chore(deps): update module github.com/caddyserver/caddy/v2 to v2.8.4 #10
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/github.com-caddyserver-caddy-v2-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.6.4->v2.8.4Release Notes
caddyserver/caddy (github.com/caddyserver/caddy/v2)
v2.8.4Compare Source
Hotfix for the Caddyfile detection regression in v2.8.2. The v2.8.3 tag was mistakenly made on the wrong commit and is skipped.
Changelog
7088605cmd: fix regression in auto-detect of Caddyfile (#6362)v2.8.3Compare Source
v2.8.2Compare Source
A few more fixes of reported bugs related to ARI,
try_fileswith the root path (/), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.Changelog
01308b4I'm so tired of typosa63767dbuild(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)f8a2c60caddyhttp: properly sanitize requests for root path (#6360)b7280e6caddytls: Implement certmagic.RenewalInfoGetter15faeaccmd: fix auto-detetction of .caddyfile extension (#6356)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.8.1...v2.8.2
v2.8.1Compare Source
Quick fixes for a few users related to directory permissions and matcher parsing.
Changelog
40c582ccaddyhttp: Fix merging consecutiveclient_iporremote_ipmatchers (#6350)a52917acore: MkdirAll appDataDir in InstanceID with 0o700 (#6340)v2.8.0Compare Source
Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.
We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.
There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.
Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.
Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.
As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!
⚠️ Breaking changes:
emailglobal option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.acmeissuer with youremailfilled out, and thecafield set to ZeroSSL's ACME server URL. If you want redundancy with Let's Encrypt, be sure to specify anotheracmeissuer as well (defaults OK, but we recommend setting an email there too).zerosslissuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with theacmemodule pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:lego_deprecatedDNS provider module. It has been deprecated for 4 years. Usecaddy-dnsmodules instead; there are over 50 to choose from already. They are more flexible, compile much leaner, and are easier to implement and support. If yours is not supported it can be easily implemented. Sponsors at or above the Business tier can request to have their provider implemented for free.askoption in the JSON has been deprecated in favor of a permission module (Caddyfile unchanged) (#6055), and Caddyfile support forpermissionmodules is added (6a02999)Etag(used for concurrency control) is now a header, not a trailer. This is less efficient, but still virtually no clients properly implement trailer support.basicauthCaddyfile directive has been renamed tobasic_auth(#6092), andskip_loghas been renamed tolog_skip. The old names will continue to work for now, with a deprecation warning in the logs. (#6066).basic_authhandler no longer supportsscrypt(deprecated for nearly two years) (#6091)forwardedoption has been deprecated for a long time and has now been removed from theremote_ipmatcher. Use theclient_ipmatcher instead. (#6085)buffer_requests,buffer_responses, andmax_buffer_sizesettings have been removed after being deprecated for 14 months. Userequest_buffersandresponse_buffersinstead if you need buffering.caddy.Context.AppIfConfigured(), it now returns an error, as part of a bug fix. (#6292)Notable changes:
--adapterflag is not needed for config files ending with.caddyfile(#5919)zstd(#6140)fsdirective can declare a file system plugin to use (#5057)["REDACTED"]instead of empty array. (#5669)log_appendhandler can add fields to the access logs (#6066)uuidfield to access logs when the{http.request.uuid}placeholder is used (#5859){file.*}global placeholder is available, where*is a path to a file on disk which contains a value (generally used for secrets) (#5463)*matcher token is no longer required in the Caddyfile (#5844)local_ipconnection matcher (#6074)askendpoint into apermissionmodule, making it pluggable (#6055)uri query(#6120, #6165)Changelog
