + * ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720) + * go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718) + * ci: Use gofumpt to format code (#5707) + * templates: Fix httpInclude (fix #5698) + +------------------------------------------------------------------- +Thu Aug 17 22:54:37 UTC 2023 - Jeff Kowalczyk + +- Use _service mode manual as better alias name than disabled + * osc reports service mode disabled as obsolete + +------------------------------------------------------------------- +Sun Aug 06 01:06:42 UTC 2023 - jkowalczyk@suse.com + +- Update to version 2.7.3: + * go.mod: Upgrade to quic-go v0.37.3 + * cmd: Split unix sockets for admin endpoint addresses (#5696) + * reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695) + * caddyfile: check that matched key is not a substring of the replacement key (#5685) + * chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691) + * go.mod: Upgrade quic-go to v0.37.2 (fix #5680) + * fileserver: browse: Render SVG images in grid + +------------------------------------------------------------------- +Fri Aug 04 19:12:07 UTC 2023 - elimat@opensuse.org + +- Update to version 2.7.2: + * reverseproxy: Fix hijack ordering which broke websockets (#5679) + * httpcaddyfile: Fix `string does not match ~[]E` error (#5675) + * encode: Fix infinite recursion (#5672) + * caddyhttp: Make use of `http.ResponseController` (#5654) + * go.mod: Upgrade dependencies esp. smallstep/certificates + * core: Allow loopback hosts for admin endpoint (fix #5650) (#5664) + * httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) + * reverseproxy: Connection termination cleanup (#5663) + * go.mod: Use quic-go 0.37.1 + * reverseproxy: Export ipVersions type (#5648) + * go.mod: Use latest CertMagic (v0.19.1) + * caddyhttp: Preserve original error (fix #5652) + * fileserver: add lazy image loading (#5646) + * go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644) + * core: Refine mutex during reloads (fix #5628) (#5645) + * go.mod: update quic-go to v0.36.2 (#5636) + * fileserver: Tweak grid view of browse template + * fileserver: add `export-template` sub-command to `file-server` (#5630) + * caddyfile: Fix comparing if two tokens are on the same line (#5626) + * caddytls: Reuse certificate cache through reloads (#5623) + * Minor tweaks to security.md + * reverseproxy: Pointer receiver + * caddyhttp: Trim dot/space only on Windows (fix #5613) + * update quic-go to v0.36.1 (#5611) + * caddyconfig: Specify config adapter for HTTP loader (close #5607) + * core: Embed net.UDPConn to gain optimizations (#5606) + * chore: remove deprecated property `rlcp` in goreleaser config (#5608) + * core: Skip `chmod` for abstract unix sockets (#5596) + * core: Add optional unix socket file permissions (#4741) + * reverseproxy: Honor `tls_except_port` for active health checks (#5591) + * Appease linter + * Fix compile on Windows, hopefully + * core: Properly preserve unix sockets (fix #5568) + * go.mod: Upgrade CertMagic for hotfix + * go.mod: Upgrade some dependencies + * chore: upgrade otel (#5586) + * go.mod: Update quic-go to v0.36.0 (#5584) + * reverseproxy: weighted_round_robin load balancing policy (#5579) + * reverseproxy: Experimental streaming timeouts (#5567) + * chore: remove refs of deprecated io/ioutil (#5576) + * headers: Allow `>` to defer shortcut for replacements (#5574) + * caddyhttp: Support custom network for HTTP/3 (#5573) + * reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569) + * fileserver: browse: Better grid layout (#5564) + * caddytls: Clarify some JSON config docs + * cmd: Implement storage import/export (#5532) + * go.mod: Upgrade quic-go to 0.35.1 + * update quic-go to v0.35.0 (#5560) + * templates: Add `readFile` action that does not evaluate templates (#5553) + * caddyfile: Track import name instead of modifying filename (#5540) + * core: Use SO_REUSEPORT_LB on FreeBSD (#5554) + * caddyfile: Do not replace import tokens if they are part of a snippet (#5539) + * fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550) + * fileserver: browse: minor tweaks for grid view, dark mode (#5545) + * fileserver: Only set Etag if not already set (fix #5546) (#5547) + * fileserver: Fix file browser breadcrumb font (#5543) + * caddyhttp: Fix h3 shutdown (#5541) + * fileserver: More filetypes for browse icons + * fileserver: Fix file browser footer in grid mode (#5536) + * cmd: Avoid spammy log messages (fix #5538) + * httpcaddyfile: Sort Caddyfile slice + * caddyhttp: Implement named routes, `invoke` directive (#5107) + * rewrite: use escaped path, fix #5278 (#5504) + * headers: Add > Caddyfile shortcut for enabling defer (#5535) + * go.mod: Upgrade several dependencies + * reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494) + * fileserver: Use EscapedPath for browse (#5534) + * caddyhttp: Refactor cert Managers (fix #5415) (#5533) + * Slightly more helpful error message + * caddytls: Check for nil ALPN; close #5470 (#5473) + * cmd: Reduce spammy logs from --watch + * caddyhttp: Add a getter for Server.name (#5531) + * caddytls: Configurable fallback SNI (#5527) + * caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849) + * Add doc comment about changing admin endpoint + * feature: watch include directory (#5521) + * chore: remove deprecated linters (#5525) + * go.mod: Upgrade CertMagic again + * go.mod: Upgrade CertMagic + * reverseproxy: Optimize base case for least_conn and random_choose policies (#5487) + * reverseproxy: Fix active health check header canonicalization, refactor (#5446) + * reverseproxy: Add `fallback` for some policies, instead of always random (#5488) + * logging: Actually honor the SoftStart parameter + * logging: Soft start for net writer (close #5520) + * fastcgi: Fix `capture_stderr` (#5515) + * acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500) + * go.mod: Update some dependencies + * logging: Add traceID field to access logs when tracing is active (#5507) + * caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509) + * reverseproxy: Fix reinitialize upstream healthy metrics (#5498) + * fix some comments (#5508) + * templates: Add `fileStat` function (#5497) + * caddyfile: Stricter parsing, error for brace on new line (#5505) + * core: Return default logger if no modules loaded + * celmatcher: Implement `pkix.Name` conversion to string (#5492) + * chore: Adjustments to CI caching (#5495) + * reverseproxy: Remove deprecated `lookup_srv` (#5396) + * cmd: Support `'` quotes in envfile parsing (#5437) + * Update contributing guidelines (#5466) + * caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929) + * reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468) + * cmd: Create pidfile before config load (close #5477) + * fileserver: Add color-scheme meta tag (#5475) + * build(deps): bump actions/setup-go from 3 to 4 (#5474) + * proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424) + * reverseproxy: Add mention of which half a copyBuffer err comes from (#5472) + * caddyhttp: Log request body bytes read (#5461) + * log: Make sink logs encodable (#5441) + * caddytls: Eval replacer on automation policy subjects (#5459) + * headers: Support deleting all headers as first op (#5464) + * replacer: Add HTTP time format (#5458) + * reverseproxy: Header up/down support for CLI command (#5460) + * caddyhttp: Determine real client IP if trusted proxies configured (#5104) + * httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462) + * caddytls: Zero out throttle window first (#5443) + * ci: add `--yes` to cosign arguments (#5440) + * reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435) + * caddytls: Allow on-demand w/o ask for internal-only + * caddytls: Require 'ask' endpoint for on-demand TLS + * fileserver: New file browse template (#5427) + * go.mod: Upgrade dependencies + * tracing: Support autoprop from OTEL_PROPAGATORS (#5147) + * caddyhttp: Enable 0-RTT QUIC (#5425) + * encode: flush status code when hijacked. (#5419) + * fileserver: Remove trailing slash on fs filenames (#5417) + * core: Eliminate unnecessary shutdown delay on Unix (#5413) + * caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408) + * context: Rename func to `AppIfConfigured` (#5397) + * reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401) + * ci/cd: ship tarballs with vendored deps (#5403) + * caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404) + * caddyfile: Implement heredoc support (#5385) + * cmd: Expand cobra support, add short flags (#5379) + * ci: Update minimum Go version to 1.19 + * go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min) + * reverseproxy: refactor HTTP transport layer (#5369) + * caddytls: Relax the warning for on-demand (#5384) + * cmd: Strict unmarshal for validate (#5383) + * caddyfile: Implement variadics for import args placeholders (#5249) + * cmd: make `caddy fmt` hints more clear (#5378) + * cmd: Adjust documentation for commands (#5377) +- BuildRequires: golang(API) >= 1.20 for guic-go bump + +------------------------------------------------------------------- +Sun Apr 30 18:17:39 UTC 2023 - Jeff Kowalczyk + +- Fix failing build on SLE-12 by defining _sharedstatedir /var/lib + on SLE-12 consistent with SLE-15, openSUSE and upstream RPM docs. + * SLE-12 _sharedstatedir was /usr/com, _localstatedir is /var as expected + * SLE-15+ _sharedstatedir is /var/lib, _localstatedir is /var + * _sharedstatedir used here as home directory for newly created user caddy + * If not redefined build fails with empty /usr/com not owned by any package + * Switch to useradd -d %{_sharedstatedir} from %{_localstatedir}/lib + The latter is common in Factory packages possibly for historical reasons, + opt for the less common option here for equivalence and clarity. + +------------------------------------------------------------------- +Sat Apr 29 22:23:15 UTC 2023 - jkowalczyk@suse.com + +- Update to version 2.6.4: + * go.mod: Upgrade acmez and x/net + * reverseproxy: Don't buffer chunked requests (fix #5366) (#5367) + +------------------------------------------------------------------- +Thu Feb 09 10:19:47 UTC 2023 - alexandre.vicenzi@suse.com + +- Update to version 2.6.3: + * New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally + * Unix sockets on Windows now supported as proxy upstreams + * Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written) + * The quic-go package has received significant optimizations and HTTP/3 should be more efficient now + * CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207) + +------------------------------------------------------------------- +Thu Oct 13 19:10:18 UTC 2022 - jkowalczyk@suse.com + +- Update to version 2.6.2: + * httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120) + * httpcaddyfile: Wrap site block in subroute if host matcher used (#5130) + * fileserver: stop listing dir when request context is cancelled (#5131) + * replacer: working directory global placeholder (#5127) + * httpcaddyfile: Fix `metrics` global option parsing (#5126) + * caddyconfig: Implement retries into HTTPLoader (#5077) + * Fix typo in comment (#5121) + * logging: Fix `skip_hosts` with wildcards (#5102) + * caddytest: Revise sleep durations + * core: Set version manually via CustomVersion (#5072) + * forwardauth: Canonicalize header fields (fix #5038) (#5097) + * logging: Perform filtering on arrays of strings (where possible) (#5101) + * logging: Add `time_local` option to use local time instead of UTC (#5108) + * fileserver: Treat invalid file path as NotFound (#5099) + * logging: Better `console` encoder defaults (#5109) + * httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110) + * core: Chdir to executable location on Windows (#5115) + * ci: enhance the CI/CD flow (#5118) + * Fix inverted logic in Windows service detection (#5106) + * fileserver: better dark mode visited link contrast (#5105) + * go.mod: Upgrade select dependencies + * caddyhttp: Remote IP prefix placeholders + * map: Remove infinite recursion check (#5094) + * reverseproxy: Parse humanized byte size (fix #5095) + * admin: Use replacer on listen addresses (#5071) + * core: Fix ListenQUIC listener key conflict + * reverseproxy: On 103 don't delete own headers (#5091) + * caddyhttp: replace placeholders in map defaults (#5081) + * core: Refactor and improve listener logic (#5089) + * rewrite: Only trim prefix if matched + * reverseproxy: fix upstream scheme handling in command (#5088) + * ci: fix integration tests (#5079) + * headers: Support repeated WriteHeader if 1xx (fix #5074) + * fastcgi: Redirect using original URI path (fix #5073) + * ci: extend goreleaser timeout to 1-hour (#5067) + +------------------------------------------------------------------- +Fri Sep 23 19:30:59 UTC 2022 - jkowalczyk@suse.com + +- Update to version 2.6.1: + * core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063) + * encode: don't WriteHeader unless called (#5060) + * fileserver: Reinstate --debug flag + +------------------------------------------------------------------- +Tue Sep 20 20:44:58 UTC 2022 - jkowalczyk@suse.com + +- Update to version 2.6.0: + * httpcaddyfile: Fix `protocols` global option parsing (#5054) + * caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051) + * caddyhttp: Honor grace period in background (#5043) + * events: Make event data exported + * caddyhttp: responseRecorder save status in all cases (#5049) + * caddyhttp: Fix write header on responseRecorder + * ci: fix the name template of singing certificate and sboms (#5046) + * core: Variadic Context.Logger(); soft deprecation + * caddyhttp: Support configuring Server from handler provisioning (#4933) + * caddyhttp: Support TLS key logging for debugging (#4808) + * caddyhttp: Make metrics opt-in (#5042) + * caddytls: Debug log on implicit tailscale error (#5041) + * caddyhttp: Add --debug flag to commands + * encode: Fix Accept-Ranges header; HEAD requests (#5039) + * Reject absurdly long duration strings (fix #4175) + * Fix #4169 (correct e6c58fd) + * caddyfile: Prevent infinite nesting on fmt (fix #4175) + * Limit unclosed placeholder tolerance (fix #4170) + * reverseproxy: Support repeated --to flags in command (#4693) + * caddyhttp: Add 'skip_log' var to omit request from logs (#4691) + * httpcaddyfile: Fix bind when IPv6 is specified with network (#4950) + * cmd: Improve error message if config missing + * cmd: Customizable user agent (close #2795) + * httpcaddyfile: Fix sorting of repeated directives + * caddyhttp: Very minor optimization to path matcher + * caddyhttp: Explicitly disallow multiple regexp matchers (#5030) + * caddytls: Error if placeholder is empty in 'ask' + * supplychain: publish signing cert, sbom, and signatures of sbom (#5027) + * go.mod: Update truststore + * Very minor tweaks + * core: Check error on ListenQUIC + * fileserver: Ignore EOF when browsing empty dir + * caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022) + * cmd: Enhance some help text + * httpcaddyfile: Add a couple more placeholder shortcuts (#5015) + * Drop requirement for filesystems to implement fs.StatFS + * ci: grant the `release` workflow the `write` permission to `contents` (#5017) + * ci: add `id-token` permission and update the signing command (#5016) + * go.mod: Upgrade CertMagic (v0.17.1) + * fileserver: Support glob expansion in file matcher (#4993) + * caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006) + * Remove unnecessary error check + * caddyauth: Speed up basicauth provision, deprecate scrypt (#4720) + * ci: generate SBOM and sign artifacts using cosign (#4910) + * reverseproxy: Close hijacked conns on reload/quit (#4895) + * core: Refactor listeners; use SO_REUSEPORT on Unix (#4705) + * fastcgi: Optimize FastCGI transport (#4978) + * Minor style adjustments for HTTP redir logging + * Update readme + * Minor fix of error log + * notify: Don't send ready after error (fix #5003) + * templates: Document `httpError` function (#4972) + * fastcgi: allow users to log stderr output (#4967) (#5004) + * cmd: Don't print long help text on error + * Fix failing test + * dist: deb package manpages and bash completion scripts (#5007) + * caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990) + * map: Coerce val to string, fix #4987 + * httpcaddyfile: Add shortcut for expression matchers (#4976) + * caddyhttp: Accept placeholders in vars matcher key + * core: Plugins can register listener networks (#5002) + * caddyhttp: Disable draft versions of QUIC + * events: Tune logging and context cancellation + * events: Implement event system (#4912) + * httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001) + * caddyhttp: Set Content-Type for static response (#4999) + * cmd: Enhance CLI docs + * cmd: add completion command (#4994) + * cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565) + * Minor cleanup, resolve a couple lint warnings + * Remove duplicate words in comments (#4986) + * reverseproxy: Add upstreams healthy metrics (#4935) + * admin: Don't stop old server if new one fails (#4964) + * reverseproxy: Multiple dynamic upstreams + * Fix comment indentation + * zstd: fix typo in comment (#4985) + * httpcaddyfile: Add ocsp_interval global option (#4980) + * caddytls: Log error if ask request fails + * ci: Increase linter timeout (#4981) + * templates: cap of slice should not be smaller than length (#4975) + * caddyhttp: Fix for nil `handlerErr.Err` (#4977) + * caddyhttp: Set `http.error.message` to the HandlerError message (#4971) + * go.mod: Upgrade CertMagic to v0.16.3 + * core: Change net.IP to netip.Addr; use netip.Prefix (#4966) + * Clean up metrics test code + * caddyhttp: Smarter path matching and rewriting (#4948) + * fileserver: reset buffer before using it (#4962) (#4963) + * caddyhttp: Enable HTTP/3 by default (#4707) + * reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953) + * reverseproxy: Ignore context cancel in stream mode (#4952) + * reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951) + * httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) + * reverseproxy: Support 1xx status codes (HTTP early hints) (#4882) + * logging: Fix `cookie` filter (#4943) + * go.mod: Upgrade OpenTelemetry dependencies (#4937) + * fileserver: Better fix for Etag of compressed files + * fileserver: Generate Etag from sidecar file + * Improve docs for ZeroSSL issuer + * Replace strings.Index with strings.Cut (#4932) + * Replace strings.Index usages with strings.Cut (#4930) + * cmd: Use newly-available version information (#4931) + * httpserver: Configurable shutdown delay (#4906) + * go.mod: Upgrade CertMagic and acmez + * chore: Bump up to Go 1.19, minimum 1.18 (#4925) + * Oops (sigh) + * caddyhttp: Implement `caddy respond` command (#4870) + * fileserver: Support virtual file system in Caddyfile + * fileserver: Support virtual file systems (#4909) + * Minor docs clarification + * core: Windows service integration (#4790) + * chore: Add .gitattributes to force *.go to LF (#4919) + * Fix compilation on Windows + * Ignore linter warnings + * Fix deprecation notice by using UTF16PtrFromString + * caddyhttp: Clear out matcher error immediately after grabbing it (#4916) + * Finish fixing lint errors from ea8df6ff + * caddytls: Remove PreferServerCipherSuites + * caddyhttp: Use new CEL APIs (fix #4915) + * ci: Run golangci-lint on multiple os(#4875) (#4913) + * go.mod: Upgrade dependencies + * httpcaddyfile: Detect ambiguous site definitions (fix #4635) + * caddyhttp: Log shutdown errors, don't return (fix #4908) + * reverseproxy: Implement read & write timeouts for HTTP transport (#4905) + * cmd: Fix reload with stdin (#4900) + * caddyhttp: Enhance comment + * reverseproxy: Implement retry count, alternative to try_duration (#4756) + * caddyhttp: Make query matcher more efficient + * reverseproxy: Export SetScheme() again +- BuildRequires: golang(API) >= 1.18 for new net/netip package + +------------------------------------------------------------------- +Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller + +- Update to version 2.5.2: + * admin: expect quoted ETags (#4879) + * headers: Only replace known placeholders (#4880) + * reverseproxy: Err 503 if all upstreams unavailable + * reverseproxy: Adjust new TLS Caddyfile directive names (#4872) + * fileserver: Use safe redirects in file browser + * admin: support ETag on config endpoints (#4579) + * go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867) + * caddytls: Reuse issuer between PreCheck and Issue (#4866) + * admin: Implement /adapt endpoint (close #4465) (#4846) + * forwardauth: Fix case when `copy_headers` is omitted (#4856) + * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) + * reverseproxy: Fix double headers in response handlers (#4847) + * reverseproxy: Fix panic when TLS is not configured (#4848) + * reverseproxy: Skip TLS for certain configured ports (#4843) + * go.mod: Update some dependencies + * forwardauth: Support renaming copied headers, block support (#4783) + * Add comment about xcaddy to main + * headers: Support wildcards for delete ops (close #4830) (#4831) + * reverseproxy: Dynamic ServerName for TLS upstreams (#4836) + * reverseproxy: Make TLS renegotiation optional + * reverseproxy: Add renegotiation param in TLS client (#4784) + * caddyhttp: Log error from CEL evaluation (fix #4832) + * reverseproxy: Correct the `tls_server_name` docs (#4827) + * reverseproxy: HTTP 504 for upstream timeouts (#4824) + * caddytls: Make peer certificate verification pluggable (#4389) + * reverseproxy: api: Remove misleading 'healthy' value + * go.mod: Update go-yaml to v3 + * Fix #4822 and fix #4779 + * reverseproxy: Add --internal-certs CLI flag #3589 (#4817) + * ci: Fix build caching on Windows (#4811) + * templates: Add `humanize` function (#4767) + * core: Micro-optim in run() (#4810) + * go.mod: Upgrade some dependencies + * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) + * templates: Documentation consistency (#4796) + * chore: Bump quic-go to v0.27.0 (#4782) + * reverseproxy: Support http1.1>h2c (close #4777) (#4778) + * rewrite: Handle fragment before query (fix #4775) [bsc#1201822, CVE-2022-34037] + * httpcaddyfile: Support multiple values for `default_bind` (#4774) + +------------------------------------------------------------------- +Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com + +- Update to version 2.5.1: + * Fixed regression in Unix socket admin endpoints. + * Fixed regression in caddy trust commands. + * Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) + use an improved highest-random-weight (HRW) algorithm for increased + consistency. + * Dynamic upstreams, which is the ability to get the list of upstreams at + every request (more specifically, every iteration in the proxy loop of + every request) rather than just once at config-load time. + * Caddy will automatically try to get relevant certificates from the local + Tailscale instance. + * New OpenTelemetry integration. + * Added new endpoints /pki/ca/ and /pki/ca//certificates for + getting information about Caddy's managed CAs. + * Rename _caddy to zsh-completion + * Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718] + +------------------------------------------------------------------- +Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com + +- Update to version 2.4.6: + * caddycmd: Add `--keep-backup` to upgrade commands (#4387) + * caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386) + * caddycmd: fix caddy validate/fmt help message (#4377) + * caddyhttp: Add support for triggering errors from `try_files` (#4346) + * caddyhttp: Placeholder for client cert in DER + base64 format (#4241) + * caddyhttp: reverseproxy: clarify warning for -insecure (#4379) + * caddyhttp: Sanitize the path before evaluating path matchers (#4407) + * caddytls: Mark storage clean timestamp at end of routine (#4401) + * docs: General minor improvements + * fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342) + * fastcgi: Implement `try_files` override in Caddyfile directive (#4347) + * fileserver: Fix compression breaks using httpInclude (#4352) (#4358) + * fileserver: Fix displayed file size if it is symlink (#4354) + * fileserver: Make file listing links purple once visited (#4356) + * fileserver: Prevent focusing filter from scrolling on page load (#4393) + * fileserver: properly handle escaped/non-ascii paths (#4332) + * headers: Canonicalize case in replace (fix #4330) + * httpcaddyfile: Empty tls policy for internal http localhost (#4398) + * httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381) + * map: Fix 95c03506 (avoid repeated expansions) + * map: Fix regex mappings + * reverseproxy: Log error at error level (fix #4360) + * reverseproxy: Prevent copying the response if a response handler ran (#4388) + * reverseproxy: Sanitize scheme and host on incoming requests (#4237) + * templates: Add 'import' action (#4321) + * templates: Add tests for funcInclude and funcImport (#4357) + * templates: Propagate httpError to HTTP response + +------------------------------------------------------------------- +Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen + +- Update to version 2.4.5: + * Hotfix for a regression introduced in 2.4.4 related to + combining the encode and reverse_proxy directives. + * cmd: export CaddyVersion(), Commands() + * encode: ignore flushing until after first write + * go.mod: Update CertMagic + +------------------------------------------------------------------- +Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com + +- Update to version 2.4.4: + * acmeserver: Don't set host for directory links by default + * acmeserver: Trim slashes from path prefix + * admin: Implement load_interval to pull config on a timer + * admin: Replace admin cert cache when reloading + * admin: Sync server variables + * caddyfile: Better error message for missing site block braces + * caddyfile: Error on invalid site addresses containing comma + * caddyfile: keep error chain info in Dispenser.Errf + * caddyhttp: Fix edgecase with auto HTTP->HTTPS logic + * caddyhttp: Fix incorrect determination of gRPC protocol + * caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi + * caddyhttp: Updated the documentation for MatchQuery + * caddytls: Add Caddyfile support for propagation_timeout + * caddytls: Remove "IssuerRaw" field + * cmd: Fix paths when using an env file + * cmd: New add-package and remove-package commands + * cmd: use net.ErrClosed for matching returned error + * core: Unix ns and Unix ms time placeholders + * encode: Tweak compression settings + * fileserver: Add disable_canonical_uris Caddyfile subdirective + * fileserver: Clarify docs about canonicalization + * fileserver: Don't persist parsed template + * fileserver: Fix browse name_dir_first sorting + * fileserver: Fix browse not redirecting query parameters + * fileserver: Only redirect if filename not rewritten + * fileserver: Redirect within the original URL + * go.mod: Update dependencies + * httpcaddyfile: Add preferred_chains global option and issuer subdirective + * httpcaddyfile: Add shortcut for proxy hostport placeholder + * httpcaddyfile: Add skip_install_trust global option + * httpcaddyfile: Don't add HTTP hosts to TLS APs + * httpcaddyfile: Don't put localhost in public APs + * httpcaddyfile: Ensure hosts to skip for logs can always be collected + * httpcaddyfile: Improve unrecognized directive errors + * httpcaddyfile: Reorder some directives + * logging: Actually use level_key + * logging: Add missing interface guards for replace filter + * logging: Prep for common_log removal + * logging: Warn for deprecated single_field encoder + * metrics: use buildinfo collector from new collectors pkg + * reverseproxy: Adjust test related to #4201 + * reverseproxy: Always remove hop-by-hop headers + * reverseproxy: Fix overwriting of max_idle_conns_per_host + * reverseproxy: Incorporate latest proxy changes from stdlib + * reverseproxy: Keep path to unix socket as dial address + * reverseproxy: Remove redundant flushing + +------------------------------------------------------------------- +Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Modified: + * caddy.service + +------------------------------------------------------------------- +Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com + +- Update to version 2.4.1: + * logging: Implement dial timeout for net writer (fix #4083) (#4172) + * admin: Reinstate internal redirect for /id/ requests + * caddyfile: Add parse error on site address with trailing `{` (#4163) + * reverseproxy: Set the headers in the replacer before `handle_response` (#4165) + * ci: Run CI on PRs targeting minor version branches (#4164) + * cmd: upgrade: inherit the permissions of the original