chore(deps): update module github.com/caddyserver/caddy/v2 to v2.8.4 #10
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/github.com-caddyserver-caddy-v2-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.6.4
->v2.8.4
Release Notes
caddyserver/caddy (github.com/caddyserver/caddy/v2)
v2.8.4
Compare Source
Hotfix for the Caddyfile detection regression in v2.8.2. The v2.8.3 tag was mistakenly made on the wrong commit and is skipped.
Changelog
7088605
cmd: fix regression in auto-detect of Caddyfile (#6362)v2.8.3
Compare Source
v2.8.2
Compare Source
A few more fixes of reported bugs related to ARI,
try_files
with the root path (/
), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.Changelog
01308b4
I'm so tired of typosa63767d
build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)f8a2c60
caddyhttp: properly sanitize requests for root path (#6360)b7280e6
caddytls: Implement certmagic.RenewalInfoGetter15faeac
cmd: fix auto-detetction of .caddyfile extension (#6356)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.8.1...v2.8.2
v2.8.1
Compare Source
Quick fixes for a few users related to directory permissions and matcher parsing.
Changelog
40c582c
caddyhttp: Fix merging consecutiveclient_ip
orremote_ip
matchers (#6350)a52917a
core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)v2.8.0
Compare Source
Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.
We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.
There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.
Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.
Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.
As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!
⚠️ Breaking changes:
email
global option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.acme
issuer with youremail
filled out, and theca
field set to ZeroSSL's ACME server URL. If you want redundancy with Let's Encrypt, be sure to specify anotheracme
issuer as well (defaults OK, but we recommend setting an email there too).zerossl
issuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with theacme
module pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:lego_deprecated
DNS provider module. It has been deprecated for 4 years. Usecaddy-dns
modules instead; there are over 50 to choose from already. They are more flexible, compile much leaner, and are easier to implement and support. If yours is not supported it can be easily implemented. Sponsors at or above the Business tier can request to have their provider implemented for free.ask
option in the JSON has been deprecated in favor of a permission module (Caddyfile unchanged) (#6055), and Caddyfile support forpermission
modules is added (6a02999
)Etag
(used for concurrency control) is now a header, not a trailer. This is less efficient, but still virtually no clients properly implement trailer support.basicauth
Caddyfile directive has been renamed tobasic_auth
(#6092), andskip_log
has been renamed tolog_skip
. The old names will continue to work for now, with a deprecation warning in the logs. (#6066).basic_auth
handler no longer supportsscrypt
(deprecated for nearly two years) (#6091)forwarded
option has been deprecated for a long time and has now been removed from theremote_ip
matcher. Use theclient_ip
matcher instead. (#6085)buffer_requests
,buffer_responses
, andmax_buffer_size
settings have been removed after being deprecated for 14 months. Userequest_buffers
andresponse_buffers
instead if you need buffering.caddy.Context.AppIfConfigured()
, it now returns an error, as part of a bug fix. (#6292)Notable changes:
--adapter
flag is not needed for config files ending with.caddyfile
(#5919)zstd
(#6140)fs
directive can declare a file system plugin to use (#5057)["REDACTED"]
instead of empty array. (#5669)log_append
handler can add fields to the access logs (#6066)uuid
field to access logs when the{http.request.uuid}
placeholder is used (#5859){file.*}
global placeholder is available, where*
is a path to a file on disk which contains a value (generally used for secrets) (#5463)*
