- 13 Feb, 2018 5 commits
-
-
Matthew Holt authored
-
Matthew Holt authored
# Conflicts: # sigtrap_posix.go
-
Matthew Holt authored
Also introduce caddy.OnProcessExit which is a list of functions that run before exiting the process cleanly; these do not count as shutdown callbacks, so they do not return errors and must execute quickly.
-
ssh://github.com/mholt/caddyMatthew Holt authored
-
Matthew Holt authored
-
- 11 Feb, 2018 2 commits
-
-
Etienne Bruines authored
Fixes #1961 According to RFC 7231 and RFC 7230, there's no reason a GET-Request can't have a body (other than it possibly not being supported by existing software). It's use is simply not defined, and is left to the application.
-
Matthew Holt authored
Not a huge issue, but has security implications if OAuth tokens leaked
-
- 04 Feb, 2018 1 commit
-
-
Matthew Holt authored
- Expose the list of Caddy instances through caddy.Instances() - Added arbitrary storage to caddy.Instance - The cache of loaded certificates is no longer global; now scoped per-instance, meaning upon reload (like SIGUSR1) the old cert cache will be discarded entirely, whereas before, aggressively reloading config that added and removed lots of sites would cause unnecessary build-up in the cache over time. - Key certificates in the cache by their SHA-256 hash instead of by their names. This means certificates will not be duplicated in memory (within each instance), making Caddy much more memory-efficient for large-scale deployments with thousands of sites sharing certs. - Perform name-to-certificate lookups scoped per caddytls.Config instead of a single global lookup. This prevents certificates from stepping on each other when they overlap in their names. - Do not allow TLS configurations keyed by the same hostname to be different; this now throws an error. - Updated relevant tests, with a stark awareness that more tests are needed. - Change the NewContext function signature to include an *Instance. - Strongly recommend (basically require) use of caddytls.NewConfig() to create a new *caddytls.Config, to ensure pointers to the instance certificate cache are initialized properly. - Update the TLS-SNI challenge solver (even though TLS-SNI is disabled currently on the CA side). Store temporary challenge cert in instance cache, but do so directly by the ACME challenge name, not the hash. Modified the getCertificate function to check the cache directly for a name match if one isn't found otherwise. This will allow any caddytls.Config to be able to help solve a TLS-SNI challenge, with one extra side-effect that might actually be kind of interesting (and useless): clients could send a certificate's hash as the SNI and Caddy would be able to serve that certificate for the handshake. - Do not attempt to match a "default" (random) certificate when SNI is present but unrecognized; return no certificate so a TLS alert happens instead. - Store an Instance in the list of instances even while the instance is still starting up (this allows access to the cert cache for performing renewals at startup, etc). Will be removed from list again if instance startup fails. - Laid groundwork for ACMEv2 and Let's Encrypt wildcard support. Server type plugins will need to be updated slightly to accommodate minor adjustments to their API (like passing in an Instance). This commit includes the changes for the HTTP server. Certain Caddyfile configurations might error out with this change, if they configured different TLS settings for the same hostname. This change trades some complexity for other complexity, but ultimately this new complexity is more correct and robust than earlier logic. Fixes #1991 Fixes #1994 Fixes #1303
-
- 03 Feb, 2018 5 commits
-
-
Toby Allen authored
-
magikstm authored
-
Phillipp Engelke authored
Adding the bash command for downloading the caddy.service file from the reposetory. Because it was easy to forget where you find it.
-
Tw authored
Signed-off-by: Tw <tw19881113@gmail.com>
-
Matthew Holt authored
-
- 30 Jan, 2018 1 commit
-
-
Michael Schubert authored
-
- 27 Jan, 2018 1 commit
-
-
Matthew Holt authored
-
- 16 Jan, 2018 9 commits
-
-
Miek Gieben authored
* shutdown: allow graceful shutdown for SIGTERM on posix The signal is already trapped; make it do the same thing as SIGQUIT to be more inline with Unix/Linux shutdown expectations. Fixes #1993 * Implement comment feedback ideas
-
Whitestrake authored
-
Heri Sim authored
* Turn on KeepAlive in QuicConfig of RoundTripper * Update reverseproxy.go
-
Tw authored
Signed-off-by: Tw <tw19881113@gmail.com>
-
Tw authored
Signed-off-by: Tw <tw19881113@gmail.com>
-
Andreas Ulm authored
* implemented source of default file for sysvinit Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * added documentation in README Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * fixed sourcing command for sh Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * implemented source of default file for sysvinit Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * added documentation in README Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * fixed sourcing command for sh Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de> * implemented DAEMONOPTS overwrite Signed-off-by: root360-AndreasUlm <andreas.ulm@root360.de>
-
magikstm authored
* Correct browse modified date alignment * New solution to adjust alignment
-
detaoin authored
* caddymain: fix setCPU silently ignoring small percent values the percent value is resolved in a GOMAXPROCS relative number by simple division, thus rounding down the non-integer quotient. If zero, the call to runtime.GOMAXPROCS is silently ignored. We decide here to exceptionally round up the CPU cap in case of percent values that are too small. * caddymain: gofmt -s
-
Sean Lane authored
* Update README.md I believe the owner and group of the `chown` command here are mixed up. As it was caused a permissions issue, with the service being unable to read the directory. * Update README.md * Update README.md Revert changes back to the original suggested changes
-
- 07 Jan, 2018 1 commit
-
-
Toby Allen authored
-
- 23 Dec, 2017 1 commit
-
-
Toby Allen authored
* First working mask * IP Mask working with defaults and empty * add tests for ipmask * Store Mask as setup, some tidying, cleaner flow * Prevent mask from running when directive not present * use custom replacement to store masked ip
-
- 17 Dec, 2017 1 commit
-
-
magikstm authored
-
- 13 Nov, 2017 2 commits
-
-
Craig Peterson authored
Caddyfile snippets
-
Craig Peterson authored
-
- 07 Nov, 2017 2 commits
-
-
Aaron Taylor authored
This allows custom replacements to be defined in a way that propagates throughout all plugins.
-
insomniac authored
* Checking that a server listener is not nil before printing verbose information * Improved readability of a loop
-
- 06 Nov, 2017 2 commits
-
-
Mohammad Gufran authored
-
Mohammad Gufran authored
* Simplify parseUpstream function * Add SRV support for proxy upstream
-
- 05 Nov, 2017 1 commit
-
-
Toby Allen authored
-
- 04 Nov, 2017 3 commits
-
-
Tw authored
Signed-off-by: Tw <tw19881113@gmail.com>
-
Toby Allen authored
-
Kevin Stock authored
This adds the ask sub-directive to tls that defines the URL of a backend HTTP service to be queried during the TLS handshake to determine if an on-demand TLS certificate should be acquired for incoming hostnames. When the ask sub-directive is defined, Caddy will query the URL for permission to acquire a cert by making a HTTP GET request to the URL including the requested domain in the query string. If the backend service returns a 2xx response Caddy will acquire a cert. Any other response code (including 3xx redirects) are be considered a rejection and the certificate will not be acquired.
-
- 02 Nov, 2017 1 commit
-
-
Sayem Chowdhury authored
* Update build instruction This changes add proper an easy instruction for building. * Update README.md
-
- 01 Nov, 2017 2 commits
-
-
Craig Peterson authored
-
Craig Peterson authored
-