executable (#4160) + * httpcaddyfile: Fix automation policy consolidation again (fix #4161) + * caddyfile: Fix `caddy fmt` nesting not decrementing (#4157) + * encode: Drop `prefer` from Caddyfile (#4156) + * encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151) + * caddytls: Run replacer on ask URL, for env vars (#4154) + * httpcaddyfile: Add `grace_period` global option (#4152) + * caddyhttp: Fix fallback for the error handler chain (#4131) + * reverseproxy: Minor logging improvements + * fileserver: Fix `file` matcher with empty `try_files` (#4147) + * go.mod: CertMagic v0.13.1 + * reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021) + * cmd: Add --envfile flag to `start` command (#4141) + * httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077) + * httpcaddyfile: Add global option for `storage_clean_interval` (#4134) + * caddyhttp: performance improvement in HeaderRE Matcher (#4143) + * fileserver: Share template logic for both `templates` and `file_server browse` (#4093) + * caddytls: Implement remote IP connection matcher (#4123) + * httpcaddyfile: Fix unexpectedly removed policy (#4128) + * reverseproxy: fix hash selection policy (#4137) + * fileserver: Better handling of HTTP status override (#4132) + * caddyfile: Fix `import` replacing unrelated placeholders (#4129) + * caddytls: Add `load_storage` module (#4055) + * reverseproxy: Admin endpoint for reporting upstream statuses (#4125) + * caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033) + * httpcaddyfile: Take into account host scheme/port (fix #4113) + * fuzz: fix the FuzzFormat comparison (#4117) + * caddytls: Disable OCSP stapling for manual certs (#4064) + * caddytls: Configurable storage clean interval + * caddyfile: reject cyclic imports (#4022) + * ci: fuzz: add 4 more fuzzing targets (#4105) + * fileserver: Add status code override (#4076) + * notify: Send all sd_notify signals from main caddy process (#4060) + * go.mod: Update quic-go to v0.20.1 (#4075) + * httpcaddyfile: Fix panic in automation policy consolidation (#4104) + * caddyfile: Normalize line endings before comparing fmt result (#4103) + * ci: accommodate go1.16 changes to go mod (#4102) + * Minor tweaks + * go.mod: Use latest CertMagic + * Use 600 instead of 644 for UUID file + * Change os to ioutil for now + * reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096) + * caddy: Add InstanceID() method + * encode,staticfiles: Content negotiation, precompressed files (#4045) + * reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050) + * go.mod: Migrate to golang.org/x/term (#4073) + * caddyhttp: improve grammar of comment for AllowH2C (#4072) + * sigtrap_posix: add missing comma to SIGTERM info (#4078) + * cmd: Use formatted logger for config adapter warnings (#4080) + * cmd: main: fix minor doc typos (#4082) + * headers: Fix Caddyfile parsing for `request_header` with matchers (#4085) + * .gitignore: add IDE files (#4087) + * fileserver: Add a few more debug lines (#4063) + * fileserver: Browse listing supports dark mode (#4066) + * CONTRIBUTING: fix spelling (#4070) + * httpcaddyfile: Add `error` directive for the existing handler (#4034) + * logging: add replace filter for static value replacement (#4029) + * caddyconfig: add global option for configuring loggers (#4028) + * map: Accept regex substitution in outputs (#3991) + * reverseproxy: Fix upstreams with placeholders with no port (#4046) + * rewrite: Implement regex path replacements + * fileserver: Don't replace in request paths (fix #4027) + * caddypki: Add SignWithRoot option for ACME server + * reverseproxy: Fix round robin data race (#4038) + * Update docs; commit setcap.sh + * go.mod: Latest CertMagic (updated libdns conventions) + * core: Initialize logging before admin + * caddytls: Remove old asset migration code (close #3894) + * reverseproxy: Add duration/latency placeholders (close #4012) (#4013) + * httpcaddyfile: Fix catch-all site block sorting + * ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024) + * caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998) + * Improve security warnings + * httpcaddyfile: Configure other apps from global options (#3990) + * cmd: Clean up `build-info` and `upgrade` output + * caddyhttp: Support placeholders in header matcher values (close #3916) + * caddytls: Save email with account if not already specified + * reverseproxy: Response buffering & configurable buffer size + * httpcaddyfile: Fix automation policies + * ci: deflake integration tests (#3966) + * httpcaddyfile: Add resolvers subdir of tls (close #4008) + * acmeserver: Support custom CAs from Caddyfile + * caddyhttp: Check for invalid subdirectives of static_response + * httpcaddyfile: Fix default issuers when email provided + * cmd: Add --force flag to reload command (close #4005) + * httpcaddyfile: Warn if site address uses unspecified IP (close #4004) + * httpcaddyfile: Sort catch-all site blocks properly (fix #4003) + * ci: update the command to run tests on the s390x machine (#3995) + * caddyhttp: Fix redir html status code, improve flow (#3987) + * caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983) + * admin: Identity management, remote admin, config loaders (#3994) + * caddycmd: Add upgrade command (#3972) + * Revert "requestbody: Allow overwriting remote address" + * caddytest: Update Caddyfile tests for formatting, HTTP-only blocks + * httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977) + * cmd: Print more detailed version with --environ + * map: Add missing json struct tag + * tests: use actual admin port value in error message (#3973) + * cmd: Implement sd_notify() to notify systemd about readiness (#3963) + * templates: Add fileExists and httpError template actions + * requestbody: Allow