------------------------------------------------------------------- Fri Dec 08 02:07:42 UTC 2023 - Jeff Kowalczyk - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) ------------------------------------------------------------------- Fri Oct 13 20:05:08 UTC 2023 - Jeff Kowalczyk - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) ------------------------------------------------------------------- Thu Sep 21 14:20:37 UTC 2023 - Alexandre Vicenzi - Switch to sysuser for user setup ------------------------------------------------------------------- Thu Aug 17 22:55:36 UTC 2023 - jkowalczyk@suse.com - Update to version 2.7.4: * go.mod: Upgrade CertMagic and quic-go * reverseproxy: Always return new upstreams (fix #5736) (#5752) * ci: use gci linter (#5708) * fileserver: Slightly more fitting icons * cmd: Require config for caddy validate (fix #5612) (#5614) * Fix tests * caddytls: Update docs for on-demand config * fileserver: Don't repeat error for invalid method inside error context (#5705) * ci: Update to Go 1.21 (#5719) * ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720) * go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718) * ci: Use gofumpt to format code (#5707) * templates: Fix httpInclude (fix #5698) ------------------------------------------------------------------- Thu Aug 17 22:54:37 UTC 2023 - Jeff Kowalczyk - Use _service mode manual as better alias name than disabled * osc reports service mode disabled as obsolete ------------------------------------------------------------------- Sun Aug 06 01:06:42 UTC 2023 - jkowalczyk@suse.com - Update to version 2.7.3: * go.mod: Upgrade to quic-go v0.37.3 * cmd: Split unix sockets for admin endpoint addresses (#5696) * reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695) * caddyfile: check that matched key is not a substring of the replacement key (#5685) * chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691) * go.mod: Upgrade quic-go to v0.37.2 (fix #5680) * fileserver: browse: Render SVG images in grid ------------------------------------------------------------------- Fri Aug 04 19:12:07 UTC 2023 - elimat@opensuse.org - Update to version 2.7.2: * reverseproxy: Fix hijack ordering which broke websockets (#5679) * httpcaddyfile: Fix `string does not match ~[]E` error (#5675) * encode: Fix infinite recursion (#5672) * caddyhttp: Make use of `http.ResponseController` (#5654) * go.mod: Upgrade dependencies esp. smallstep/certificates * core: Allow loopback hosts for admin endpoint (fix #5650) (#5664) * httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643) * reverseproxy: Connection termination cleanup (#5663) * go.mod: Use quic-go 0.37.1 * reverseproxy: Export ipVersions type (#5648) * go.mod: Use latest CertMagic (v0.19.1) * caddyhttp: Preserve original error (fix #5652) * fileserver: add lazy image loading (#5646) * go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644) * core: Refine mutex during reloads (fix #5628) (#5645) * go.mod: update quic-go to v0.36.2 (#5636) * fileserver: Tweak grid view of browse template * fileserver: add `export-template` sub-command to `file-server` (#5630) * caddyfile: Fix comparing if two tokens are on the same line (#5626) * caddytls: Reuse certificate cache through reloads (#5623) * Minor tweaks to security.md * reverseproxy: Pointer receiver * caddyhttp: Trim dot/space only on Windows (fix #5613) * update quic-go to v0.36.1 (#5611) * caddyconfig: Specify config adapter for HTTP loader (close #5607) * core: Embed net.UDPConn to gain optimizations (#5606) * chore: remove deprecated property `rlcp` in goreleaser config (#5608) * core: Skip `chmod` for abstract unix sockets (#5596) * core: Add optional unix socket file permissions (#4741) * reverseproxy: Honor `tls_except_port` for active health checks (#5591) * Appease linter * Fix compile on Windows, hopefully * core: Properly preserve unix sockets (fix #5568) * go.mod: Upgrade CertMagic for hotfix * go.mod: Upgrade some dependencies * chore: upgrade otel (#5586) * go.mod: Update quic-go to v0.36.0 (#5584) * reverseproxy: weighted_round_robin load balancing policy (#5579) * reverseproxy: Experimental streaming timeouts (#5567) * chore: remove refs of deprecated io/ioutil (#5576) * headers: Allow `>` to defer shortcut for replacements (#5574) * caddyhttp: Support custom network for HTTP/3 (#5573) * reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569) * fileserver: browse: Better grid layout (#5564) * caddytls: Clarify some JSON config docs * cmd: Implement storage import/export (#5532) * go.mod: Upgrade quic-go to 0.35.1 * update quic-go to v0.35.0 (#5560) * templates: Add `readFile` action that does not evaluate templates (#5553) * caddyfile: Track import name instead of modifying filename (#5540) * core: Use SO_REUSEPORT_LB on FreeBSD (#5554) * caddyfile: Do not replace import tokens if they are part of a snippet (#5539) * fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550) * fileserver: browse: minor tweaks for grid view, dark mode (#5545) * fileserver: Only set Etag if not already set (fix #5546) (#5547) * fileserver: Fix file browser breadcrumb font (#5543) * caddyhttp: Fix h3 shutdown (#5541) * fileserver: More filetypes for browse icons * fileserver: Fix file browser footer in grid mode (#5536) * cmd: Avoid spammy log messages (fix #5538) * httpcaddyfile: Sort Caddyfile slice * caddyhttp: Implement named routes, `invoke` directive (#5107) * rewrite: use escaped path, fix #5278 (#5504) * headers: Add > Caddyfile shortcut for enabling defer (#5535) * go.mod: Upgrade several dependencies * reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494) * fileserver: Use EscapedPath for browse (#5534) * caddyhttp: Refactor cert Managers (fix #5415) (#5533) * Slightly more helpful error message * caddytls: Check for nil ALPN; close #5470 (#5473) * cmd: Reduce spammy logs from --watch * caddyhttp: Add a getter for Server.name (#5531) * caddytls: Configurable fallback SNI (#5527) * caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849) * Add doc comment about changing admin endpoint * feature: watch include directory (#5521) * chore: remove deprecated linters (#5525) * go.mod: Upgrade CertMagic again * go.mod: Upgrade CertMagic * reverseproxy: Optimize base case for least_conn and random_choose policies (#5487) * reverseproxy: Fix active health check header canonicalization, refactor (#5446) * reverseproxy: Add `fallback` for some policies, instead of always random (#5488) * logging: Actually honor the SoftStart parameter * logging: Soft start for net writer (close #5520) * fastcgi: Fix `capture_stderr` (#5515) * acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500) * go.mod: Update some dependencies * logging: Add traceID field to access logs when tracing is active (#5507) * caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509) * reverseproxy: Fix reinitialize upstream healthy metrics (#5498) * fix some comments (#5508) * templates: Add `fileStat` function (#5497) * caddyfile: Stricter parsing, error for brace on new line (#5505) * core: Return default logger if no modules loaded * celmatcher: Implement `pkix.Name` conversion to string (#5492) * chore: Adjustments to CI caching (#5495) * reverseproxy: Remove deprecated `lookup_srv` (#5396) * cmd: Support `'` quotes in envfile parsing (#5437) * Update contributing guidelines (#5466) * caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929) * reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468) * cmd: Create pidfile before config load (close #5477) * fileserver: Add color-scheme meta tag (#5475) * build(deps): bump actions/setup-go from 3 to 4 (#5474) * proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424) * reverseproxy: Add mention of which half a copyBuffer err comes from (#5472) * caddyhttp: Log request body bytes read (#5461) * log: Make sink logs encodable (#5441) * caddytls: Eval replacer on automation policy subjects (#5459) * headers: Support deleting all headers as first op (#5464) * replacer: Add HTTP time format (#5458) * reverseproxy: Header up/down support for CLI command (#5460) * caddyhttp: Determine real client IP if trusted proxies configured (#5104) * httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462) * caddytls: Zero out throttle window first (#5443) * ci: add `--yes` to cosign arguments (#5440) * reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435) * caddytls: Allow on-demand w/o ask for internal-only * caddytls: Require 'ask' endpoint for on-demand TLS * fileserver: New file browse template (#5427) * go.mod: Upgrade dependencies * tracing: Support autoprop from OTEL_PROPAGATORS (#5147) * caddyhttp: Enable 0-RTT QUIC (#5425) * encode: flush status code when