matcher token is no longer required in the Caddyfile (#5844)local_ip
connection matcher (#6074)ask
endpoint into apermission
module, making it pluggable (#6055)uri query
(#6120, #6165)Changelog
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.6...v2.8.0
ac0ad4d
Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)931656b
acmeserver: add policy field to define allow/deny rules (#5796)e1aa862
acmeserver: support specifying the allowed challenge types (#5794)e6f46c8
acmeserver: Addsign_with_root
for Caddyfile (#6345)4a0492f
admin: MakeEtag
a header, not a trailer (#6208)1217449
admin: Use xxhash for etag (#6207)7e2510e
build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)4f3f6e3
build(deps): bump actions/setup-go from 4 to 5 (#6012)8a50f19
build(deps): bump actions/upload-artifact from 3 to 4 (#6013)1bf72db
build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)223f314
build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)30d6364
caddyauth: Drop support forscrypt
(#6091)f9e1115
caddyauth: Renamebasicauth
tobasic_auth
(#6092)f4840cf
caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)f6d2c29
caddyfile: Reject global request matchers earlier (#6339)c0273f1
caddyfile: Add heredoc support tofmt
command (#6056)d9aded0
caddyfile: Allow heredoc blank lines (#6051)8bbf8ec
caddyfile: Assert having a space after heredoc marker to simply check (#6117)c369df5
caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)1f60328
caddyfile: Fix variadic placeholder false positive when token contains:
(#5883)750d0b8
caddyfile: Normalize & flatten all unmarshalers (#6037)9cd472c
caddyfile: Populate regexp matcher names by default (#6145)b893c8c
caddyfile: Reject directives in the place of site addresses (#6104)e7a534d
caddyfile: Reject long heredoc markers (#6098)7c48b5f
caddyfile: Switch to slices.Equal for better performance (#6061)63d597c
caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)3d7d60f
caddyhttp: Adduuid
to access logs when used (#5859)45132c5
caddyhttp: Add plaintext response tofile_server browse
(#6093)6d97d8d
caddyhttp: Address some Go 1.20 features (#6252)4c10a05
caddyhttp: Adjustscheme
placeholder docs (#5910)97a56d8
caddyhttp: Allowheader
replacement with empty string (#6163)83ef61d
caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)2fc620d
caddyhttp: Fix linter warning about deprecationf5344f8
caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)2c48dda
caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)1277888
caddyhttp: Register post-shutdown callbacks (#5948)7b48ce0
caddyhttp: Replace sensitive headers with REDACTED (close #5669)cc0c0cf
caddyhttp: Security enhancements for client IP parsing (#5805)70953e8
caddyhttp: Support multiple logger names per host (#6088)bde4621
caddyhttp: Test cases for%2F
and%252F
(#6084)c8559c4
caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)ddb1d2c
caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)924010c
caddyhttp: close quic connections when server closes (#6202)e0daa39
caddyhttp: record num. bytes read when response writer is hijacked (#6173)654a3bb
caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)b568a10
caddyhttp: support unix sockets incaddy respond
command (#6010)c93e304
caddyhttp: suppress flushing if the response is being buffered (#6150)52822a4
caddyhttp: upgrade to cel v0.20.0 (#6161)224316e
caddyhttp: Move log WARN to INFO, reduce confusion (#6185)6dce493
caddyhttp: Alter log message when request is unhandled (close #5182)4af38e5
caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)fb63e2e
caddyhttp: New experimental handler for intercepting responses (#6232)9ba9991
caddyhttp: Trace individual middleware handlers (#6313)c97292b
caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)4512be4
caddytest: Rename adapt tests to*.caddyfiletest
extension (#6119)4c90f14
caddytest: normalize the JSON config (#6316)8d7ac18
caddytls: Ability to drop connections (close #6294)6a02999
caddytls: Add Caddyfile support for on-demand permission module (close #6260)b24ae63
caddytls: Context to DecisionFunc (#5923)d129ae6
caddytls: Evict internal certs from cache based on issuer (#6266)57c5b92
caddytls: Make on-demand 'ask' permission modular (#6055)76c4cf5
caddytls: Option to configure certificate lifetime (#6253)3609a4a
caddytls: Remove shim code supporting deprecated lego-dns (#6231)dc9dd2e
caddytls: Still provision permission module if ask is specified4a09cf0
caddytls: Sync distributed storage cleaning (#5940)81413ca
caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)3ae07a7
caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)03f703a
caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)db3e19b
caddytls: fix permission requirement with AutomationPolicy (#6328)1fc151f
caddytls: remove ClientHelloSNICtxKey (#6326)e66040a
caddytls: set server name in context (#6324)b359ca5
ci/cd: use the build tagnobadger
to exclude badgerdb (#6031)24b0ecc
cmd: Add newline character to version string in CLI output (#5895)e473ae6
cmd: Adjust config load logs/errors (#6032)185ed6f
cmd: Assume Caddyfile based on filename prefix and suffix (#5919)e1f4b83
cmd: Fix panic related to config filename (fix #5919)8f87c5d
cmd: Only validate config is proper JSON if config slice has data (#6250)56c6b3f
cmd: Preserve LastModified date when exporting storage (#5968)de4959f
cmd: fix the output of theUsage
section (#6138)54823f5
cmd: reverseproxy: log: use caddy logger (#6042)d70608b
cmd: upgrade: resolve symlink of the executable (#5891)d54dcf1
cmd: use automaxprocs for better perf in containers (#5711)e1b9a9d
core: Addctx.Slogger()
which returns anslog
logger (#5945)cbbd1df
core: Always make AppDataDir for InstanceID (#5976)174c19a
core: Apply SO_REUSEPORT to UDP sockets (#5725)46c5db9
core: OnExit hooks (#6128)a747930
core: Support NO_COLOR env var to disable log coloring (#6078)7c82e26
core: quic listener will manage the underlying socket by itself (#5749)a6a45ff
core: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)2ce5c65
core: Fix bug in AppIfConfigured (fix #6336)03e0a01
encode: Configurable compression level for zstd (#6140)3067074
encode: Improve Etag handling (fix #5849)9ab0943
encode: Slight fix for the previous commite698ec5
encode: write status immediately when status code is informational (#6164)ba58114
events: Add debug log7e52db8
fileserver: Add .m4v for browse template icon8f9ffc5
fileserver: Add total file size to directory listing (#6003)feb07a7
fileserver: Browse can show symlink target if enabled (#5973)b16aba5
fileserver: Enable compression for command by default (#5855)5d8b45c
fileserver: Escape # and ? in img src (fix #6237)f3e849e
fileserver: Implement caddyfile.Unmarshaler interface (#5850)d00824f
fileserver: Improve Vary handling (#5849)362f33d
fileserver: New --precompressed flag (#5880)5a4374b
fileserver: Preserve query during canonicalization redirect (#6109)cabb5d7
fileserver: Set "Vary: Accept-Encoding" header (see #5849)567d96c
fileserver: read etags from precomputed files (#6222)c839a98
filesystem: Globally declared filesystems,fs
directive (#5833)60abd72
fix: add back text/*b8f729b
fix: add more media types to the compressed by default lista4a64a6
gitignore: Add rule for caddyfile.go (#6225)9fc55a9
go.mod: CVE-2023-45142 Update opentelemetry (#5908)fe2a02b
go.mod: Upgrade quic-go to v0.39.1b49ec05
go.mod: Updated quic-go to v0.40.1 (#5983)ee35855
go.mod: update quic-go version to v0.40.0 (#5922)a46ff50
go.mod: Upgrade to quic-go v0.43.0b522710
go.mod: Upgrade to quic-go v0.43.1dd203ad
go.mod: CertMagic v0.21.0d79c0f0
go.mod: Upgrade dependenciesabdf1ae
go.mod: go 1.22.3258d906
httpcaddyfile: AddRegisterDirectiveOrder
function for plugin authors (#5865)4181c79
httpcaddyfile: Add optional status code argument tohandle_errors
directive (#5965)2a78c9c
httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)7984e6f
httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)f976c84
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)c2d889f
httpcaddyfile: Fix redir html (#6001)c27425e
httpcaddyfile: Keep deprecatedskip_log
in directive order (#6153)ac1f20b
httpcaddyfile: Remove port from logger names (#5881)5e2f1b5
