- 01 May, 2018 1 commit
-
-
Guilherme Bernal authored
-
- 28 Apr, 2018 1 commit
-
-
Wèi Cōngruì authored
-
- 20 Apr, 2018 2 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
- 18 Apr, 2018 2 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
- 17 Apr, 2018 1 commit
-
-
Tanmay Chaudhry authored
* Enabled configurable Timeout for the proxy directive * Added Test for reverse for proxy timeout * Removed Duplication in proxy constructors * Remove indirection from multiple constructors and refactor into one * Fix inconsistent error message and refactor dialer initialization
-
- 15 Apr, 2018 1 commit
-
-
Abiola Ibrahim authored
* Regexp support for simple rewrite rule * Add negate option for simplicity * ascertain explicit regexp char
-
- 05 Apr, 2018 1 commit
-
-
Theofanis Despoudis authored
* Fixes #1960 Transparent proxy not appending existing X-Forwarded-For header * Fixes #1960 Formatting Code
-
- 03 Apr, 2018 1 commit
-
-
Matt Holt authored
* caddyfile: More robust parsing for 'import' (fixes #2096) The fix for hanging involves limiting the number of wildcards in an import pattern to just 1. Otherwise some patterns can expand to the entire disk. The other fix requires that the end string for an environment variable expansion come after the start string. * caddyfile: Fix more fuzzing errors
-
- 02 Apr, 2018 2 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
- 31 Mar, 2018 1 commit
-
-
Lucas Lorentz authored
-
- 30 Mar, 2018 2 commits
-
-
Matt Holt authored
- Introduce StrictHostMatching mode for sites that require clientauth - Error if QUIC is enabled whilst TLS clientauth is configured (Our QUIC implementation does not yet support TLS clientauth, but maybe it will in the future - fixes #2095) - Error if one but not all TLS configs for the same hostname have a different ClientAuth CA pool
-
Matthew Holt authored
Apparently Cloudflare just caused 1.1.1.1 to resolve, so we have to change our test IP, hopefully this is better
-
- 28 Mar, 2018 3 commits
-
-
Matt Holt authored
-
Matthew Holt authored
-
Francis Lavoie authored
-
- 27 Mar, 2018 1 commit
-
-
Matthew Holt authored
-
- 26 Mar, 2018 6 commits
-
-
Toby Allen authored
* proof of concept * Initial implementation with debug code * Tidy up debug code * remove unneeded import * removed extra line * Move ShouldLog function to rule entry Logger type * add tests for ShouldLog * Added tests for log exceptions * Fix logic * fix govet fail for test * Updates requested for code clarity * Update requested for style * log: Minor style tweaks to logic of log exceptions
-
Matthew Holt authored
-
Matt Holt authored
tls: Use ACMEv2 and support automatic wildcard certificates
-
Matthew Holt authored
-
Matthew Holt authored
# Conflicts: # caddyhttp/httpserver/replacer.go # caddyhttp/httpserver/replacer_test.go
-
Denis authored
* different cases in path make different keys * Respect CaseSensitivePath variable when matching paths
-
- 19 Mar, 2018 1 commit
-
-
Matthew Fay authored
* httpserver.Replacer: Rework loop to ignore escaped placeholder braces * Fix typo and ineffectual assignment to ret * Remove redundant idxOffset declaration, simplify escape check * Add benchmark tests for new Replacer code
-
- 18 Mar, 2018 1 commit
-
-
elcore authored
* caddy: Purge event hooks after USR1 reload * caddy: Remove event hook purge logging * caddy: Remove deleteEventHook * caddy: use old event hooks in case of an unsuccessful restart * caddy: implement restoreEventHooks
-
- 17 Mar, 2018 6 commits
-
-
David Somers authored
Also add SSL_PROTOCOL and SSL_CIPHER env vars for fastcgi. * Implement placeholders for ssl_protocol and ssl_cipher * gofmt * goimports * Housekeeping and implement as {tls_protocol} and {tls_cipher}
-
Toby Allen authored
-
Matthew Holt authored
-
Matt Holt authored
* tls: Fall back to certificate keyed by empty name (fixes #2035) This should only happen for sites defined with an empty hostname (like ":8080") and which are using self-signed certificates or some other funky self-managed certificate. But that certificate should arguably be used for all incoming SNI names. * tls: Revert to serving any certificate if no match, regardless of SNI Also fix self-signed certs to include IP addresses in their name if they are configured to serve an IP address * Remove tests which are now irrelevant (behavior reverted) It would be good to revisit this in the future.
-
Matthew Holt authored
-
Matthew Holt authored
Should only be used when many sites are defined in the Caddyfile, and you would run up against Let's Encrypt rate limits without a wildcard.
-
- 16 Mar, 2018 2 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
Caddy can now obtain certificates when behind load balancers and/or in fleet/cluster configurations, without needing any extra configuration. The only requirement is sharing the same $CADDYPATH/acme folder. This works with the HTTP challenge, whereas before the DNS challenge was required. This commit allows one Caddy instance to initiate the HTTP challenge and another to complete it. When sharing that folder, certificate management is synchronized and coordinated, without the Caddy instances needing to know about each other. No load balancer reconfiguration should be required, either. Currently, this is only supported when using FileStorage for TLS storage (which is ~99.999% of users).
-
- 15 Mar, 2018 5 commits
-
-
Andrey Blinov authored
* Add Geoip plugin to httpserver/plugin.go * Move GeoIP plugin higher
-
Matthew Holt authored
-
Matthew Holt authored
Windows doesn't allow asterisk in file names, sigh...
-
Matthew Holt authored
For example, {label1} would match "sub" in "sub.example.com" or whatever value is in the wildcard spot of "*.example.com". Useful for rewrite!
-
Matthew Holt authored
- Using xenolf/lego's likely-temporary acmev2 branch - Cleaned up vendor folder a little bit (probably more to do) - Temporarily set default CA URL to v2 staging endpoint - Refactored user management a bit; updated tests (biggest change is how we get the email address, which now requires being able to make an ACME client with a User with a private key so that we can get the current ToS URL) - Automatic HTTPS now allows specific wildcard pattern hostnames - Commented out (but kept) the TLS-SNI code, as the challenge type may return in the future in a similar form
-