hijacked. (#5419) * fileserver: Remove trailing slash on fs filenames (#5417) * core: Eliminate unnecessary shutdown delay on Unix (#5413) * caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408) * context: Rename func to `AppIfConfigured` (#5397) * reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401) * ci/cd: ship tarballs with vendored deps (#5403) * caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404) * caddyfile: Implement heredoc support (#5385) * cmd: Expand cobra support, add short flags (#5379) * ci: Update minimum Go version to 1.19 * go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min) * reverseproxy: refactor HTTP transport layer (#5369) * caddytls: Relax the warning for on-demand (#5384) * cmd: Strict unmarshal for validate (#5383) * caddyfile: Implement variadics for import args placeholders (#5249) * cmd: make `caddy fmt` hints more clear (#5378) * cmd: Adjust documentation for commands (#5377) - BuildRequires: golang(API) >= 1.20 for guic-go bump ------------------------------------------------------------------- Sun Apr 30 18:17:39 UTC 2023 - Jeff Kowalczyk - Fix failing build on SLE-12 by defining _sharedstatedir /var/lib on SLE-12 consistent with SLE-15, openSUSE and upstream RPM docs. * SLE-12 _sharedstatedir was /usr/com, _localstatedir is /var as expected * SLE-15+ _sharedstatedir is /var/lib, _localstatedir is /var * _sharedstatedir used here as home directory for newly created user caddy * If not redefined build fails with empty /usr/com not owned by any package * Switch to useradd -d %{_sharedstatedir} from %{_localstatedir}/lib The latter is common in Factory packages possibly for historical reasons, opt for the less common option here for equivalence and clarity. ------------------------------------------------------------------- Sat Apr 29 22:23:15 UTC 2023 - jkowalczyk@suse.com - Update to version 2.6.4: * go.mod: Upgrade acmez and x/net * reverseproxy: Don't buffer chunked requests (fix #5366) (#5367) ------------------------------------------------------------------- Thu Feb 09 10:19:47 UTC 2023 - alexandre.vicenzi@suse.com - Update to version 2.6.3: * New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally * Unix sockets on Windows now supported as proxy upstreams * Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written) * The quic-go package has received significant optimizations and HTTP/3 should be more efficient now * CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207) ------------------------------------------------------------------- Thu Oct 13 19:10:18 UTC 2022 - jkowalczyk@suse.com - Update to version 2.6.2: * httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120) * httpcaddyfile: Wrap site block in subroute if host matcher used (#5130) * fileserver: stop listing dir when request context is cancelled (#5131) * replacer: working directory global placeholder (#5127) * httpcaddyfile: Fix `metrics` global option parsing (#5126) * caddyconfig: Implement retries into HTTPLoader (#5077) * Fix typo in comment (#5121) * logging: Fix `skip_hosts` with wildcards (#5102) * caddytest: Revise sleep durations * core: Set version manually via CustomVersion (#5072) * forwardauth: Canonicalize header fields (fix #5038) (#5097) * logging: Perform filtering on arrays of strings (where possible) (#5101) * logging: Add `time_local` option to use local time instead of UTC (#5108) * fileserver: Treat invalid file path as NotFound (#5099) * logging: Better `console` encoder defaults (#5109) * httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110) * core: Chdir to executable location on Windows (#5115) * ci: enhance the CI/CD flow (#5118) * Fix inverted logic in Windows service detection (#5106) * fileserver: better dark mode visited link contrast (#5105) * go.mod: Upgrade select dependencies * caddyhttp: Remote IP prefix placeholders * map: Remove infinite recursion check (#5094) * reverseproxy: Parse humanized byte size (fix #5095) * admin: Use replacer on listen addresses (#5071) * core: Fix ListenQUIC listener key conflict * reverseproxy: On 103 don't delete own headers (#5091) * caddyhttp: replace placeholders in map defaults (#5081) * core: Refactor and improve listener logic (#5089) * rewrite: Only trim prefix if matched * reverseproxy: fix upstream scheme handling in command (#5088) * ci: fix integration tests (#5079) * headers: Support repeated WriteHeader if 1xx (fix #5074) * fastcgi: Redirect using original URI path (fix #5073) * ci: extend goreleaser timeout to 1-hour (#5067) ------------------------------------------------------------------- Fri Sep 23 19:30:59 UTC 2022 - jkowalczyk@suse.com - Update to version 2.6.1: * core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063) * encode: don't WriteHeader unless called (#5060) * fileserver: Reinstate --debug flag ------------------------------------------------------------------- Tue Sep 20 20:44:58 UTC 2022 - jkowalczyk@suse.com - Update to version 2.6.0: * httpcaddyfile: Fix `protocols` global option parsing (#5054) * caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051) * caddyhttp: Honor grace period in background (#5043) * events: Make event data exported * caddyhttp: responseRecorder save status in all cases (#5049) * caddyhttp: Fix write header on responseRecorder * ci: fix the name template of singing certificate and sboms (#5046) * core: Variadic Context.Logger(); soft deprecation * caddyhttp: Support configuring Server from handler provisioning (#4933) * caddyhttp: Support TLS key logging for debugging (#4808) * caddyhttp: Make metrics opt-in (#5042) * caddytls: Debug log on implicit tailscale error (#5041) * caddyhttp: Add --debug flag to commands * encode: Fix Accept-Ranges header; HEAD requests (#5039) * Reject absurdly long duration strings (fix #4175) * Fix #4169 (correct e6c58fd) * caddyfile: Prevent infinite nesting on fmt (fix #4175) * Limit unclosed placeholder tolerance (fix #4170) * reverseproxy: Support repeated --to flags in command (#4693) * caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * httpcaddyfile: Fix bind when IPv6 is specified with network (#4950) * cmd: Improve error message if config missing * cmd: Customizable user agent (close #2795) * httpcaddyfile: Fix sorting of repeated directives * caddyhttp: Very minor optimization to path matcher * caddyhttp: Explicitly disallow multiple regexp matchers (#5030) * caddytls: Error if placeholder is empty in 'ask' * supplychain: publish signing cert, sbom, and signatures of sbom (#5027) * go.mod: Update truststore * Very minor tweaks * core: Check error on ListenQUIC * fileserver: Ignore EOF when browsing empty dir * caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022) * cmd: Enhance some help text * httpcaddyfile: Add a couple more placeholder shortcuts (#5015) * Drop requirement for filesystems to implement fs.StatFS * ci: grant the `release` workflow the `write` permission to `contents` (#5017) * ci: add `id-token` permission and update the signing command (#5016) * go.mod: Upgrade CertMagic (v0.17.1) * fileserver: Support glob expansion in file matcher (#4993) * caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006) * Remove unnecessary error check * caddyauth: Speed up basicauth provision, deprecate scrypt (#4720) * ci: generate SBOM and sign artifacts using cosign (#4910) * reverseproxy: Close hijacked conns on reload/quit (#4895) * core: Refactor listeners; use SO_REUSEPORT on Unix (#4705) * fastcgi: Optimize FastCGI transport (#4978) * Minor style adjustments for HTTP redir logging * Update readme * Minor fix of error log * notify: Don't send ready after error (fix #5003) * templates: Document `httpError` function (#4972) * fastcgi: allow users to log stderr output (#4967) (#5004) * cmd: Don't print long help text on error * Fix failing test * dist: deb package manpages and bash completion scripts (#5007) * caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990) * map: Coerce val to string, fix #4987 * httpcaddyfile: Add shortcut for expression matchers (#4976) * caddyhttp: Accept placeholders in vars matcher key * core: Plugins can register listener networks (#5002) * caddyhttp: Disable draft versions of QUIC * events: Tune logging and context cancellation * events: Implement event system (#4912) * httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001) * caddyhttp: Set Content-Type for static response (#4999) * cmd: Enhance CLI docs * cmd: add completion command (#4994) * cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565) * Minor cleanup, resolve a couple lint warnings * Remove duplicate words in comments (#4986) * reverseproxy: Add upstreams healthy metrics (#4935) * admin: Don't stop old server if new one fails (#4964) * reverseproxy: Multiple dynamic upstreams * Fix comment indentation * zstd: fix typo in comment (#4985) * httpcaddyfile: Add ocsp_interval global option (#4980) * caddytls: Log error if ask request fails * ci: Increase linter timeout (#4981) * templates: cap of slice should not be smaller than length (#4975) * caddyhttp: Fix for nil `handlerErr.Err` (#4977) * caddyhttp: Set `http.error.message` to the HandlerError message (#4971) * go.mod: Upgrade CertMagic to v0.16.3 * core: Change net.IP to netip.Addr; use netip.Prefix (#4966) * Clean up metrics test code * caddyhttp: Smarter path matching and rewriting (#4948) * fileserver: reset buffer before using it (#4962) (#4963) * caddyhttp: Enable HTTP/3 by default (#4707) * reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953) * reverseproxy: Ignore context cancel in stream mode (#4952) * reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951) * httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) * reverseproxy: Support 1xx status codes (HTTP early hints) (#4882) * logging: Fix `cookie` filter (#4943) * go.mod: Upgrade OpenTelemetry dependencies (#4937) * fileserver: Better fix for Etag of compressed files * fileserver: Generate Etag from sidecar file * Improve docs for ZeroSSL issuer * Replace strings.Index with strings.Cut (#4932) * Replace strings.Index usages with strings.Cut (#4930) * cmd: Use newly-available version information (#4931) * httpserver: Configurable shutdown delay (#4906) * go.mod: Upgrade CertMagic and acmez * chore: Bump up to Go 1.19, minimum 1.18 (#4925) * Oops (sigh) * caddyhttp: Implement `caddy respond` command (#4870) * fileserver: Support virtual file system in Caddyfile * fileserver: Support virtual file systems (#4909) * Minor docs clarification * core: Windows service integration (#4790) * chore: Add .gitattributes to force *.go to LF (#4919) * Fix compilation on Windows * Ignore linter warnings * Fix deprecation notice by using UTF16PtrFromString * caddyhttp: Clear out matcher error immediately after grabbing it (#4916) * Finish fixing lint errors from ea8df6ff * caddytls: Remove PreferServerCipherSuites * caddyhttp: Use new CEL APIs (fix #4915) * ci: Run golangci-lint on multiple os(#4875) (#4913) * go.mod: Upgrade dependencies * httpcaddyfile: Detect ambiguous site definitions (fix #4635) * caddyhttp: Log shutdown errors, don't return (fix #4908) * reverseproxy: Implement read & write timeouts for HTTP transport (#4905) * cmd: Fix reload with stdin (#4900) * caddyhttp: Enhance comment * reverseproxy: Implement retry count, alternative to try_duration (#4756) * caddyhttp: Make query matcher more efficient * reverseproxy: Export SetScheme() again - BuildRequires: golang(API) >= 1.18 for new net/netip package ------------------------------------------------------------------- Fri Jul 15 19:01:01 UTC 2022 - Dirk Müller - Update to version 2.5.2: * admin: expect quoted ETags (#4879) * headers: Only replace known placeholders (#4880) * reverseproxy: Err 503 if all upstreams unavailable * reverseproxy: Adjust new TLS Caddyfile directive names (#4872) * fileserver: Use safe redirects in file browser * admin: support ETag on config endpoints (#4579) * go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867) * caddytls: Reuse issuer between PreCheck and Issue (#4866) * admin: Implement /adapt endpoint (close #4465) (#4846) * forwardauth: Fix case when `copy_headers` is omitted (#4856) * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) * reverseproxy: Fix double headers in response handlers (#4847) * reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Skip TLS for certain configured ports (#4843) * go.mod: Update some dependencies * forwardauth: Support renaming copied headers, block support (#4783) * Add comment about xcaddy to main * headers: Support wildcards for delete ops (close #4830) (#4831) * reverseproxy: Dynamic ServerName for TLS upstreams (#4836) * reverseproxy: Make TLS renegotiation optional * reverseproxy: Add renegotiation param in TLS client (#4784) * caddyhttp: Log error from CEL evaluation (fix #4832) * reverseproxy: Correct the `tls_server_name` docs (#4827) * reverseproxy: HTTP 504 for upstream timeouts (#4824) * caddytls: Make peer certificate verification pluggable (#4389) * reverseproxy: api: Remove misleading 'healthy' value * go.mod: Update go-yaml to v3 * Fix #4822 