- 20 May, 2016 1 commit
-
-
W-Mark Kubacki authored
We have had three operators within a few days which ran into the same cause and had not been able to figure out what went wrong. addresses #833, #822
-
- 15 May, 2016 1 commit
-
-
Matthew Holt authored
-
- 14 May, 2016 2 commits
-
-
Matt Holt authored
fix typo
-
Leo Koppelkamm authored
-
- 12 May, 2016 3 commits
-
-
W. Mark Kubacki authored
Provides some more guidelines to operators on how to avoid running Caddy as root. Introduces an user www-data, which really is a placeholder. Such an user with the same UID/GID combination is created on the most popular Linux distribution. I trust any operator can spot the difference to his/her distro and adjust the unit file. User nobody is not used here to avoid two easy pitfalls: Such an user should not be able to access private keys (for TLS), and should not write private keys (we would do that with Letsencrypt).
-
W-Mark Kubacki authored
The exemplary unit file for systemd is intentionally redundant at times, for example dropping privileges which an unprivileged user "www-data" did not have in the first place: To aid as fallback in case the file gets copied and an operator setting UID to 0 (which reportedly happened in the past).
-
W-Mark Kubacki authored
-
- 07 May, 2016 4 commits
-
-
W. Mark Kubacki authored
browse: Decorate external links with: noopener noreferrer
-
W-Mark Kubacki authored
Setting these on external links prefents the target from manipulating this page by "window.opener" with some widely deployed browsers.
-
Matt Holt authored
Restart gracefully with in-process restart
-
Benny Ng authored
-
- 05 May, 2016 3 commits
- 04 May, 2016 1 commit
-
-
Tobias Weingartner authored
-
- 03 May, 2016 1 commit
-
-
Achim Vedam authored
-
- 01 May, 2016 6 commits
-
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
- 30 Apr, 2016 6 commits
-
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
Tobias Weingartner authored
-
William Bezuidenhout authored
* Overwrite proxy headers based on directive Headers of the request sent by the proxy upstream can now be modified in the following way: Prefix header with `+`: Header will be added if it doesn't exist otherwise, the values will be merge Prefix header with `-': Header will be removed No prefix: Header will be replaced with given value * Add missing formating directive reported by go vet * Overwrite up/down stream proxy headers Add Up/DownStreamHeaders to UpstreamHost Split `proxy_header` option in `proxy` directive into `header_upstream` and `header_downstream`. By splitting into two, it makes it clear in what direction the given headers must be applied. `proxy_header` can still be used (to maintain backward compatability) but its assumed to be `header_upstream` Response headers received by the reverse proxy from the upstream host are updated according the `header_downstream` rules. The update occurs through a func given to the reverse proxy, which is applied once a response is received. Headers (for upstream and downstream) can now be modified in the following way: Prefix header with `+`: Header will be added if it doesn't exist otherwise, the values will be merge Prefix header with `-': Header will be removed No prefix: Header will be replaced with given value Updated branch with changes from master * minor refactor to make intent clearer * Make Up/Down stream headers naming consistent * Fix error descriptions to be more clear * Fix lint issue
-
Matthew Holt authored
-
- 27 Apr, 2016 3 commits
-
-
Matthew Holt authored
-
Matt Holt authored
* Move handling of headers around to prevent memory use spikes While debugging #782, I noticed that using http2 and max_fails=0, X-Forwarded-For grew infinitely when an upstream request failed after refreshing the test page. This change ensures that headers are only set once per request rather than appending in a time-terminated loop. * Refactor some code into its own function
-
W. Mark Kubacki authored
Another new safeguard is that we check whether the datetime has been read correctly. If not then the listing will not be localized. closes #793
-
- 26 Apr, 2016 3 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
Matthew Holt authored
-
- 23 Apr, 2016 1 commit
-
-
W. Mark Kubacki authored
[1] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L424 [2] https://github.com/golang/go/blob/57e459e02b4b01567f92542f92cd9afde209e193/src/crypto/tls/common.go#L392-L407 [2] has overwritten the first tls ticket key on round N=0, that has previously been written using [1]. Go's stdlib does not use c.sessionTicketKeys≥1 as indicator if those values had already been set; initializing that lone SessionTicketKey does the job for for now. If c.serverInit() were called in round N+1 all existing tls ticket keys would be overwritten (in round N<4 except the very first one, of course). As member variables of tls.Config are read-only by then, we cannot keep updating SessionTicketKey as well. This has been escalated to Go's authors with golang/go#15421 here: https://github.com/golang/go/issues/15421 Thanks to Matthew Holt for the initial report!
-
- 22 Apr, 2016 1 commit
-
-
Matthew Holt authored
-
- 20 Apr, 2016 3 commits
-
-
W. Mark Kubacki authored
Those settings enforce convergence on common coding style with respect to whitespace. Do not use tabs to indent with shell scripts because those tabs most often serve the function of triggering command completion. Which could end a command before it is pasted completely. Traditionally indentation is two spaces here, not four. Other rules will catch stray whitespace at the end of lines or files, which, once committed, would annoy the next developer because his editor would strip them from lines he did not intended to modify in the first place.
-
Abiola Ibrahim authored
Typ (creatation → creation)
-
Elias Probst authored
-
- 19 Apr, 2016 1 commit
-
-
Matt Holt authored
Make Browse Great Again ★★★
-