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.6...v2.8.0
ac0ad4dUpgrade acmeserver to github.com/go-chi/chi/v5 (#5913)931656bacmeserver: add policy field to define allow/deny rules (#5796)e1aa862acmeserver: support specifying the allowed challenge types (#5794)e6f46c8acmeserver: Addsign_with_rootfor Caddyfile (#6345)4a0492fadmin: MakeEtaga header, not a trailer (#6208)1217449admin: Use xxhash for etag (#6207)7e2510ebuild(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289)4f3f6e3build(deps): bump actions/setup-go from 4 to 5 (#6012)8a50f19build(deps): bump actions/upload-artifact from 3 to 4 (#6013)1bf72dbbuild(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994)223f314build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080)30d6364caddyauth: Drop support forscrypt(#6091)f9e1115caddyauth: Renamebasicauthtobasic_auth(#6092)f4840cfcaddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)f6d2c29caddyfile: Reject global request matchers earlier (#6339)c0273f1caddyfile: Add heredoc support tofmtcommand (#6056)d9aded0caddyfile: Allow heredoc blank lines (#6051)8bbf8eccaddyfile: Assert having a space after heredoc marker to simply check (#6117)c369df5caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)1f60328caddyfile: Fix variadic placeholder false positive when token contains:(#5883)750d0b8caddyfile: Normalize & flatten all unmarshalers (#6037)9cd472ccaddyfile: Populate regexp matcher names by default (#6145)b893c8ccaddyfile: Reject directives in the place of site addresses (#6104)e7a534dcaddyfile: Reject long heredoc markers (#6098)7c48b5fcaddyfile: Switch to slices.Equal for better performance (#6061)63d597ccaddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)3d7d60fcaddyhttp: Adduuidto access logs when used (#5859)45132c5caddyhttp: Add plaintext response tofile_server browse(#6093)6d97d8dcaddyhttp: Address some Go 1.20 features (#6252)4c10a05caddyhttp: Adjustschemeplaceholder docs (#5910)97a56d8caddyhttp: Allowheaderreplacement with empty string (#6163)83ef61dcaddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)2fc620dcaddyhttp: Fix linter warning about deprecationf5344f8caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)2c48ddacaddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)1277888caddyhttp: Register post-shutdown callbacks (#5948)7b48ce0caddyhttp: Replace sensitive headers with REDACTED (close #5669)cc0c0cfcaddyhttp: Security enhancements for client IP parsing (#5805)70953e8caddyhttp: Support multiple logger names per host (#6088)bde4621caddyhttp: Test cases for%2Fand%252F(#6084)c8559c4caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)ddb1d2ccaddyhttp: add http.request.local{,.host,.port} placeholder (#6182)924010ccaddyhttp: close quic connections when server closes (#6202)e0daa39caddyhttp: record num. bytes read when response writer is hijacked (#6173)654a3bbcaddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)b568a10caddyhttp: support unix sockets incaddy respondcommand (#6010)c93e304caddyhttp: suppress flushing if the response is being buffered (#6150)52822a4caddyhttp: upgrade to cel v0.20.0 (#6161)224316ecaddyhttp: Move log WARN to INFO, reduce confusion (#6185)6dce493caddyhttp: Alter log message when request is unhandled (close #5182)4af38e5caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)fb63e2ecaddyhttp: New experimental handler for intercepting responses (#6232)9ba9991caddyhttp: Trace individual middleware handlers (#6313)c97292bcaddypki: Allow use of root CA without a key. Fixes #6290 (#6298)4512be4caddytest: Rename adapt tests to*.caddyfiletestextension (#6119)4c90f14caddytest: normalize the JSON config (#6316)8d7ac18caddytls: Ability to drop connections (close #6294)6a02999caddytls: Add Caddyfile support for on-demand permission module (close #6260)b24ae63caddytls: Context to DecisionFunc (#5923)d129ae6caddytls: Evict internal certs from cache based on issuer (#6266)57c5b92caddytls: Make on-demand 'ask' permission modular (#6055)76c4cf5caddytls: Option to configure certificate lifetime (#6253)3609a4acaddytls: Remove shim code supporting deprecated lego-dns (#6231)dc9dd2ecaddytls: Still provision permission module if ask is specified4a09cf0caddytls: Sync distributed storage cleaning (#5940)81413cacaddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)3ae07a7caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)03f703acaddytls: verifier: caddyfile: re-add Caddyfile support (#6127)db3e19bcaddytls: fix permission requirement with AutomationPolicy (#6328)1fc151fcaddytls: remove ClientHelloSNICtxKey (#6326)e66040acaddytls: set server name in context (#6324)b359ca5ci/cd: use the build tagnobadgerto exclude badgerdb (#6031)24b0ecccmd: Add newline character to version string in CLI output (#5895)e473ae6cmd: Adjust config load logs/errors (#6032)185ed6fcmd: Assume Caddyfile based on filename prefix and suffix (#5919)e1f4b83cmd: Fix panic related to config filename (fix #5919)8f87c5dcmd: Only validate config is proper JSON if config slice has data (#6250)56c6b3fcmd: Preserve LastModified date when exporting storage (#5968)de4959fcmd: fix the output of theUsagesection (#6138)54823f5cmd: reverseproxy: log: use caddy logger (#6042)d70608bcmd: upgrade: resolve symlink of the executable (#5891)d54dcf1cmd: use automaxprocs for better perf in containers (#5711)e1b9a9dcore: Addctx.Slogger()which returns ansloglogger (#5945)cbbd1dfcore: Always make AppDataDir for InstanceID (#5976)174c19acore: Apply SO_REUSEPORT to UDP sockets (#5725)46c5db9core: OnExit hooks (#6128)a747930core: Support NO_COLOR env var to disable log coloring (#6078)7c82e26core: quic listener will manage the underlying socket by itself (#5749)a6a45ffcore: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)2ce5c65core: Fix bug in AppIfConfigured (fix #6336)03e0a01encode: Configurable compression level for zstd (#6140)3067074encode: Improve Etag handling (fix #5849)9ab0943encode: Slight fix for the previous commite698ec5encode: write status immediately when status code is informational (#6164)ba58114events: Add debug log7e52db8fileserver: Add .m4v for browse template icon8f9ffc5fileserver: Add total file size to directory listing (#6003)feb07a7fileserver: Browse can show symlink target if enabled (#5973)b16aba5fileserver: Enable compression for command by default (#5855)5d8b45cfileserver: Escape # and ? in img src (fix #6237)f3e849efileserver: Implement caddyfile.Unmarshaler interface (#5850)d00824ffileserver: Improve Vary handling (#5849)362f33dfileserver: New --precompressed flag (#5880)5a4374bfileserver: Preserve query during canonicalization redirect (#6109)cabb5d7fileserver: Set "Vary: Accept-Encoding" header (see #5849)567d96cfileserver: read etags from precomputed files (#6222)c839a98filesystem: Globally declared filesystems,fsdirective (#5833)60abd72fix: add back text/*b8f729bfix: add more media types to the compressed by default lista4a64a6gitignore: Add rule for caddyfile.go (#6225)9fc55a9go.mod: CVE-2023-45142 Update opentelemetry (#5908)fe2a02bgo.mod: Upgrade quic-go to v0.39.1b49ec05go.mod: Updated quic-go to v0.40.1 (#5983)ee35855go.mod: update quic-go version to v0.40.0 (#5922)a46ff50go.mod: Upgrade to quic-go v0.43.0b522710go.mod: Upgrade to quic-go v0.43.1dd203adgo.mod: CertMagic v0.21.0d79c0f0go.mod: Upgrade dependenciesabdf1aego.mod: go 1.22.3258d906httpcaddyfile: AddRegisterDirectiveOrderfunction for plugin authors (#5865)4181c79httpcaddyfile: Add optional status code argument tohandle_errorsdirective (#5965)2a78c9chttpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)7984e6fhttpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)f976c84httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)c2d889fhttpcaddyfile: Fix redir html (#6001)c27425ehttpcaddyfile: Keep deprecatedskip_login directive order (#6153)ac1f20bhttpcaddyfile: Remove port from logger names (#5881)5e2f1b5httpcaddyfile: Rewriterootandrewriteparsing to allow omitting matcher (#5844)3efda6fhttpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)da7d8cbhttpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)cb86319httpcaddyfile: Support client auth verifiers (#6022)feeb6afhttpcaddyfile: Fix expression matcher shortcut in snippets (#6288)583c585httpcaddyfile: Set challenge ports when http_port or https_port are used96f638ehttpredirectlistener: Only set read limit for when request is HTTP (#5917)3248e4clogging: Addzap.Optionsupport (#5944)b9c40e7logging: Automaticwrapdefault forfilterencoder (#5980)726a9a8logging: Fix default access logger (#6251)01d5568logging: Implementappendencoder, allow flatter filters config (#6069)0d44e3elogging: Implementlog_appendhandler (#6066)91ec754logging: Inline Caddyfile syntax forip_maskfilter (#6094)0c01547logging: supportmsduration format and add docs (#6187)4356635logging: Add support for additional logger filters other than hostname (#6082)8c2a72acaddyhttp: Dropforwardedoption fromremote_ipmatcher (#6085)ed7e3c9caddyhttp:querymatcher now ANDs multiple keys (#6054)387545ametrics: Record request metrics on HTTP errors (#5979)e0bf179modules: fix some typo in conments (#6206)dc12bd9proxyprotocol: use github.com/pires/go-proxyproto (#5915)dba556frefactor: move automaxprocs init in caddycmd.Main()80acf1breplacer: Fix escaped closing braces (#5995)7979739replacer: Implementfile.*global replacements (#5463)e7336ccreplacer: use RWMutex to protect static provider (#6184)868af6areverseproxy: Add grace_period for SRV upstreams to Caddyfile (#6264)613d544reverseproxy: Accept EOF when bufferingf658fd0reverseproxy: Addtls_curvesoption to HTTP transport (#5851)a9768d2reverseproxy: Configurable forward proxy URL (#6114)0b381ebreverseproxy: Implement modular CA provider for TLS transport (#6065)d9ff7b1reverseproxy: Only change Content-Length when full request is buffered (#5830)9f97df2reverseproxy: Remove long-deprecated buffering propertiesd93e027reverseproxy: Reuse buffered request body even if partially drained72ce78dreverseproxy: SRV dynamic upstream failover (#5832)74949fbreverseproxy: Use xxhash instead of fnv32 for LB (#6203)b40cacfreverseproxy: Wait for both ends of websocket to close (#6175)e65b97freverseproxy: configurable active health_passes and health_fails (#6154)da6a569reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)1b9042breverseproxy: handle buffered data during hijack (#6274)53f7035reverseproxy: use context.WithoutCancel (#6116)d05d715reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)b2b29dcreverseproxy: Implement health_follow_redirects (#6302)e60148ereverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)5f6758dreverseproxy: Support HTTP/3 transport to backend (#6312)69290d2rewrite: Implementuri queryoperations (#6120)29f57farewrite:uri queryreplace operation (#6165)c6673adstaticresp: Use the evaluated response body for sniffing JSON content-type (#6249)0900844templates: Clarifyincludeargs docs, add.ClientIP(#5898)4e8245dtemplates: Delete headers onhttpErrorto reset to clean slate (#5905)18f3429templates: Offically make templates extensible (#5939)f98f449templates: AddpathEscapetemplate function and use it in file browser (#6278)4173e2ctls: accept placeholders in string values of certificate loaders (#5963)ed41c92tls: add reuse_private_keys (#6025)e965b11tls: modularize trusted CA providers (#5784)0b5720ftracing: add trace_id var (http.vars.trace_idplaceholder) (#6308)5ed8689vars: Allow overridinghttp.auth.user.idin replacer as a special case (#6108)d132584vars: Make nil values act as empty string instead of"<nil>"(#6174)New Contributors
v2.7.6Compare Source
In this version we've made several fixes and enhancements with help from several contributors. Most changes are small, but some notable ones:
templatesmiddleware is now officially extensible (experimentally). This means modules can add custom functions/actions for templates to execute.Thank you to everyone who contributed!