httpcaddyfile: Rewriteroot
andrewrite
parsing to allow omitting matcher (#5844)3efda6f
httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)da7d8cb
httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)cb86319
httpcaddyfile: Support client auth verifiers (#6022)feeb6af
httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)583c585
httpcaddyfile: Set challenge ports when http_port or https_port are used96f638e
httpredirectlistener: Only set read limit for when request is HTTP (#5917)3248e4c
logging: Addzap.Option
support (#5944)b9c40e7
logging: Automaticwrap
default forfilter
encoder (#5980)726a9a8
logging: Fix default access logger (#6251)01d5568
logging: Implementappend
encoder, allow flatter filters config (#6069)0d44e3e
logging: Implementlog_append
handler (#6066)91ec754
logging: Inline Caddyfile syntax forip_mask
filter (#6094)0c01547
logging: supportms
duration format and add docs (#6187)4356635
logging: Add support for additional logger filters other than hostname (#6082)8c2a72a
caddyhttp: Dropforwarded
option fromremote_ip
matcher (#6085)ed7e3c9
caddyhttp:query
matcher now ANDs multiple keys (#6054)387545a
metrics: Record request metrics on HTTP errors (#5979)e0bf179
modules: fix some typo in conments (#6206)dc12bd9
proxyprotocol: use github.com/pires/go-proxyproto (#5915)dba556f
refactor: move automaxprocs init in caddycmd.Main()80acf1b
replacer: Fix escaped closing braces (#5995)7979739
replacer: Implementfile.*
global replacements (#5463)e7336cc
replacer: use RWMutex to protect static provider (#6184)868af6a
reverseproxy: Add grace_period for SRV upstreams to Caddyfile (#6264)613d544
reverseproxy: Accept EOF when bufferingf658fd0
reverseproxy: Addtls_curves
option to HTTP transport (#5851)a9768d2
reverseproxy: Configurable forward proxy URL (#6114)0b381eb
reverseproxy: Implement modular CA provider for TLS transport (#6065)d9ff7b1
reverseproxy: Only change Content-Length when full request is buffered (#5830)9f97df2
reverseproxy: Remove long-deprecated buffering propertiesd93e027
reverseproxy: Reuse buffered request body even if partially drained72ce78d
reverseproxy: SRV dynamic upstream failover (#5832)74949fb
reverseproxy: Use xxhash instead of fnv32 for LB (#6203)b40cacf
reverseproxy: Wait for both ends of websocket to close (#6175)e65b97f
reverseproxy: configurable active health_passes and health_fails (#6154)da6a569
reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)1b9042b
reverseproxy: handle buffered data during hijack (#6274)53f7035
reverseproxy: use context.WithoutCancel (#6116)d05d715
reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)b2b29dc
reverseproxy: Implement health_follow_redirects (#6302)e60148e
reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)5f6758d
reverseproxy: Support HTTP/3 transport to backend (#6312)69290d2
rewrite: Implementuri query
operations (#6120)29f57fa
rewrite:uri query
replace operation (#6165)c6673ad
staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)0900844
templates: Clarifyinclude
args docs, add.ClientIP
(#5898)4e8245d
templates: Delete headers onhttpError
to reset to clean slate (#5905)18f3429
templates: Offically make templates extensible (#5939)f98f449
templates: AddpathEscape
template function and use it in file browser (#6278)4173e2c
tls: accept placeholders in string values of certificate loaders (#5963)ed41c92
tls: add reuse_private_keys (#6025)e965b11
tls: modularize trusted CA providers (#5784)0b5720f
tracing: add trace_id var (http.vars.trace_id
placeholder) (#6308)5ed8689
vars: Allow overridinghttp.auth.user.id
in replacer as a special case (#6108)d132584
vars: Make nil values act as empty string instead of"<nil>"
(#6174)New Contributors
v2.7.6
Compare Source
In this version we've made several fixes and enhancements with help from several contributors. Most changes are small, but some notable ones:
templates
middleware is now officially extensible (experimentally). This means modules can add custom functions/actions for templates to execute.Thank you to everyone who contributed!
