* Handle the case of an OCSP responder certificate expiring before an OCSP response it issued

* oops

* doh, gofmt

A default of true is risky when protecting assets by matching base path.
It's not obvious that protecting /foo/ will allow /Foo/ through, and if
accessing static files on a case-insensitive file system... that's no
good. So the default is now to be case-INsensitive when matching paths.

Provides a new hook for plugins as a means to provide the current caddy.Instance when starting or restarting.

* Implement 'command' plugin

* Rename 'command' to 'on'

* Split this PR

This allows you to have multiple redir directives conditioned solely
upon if statements, without regard to path.

I am not a lawyer, but according to the appendix of the license,
these boilerplate notices should be included with every source file.

When two Caddyfiles with the same name, but different paths, are
imported, it can cause a weird bug because isNewLine() returned false
when it should return true, since the files are actually different,
but it couldn't know that because only the base name was stored,
not the whole path.

Signed-off-by: Tw <tw19881113@gmail.com>

Fix pid error in linux sysvinit

Create /var/log/caddy.log and chown prior to starting caddy.
Caddy running as DAEMONUSER does not have permission to create the /var/log/caddy.log.

This change eliminates the `[ERROR] Could not write pidfile: open /var/run/caddy.pid: permission denied` from caddy.log.
The start-stop-daemon writes the file as root so the DAEMONUSER that caddy runs as cannot write to the .pid file.

This reverts commit 56453e96.

Benchmarks with wrk showed no noticeable performance impact

* Proxy can now use QUIC for upstream connections

Add HandshakeTimeout, change h2quic syntax

* Add setup and upstream test

Test QUIC proxy with actual h2quic instance

Use different port fo QUIC test server

Add quic host to CI config

Added testdata to vendor

Revert "Added testdata to vendor"

This reverts commit 959512282deed8623168d090e5ca5e5a7933019c.

* Use local testdata

Renewed certificates would not be reloaded into the cache because their
names conflict with names of certificates already in the cache; this
was intentional when loading new certs to avoid confusion, but is
problematic when renewing, since the old certificate doesn't get
evicted from the cache. (Oops.)

Here, I remedy this situation by explicitly deleting the old cert from
the cache before adding the renewed one back in.

(See EULA.) Personally-licensed official Caddy builds cannot remove
this header by configuration. The commercially-licensed builds of Caddy
don't have this header.

httpserver: Fix #1859 by cleaning paths when matching them