overwriting remote address + * rewrite: Use RawPath instead of Path (fix #3596) (#3918) + * Update docs + * caddytls: Configurable OCSP stapling; global option (closes #3714) + * logging: Remove logfmt encoder (close #3575) + * httpcaddyfile: Support repeated use of cert_issuer global option + * caddytls: add 'key_type' subdirective (#3956) + * caddyfile: Refactor unmarshaling of module tokens + * go.mod: Update CertMagic and acmez (improved IDN support) + * reverseproxy: Caddyfile health check headers, host header support (#3948) + * httpcaddyfile: Adjust iterator when removing AP (fix #3953) + * cmd: Organize list-modules output; --packages flag (#3925) + * caddyfile: Introduce basic linting and fmt check (#3923) + +------------------------------------------------------------------- +Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi + +- Create Caddy package diff --git a/caddy.service b/caddy.service new file mode 100644 index 0000000..85eec11 --- /dev/null +++ b/caddy.service @@ -0,0 +1,32 @@ +[Unit] +Description=Caddy web server +Documentation=https://caddyserver.com/docs/ +After=network.target network-online.target +Requires=network-online.target + +[Service] +User=caddy +Group=caddy +ExecStart=/usr/bin/caddy run --resume --environ --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectSystem=full +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/caddy.spec b/caddy.spec new file mode 100644 index 0000000..baf7693 --- /dev/null +++ b/caddy.spec @@ -0,0 +1,155 @@ +# +# spec file for package caddy +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: caddy +Version: 2.9.1 +Release: 0 +Summary: Fast, multi-platform web server with automatic HTTPS +License: Apache-2.0 +Group: Productivity/Networking/Web/Proxy +URL: https://caddyserver.com/ +Source0: %{name}-%{version}.tar.gz +Source1: vendor.tar.gz +Source2: https://github.com/caddyserver/dist/raw/v%{version}/config/Caddyfile +Source3: caddy.service +Source4: https://github.com/caddyserver/dist/raw/v%{version}/welcome/index.html +Source5: caddy.sysusers +BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-tools +BuildRequires: golang(API) >= 1.22.3 +%{?systemd_requires} +%{sysusers_requires} + +%description +Caddy is a powerful, extensible platform to serve your sites, services, and +apps, written in Go. + +%package bash-completion +Summary: Bash Completion for %{name} +Group: System/Shells +Requires: bash-completion +Supplements: (%{name} and bash) +BuildArch: noarch + +%description bash-completion +Bash completion script for %{name}, generated during the build. + +%package zsh-completion +Summary: ZSH Completion for %{name} +Group: System/Shells +Supplements: (%{name} and zsh) +BuildArch: noarch + +%description zsh-completion +ZSH completion script for %{name}, generated during the build. + +%package fish-completion +Summary: Fish Completion for %{name} +Group: System/Shells +Supplements: (%{name} and fish) +BuildArch: noarch + +%description fish-completion +Fish shell completion script for %{name}, generated during the build. + +%prep +%autosetup -a 1 + +%build +# Build the binary. +%ifnarch ppc64 +export GOFLAGS="-buildmode=pie" +%endif +# overrides caddy reported version (see caddy.go for explanations why this is needed). +go build -ldflags '-X github.com/caddyserver/caddy/v2.CustomVersion=v%{version}' ./cmd/%{name} + +%check +# Execute binary and check version +[[ "$(./%{name} version)" == "v%{version}" ]] || exit 1 + +%install +install -d %{buildroot}/%{_sbindir} +install -D -p -m 0755 %{name} %{buildroot}%{_bindir}/%{name} + +# configuration +install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/Caddyfile + +# service +install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +install -Dpm0644 %{SOURCE5} %{buildroot}%{_sysusersdir}/%{name}.conf + +# data directory +install -d -m 0750 %{buildroot}%{_sharedstatedir}/%{name} + +# welcome page +install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_datadir}/%{name}/index.html + +# bash completion +install -d -p -m 0755 %{buildroot}%{_datadir}/bash-completion/completions +./%{name} completion bash > %{buildroot}%{_datadir}/bash-completion/completions/%{name} + +# zsh completion +install -d -p -m 0755 %{buildroot}%{_datadir}/zsh/site-functions +./%{name} completion zsh > %{buildroot}%{_datadir}/zsh/site-functions/_%{name} + +# fish completion +install -d -p -m 0755 %{buildroot}%{_datadir}/fish/vendor_completions.d +./%{name} completion fish > %{buildroot}%{_datadir}/fish/vendor_completions.d/%{name}.fish + +# man pages +./%{name} manpage --directory %{buildroot}%{_mandir}/man8 + +%sysusers_generate_pre %{SOURCE5} %{name} %{name}.conf + +%pre -f %{name}.pre +%service_add_pre %{name}.service + +%post +%service_add_post %{name}.service +%{fillup_only -n %{name}} + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%files +%license LICENSE +%doc AUTHORS README.md +%{_mandir}/man8/caddy*.8%{?ext_man} +%{_bindir}/%{name} +%{_datadir}/%{name} +%{_unitdir}/%{name}.service +%{_sbindir}/rc%{name} +%{_sysusersdir}/%{name}.conf +%dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/Caddyfile +%dir %attr(0750, %{name}, %{name}) %{_sharedstatedir}/%{name} + +%files bash-completion +%{_datadir}/bash-completion + +%files fish-completion +%{_datadir}/fish + +%files zsh-completion +%{_datadir}/zsh + +%changelog diff --git a/caddy.sysusers b/caddy.sysusers new file mode 100644 index 0000000..5f762c3 --- /dev/null +++ b/caddy.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +u caddy - "Caddy web server" /var/lib/caddy - +g caddy - - - - diff --git a/index.html b/index.html new file mode 100644 index 0000000..5f2c410 --- /dev/null +++ b/index.html @@ -0,0 +1,396 @@ + + + + Caddy works! + + + + + + + +
+
+
+
+ + + + + + + + + + +

