1. 02 Apr, 2017 2 commits
    • Angel Santiago's avatar
      proxy: Cleanly shutdown health checks on restart (#1524) · 59bf71c2
      Angel Santiago authored
      * Add a shutdown function and context to staticUpstream so that running goroutines can be cancelled. Add a GetShutdownFunc to Upstream interface to expose the shutdown function to the caddy Controller for performing it on restarts.
      
      * Make fakeUpstream implement new Upstream methods.
      
      Implement new Upstream method for fakeWSUpstream as well.
      
      * Rename GetShutdownFunc to Stop(). Add a waitgroup to the staticUpstream for controlling individual object's goroutines. Add the Stop function to OnRestart and OnShutdown. Add tests for checking to see if healthchecks continue hitting a backend server after stop has been called.
      
      * Go back to using a stop channel since the context adds no additional benefit.
      Only register stop function for onShutdown since it's called as part of restart.
      
      * Remove assignment to atomic value
      
      * Incrementing WaitGroup outside of goroutine to avoid race condition. Loading atomic values in test.
      
      * Linting: change counter to just use the default zero value instead of setting it
      
      * Clarify Stop method comments, add comments to stop channel and waitgroup and remove out of date comment about handling stopping the proxy. Stop the ticker when the stop signal is sent
      59bf71c2
    • Toby Allen's avatar
      Add new browse sort - namedirfirst (#1551) · 464ade1d
      Toby Allen authored
      * Revert "browse: sort listing by dir first (#1527)"
      
       commit 4e1229e7.
      
      * Add new browse sort order  namedirfirst. Make namedirfirst default sort
      464ade1d
  2. 01 Apr, 2017 1 commit
  3. 31 Mar, 2017 1 commit
  4. 28 Mar, 2017 3 commits
  5. 25 Mar, 2017 1 commit
  6. 23 Mar, 2017 1 commit
  7. 21 Mar, 2017 1 commit
  8. 15 Mar, 2017 1 commit
    • ericdreeves's avatar
      browse: Use helper functions in staticfiles to redirect (#1497) · 36d20274
      ericdreeves authored
      * Use helper functions in staticfiles to redirect.
      
      Previously the browse package invoked staticfiles.Redirect when
      redirecting clients who requested a directory but with a Request-URI
      that did not contain a trailing '/'. staticfiles.Redirect only used a
      relative URI. This change defers the decision of how to format the
      Location header value to the helper methods in the staticfiles package.
      
      * Update const URLPathCtxKey in browse package.
      36d20274
  9. 14 Mar, 2017 1 commit
    • Peer Beckmann's avatar
      proxy: Add the first policy (#1513) · a148b923
      Peer Beckmann authored
      * Add the first policy which sends the request to the first available host
      
      * Make the error message clear. As we expect the second not first upstream
      host.
      a148b923
  10. 13 Mar, 2017 3 commits
  11. 12 Mar, 2017 3 commits
  12. 11 Mar, 2017 1 commit
    • Toby Allen's avatar
      Fix issue #1346 {path} logging {uri} and add {rewrite_uri} placeholder (#1481) · cfe52084
      Toby Allen authored
      * Fixed issue with {path} actually {uri}
      
      * Test added for path rewrite
      
      * add in uri_escaped
      
      * added rewrite_uri and test
      
      * fix broken test.  Just checks for existance of rewrite header
      
      * gitignore
      
      * Use context to store uri value
      
      * ignore .vscode
      
      * tidy up, removal of comments and invalidated tests
      
      * Remove commented out code.
      
      * added comment as requested by lint
      
      * fixed spelling mistake
      
      * clarified code with variable name
      
      * added context for uri and test
      
      * added TODO comment to move consts
      cfe52084
  13. 10 Mar, 2017 6 commits
  14. 09 Mar, 2017 1 commit
    • Kurt Jung's avatar
      basicauth: Ability to customize realm (#1491) · e3e62a95
      Kurt Jung authored
      * Support realms with basic authentication
      
      * Add test for default basicauth directive in which realm is not specified
      
      * Correct typo: missing space
      
      * Remove 'path' subdirective
      e3e62a95
  15. 08 Mar, 2017 1 commit
    • Matthew Holt's avatar
      tls: Command line flags to disable HTTP and TLS-SNI challenges · 6bc3e753
      Matthew Holt authored
      This could have just as easily been a tls directive property in the
      Caddyfile, but I figure if these challenges are being disabled, it's
      because of port availability or process privileges, both of which would
      affect all sites served by this process. The names of the flag are long
      but descriptive.
      