and fix #4779 * reverseproxy: Add --internal-certs CLI flag #3589 (#4817) * ci: Fix build caching on Windows (#4811) * templates: Add `humanize` function (#4767) * core: Micro-optim in run() (#4810) * go.mod: Upgrade some dependencies * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) * templates: Documentation consistency (#4796) * chore: Bump quic-go to v0.27.0 (#4782) * reverseproxy: Support http1.1>h2c (close #4777) (#4778) * rewrite: Handle fragment before query (fix #4775) [bsc#1201822, CVE-2022-34037] * httpcaddyfile: Support multiple values for `default_bind` (#4774) ------------------------------------------------------------------- Mon May 23 07:48:15 UTC 2022 - alexandre.vicenzi@suse.com - Update to version 2.5.1: * Fixed regression in Unix socket admin endpoints. * Fixed regression in caddy trust commands. * Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency. * Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time. * Caddy will automatically try to get relevant certificates from the local Tailscale instance. * New OpenTelemetry integration. * Added new endpoints /pki/ca/ and /pki/ca//certificates for getting information about Caddy's managed CAs. * Rename _caddy to zsh-completion * Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718] ------------------------------------------------------------------- Fri Mar 25 17:23:27 UTC 2022 - alexandre.vicenzi@suse.com - Update to version 2.4.6: * caddycmd: Add `--keep-backup` to upgrade commands (#4387) * caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386) * caddycmd: fix caddy validate/fmt help message (#4377) * caddyhttp: Add support for triggering errors from `try_files` (#4346) * caddyhttp: Placeholder for client cert in DER + base64 format (#4241) * caddyhttp: reverseproxy: clarify warning for -insecure (#4379) * caddyhttp: Sanitize the path before evaluating path matchers (#4407) * caddytls: Mark storage clean timestamp at end of routine (#4401) * docs: General minor improvements * fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342) * fastcgi: Implement `try_files` override in Caddyfile directive (#4347) * fileserver: Fix compression breaks using httpInclude (#4352) (#4358) * fileserver: Fix displayed file size if it is symlink (#4354) * fileserver: Make file listing links purple once visited (#4356) * fileserver: Prevent focusing filter from scrolling on page load (#4393) * fileserver: properly handle escaped/non-ascii paths (#4332) * headers: Canonicalize case in replace (fix #4330) * httpcaddyfile: Empty tls policy for internal http localhost (#4398) * httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381) * map: Fix 95c03506 (avoid repeated expansions) * map: Fix regex mappings * reverseproxy: Log error at error level (fix #4360) * reverseproxy: Prevent copying the response if a response handler ran (#4388) * reverseproxy: Sanitize scheme and host on incoming requests (#4237) * templates: Add 'import' action (#4321) * templates: Add tests for funcInclude and funcImport (#4357) * templates: Propagate httpError to HTTP response ------------------------------------------------------------------- Fri Oct 22 11:02:07 UTC 2021 - Ferdinand Thiessen - Update to version 2.4.5: * Hotfix for a regression introduced in 2.4.4 related to combining the encode and reverse_proxy directives. * cmd: export CaddyVersion(), Commands() * encode: ignore flushing until after first write * go.mod: Update CertMagic ------------------------------------------------------------------- Thu Sep 02 14:38:58 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 2.4.4: * acmeserver: Don't set host for directory links by default * acmeserver: Trim slashes from path prefix * admin: Implement load_interval to pull config on a timer * admin: Replace admin cert cache when reloading * admin: Sync server variables * caddyfile: Better error message for missing site block braces * caddyfile: Error on invalid site addresses containing comma * caddyfile: keep error chain info in Dispenser.Errf * caddyhttp: Fix edgecase with auto HTTP->HTTPS logic * caddyhttp: Fix incorrect determination of gRPC protocol * caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi * caddyhttp: Updated the documentation for MatchQuery * caddytls: Add Caddyfile support for propagation_timeout * caddytls: Remove "IssuerRaw" field * cmd: Fix paths when using