Changelog
65c489aUpgrade acmeserver to github.com/go-chi/chi/v5 (#5913)ae5e2d9caddyfile: Fix variadic placeholder false positive when token contains:(#5883)db55da5caddyhttp: Adjustschemeplaceholder docs (#5910)df5edf6caddytls: Context to DecisionFunc (#5923)6d9a833caddytls: Sync distributed storage cleaning (#5940)11a082ccmd: Add newline character to version string in CLI output (#5895)979c413cmd: upgrade: resolve symlink of the executable (#5891)6482070core: Apply SO_REUSEPORT to UDP sockets (#5725)15adb89core: quic listener will manage the underlying socket by itself (#5749)801ec75fileserver: Add .m4v for browse template iconb809ed7go.mod: CVE-2023-45142 Update opentelemetry (#5908)b4c7313go.mod: Upgrade quic-go to v0.39.136fce3fgo.mod: update quic-go version to v0.40.0 (#5922)ec2de22httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)f0ea489httpcaddyfile: Remove port from logger names (#5881)87f63b1httpredirectlistener: Only set read limit for when request is HTTP (#5917)16834d6templates: Clarifyincludeargs docs, add.ClientIP(#5898)0259853templates: Delete headers onhttpErrorto reset to clean slate (#5905)2f7ceb5templates: Offically make templates extensible (#5939)908e956tls: accept placeholders in string values of certificate loaders (#5963)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.5...v2.7.6
v2.7.5Compare Source
In this release, we've fixed quite a few small bugs and annoyances, including HTTP/2 Rapid Reset which affected most HTTP/2 implementations.
On a personal note (from @mholt): I recently became a dad! I want to thank our maintainers for helping in so many ways while I've been taking extra time for family. Francis, Matthew, Mohammed, and others -- including all the contributors below, and then some -- are to thank for shipping this release.
Highlights
QUIC_GO_DISABLE_GSO=trueandQUIC_GO_DISABLE_ECN=trueenvironment variables respectively, if they cause you problems. See thequic-gorelease notes for more details.fileserver.BrowseTemplateis now exported, so it may be customized by programs embedding Caddy. (ed8bb13)--envfileno longer override existing variables. (#5803)encodehandler now compressesapplication/wasm*content types by default. (#5869)reverse_proxyhandler can now emit very detailed logs for debugging streaming and buffering. To enable it, set theverbose_logssubdirective, and set logging todebuglevel. Since the logs from this are very noisy, usingverbose_logsto opt-in is necessary. We may ask you to enable this when asking for support! (#5793)caddy -v, like most other CLI utilities! (#5874)Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
Changelog
0e204b7admin: Respond with 4xx on non-existing config path (#5870)89c407abuild(deps): bump actions/checkout from 3 to 4 (#5846)1405683build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)38a7b6bcaddyfile: Adjust error formatting (#5765)7103ea0caddyfile: Fix case where heredoc marker is empty after newline (#5769)10053f7caddyfile: Loosen heredoc parsing (#5761)58ab3a0caddyhttp: Use LimitedReader for HTTPRedirectListener (thank you to Bartek Nowotarski for reporting)9c419f1cmd: Fix exiting with custom status code, addcaddy -v(#5874)f2ab709cmd: Prevent overwriting existing env vars with--envfile(#5803)e0aaefaencode: Addapplication/wasm*to the default content types (#5869)fa5a579fileserver: Add command shortcuts-land-a(#5854)ed8bb13fileserver: Export BrowseTemplate130f6d1fileserver: Set canonical URL on browse template (#5867)a306c5ffileserver: browse template SVG icons and UI tweaks (#5812)0a6d333fileserver: docs: clarify the ability to produce JSON array withbrowse(#5751)82c356ffix: caddytest.AssertResponseCode error message (#5853)888c6d7go.mod: Update quic-go to v0.38.0 (#5772)88b4fbfgo.mod: Upgrade dependencies incl. x/net/httpdf99502httpcaddyfile: Enable TLS for catch-all site iftlsdirective is specified (#5808)33d8d2chttpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)288216ehttpcaddyfile: Stricter errors for site and upstream address schemes (#5757)2cac3c5httpcaddyfile: fix placeholder shorthands in named routes (#5791)c46ec3blogging: Clone array on log filters, prevent side-effects (#5786)1b73e38logging: query filter for array of strings (#5779)4776f62replacer: change timezone to UTC for "time.now.http" placeholders (#5774)a8586b0reverseproxy: Add logging for dynamic A upstreams (#5857)3a3182freverseproxy: Add more debug logs (#5793)4feac4dreverseproxy: Allow fallthrough for response handlers without routes (#5780)e8b8d4areverseproxy: Fixleast_connpolicy regression (#5862)2a6859areverseproxy: Fix retries on "upstreams unavailable" error (#5841)05dbe1creverseproxy: Replace health header placeholders (#5861)1e0dea5reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)b245ecdreverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)5653c36templates: Add dummyRemoteAddrtohttpIncluderequest, proxy compatibility (#5845)289934ftls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.4...v2.7.5
v2.7.4Compare Source
Caddy 2.7.4 rounds out some bug fixes from the 2.7 release. For example, Go made a last-minute breaking change to a new API that broke quic-go (HTTP/3) on Go 1.21 just before Go 1.21 was released; we resolved a few issues with on-demand TLS that are now much improved from the 2.6 tree; a couple race conditions were fixed in dynamic reverse proxy upstreams. We hope you will be pleased with this new version!
Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
We encourage all users to test this new version and then upgrade. Thanks to all who get involved!
Changelog
080db93caddytls: Update docs for on-demand configd813550cmd: Require config for caddy validate (fix #5612) (#5614)a8492c0fileserver: Don't repeat error for invalid method inside error context (#5705)2d7d806fileserver: Slightly more fitting iconsf11c3c9go.mod: Upgrade CertMagic and quic-go5b9c850go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)936ee91reverseproxy: Always return new upstreams (fix #5736) (#5752)431adc0templates: Fix httpInclude (fix #5698)New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.3...v2.7.4
v2.7.3Compare Source
We're pleased to present Caddy 2.7, which makes significant strides in areas of scaling, performance, and niche features.
Special thank-you to @francislavoie, @Mohammed90, and other core team members for the ongoing dedication of their time to help maintain the project and help in our forums.
And a big thank-you to everyone else who contributed! You're awesome, and we're glad this project has so many contributors and sponsors to make it possible.
Docs are being updated and will be pushed live shortly. Thank you for your patience and for using Caddy!
(Note: Versions 2.7.0-2.7.2 contain bugs that were hotfixed within minutes and hours and a day of the release. Thank you to everyone who helped with that! And sorry for the trouble, we have learned lessons to help mitigate that in the future.)
Highlights
{args[2:]}(#5249)Deprecations and possible breaking changes for some:
askendpoint is now required to enable On-Demand TLS (b97c76f) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. Theaskendpoint is not required for local-only or internal-only names (#5384 anda7af7c4).lookup_srvfeature of the reverse proxy has been removed. It was replaced with the dynamic upstreams feature in 2.6. (#5396)remote_ip forwardedmatcher has been deprecated because it assumes trusting downstream proxies. Instead, theclient_ipmatcher should be used along withtrusted_proxiesconfiguration. (#5103 and #5104){args.0}is now deprecated in favor of{args[0]}.http.ResponseControllerto callFlush()orHijack()on the response writer. (#5654)Thank you to everyone who contributed! And thank you to our sponsors who truly make this project possible.
