sdgoij/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-03-17 14:34:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,491 Commits 35 Branches 152 Tags
a6acb3902cb6453153db0738bd8210e093449ce1
Commit Graph

2491 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Francis Lavoie
a6acb3902c proxyproto: Generated test coverage (#7540) 2026-03-03 15:08:09 -07:00
Francis Lavoie
45cf61b127 logging: Ensure slog error level logs don't print stack traces (#7512) 2026-03-03 14:44:42 -07:00
Francis Lavoie
d935a6956c autohttps: Ensure CertMagic config is recreated after autohttps runs (#7510) 2026-03-03 14:44:06 -07:00
prettysunflower
2dd3852416 fix(caddyfile): Prevent parser to panic when no token were added by empty {block} (#7543) 2026-03-03 13:16:21 -05:00
Akın Demirci
11b56c6cfc reverseproxy: Fix health_port being ignored in health checks (#7533) 2026-03-03 13:10:54 -05:00
Alexandre Daubois
f283062d37 cmd: Custom binary names through CustomBinaryName and CustomLongDescription (#7513) 2026-03-02 06:04:28 -05:00
WeidiDeng
2ab043b890 reverseproxy: query escape request urls when proxy protocol is enabled (#7537) 2026-03-02 02:04:06 -05:00
Pavel Siomachkin
f145bce553 tls: Add tls_resolvers global option for DNS challenge configuration (#7297) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-03-01 15:32:04 -05:00
Matt Holt
174fa2ddb9 caddyhttp: Evaluate tls.client placeholders more accurately (fix #7530) (#7534) 2026-02-28 22:03:18 -07:00
Matt Holt
cd9e1660aa cmd: Pass configFile, not configFlag, for reload command (#7532) 
* cmd: Pass configFile, not configFlag, for reload command

This *should* fix #7528.

* Remove debug log line

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-02-27 15:24:05 -07:00
Matthew Holt
06a05e383c Revert "encode: Implement Flush for legacy compatibility" 
This reverts commit bdcdaf77ba.
 2026-02-27 14:14:19 -07:00
Matthew Holt
ce203aa9e1 go.mod: Upgrade x/net 2026-02-27 10:35:24 -07:00
Matthew Holt
eac02ee98f caddyhttp: Limit empty Host check to HTTP/1.1 2026-02-27 10:22:39 -07:00
Oleksandr Redko
72eaf2583a chore: Enable modernize linter (#7519) 2026-02-26 14:01:35 -07:00
Fardjad Davari
9798f6964d caddyhttp: Avoid nil pointer dereference in proxyWrapper (#7521) 2026-02-25 04:08:41 -05:00
Francis Lavoie
9873752978 logging: Support zstd roll compression (#7515) 2026-02-23 16:04:45 -07:00
Dean Ruina
294dfff443 logging: add DirMode options and propagate FileMode to rotations (#7335) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-02-23 07:27:27 +00:00
Paulo Henrique
76b198f586 http: Sort auto-HTTPS redirect routes by host specificity (fixes #7390) (#7502) 2026-02-21 21:42:40 -05:00
Paulo Henrique
7ffb640a4d httpcaddyfile: Fix missing TLS connection policies when auto_https is default (#7325) (#7507) 2026-02-21 21:42:03 -05:00
Mohammed Al Sahaf
d7b21c6104 reverseproxy: fix tls dialing w/ proxy protocol (#7508) 2026-02-21 21:37:10 -05:00
Francis Lavoie
6610e2f1bd chore: Disable windows/arm build target (Go 1.26 disabled) (#7503) v2.11.1 2026-02-20 22:47:21 +00:00
Matthew Holt
03243e42fe go.mod: Upgrade dependencies v2.11.0 2026-02-20 12:28:11 -07:00
Matthew Holt
cb436f0a0e fileserver: Fix tests on Windows 2026-02-20 11:46:45 -07:00
Matt Holt
a1081194bf Merge commit from fork 
Necessary as otherwise the early-bail in `until =
strings.IndexByte(remaining, nextCh) ... if until == -1` can cause a
case-insensitive mismatch

Co-authored-by: Asim Viladi Oglu Manizada <manizada@users.noreply.github.com>
 2026-02-20 10:54:50 -07:00
Asim Viladi Oglu Manizada
eec32a0bb5 Merge commit from fork 
Normalize exact hosts at provisioning and reqHost in the fast path so case-different Host variants can’t bypass host-gated routes.