Changelog
65c489a
Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)ae5e2d9
caddyfile: Fix variadic placeholder false positive when token contains:
(#5883)db55da5
caddyhttp: Adjustscheme
placeholder docs (#5910)df5edf6
caddytls: Context to DecisionFunc (#5923)6d9a833
caddytls: Sync distributed storage cleaning (#5940)11a082c
cmd: Add newline character to version string in CLI output (#5895)979c413
cmd: upgrade: resolve symlink of the executable (#5891)6482070
core: Apply SO_REUSEPORT to UDP sockets (#5725)15adb89
core: quic listener will manage the underlying socket by itself (#5749)801ec75
fileserver: Add .m4v for browse template iconb809ed7
go.mod: CVE-2023-45142 Update opentelemetry (#5908)b4c7313
go.mod: Upgrade quic-go to v0.39.136fce3f
go.mod: update quic-go version to v0.40.0 (#5922)ec2de22
httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)f0ea489
httpcaddyfile: Remove port from logger names (#5881)87f63b1
httpredirectlistener: Only set read limit for when request is HTTP (#5917)16834d6
templates: Clarifyinclude
args docs, add.ClientIP
(#5898)0259853
templates: Delete headers onhttpError
to reset to clean slate (#5905)2f7ceb5
templates: Offically make templates extensible (#5939)908e956
tls: accept placeholders in string values of certificate loaders (#5963)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.5...v2.7.6
v2.7.5
Compare Source
In this release, we've fixed quite a few small bugs and annoyances, including HTTP/2 Rapid Reset which affected most HTTP/2 implementations.
On a personal note (from @mholt): I recently became a dad! I want to thank our maintainers for helping in so many ways while I've been taking extra time for family. Francis, Matthew, Mohammed, and others -- including all the contributors below, and then some -- are to thank for shipping this release.
Highlights
QUIC_GO_DISABLE_GSO=true
andQUIC_GO_DISABLE_ECN=true
environment variables respectively, if they cause you problems. See thequic-go
release notes for more details.fileserver.BrowseTemplate
is now exported, so it may be customized by programs embedding Caddy. (ed8bb13
)--envfile
no longer override existing variables. (#5803)encode
handler now compressesapplication/wasm*
content types by default. (#5869)reverse_proxy
handler can now emit very detailed logs for debugging streaming and buffering. To enable it, set theverbose_logs
subdirective, and set logging todebug
level. Since the logs from this are very noisy, usingverbose_logs
to opt-in is necessary. We may ask you to enable this when asking for support! (#5793)caddy -v
, like most other CLI utilities! (#5874)Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
Changelog
0e204b7
admin: Respond with 4xx on non-existing config path (#5870)89c407a
build(deps): bump actions/checkout from 3 to 4 (#5846)1405683
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)38a7b6b
caddyfile: Adjust error formatting (#5765)7103ea0
caddyfile: Fix case where heredoc marker is empty after newline (#5769)10053f7
caddyfile: Loosen heredoc parsing (#5761)58ab3a0
caddyhttp: Use LimitedReader for HTTPRedirectListener (thank you to Bartek Nowotarski for reporting)9c419f1
cmd: Fix exiting with custom status code, addcaddy -v
(#5874)f2ab709
cmd: Prevent overwriting existing env vars with--envfile
(#5803)e0aaefa
encode: Addapplication/wasm*
to the default content types (#5869)fa5a579
fileserver: Add command shortcuts-l
and-a
(#5854)ed8bb13
fileserver: Export BrowseTemplate130f6d1
fileserver: Set canonical URL on browse template (#5867)a306c5f
fileserver: browse template SVG icons and UI tweaks (#5812)0a6d333
fileserver: docs: clarify the ability to produce JSON array withbrowse
(#5751)82c356f
fix: caddytest.AssertResponseCode error message (#5853)888c6d7
go.mod: Update quic-go to v0.38.0 (#5772)88b4fbf
go.mod: Upgrade dependencies incl. x/net/httpdf99502
httpcaddyfile: Enable TLS for catch-all site iftls
directive is specified (#5808)33d8d2c
httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)288216e
httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)2cac3c5
httpcaddyfile: fix placeholder shorthands in named routes (#5791)c46ec3b
logging: Clone array on log filters, prevent side-effects (#5786)1b73e38
logging: query filter for array of strings (#5779)4776f62
replacer: change timezone to UTC for "time.now.http" placeholders (#5774)a8586b0
reverseproxy: Add logging for dynamic A upstreams (#5857)3a3182f
reverseproxy: Add more debug logs (#5793)4feac4d
reverseproxy: Allow fallthrough for response handlers without routes (#5780)e8b8d4a
reverseproxy: Fixleast_conn
policy regression (#5862)2a6859a
reverseproxy: Fix retries on "upstreams unavailable" error (#5841)05dbe1c
reverseproxy: Replace health header placeholders (#5861)1e0dea5
reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)b245ecd
reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)5653c36
templates: Add dummyRemoteAddr
tohttpInclude
request, proxy compatibility (#5845)289934f
tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.4...v2.7.5
v2.7.4
Compare Source
Caddy 2.7.4 rounds out some bug fixes from the 2.7 release. For example, Go made a last-minute breaking change to a new API that broke quic-go (HTTP/3) on Go 1.21 just before Go 1.21 was released; we resolved a few issues with on-demand TLS that are now much improved from the 2.6 tree; a couple race conditions were fixed in dynamic reverse proxy upstreams. We hope you will be pleased with this new version!
Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
We encourage all users to test this new version and then upgrade. Thanks to all who get involved!
Changelog
080db93
caddytls: Update docs for on-demand configd813550
cmd: Require config for caddy validate (fix #5612) (#5614)a8492c0
fileserver: Don't repeat error for invalid method inside error context (#5705)2d7d806
fileserver: Slightly more fitting iconsf11c3c9
go.mod: Upgrade CertMagic and quic-go5b9c850
go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)936ee91
reverseproxy: Always return new upstreams (fix #5736) (#5752)431adc0
templates: Fix httpInclude (fix #5698)New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.3...v2.7.4
v2.7.3
Compare Source
We're pleased to present Caddy 2.7, which makes significant strides in areas of scaling, performance, and niche features.
Special thank-you to @francislavoie, @Mohammed90, and other core team members for the ongoing dedication of their time to help maintain the project and help in our forums.
And a big thank-you to everyone else who contributed! You're awesome, and we're glad this project has so many contributors and sponsors to make it possible.
Docs are being updated and will be pushed live shortly. Thank you for your patience and for using Caddy!
(Note: Versions 2.7.0-2.7.2 contain bugs that were hotfixed within minutes and hours and a day of the release. Thank you to everyone who helped with that! And sorry for the trouble, we have learned lessons to help mitigate that in the future.)
Highlights
{args[2:]}
(#5249)Deprecations and possible breaking changes for some:
ask
endpoint is now required to enable On-Demand TLS (b97c76f
) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. Theask
endpoint is not required for local-only or internal-only names (#5384 anda7af7c4
).lookup_srv
feature of the reverse proxy has been removed. It was replaced with the dynamic upstreams feature in 2.6. (#5396)remote_ip forwarded
matcher has been deprecated because it assumes trusting downstream proxies. Instead, theclient_ip
matcher should be used along withtrusted_proxies
configuration. (#5103 and #5104){args.0}
is now deprecated in favor of{args[0]}
.http.ResponseController
to callFlush()
orHijack()
on the response writer. (#5654)Thank you to everyone who contributed! And thank you to our sponsors who truly make this project possible.