an env file * cmd: New add-package and remove-package commands * cmd: use net.ErrClosed for matching returned error * core: Unix ns and Unix ms time placeholders * encode: Tweak compression settings * fileserver: Add disable_canonical_uris Caddyfile subdirective * fileserver: Clarify docs about canonicalization * fileserver: Don't persist parsed template * fileserver: Fix browse name_dir_first sorting * fileserver: Fix browse not redirecting query parameters * fileserver: Only redirect if filename not rewritten * fileserver: Redirect within the original URL * go.mod: Update dependencies * httpcaddyfile: Add preferred_chains global option and issuer subdirective * httpcaddyfile: Add shortcut for proxy hostport placeholder * httpcaddyfile: Add skip_install_trust global option * httpcaddyfile: Don't add HTTP hosts to TLS APs * httpcaddyfile: Don't put localhost in public APs * httpcaddyfile: Ensure hosts to skip for logs can always be collected * httpcaddyfile: Improve unrecognized directive errors * httpcaddyfile: Reorder some directives * logging: Actually use level_key * logging: Add missing interface guards for replace filter * logging: Prep for common_log removal * logging: Warn for deprecated single_field encoder * metrics: use buildinfo collector from new collectors pkg * reverseproxy: Adjust test related to #4201 * reverseproxy: Always remove hop-by-hop headers * reverseproxy: Fix overwriting of max_idle_conns_per_host * reverseproxy: Incorporate latest proxy changes from stdlib * reverseproxy: Keep path to unix socket as dial address * reverseproxy: Remove redundant flushing ------------------------------------------------------------------- Wed Aug 25 13:55:21 UTC 2021 - Johannes Segitz - Added hardening to systemd service(s). Modified: * caddy.service ------------------------------------------------------------------- Mon May 24 12:55:21 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 2.4.1: * logging: Implement dial timeout for net writer (fix #4083) (#4172) * admin: Reinstate internal redirect for /id/ requests * caddyfile: Add parse error on site address with trailing `{` (#4163) * reverseproxy: Set the headers in the replacer before `handle_response` (#4165) * ci: Run CI on PRs targeting minor version branches (#4164) * cmd: upgrade: inherit the permissions of the original executable (#4160) * httpcaddyfile: Fix automation policy consolidation again (fix #4161) * caddyfile: Fix `caddy fmt` nesting not decrementing (#4157) * encode: Drop `prefer` from Caddyfile (#4156) * encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151) * caddytls: Run replacer on ask URL, for env vars (#4154) * httpcaddyfile: Add `grace_period` global option (#4152) * caddyhttp: Fix fallback for the error handler chain (#4131) * reverseproxy: Minor logging improvements * fileserver: Fix `file` matcher with empty `try_files` (#4147) * go.mod: CertMagic v0.13.1 * reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021) * cmd: Add --envfile flag to `start` command (#4141) * httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077) * httpcaddyfile: Add global option for `storage_clean_interval` (#4134) * caddyhttp: performance improvement in HeaderRE Matcher (#4143) * fileserver: Share template logic for both `templates` and `file_server browse` (#4093) * caddytls: Implement remote IP connection matcher (#4123) * httpcaddyfile: Fix unexpectedly removed policy (#4128) * reverseproxy: fix hash selection policy (#4137) * fileserver: Better handling of HTTP status override (#4132) * caddyfile: Fix `import` replacing unrelated placeholders (#4129) * caddytls: Add `load_storage` module (#4055) * reverseproxy: Admin endpoint for reporting upstream statuses (#4125) * caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033) * httpcaddyfile: Take into account host scheme/port (fix #4113) * fuzz: fix the FuzzFormat comparison (#4117) * caddytls: Disable OCSP stapling for manual certs (#4064) * caddytls: Configurable storage clean interval * caddyfile: reject cyclic imports (#4022) * ci: fuzz: add 4 more fuzzing targets (#4105) * fileserver: Add status code override (#4076) * notify: Send all sd_notify signals from main caddy process (#4060) * go.mod: Update quic-go to v0.20.1 (#4075) * httpcaddyfile: Fix panic in automation policy consolidation (#4104) * caddyfile: Normalize line endings before comparing