Co-authored-by: Asim Viladi Oglu Manizada <manizada@users.noreply.github.com>
 2026-02-20 10:19:42 -07:00
Matthew Holt
a2825c5dd9 fileserver: Replace \ with \\ in file matcher paths 2026-02-19 13:18:14 -07:00
dependabot[bot]
db256b53e5 build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#7497) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-19 14:20:06 -05:00
Matthew Holt
6772ffb805 Revert "listeners: Add support for named socket activation (#7243)" 
This reverts commit 156ce99d3a.
 2026-02-19 11:32:26 -07:00
Matt Holt
95941a71e8 chore: Add nolints to work around haywire linters (#7493) 
* chore: Add nolints to work around haywire linters

* More lint wrangling
 2026-02-17 16:52:54 -07:00
Francis Lavoie
3adcafd4c1 admin: Fix tests locally, properly isolate storage (#7486) 
* admin: Fix tests locally, properly isolate storage

* Fix flaky pki_test

* Drop testdata dir logic

* Safer temp dir

* Test handlers without a full server
 2026-02-17 13:14:06 -07:00
Amirhf
091add5ae3 caddytest: make TestReverseProxyHealthCheck deterministic with poll instead of sleep (#7474) 
Start lightweight backend servers before starting Caddy so active health checks
probe a ready backend instead of the same Caddy instance during provisioning.
This removes the startup race without fixed sleeps or polling.
 2026-02-17 06:41:38 -05:00
Matthew Holt
bdcdaf77ba encode: Implement Flush for legacy compatibility 
(By sponsor request)
 2026-02-16 15:59:10 -07:00
Francis Lavoie
9fe694c79c caddytls: Enable debug logging for DNSManager (#7491) 2026-02-16 15:38:56 -07:00
wangjingcun
b8b00d9160 chore: fix some comments to improve readability (#7395) 
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-02-16 19:41:21 +00:00
zjumathcode
68d50020ee refactor: use strings.Builder to improve performance (#7364) 
* refactor: use strings.Builder to improve performance

Signed-off-by: zjumathcode <pai314159@2980.com>

* refactor: small builder improvements per review (WriteByte / split writes)

also revert builder change in client_test.go

refactor(logging): build IP mask output via join of parts (more efficient)

---------

Signed-off-by: zjumathcode <pai314159@2980.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-02-16 19:30:44 +00:00
dependabot[bot]
8a18acc025 build(deps): bump the all-updates group across 1 directory with 12 updates (#7490) 
Bumps the all-updates group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.21.1` | `2.23.1` |
| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.2` | `1.6.3` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.4` | `5.2.5` |
| [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.18.2` | `1.18.4` |
| [github.com/yuin/goldmark](https://github.com/yuin/goldmark) | `1.7.15` | `1.7.16` |
| [go.opentelemetry.io/contrib/exporters/autoexport](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.65.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.65.0` |
| [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.64.0` | `0.65.0` |
| [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) | `0.8.1` | `0.11.0` |



Updates `github.com/alecthomas/chroma/v2` from 2.21.1 to 2.23.1
- [Release notes](https://github.com/alecthomas/chroma/releases)
- [Commits](https://github.com/alecthomas/chroma/compare/v2.21.1...v2.23.1)

Updates `github.com/cloudflare/circl` from 1.6.2 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.2...v1.6.3)

Updates `github.com/go-chi/chi/v5` from 5.2.4 to 5.2.5
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.2.4...v5.2.5)

Updates `github.com/klauspost/compress` from 1.18.2 to 1.18.4
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.2...v1.18.4)

Updates `github.com/yuin/goldmark` from 1.7.15 to 1.7.16
- [Release notes](https://github.com/yuin/goldmark/releases)
- [Commits](https://github.com/yuin/goldmark/compare/v1.7.15...v1.7.16)

Updates `go.opentelemetry.io/contrib/exporters/autoexport` from 0.64.0 to 0.65.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.64.0 to 0.65.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.64.0 to 0.65.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.64.0...zpages/v0.65.0)

Updates `go.opentelemetry.io/otel` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

Updates `github.com/pires/go-proxyproto` from 0.8.1 to 0.11.0
- [Release notes](https://github.com/pires/go-proxyproto/releases)
- [Commits](https://github.com/pires/go-proxyproto/compare/v0.8.1...v0.11.0)

