1. 12 Sep, 2017 1 commit
    • twdkeule's avatar
      proxy: Support QUIC for upstream connections (#1782) · 22b835b9
      twdkeule authored
      * Proxy can now use QUIC for upstream connections
      
      Add HandshakeTimeout, change h2quic syntax
      
      * Add setup and upstream test
      
      Test QUIC proxy with actual h2quic instance
      
      Use different port fo QUIC test server
      
      Add quic host to CI config
      
      Added testdata to vendor
      
      Revert "Added testdata to vendor"
      
      This reverts commit 959512282deed8623168d090e5ca5e5a7933019c.
      
      * Use local testdata
      22b835b9
  2. 11 Sep, 2017 1 commit
    • Matthew Holt's avatar
      tls: Remove expiring certificates from cache and load renewed ones · 46ae4a66
      Matthew Holt authored
      Renewed certificates would not be reloaded into the cache because their
      names conflict with names of certificates already in the cache; this
      was intentional when loading new certs to avoid confusion, but is
      problematic when renewing, since the old certificate doesn't get
      evicted from the cache. (Oops.)
      
      Here, I remedy this situation by explicitly deleting the old cert from
      the cache before adding the renewed one back in.
      46ae4a66
  3. 10 Sep, 2017 1 commit
  4. 08 Sep, 2017 3 commits
  5. 06 Sep, 2017 2 commits
  6. 04 Sep, 2017 1 commit
  7. 02 Sep, 2017 1 commit
  8. 29 Aug, 2017 4 commits
  9. 26 Aug, 2017 4 commits
  10. 25 Aug, 2017 4 commits
  11. 24 Aug, 2017 1 commit
    • Matt Holt's avatar
      templates: Execute template loaded by later middlewares (#1649) · 4b1b329e
      Matt Holt authored
      * templates: Execute template loaded by later middlewares
      
      This is the beginning of an attempt to make the staticfiles file server
      the only middleware that hits the disk and loads content. This may have
      unknown implications. But the goal is to reduce duplication without
      sacrificing performance. (We now call ServeContent here.)
      
      This change loses about 15% of the req/sec of the old way of doing it,
      but this way is arguably more correct since the file server is good at
      serving static files; duplicating that logic in every middleware that
      needs to hit the disk is not practical.
      
      * httpserver: Introduce ResponseRecorder as per Tw's suggestions
      
      It implements io.ReaderFrom and has some allocation-reducing
      optimizations baked into it
      
      * templates: Increase execution speed by ~10-15% after perf regression
      
      By using httpserver.ResponseBuffer, we can reduce allocations and still
      get what we want. It's a little tricky but it works so far.
      4b1b329e
  12. 23 Aug, 2017 3 commits
  13. 18 Aug, 2017 2 commits
  14. 14 Aug, 2017 1 commit
  15. 13 Aug, 2017 2 commits
    • Matt Holt's avatar
      Merge pull request #1823 from klingtnet/systemd-restart-limit-fix · 261547b4
      Matt Holt authored
      Fix restart restart behaviour of the systemd service
      261547b4
    • Andreas Linz's avatar
      Increase restart rate limit · 53ae9b85
      Andreas Linz authored
      The previous setting caused the service to hit a rate-limit when it was
      restarted more than 5 times in 24h.
      Editing the Caddyfile and restarting the service could also easily
      trigger this rate limit.
      One could argue that users could simply call `systemctl reset-failed
      caddy` to reset the rate-limit counter, but this is counterintuitive
      because most users won't know this command and are possibly unaware that
      they had hit a rate-limit.
      
      The service is now allowed to restart 10 times in 10 seconds before
      hitting a rate limit.
      This should be conservative enough to rate limit quickly failing
      services and to allow users to edit and test their caddy configuration.
      
      This closes #1718
      
      Remove restart limit settings and use defaults
      
      By default 5 restarts within 10 seconds are allowed without
      encountering a restart limit hit, see  `man systemd.unit` for details.
      
      Set Restart to on-abnormal
      
      The table in https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
      shows the conditions for which on-abnormal would restart the service.
      It will *not* restart the service in the following cases:
      
      - a non-zero exit status, e.g. an invalid Caddyfile
      - a zero exit code (or those specified in SuccessExitStatus=) and a clean signal
          clean signals are SIGHUP, SIGINT, SIGTERM or SIGPIPE
          https://github.com/systemd/systemd/blob/3536f49e8fa281539798a7bc5004d73302f39673/src/basic/exit-status.c#L205
      
      The service *will be restarted* in the following cases:
      
      - a unclean signal, e.g. SIGKILL
      - on start and watchdog timeout (we don't use those systemd service
      constructs explicitly)
      53ae9b85
  16. 12 Aug, 2017 8 commits
  17. 09 Aug, 2017 1 commit