- 11 Sep, 2017 1 commit
-
-
Matthew Holt authored
Renewed certificates would not be reloaded into the cache because their names conflict with names of certificates already in the cache; this was intentional when loading new certs to avoid confusion, but is problematic when renewing, since the old certificate doesn't get evicted from the cache. (Oops.) Here, I remedy this situation by explicitly deleting the old cert from the cache before adding the renewed one back in.
-
- 10 Sep, 2017 1 commit
-
-
Matthew Holt authored
-
- 08 Sep, 2017 3 commits
-
-
Matthew Holt authored
-
Matt Holt authored
httpserver: Fix #1859 by cleaning paths when matching them
-
Matthew Holt authored
Signed-off-by: Matthew Holt <mholt@users.noreply.github.com>
-
- 06 Sep, 2017 2 commits
- 04 Sep, 2017 1 commit
-
-
Thomas De Keulenaer authored
+ test
-
- 02 Sep, 2017 1 commit
-
-
John Chadwick authored
* Add tests for SCRIPT_NAME * fastcgi: Include vhost path prefix in SCRIPT_NAME
-
- 29 Aug, 2017 4 commits
-
-
Matthew Holt authored
-
Mattias Wadman authored
-
Mateusz Gajewski authored
* Allow pushing multiple resources via Link header * Add nopush test case * Extract Link header parsing to separate function * Parser regexp-free * Remove dead code, thx gometalinter * Redundant condition - won't happen * Reduce duplication
-
Matthew Holt authored
The race was in the test only; not in the production code
-
- 26 Aug, 2017 4 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
-
Matthew Holt authored
-
Matthew Holt authored
-
- 25 Aug, 2017 4 commits
-
-
Matthew Holt authored
-
Matt Holt authored
* browse: Attempt to fix tests on Windows * browse: Make tests verbose for debugging * Moar debugging * Trying path.Join instead * browse: Just skip the tests for now * browse: Remove debug prints
-
Matthew Holt authored
build.go is (should be) cross-platform compatible. Timestamps are now excluded from all builds on a clean commit, in an effort to be byte-for-byte reproducible.
-
Matthew Holt authored
-
- 24 Aug, 2017 1 commit
-
-
Matt Holt authored
* templates: Execute template loaded by later middlewares This is the beginning of an attempt to make the staticfiles file server the only middleware that hits the disk and loads content. This may have unknown implications. But the goal is to reduce duplication without sacrificing performance. (We now call ServeContent here.) This change loses about 15% of the req/sec of the old way of doing it, but this way is arguably more correct since the file server is good at serving static files; duplicating that logic in every middleware that needs to hit the disk is not practical. * httpserver: Introduce ResponseRecorder as per Tw's suggestions It implements io.ReaderFrom and has some allocation-reducing optimizations baked into it * templates: Increase execution speed by ~10-15% after perf regression By using httpserver.ResponseBuffer, we can reduce allocations and still get what we want. It's a little tricky but it works so far.
-
- 23 Aug, 2017 3 commits
-
-
Matt Holt authored
tls: Fix OCSP stapling bug when certificate names overlap other certs
-
Matt Holt authored
Double systemd LimitNPROC to allow more threads
-
Matthew Holt authored
-
- 18 Aug, 2017 2 commits
-
-
Matt Holt authored
Add forwardproxy to directives' list
-
Sergey Frolov authored
-
- 14 Aug, 2017 1 commit
-
-
Julian Mazzitelli authored
-
- 13 Aug, 2017 2 commits
-
-
Matt Holt authored
Fix restart restart behaviour of the systemd service
-
Andreas Linz authored
The previous setting caused the service to hit a rate-limit when it was restarted more than 5 times in 24h. Editing the Caddyfile and restarting the service could also easily trigger this rate limit. One could argue that users could simply call `systemctl reset-failed caddy` to reset the rate-limit counter, but this is counterintuitive because most users won't know this command and are possibly unaware that they had hit a rate-limit. The service is now allowed to restart 10 times in 10 seconds before hitting a rate limit. This should be conservative enough to rate limit quickly failing services and to allow users to edit and test their caddy configuration. This closes #1718 Remove restart limit settings and use defaults By default 5 restarts within 10 seconds are allowed without encountering a restart limit hit, see `man systemd.unit` for details. Set Restart to on-abnormal The table in https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart= shows the conditions for which on-abnormal would restart the service. It will *not* restart the service in the following cases: - a non-zero exit status, e.g. an invalid Caddyfile - a zero exit code (or those specified in SuccessExitStatus=) and a clean signal clean signals are SIGHUP, SIGINT, SIGTERM or SIGPIPE https://github.com/systemd/systemd/blob/3536f49e8fa281539798a7bc5004d73302f39673/src/basic/exit-status.c#L205 The service *will be restarted* in the following cases: - a unclean signal, e.g. SIGKILL - on start and watchdog timeout (we don't use those systemd service constructs explicitly)
-
- 12 Aug, 2017 8 commits
-
-
Matt Holt authored
Fix for #1794: Fixes issues with IfMatcher and regular expressions.
-
Matt Holt authored
browse: Support absolute and recursive directory symlinks
-
Matthew Holt authored
-
Mattias Wadman authored
-
Matt Holt authored
* SIGUSR2 triggers graceful binary upgrades (spawns new process) * Move some functions around, hopefully fixing Windows build * Clean up a couple file closes and add links to useful debugging thread * Use two underscores in upgrade env var To help ensure uniqueness / avoid possible collisions
-
Mark Severson authored
-
Henrique Dias authored
-
Matthew Holt authored
https://caddy.community/t/random-ocsp-response-errors-for-random-clients/2473?u=matt Certificates are keyed by name in the cache, optimized for fast lookups during TLS handshakes using SNI. A more "correct" way that is truly a 1:1 would be to cache certificates by a hash of the leaf's DER bytes, but this involves an extra index to maintain. So instead of that, we simply choose to prevent overlap when keying certificates by server name. This avoids the ambiguity when updating OCSP staples, for instance.
-
- 09 Aug, 2017 2 commits
-
-
Matthew Holt authored
(allow no arguments of paths to protect)
-
Matthew Holt authored
-