+ Congratulations! + おめでとう! + ¡Felicidades! + 恭喜! + बधाई हो! + Поздравляю! + Вітаю! + Gefeliciteerd! + Glückwunsch! + 🎊 +

+ +

+ Your web server is working. Now make it work for you. 💪 +

+

+ Caddy is ready to serve your site over HTTPS: +

+
    +
  1. Point your domain's A/AAAA DNS records at this machine.
    2. +
  2. Upload your site's files to /var/www/html. +
  3. + Edit your Caddyfile at /etc/caddy/Caddyfile: +
      +
    1. Replace :80 with your domain name
      2. +
    2. Change the site root to /var/www/html
      3. +
    +
    4. +
  4. Reload the configuration: systemctl reload caddy
    5. +
  5. Visit your site!
    6. +
+

If that worked 🥳

+

+ Awesome! You won't have to look at this slanted page anymore. +

+

+ Remember, Caddy can do a lot more than serve static files. It's also a powerful reverse proxy and + application platform. You can use the Caddyfile to enable any other features you need. Or you could use + Caddy's API to configure it programmatically. +

+

+ Everything you need to know is either in the 📖 Caddy + documentation or the manual for your OS/platform. Have fun! +

+ +

If that didn't work 😶

+

+ It's okay, you can fix it! First check the following things: +

+
    +
  • Service status: systemctl status caddy
    • +
  • Logs: journalctl --no-pager -u caddy
    • +
  • Are your site's files readable by the caddy user and group? ls -la /var/www/html
    • +
  • Is the caddy home directory writeable? ls -la /var/lib/caddy
    • +
  • Ensure your domain's A and/or AAAA records point to your machine's public IP address: + dig example.com
    • +
  • Are your ports 80 and 443 externally reachable, and is Caddy able to bind to them? Check your + firewalls, port forwarding, and other network configuration.
    • +
+

+ WAIT! Before trying again, switch to Let's Encrypt's staging environment to + avoid being accidentally rate limited. Once you + get everything else working, it's safe to switch back. +

+

+ Depending on your DNS provider, it may take a while for the DNS records to propagate. Even when + everything is configured properly, automated challenges to obtain TLS certificates usually take several + seconds, but may take up to several minutes or hours. +

+ If you still need help, we have a great community! First try a search, and if your question is original, go ahead + and ask it! Remember to pay it forward and help others too. 😁 +

+

+ Visit Caddy on: + GitHub + or + Twitter + or + Our Forum +

+
+
+ + + + + + diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..49e8dc1 --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d7437d64b8749fd990f9a94e12a1c91df2177ee05f5217c1326c9ca53a4d3b2 +size 9990148