fmt result (#4103) * ci: accommodate go1.16 changes to go mod (#4102) * Minor tweaks * go.mod: Use latest CertMagic * Use 600 instead of 644 for UUID file * Change os to ioutil for now * reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096) * caddy: Add InstanceID() method * encode,staticfiles: Content negotiation, precompressed files (#4045) * reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050) * go.mod: Migrate to golang.org/x/term (#4073) * caddyhttp: improve grammar of comment for AllowH2C (#4072) * sigtrap_posix: add missing comma to SIGTERM info (#4078) * cmd: Use formatted logger for config adapter warnings (#4080) * cmd: main: fix minor doc typos (#4082) * headers: Fix Caddyfile parsing for `request_header` with matchers (#4085) * .gitignore: add IDE files (#4087) * fileserver: Add a few more debug lines (#4063) * fileserver: Browse listing supports dark mode (#4066) * CONTRIBUTING: fix spelling (#4070) * httpcaddyfile: Add `error` directive for the existing handler (#4034) * logging: add replace filter for static value replacement (#4029) * caddyconfig: add global option for configuring loggers (#4028) * map: Accept regex substitution in outputs (#3991) * reverseproxy: Fix upstreams with placeholders with no port (#4046) * rewrite: Implement regex path replacements * fileserver: Don't replace in request paths (fix #4027) * caddypki: Add SignWithRoot option for ACME server * reverseproxy: Fix round robin data race (#4038) * Update docs; commit setcap.sh * go.mod: Latest CertMagic (updated libdns conventions) * core: Initialize logging before admin * caddytls: Remove old asset migration code (close #3894) * reverseproxy: Add duration/latency placeholders (close #4012) (#4013) * httpcaddyfile: Fix catch-all site block sorting * ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024) * caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998) * Improve security warnings * httpcaddyfile: Configure other apps from global options (#3990) * cmd: Clean up `build-info` and `upgrade` output * caddyhttp: Support placeholders in header matcher values (close #3916) * caddytls: Save email with account if not already specified * reverseproxy: Response buffering & configurable buffer size * httpcaddyfile: Fix automation policies * ci: deflake integration tests (#3966) * httpcaddyfile: Add resolvers subdir of tls (close #4008) * acmeserver: Support custom CAs from Caddyfile * caddyhttp: Check for invalid subdirectives of static_response * httpcaddyfile: Fix default issuers when email provided * cmd: Add --force flag to reload command (close #4005) * httpcaddyfile: Warn if site address uses unspecified IP (close #4004) * httpcaddyfile: Sort catch-all site blocks properly (fix #4003) * ci: update the command to run tests on the s390x machine (#3995) * caddyhttp: Fix redir html status code, improve flow (#3987) * caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983) * admin: Identity management, remote admin, config loaders (#3994) * caddycmd: Add upgrade command (#3972) * Revert "requestbody: Allow overwriting remote address" * caddytest: Update Caddyfile tests for formatting, HTTP-only blocks * httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977) * cmd: Print more detailed version with --environ * map: Add missing json struct tag * tests: use actual admin port value in error message (#3973) * cmd: Implement sd_notify() to notify systemd about readiness (#3963) * templates: Add fileExists and httpError template actions * requestbody: Allow overwriting remote address * rewrite: Use RawPath instead of Path (fix #3596) (#3918) * Update docs * caddytls: Configurable OCSP stapling; global option (closes #3714) * logging: Remove logfmt encoder (close #3575) * httpcaddyfile: Support repeated use of cert_issuer global option * caddytls: add 'key_type' subdirective (#3956) * caddyfile: Refactor unmarshaling of module tokens * go.mod: Update CertMagic and acmez (improved IDN support) * reverseproxy: Caddyfile health check headers, host header support (#3948) * httpcaddyfile: Adjust iterator when removing AP (fix #3953) * cmd: Organize list-modules output; --packages flag (#3925) * caddyfile: Introduce basic linting and fmt check (#3923) ------------------------------------------------------------------- Wed Apr 28 15:47:43 UTC 2021 - Alexandre Vicenzi - Create Caddy package