Updates `go.opentelemetry.io/otel/trace` from 1.39.0 to 1.40.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: github.com/alecthomas/chroma/v2
  dependency-version: 2.23.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: github.com/yuin/goldmark
  dependency-version: 1.7.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/contrib/exporters/autoexport
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/contrib/propagators/autoprop
  dependency-version: 0.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: github.com/pires/go-proxyproto
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 13:38:55 -05:00
Mohammed Al Sahaf
23d07ac89d dep: upgrade cel-go (#7478) 
* dep: upgrade cel-go

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>

* Try handling `map[any]any`, fix error messages

---------

Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
 2026-02-16 18:25:49 +00:00
Francis Lavoie
d64c7e67a4 caddyhttp: Option to disable 0-RTT (#7485) 2026-02-16 10:20:47 -07:00
Francis Lavoie
ff4f79aebe chore: Remove obsolete comment in ech.go (#7487) 2026-02-16 10:17:01 -07:00
Francis Lavoie
f2213e943e chore: Bump zerossl dependency to 0.1.5 (#7489) 2026-02-16 10:08:29 -07:00
Amirhf
affbb99275 pki: add per-CA configurable maintenance_interval and renewal_window_ratio (#7479) 
* pki: add per-CA configurable maintenance_interval and renewal_window_ratio

- Add MaintenanceInterval and RenewalWindowRatio to CA struct (JSON + Caddyfile).
- Run one maintenance goroutine per CA using its own interval.
- needsRenewal uses per-CA RenewalWindowRatio; invalid/zero ratio falls back to defaults.
- Caddyfile: maintenance_interval duration, renewal_window_ratio <0-1>.
- Tests: TestCA_needsRenewal, TestParsePKIApp for new options.

Fixes #7475

* fix codestyle
 2026-02-15 09:10:12 -05:00
Aditya Bhargava
d6a6b486db httpcaddyfile: Override global dns with acme_dns (fix #7294) (#7458) 
This brings the behaviour in line with what the documentation implies.
 2026-02-15 09:04:59 +00:00
mehrdadbn9
929d0e502a caddyfile: Add renewal_window_ratio global option and tls subdirective (#7473) 
* caddyfile: Add renewal_window_ratio global option

Adds support for configuring the TLS certificate renewal window ratio
directly in the Caddyfile global options block. This allows users to
customize when certificates should be renewed without needing to use
JSON configuration.

Example usage:
    {
        renewal_window_ratio 0.1666
    }

Fixes #7467

* caddyfile: Add renewal_window_ratio to tls directive and tests

Adds support for renewal_window_ratio in the tls directive (not just
global options) and adds caddyfile adapt tests for both the global
option and tls directive.

* fix: inherit global renewal_window_ratio in site policies

* fix: correct test expected output for policy consolidation

* fix: properly inherit global renewal_window_ratio without removing other code
 2026-02-13 16:47:02 -05:00
Matthew Holt
6718bd470f caddytls: Finish removing prefer_wildcard 
Finish what should have been done a year ago in #6959)
 2026-02-12 11:35:28 -07:00
Omer Cohen
80bf81839d go.mod: update nebula v1.10.3 to resolve cve (#7471) 2026-02-12 08:54:48 -07:00
moscowchill
d42d39b4bc caddytls: Return errors instead of nil in client auth provisioning (#7464) 
Two error returns in ClientAuthentication.provision() were
returning nil instead of the actual error, silently swallowing
failures when converting PEM files to DER and when provisioning
the CA pool. This could cause mTLS client authentication to
silently fall back to the system trust store, accepting any
client certificate signed by a public CA instead of restricting
to the configured trust anchors.
 2026-02-12 08:42:54 -07:00
Oleh Konko | trust infra security audit & contribution | deterministic ai-augmented pipeline · human-verified
0188ef2e62 acmeserver: warn when policy rules unset (#7469) 2026-02-11 11:54:51 -07:00
Francis Lavoie
c0af7b665f chore: bump Go to v1.26 (#7466) 2026-02-11 11:21:10 -07:00
Matthew Holt
72ac479f5d admin: Enforce origin implicitly based on request headers 2026-02-11 09:52:56 -07:00
WeidiDeng
47f3e8f8dc use math/rand/v2 instead of math/rand (#7413) 2026-02-11 09:15:51 -07:00