[pull] master from caddyserver:master #7
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
* fix: don't compress already compressed fonts * fix: remove WOFF
…header when proxying (#6427) * caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying See RFC 8470: https://httpwg.org/specs/rfc8470.html Thanks to Michael Wedl (@MWedl) at the University of Applied Sciences St. Poelten for reporting this. * Don't return value for {remote} placeholder in early data * Add Caddyfile support
* browse: add Content-Security-Policy w/ nonce * Add backward-compat values to script-src * Remove dummy "#" href from layout anchors
* Remove 'strict-dynamic' + block-all-mixed-content * CSP: remove 'unsafe-inline' from script-src
…6412) * fileserver: Exclude symlink target size from total, show arrow on size * Keep both totals * Linter doesn't like my spelling :( * Stop parallelizing tests for now * Update modules/caddyhttp/fileserver/browse.html * Minor renamings --------- Co-authored-by: Matthew Holt <[email protected]>
…headers (#6450) Co-authored-by: Francis Lavoie <[email protected]>
* Add option to set which HTTP method to use for active health checks * Default Method to GET if not set
* Add Caddyfile support of setting active health check request method * Add integration test for active health check request method
* Add health_upstream Signed-off-by: Dylan Schultz <[email protected]> * Add health_upstream to caddyfile parsing * Add Active Upstream case for health checks * Update ignore health port comment Signed-off-by: Dylan Schultz <[email protected]> * Update Upstream json doc Signed-off-by: Dylan Schultz <[email protected]> * Update modules/caddyhttp/reverseproxy/healthchecks.go Co-authored-by: Francis Lavoie <[email protected]> * Use error rather than log for health_port override Signed-off-by: Dylan Schultz <[email protected]> * Add comment about port being ignore if using upstream Signed-off-by: Dylan Schultz <[email protected]> --------- Signed-off-by: Dylan Schultz <[email protected]> Co-authored-by: Francis Lavoie <[email protected]>
* Caddyfile support for TLS handshake matchers: - caddytls.MatchLocalIP - caddytls.MatchRemoteIP - caddytls.MatchServerName * Caddyfile support for TLS handshake matchers: - fix imports order Co-authored-by: Francis Lavoie <[email protected]> --------- Co-authored-by: Francis Lavoie <[email protected]>
* Caddyfile support for TLS custom certificate selection policy * Caddyfile support for TLS connection policy
Signed-off-by: Mohammed Al Sahaf <[email protected]>
…otocol (#6485) * proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support * proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
* fileserver: add `sort` options * fix: test * fileserver: check options in `Provison` * fileserver: more obvious err alerts in sort options
* Runtime placeholders for caddytls matchers (1/3): - remove IPs validation in UnmarshalCaddyfile * Runtime placeholders for caddytls matchers (2/3): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddytls matchers (3/3): - add placeholder replacement for other strings * Runtime placeholders for caddyhttp matchers (1/1): - add placeholder replacement for IPs in Provision * Runtime placeholders for caddyhttp/caddytls matchers: - move PrivateRandesCIDR under internal
Co-authored-by: Kanashimia <[email protected]>
Co-authored-by: Mohammed Al Sahaf <[email protected]>
* feat: allow versioning of packages * docs: remove xcaddy issue reference
* httpcaddyfile: Fixes for prefer_wildcard mode The wildcard hosts need to be collected first, then considered after, because there's no guarantee that all non-wildcards will appear after all wildcards when looping. Also we should not add a domain to Skip if it doesn't qualify for TLS anyway. * Alternate solution by avoiding adding APs altogether if covered by wildcard
* caddyhttp: Add `MatchWithError` to replace SetVar hack * Error in IP matchers on TLS handshake not complete * Use MatchWithError everywhere possible * Move implementations to MatchWithError versions * Looser interface checking to allow fallback * CEL factories can return RequestMatcherWithError * Clarifying comment since it's subtle that an err is returned * Return 425 Too Early status in IP matchers * Keep AnyMatch signature the same for now * Apparently Deprecated can't be all-uppercase to get IDE linting * Linter
Signed-off-by: Mohammed Al Sahaf <[email protected]>
…6648) * Add file_limit option for file_server browse * Move file_limit inside browse. * add file_server_file_limit caddyfile adapt test.
* ci: use commit sha in goreleaser-check Signed-off-by: Mohammed Al Sahaf <[email protected]> * fix output assignment Signed-off-by: Mohammed Al Sahaf <[email protected]> * run only on non-fork or caddyserver repo, and use branch name Signed-off-by: Mohammed Al Sahaf <[email protected]> --------- Signed-off-by: Mohammed Al Sahaf <[email protected]>
* Allow 0 as weights Change positive to non-negative * reverseproxy: allow 0 as weighted round robin value * test: add more wrr select test --------- Co-authored-by: peanutduck <[email protected]>
…eam mode i.e. Revert commit f5dce84 Two years ago, the patch in #4952 was a seemingly necessary way to fix an issue (sort of an edge case), but it broke other more common use cases (see #6666). Now, as of #6669, it seems like the original issue can no longer be replicated, so we are reverting that patch, because it was incorrect anyway. If it turns out the original issue returns, a more proper patch may be in #6669 (even if used as a baseline for a future fix). A potential future fix could be an opt-in setting.
* core: Implement FastAbs to avoid repeated os.Getwd calls * Lint * Rename files
* perf: remove dir redirection when useless in php_fastcgi * fix test * review * fix * fix * simplify * simplify again * restore test * add test
* fix: handle "request body too large" error using type assertion * fix: address overlooked nil check for MaxBytesError * fix: replace type assertion with errors.As() for MaxBytesError
Signed-off-by: Mohammed Al Sahaf <[email protected]>
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* caddyhttp: Add `{prefixed_query}` placeholder
* fastcgi: Preserve query during canonical redirect
* Use orig_uri instead for the redirect, shorter Caddyfile shortcut
* feat: add first_exist_or_fallback strategy for try_files * fix tests * linter
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )