- 24 Jan, 2017 3 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
Tw authored
* proxy: use a new context for the outgoing request fix issue #1345 Signed-off-by: Tw <tw19881113@gmail.com> * proxy: add test for canceling the request Signed-off-by: Tw <tw19881113@gmail.com>
-
- 23 Jan, 2017 2 commits
-
-
Matt Holt authored
proxy: Fixed #1352: invalid use of the HTTP hijacker
-
Peer Beckmann authored
* Generate meta elements from useful front matters. Limited to the default template and specific elements. * Rerun gofmt * Add "keywords" and remove "language" to/from the list of meta tags. * Add a simple positive list test for the meta tag generation. * Move the meta tag list to a var at the begin of the file. Seperate the Meta tags from the other front matters: - Don't override user settings with name `meta` - Cleaner Code. * Remove the uneccessary `[:]` in the []Bytes to String casting. @mholt was right ;) * One minor refinement. Combining two statements.
-
- 21 Jan, 2017 3 commits
-
-
Matthew Holt authored
-
Matt Holt authored
tls: Fix background certificate renewals that use TLS-SNI challenge
-
Matthew Holt authored
The loop which performs renewals in the background obtains a read lock on the certificate cache map, so that it can be safely iterated. Before this fix, it would obtain the renewals in the read lock. This has been fine, except that the TLS-SNI challenge, when invoked after Caddy has already started, requires adding a certificate to the cache. Doing this requires an exclusive write lock. But it cannot obtain a write lock because a read lock is obtained higher in the stack, while the loop iterates. In other words, it's a deadlock. I was able to reproduce this issue consistently locally, after jumping through many hoops to force a renewal in a short time that bypasses Let's Encrypt's authz caching. I was also able to verify that by queuing renewals (like we do deletions and OCSP updates), lock contention is relieved and the deadlock is avoided. This only affects background renewals where the TLS-SNI(-01) challenge are used. Users report seeing strange errors in the logs after this happens ("tls: client offered an unsupported, maximum protocol version of 301"), but I was not able to reproduce these locally. I was also not able to reproduce the leak of sockets which are left in CLOSE_WAIT. I am not sure if those are symptoms of running in production on Linux and are related to this bug, or not. Either way, this is an important fix. I do not yet know the ripple effects this will have on other symptoms we've been chasing. But it definitely resolves a deadlock during renewals.
-
- 18 Jan, 2017 1 commit
-
-
Tw authored
Because of this commit(6e36811c37399d60cbce587b7c48e611009c5aec) on go tip, it will probe the request's body to determine whether to use chunked transfer encoding which trailers depend on it. So we just offer a non empty body to make trailers work. fix issue #1359 Signed-off-by: Tw <tw19881113@gmail.com>
-
- 17 Jan, 2017 2 commits
-
-
Mike Pastore authored
-
Leonard Hecker authored
-
- 14 Jan, 2017 3 commits
-
-
M-A authored
* Add {whenISO} to record timestamp in ISO 8601 format in UTC. ISO 8601 is the standard time format and is easy to parse. This change assumes users desiring ISO 8016 generally prefer UTC for simplicity. This results in {whenISO} to be significantly shorter than {when}: {when} = "02/Jan/2006:15:04:05 +0000" {whenISO} = "2006-01-02T15:04:12Z" Add unit test to verify both, as there was no unit test for {when}. * Rename {whenISO} to {when_iso}
-
Henrique Dias authored
* Update run.go * Update plugins.go * Update plugins.go * Update run.go * typo * Update plugins.go * Update plugins.go * Requested changes by @mholt
-
Toby Allen authored
* Allow -validate flag to validate caddyfile and return * Ensure logging without -log flag * Changes to validate seperatly to Starup func * Removed change to Start signature. Created function to ValidateCaddyfile * comment and tidyup * ValidateandExecuteDirectives with justValidate option * remove debugging code * Tidy up comments * additional parameter added to calls to mustLogFataf * ValidateAndExecuteDirectives needs to only return err
-
- 11 Jan, 2017 4 commits
-
-
Matt Holt authored
proxy: Unbuffered request optimization
-
Leonard Hecker authored
This test ensures that the optimizations in 8048e9c3 are actually effective.
-
Leonard Hecker authored
If only one upstream is defined we don't need to buffer the body. Instead we directly stream the body to the upstream host, which reduces memory usage as well as latency. Furthermore this enables different kinds of HTTP streaming applications like gRPC for instance.
-
Matt Holt authored
Add misspell to travis build
-
- 10 Jan, 2017 3 commits
-
-
Ben Gadbois authored
Replace test text with real words so misspell doesn't throw errors
-
Matt Holt authored
Fix small misspellings
-
Ben Gadbois authored
-
- 09 Jan, 2017 2 commits
-
-
Matt Holt authored
proxy: refactor TestUpstreamHeadersUpdate and TestDownstreamHeadersUpdate
-
Tw authored
Signed-off-by: Tw <tw19881113@gmail.com>
-
- 08 Jan, 2017 1 commit
-
-
Matt Holt authored
basicauth: Remove Authorization header on successful authz (issue #1324)
-
- 04 Jan, 2017 2 commits
-
-
Matthew Holt authored
Typing in this box will filter the list of items by name.
-
Matthew Holt authored
If a site owner protects a path with basicauth, no need to use the Authorization header elsewhere upstream, especially since it contains credentials. If this breaks anyone, it means they're double-dipping. It's usually good practice to clear out credentials as soon as they're not needed anymore. (Note that we only clear credentials after they're used, they stay for any other reason.)
-
- 03 Jan, 2017 1 commit
-
-
Gregor Noczinski authored
* Fix #2 (Replacement doesn't happen - https://github.com/echocat/caddy-filter/issues/2) bug of caddy-filter * Fixed gofmt issue. * Remove comment of reason why we do a reorder
-
- 01 Jan, 2017 4 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
Sawood Alam authored
* Added path cleanup functions with masking to preserve certain patterns + unit tests, #1298 * Use custom PathClean function instead of path.Clean to apply masks to preserve protocol separator in the path * Indentation corrected in the test data map to pass the lint * Fixing ineffassign of a temporary string variable * Improved variable naming and documentation * Improved variable naming * Added benchmarks and improved variable naming in tests * Removed unnecessary value capture when iterating over a map for keys * A typo correction
-
Matt Holt authored
Fixed #1292 and resulting issues from #1300
-
- 30 Dec, 2016 3 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
Leonard Hecker authored
-
- 29 Dec, 2016 1 commit
-
-
Leonard Hecker authored
-
- 28 Dec, 2016 2 commits
-
-
Leonard Hecker authored
-
Leonard Hecker authored
-
- 27 Dec, 2016 1 commit
-
-
Mateusz Gajewski authored
* Remove pre 0.9 code * Unused import * gofmtw
-
- 26 Dec, 2016 2 commits
-
-
Leonard Hecker authored
-
Leonard Hecker authored
This issue was caused by connHijackerTransport trying to record HTTP response headers by "hijacking" the Read() method of the plain net.Conn. This does not simply work over TLS though since this will record the TLS handshake and encrypted data instead of the actual content. This commit fixes the problem by providing an alternative transport.DialTLS which correctly hijacks the overlying tls.Conn instead.
-