New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.3
Changelog
3f20a7c
acmeserver: Configurableresolvers
, fix smallstep deprecations (#5500)b1366c7
build(deps): bump actions/setup-go from 3 to 4 (#5474)dfe17c3
caddyconfig: Specify config adapter for HTTP loader (close #5607)f3379f6
caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)960150b
caddyfile: Implement heredoc support (#5385)8bc05e5
caddyfile: Implement variadics for import args placeholders (#5249)53b6fab
caddyfile: Stricter parsing, error for brace on new line (#5505)cee4441
caddyfile: Do not replace import tokens if they are part of a snippet (#5539)9cde715
caddyfile: Track import name instead of modifying filename (#5540)bbe1952
caddyfile: Fix comparing if two tokens are on the same line (#5626)9f34383
caddyfile: check that matched key is not a substring of the replacement key (#5685)cfc85ae
caddyhttp: Add a getter for Server.name (#5531)05e9974
caddyhttp: Determine real client IP if trusted proxies configured (#5104)c05e389
caddyhttp: Enable 0-RTT QUIC (#5425)8537586
caddyhttp: Fixvars_regexp
matcher with placeholders (#5408)1c9ea01
caddyhttp: ImplResponseWriter.Unwrap()
, prep for Go 1.20'sResponseController
(#5509)cbf16f6
caddyhttp: Implement named routes,invoke
directive (#5107)2b3046d
caddyhttp: Log request body bytes read (#5461)96919ac
caddyhttp: Refactor cert Managers (fix #5415) (#5533)d8d87a3
caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)808b05c
caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)2945264
caddyhttp: Fix h3 shutdown (#5541)6a41b62
caddyhttp: Support custom network for HTTP/3 (#5573)a7af7c4
caddytls: Allow on-demand w/o ask for internal-onlycd486c2
caddyhttp: Make use ofhttp.ResponseController
(#5654)18c309b
caddyhttp: Preserve original error (fix #5652)66114cb
caddyhttp: Trim dot/space only on Windows (fix #5613)a02ecb0
caddytls: Check for nil ALPN; close #5470 (#5473)faf0399
caddytls: Configurable fallback SNI (#5527)e16a886
caddytls: Eval replacer on automation policy subjects (#5459)be53e43
caddytls: Relax the warning for on-demand (#5384)b97c76f
caddytls: Require 'ask' endpoint for on-demand TLS0cc49c0
caddytls: Zero out throttle window first (#5443)4ba03c9
caddytls: Clarify some JSON config docs0e2c7e1
caddytls: Reuse certificate cache through reloads (#5623)b301a3d
celmatcher: Implementpkix.Name
conversion to string (#5492)096971e
ci/cd: ship tarballs with vendored deps (#5403)5ded580
cmd: Adjust documentation for commands (#5377)508cf2a
cmd: Create pidfile before config load (close #5477)9e69195
cmd: Expand cobra support, add short flags (#5379)5ebb7d4
cmd: Reduce spammy logs from --watch79de6df
cmd: Strict unmarshal for validate (#5383)205b142
cmd: Support'
quotes in envfile parsing (#5437)bf54892
cmd: makecaddy fmt
hints more clear (#5378)38cb587
cmd: Avoid spammy log messages (fix #5538)078f130
cmd: Implement storage import/export (#5532)8d304a4
cmd: Split unix sockets for admin endpoint addresses (#5696)f6bab8b
context: Rename func toAppIfConfigured
(#5397)806341e
core: Properly preserve unix sockets (fix #5568)942fbb3
core: Use SO_REUSEPORT_LB on FreeBSD (#5554)99d4705
core: Eliminate unnecessary shutdown delay on Unix (#5413)c6ac350
core: Return default logger if no modules loaded22927e2
core: Add optional unix socket file permissions (#4741)f66493e
core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)710824c
core: Embed net.UDPConn to gain optimizations (#5606)b51dc5d
core: Refine mutex during reloads (fix #5628) (#5645)119e879
core: Skipchmod
for abstract unix sockets (#5596)b3f0cea
encode: flush status code when hijacked. (#5419)1913930
encode: Fix infinite recursion (#5672)c803286
fastcgi: Fixcapture_stderr
(#5515)571fc03
feature: watch include directory (#5521)f9bd2d3
fileserver: Add color-scheme meta tag (#5475)6cc3cbb
fileserver: New file browse template (#5427)94d41a9
fileserver: Remove trailing slash on fs filenames (#5417)52d7335
fileserver: Use EscapedPath for browse (#5534)5bd9c49
fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)5336bc0
fileserver: Fix file browser breadcrumb font (#5543)2d236ea