      I've never needed this but I hear of quite a few people who say they
      need this ability, so here it is.
      6bc3e753
  16. 07 Mar, 2017 6 commits
    • Matt Holt's avatar
      Merge pull request #1500 from mholt/customports · df9d062a
      Matt Holt authored
      httpserver: Flags to customize HTTP and HTTPS ports (including for ACME challenges)
      df9d062a
    • Matt Holt's avatar
      Merge pull request #1474 from jtyr/jtyr-local_ip · eafbf0b2
      Matt Holt authored
      Adding ServerIP context
      eafbf0b2
    • Jiri Tyr's avatar
      Adding support for ServerIP context · 73d52490
      Jiri Tyr authored
      73d52490
    • crvv's avatar
      templates: Set right response Content-Type · 4a095590
      crvv authored
      If use gzip and templates at the same time, the response body will
      be gzipped data. And in this case, the Content-Type header won't be
      set by Caddy code. Then Go http package will set "Content-Type" to
      wrong value "application/x-gzip" which is determined by response body.
      So the header Contenty-Type should be set in templates middleware.
      4a095590
    • Matthew Holt's avatar
      Avoid panic if reloading before server is started · c8514ad7
      Matthew Holt authored
      See: https://forum.caddyserver.com/t/reloading-template-files-as-they-change/1483/3?u=matt
      
      The server takes a moment to start; if USR1 is received before the
      instance is saved, it would panic because no instances have been saved.
      Instead, we just ignore the signal since no config has finished loading.
      c8514ad7
    • Matthew Holt's avatar
      httpserver: Flags to customize HTTP and HTTPS ports (incl. for ACME) · e3f2d96a
      Matthew Holt authored
      This commit removes _almost_ all instances of hard-coded ports 80 and
      443 strings, and now allows the user to define what the HTTP and HTTPS
      ports are by the -http-port and -https-ports flags.
      
      (One instance of "80" is still hard-coded in tls.go because it cannot
      import httpserver to get access to the HTTP port variable. I don't
      suspect this will be a problem in practice, but one workaround would be
      to define an exported variable in the caddytls package and let the
      httpserver package set it as well as its own HTTPPort variable.)
      
      The port numbers required by the ACME challenges HTTP-01 and TLS-SNI-01
      are hard-coded into the spec as ports 80 and 443 for good reasons,
      but the big question is whether they necessarily need to be the HTTP
      and HTTPS ports. Although the answer is probably no, they chose those
      ports for convenience and widest compatibility/deployability. So this
      commit also assumes that the "HTTP port" is necessarily the same port
      on which to serve the HTTP-01 challenge, and the "HTTPS port" is
      necessarily the same one on which to serve the TLS-SNI-01 challenge. In
      other words, changing the HTTP and HTTPS ports also changes the ports
      the challenges will be served on.
      
      If you change the HTTP and HTTPS ports, you are responsible for
      configuring your system to forward ports 80 and 443 properly.
      
      Closes #918 and closes #1293. Also related: #468.
      e3f2d96a
  17. 06 Mar, 2017 1 commit
  18. 03 Mar, 2017 1 commit
  19. 28 Feb, 2017 2 commits
    • ericdreeves's avatar
      Use RequestURI when redirecting to canonical path. (#1331) · 0a0d2cc1
      ericdreeves authored
      * Use RequestURI when redirecting to canonical path.
      
      Caddy may trim a request's URL path when it starts with the path that's
      associated with the virtual host. This change uses the path from the request's
      RequestURI when performing a redirect.
      
      Fix issue #1327.
      
      * Rename redirurl to redirURL.
      
      * Redirect to the full URL.
      
      The scheme and host from the virtual host's site configuration is used
      in order to redirect to the full URL.
      
      * Add comment and remove redundant check.
      
      * Store the original URL path in request context.
      
      By storing the original URL path as a value in the request context,
      middlewares can access both it and the sanitized path. The default
      default FileServer handler will use the original URL on redirects.
      
      * Replace contextKey type with CtxKey.
      
      In addition to moving the CtxKey definition to the caddy package, this
      change updates the CtxKey references in the httpserver, fastcgi, and
      basicauth packages.
      
      * httpserver: Fix reference to CtxKey
      0a0d2cc1
    • Matthew Holt's avatar
  20. 22 Feb, 2017 3 commits
    • Matthew Holt's avatar
      06873175
    • Matthew Holt's avatar
      httpserver: Disable default timeouts (closes #1464) · f49e0c9b
      Matthew Holt authored
      Timeouts are important for mitigating slowloris, yes. But after a number
      of complaints and seeing that default timeouts are a sore point of
      confusion, we're disabling them now. However, the code that sets
      default timeouts remains intact; the defaults are just the zero value.
      
      While Caddy aims to be secure by default, Caddy also aims to serve a
      worldwide audience. Even my own internet here in Utah is poor at times,
      with bad WiFi signal, causing some connections to take over 10s to
      be established. Many use the Internet while commuting on slower
      connection speeds. Latency across country borders is another concern.
      
      As such, disabling default timeouts will serve a greater population of
      users than enabling them, as slowloris is easy to mitigate and does
      not seem to be reported often (I've only seen it once). It's also very
      difficult sometimes to distinguish slowloris from genuine slow networks.
      That decision is best left to the site owner for now.
      f49e0c9b
    • Matthew Holt's avatar