fileserver: Fix file browser footer in grid mode (#5536)bd34cb6
fileserver: More filetypes for browse icons2615c9c
fileserver: Only set Etag if not already set (fix #5546) (#5547)56af1ce
fileserver: browse: Better grid layout (#5564)cdd3884
fileserver: browse: minor tweaks for grid view, dark mode (#5545)4e36b4c
fileserver: Tweak grid view of browse template27bc16a
fileserver: addexport-template
sub-command tofile-server
(#5630)e041962
fileserver: add lazy image loading (#5646)c049bab
fileserver: browse: Render SVG images in grid1af419e
go.mod: Update some dependencies774f228
go.mod: Upgrade CertMagic0de6064
go.mod: Upgrade CertMagic again9e94331
go.mod: Upgrade dependencies8cb1bb4
go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)36546cd
go.mod: Upgrade several dependencies398c12a
go.mod: Update quic-go to v0.36.0 (#5584)0468508
go.mod: Upgrade CertMagic for hotfix9c180a5
go.mod: Upgrade quic-go to 0.35.1415d1e7
go.mod: Upgrade some dependenciesf45a6de
go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)e198c60
go.mod: Upgrade dependencies esp. smallstep/certificates4df27a2
go.mod: Use latest CertMagic (v0.19.1)94749e1
go.mod: Use quic-go 0.37.1f857b32
go.mod: update quic-go to v0.36.2 (#5636)51b1bfb
go.mod: Upgrade quic-go to v0.37.2 (fix #5680)a8cc5d1
go.mod: Upgrade to quic-go v0.37.3e8352ae
headers: Add > Caddyfile shortcut for enabling defer (#5535)dd86171
headers: Support deleting all headers as first op (#5464)3b19aa2
headers: Allow>
to defer shortcut for replacements (#5574)330be2d
httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)ca14b6e
httpcaddyfile: Sort Caddyfile slice5c51c1d
httpcaddyfile: Allowhostnames
& logger name overrides for log directive (#5643)4aa4f3a
httpcaddyfile: Fixstring does not match ~[]E
error (#5675)1aef807
log: Make sink logs encodable (#5441)cdce452
logging: Actually honor the SoftStart parameterf0e3981
logging: Add traceID field to access logs when tracing is active (#5507)f3e8b9d
logging: Soft start for net writer (close #5520)b6fe5d4
proxyprotocol: Add PROXY protocol support toreverse_proxy
, add HTTP listener wrapper (#5424)f5a13a4
replacer: Add HTTP time format (#5458)48598e1
reverseproxy: Addfallback
for some policies, instead of always random (#5488)f8b59e7
reverseproxy: Addquery
andclient_ip_hash
lb policies (#5468)66e571e
reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)75b690d
reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)335cd2e
reverseproxy: Fix active health check header canonicalization, refactor (#5446)2b04e09
reverseproxy: Fix reinitialize upstream healthy metrics (#5498)10b265d
reverseproxy: Header up/down support for CLI command (#5460)b19946f
reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)4636109
reverseproxy: Remove deprecatedlookup_srv
(#5396)2182270
reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)941eae5
reverseproxy: allow specifying ip version for dynamica
upstream (#5401)e3909cc
reverseproxy: refactor HTTP transport layer (#5369)424ae0f
reverseproxy: Experimental streaming timeouts (#5567)2ddb717
reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)361946e
reverseproxy: weighted_round_robin load balancing policy (#5579)da23501
reverseproxy: Connection termination cleanup (#5663)d7d1636
reverseproxy: Export ipVersions type (#5648)7a69ae7
reverseproxy: Honortls_except_port
for active health checks (#5591)5dec11f
reverseproxy: Pointer receiver65e33fc
reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)13a3768
rewrite: use escaped path, fix #5278 (#5504)2943c41
templates: AddfileStat
function (#5497)31d75ac
templates: AddreadFile
action that does not evaluate templates (#5553)b420561
tracing: Support autoprop from OTEL_PROPAGATORS (#5147)v2.7.2
Compare Source
Do not use this release, use v2.7.3 instead which contains several hot fixes.
v2.7.1
Compare Source
Do not use this release; use v2.7.3 instead. It contains a hotfix for a WebSocket issue.
v2.7.0
Compare Source
Do not use this release, use v2.7.3 instead which contains hot fixes.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: go.sum
Checkout
From your project repository, check out a new branch and test the changes.