New Contributors
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.3
Changelog
3f20a7cacmeserver: Configurableresolvers, fix smallstep deprecations (#5500)b1366c7build(deps): bump actions/setup-go from 3 to 4 (#5474)dfe17c3caddyconfig: Specify config adapter for HTTP loader (close #5607)f3379f6caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)960150bcaddyfile: Implement heredoc support (#5385)8bc05e5caddyfile: Implement variadics for import args placeholders (#5249)53b6fabcaddyfile: Stricter parsing, error for brace on new line (#5505)cee4441caddyfile: Do not replace import tokens if they are part of a snippet (#5539)9cde715caddyfile: Track import name instead of modifying filename (#5540)bbe1952caddyfile: Fix comparing if two tokens are on the same line (#5626)9f34383caddyfile: check that matched key is not a substring of the replacement key (#5685)cfc85aecaddyhttp: Add a getter for Server.name (#5531)05e9974caddyhttp: Determine real client IP if trusted proxies configured (#5104)c05e389caddyhttp: Enable 0-RTT QUIC (#5425)8537586caddyhttp: Fixvars_regexpmatcher with placeholders (#5408)1c9ea01caddyhttp: ImplResponseWriter.Unwrap(), prep for Go 1.20'sResponseController(#5509)cbf16f6caddyhttp: Implement named routes,invokedirective (#5107)2b3046dcaddyhttp: Log request body bytes read (#5461)96919accaddyhttp: Refactor cert Managers (fix #5415) (#5533)d8d87a3caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)808b05ccaddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)2945264caddyhttp: Fix h3 shutdown (#5541)6a41b62caddyhttp: Support custom network for HTTP/3 (#5573)a7af7c4caddytls: Allow on-demand w/o ask for internal-onlycd486c2caddyhttp: Make use ofhttp.ResponseController(#5654)18c309bcaddyhttp: Preserve original error (fix #5652)66114cbcaddyhttp: Trim dot/space only on Windows (fix #5613)a02ecb0caddytls: Check for nil ALPN; close #5470 (#5473)faf0399caddytls: Configurable fallback SNI (#5527)e16a886caddytls: Eval replacer on automation policy subjects (#5459)be53e43caddytls: Relax the warning for on-demand (#5384)b97c76fcaddytls: Require 'ask' endpoint for on-demand TLS0cc49c0caddytls: Zero out throttle window first (#5443)4ba03c9caddytls: Clarify some JSON config docs0e2c7e1caddytls: Reuse certificate cache through reloads (#5623)b301a3dcelmatcher: Implementpkix.Nameconversion to string (#5492)096971eci/cd: ship tarballs with vendored deps (#5403)5ded580cmd: Adjust documentation for commands (#5377)508cf2acmd: Create pidfile before config load (close #5477)9e69195cmd: Expand cobra support, add short flags (#5379)5ebb7d4cmd: Reduce spammy logs from --watch79de6dfcmd: Strict unmarshal for validate (#5383)205b142cmd: Support'quotes in envfile parsing (#5437)bf54892cmd: makecaddy fmthints more clear (#5378)38cb587cmd: Avoid spammy log messages (fix #5538)078f130cmd: Implement storage import/export (#5532)8d304a4cmd: Split unix sockets for admin endpoint addresses (#5696)f6bab8bcontext: Rename func toAppIfConfigured(#5397)806341ecore: Properly preserve unix sockets (fix #5568)942fbb3core: Use SO_REUSEPORT_LB on FreeBSD (#5554)99d4705core: Eliminate unnecessary shutdown delay on Unix (#5413)c6ac350core: Return default logger if no modules loaded22927e2core: Add optional unix socket file permissions (#4741)f66493ecore: Allow loopback hosts for admin endpoint (fix #5650) (#5664)710824ccore: Embed net.UDPConn to gain optimizations (#5606)b51dc5dcore: Refine mutex during reloads (fix #5628) (#5645)119e879core: Skipchmodfor abstract unix sockets (#5596)b3f0ceaencode: flush status code when hijacked. (#5419)1913930encode: Fix infinite recursion (#5672)c803286fastcgi: Fixcapture_stderr(#5515)571fc03feature: watch include directory (#5521)f9bd2d3fileserver: Add color-scheme meta tag (#5475)6cc3cbbfileserver: New file browse template (#5427)94d41a9fileserver: Remove trailing slash on fs filenames (#5417)52d7335fileserver: Use EscapedPath for browse (#5534)5bd9c49fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)5336bc0fileserver: Fix file browser breadcrumb font (#5543)2d236eafileserver: Fix file browser footer in grid mode (#5536)bd34cb6fileserver: More filetypes for browse icons2615c9cfileserver: Only set Etag if not already set (fix #5546) (#5547)56af1cefileserver: browse: Better grid layout (#5564)cdd3884fileserver: browse: minor tweaks for grid view, dark mode (#5545)4e36b4cfileserver: Tweak grid view of browse template27bc16afileserver: addexport-templatesub-command tofile-server(#5630)e041962fileserver: add lazy image loading (#5646)c049babfileserver: browse: Render SVG images in grid1af419ego.mod: Update some dependencies774f228go.mod: Upgrade CertMagic0de6064go.mod: Upgrade CertMagic again9e94331go.mod: Upgrade dependencies8cb1bb4go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)36546cdgo.mod: Upgrade several dependencies398c12ago.mod: Update quic-go to v0.36.0 (#5584)0468508go.mod: Upgrade CertMagic for hotfix9c180a5go.mod: Upgrade quic-go to 0.35.1415d1e7go.mod: Upgrade some dependenciesf45a6dego.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)e198c60go.mod: Upgrade dependencies esp. smallstep/certificates4df27a2go.mod: Use latest CertMagic (v0.19.1)94749e1go.mod: Use quic-go 0.37.1f857b32go.mod: update quic-go to v0.36.2 (#5636)51b1bfbgo.mod: Upgrade quic-go to v0.37.2 (fix #5680)a8cc5d1go.mod: Upgrade to quic-go v0.37.3e8352aeheaders: Add > Caddyfile shortcut for enabling defer (#5535)dd86171headers: Support deleting all headers as first op (#5464)3b19aa2headers: Allow>to defer shortcut for replacements (#5574)330be2dhttpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)ca14b6ehttpcaddyfile: Sort Caddyfile slice5c51c1dhttpcaddyfile: Allowhostnames& logger name overrides for log directive (#5643)4aa4f3ahttpcaddyfile: Fixstring does not match ~[]Eerror (#5675)1aef807log: Make sink logs encodable (#5441)cdce452logging: Actually honor the SoftStart parameterf0e3981logging: Add traceID field to access logs when tracing is active (#5507)f3e8b9dlogging: Soft start for net writer (close #5520)b6fe5d4proxyprotocol: Add PROXY protocol support toreverse_proxy, add HTTP listener wrapper (#5424)f5a13a4replacer: Add HTTP time format (#5458)48598e1reverseproxy: Addfallbackfor some policies, instead of always random (#5488)f8b59e7reverseproxy: Addqueryandclient_ip_hashlb policies (#5468)66e571ereverseproxy: Add mention of which half a copyBuffer err comes from (#5472)75b690dreverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)335cd2ereverseproxy: Fix active health check header canonicalization, refactor (#5446)2b04e09reverseproxy: Fix reinitialize upstream healthy metrics (#5498)10b265dreverseproxy: Header up/down support for CLI command (#5460)b19946freverseproxy: Optimize base case for least_conn and random_choose policies (#5487)4636109reverseproxy: Remove deprecatedlookup_srv(#5396)2182270reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)941eae5reverseproxy: allow specifying ip version for dynamicaupstream (#5401)e3909ccreverseproxy: refactor HTTP transport layer (#5369)424ae0freverseproxy: Experimental streaming timeouts (#5567)2ddb717reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)361946ereverseproxy: weighted_round_robin load balancing policy (#5579)da23501reverseproxy: Connection termination cleanup (#5663)d7d1636reverseproxy: Export ipVersions type (#5648)7a69ae7reverseproxy: Honortls_except_portfor active health checks (#5591)5dec11freverseproxy: Pointer receiver65e33fcreverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)13a3768rewrite: use escaped path, fix #5278 (#5504)2943c41templates: AddfileStatfunction (#5497)31d75actemplates: AddreadFileaction that does not evaluate templates (#5553)b420561tracing: Support autoprop from OTEL_PROPAGATORS (#5147)v2.7.2Compare Source
Do not use this release, use v2.7.3 instead which contains several hot fixes.
v2.7.1Compare Source
Do not use this release; use v2.7.3 instead. It contains a hotfix for a WebSocket issue.
v2.7.0Compare Source
Do not use this release, use v2.7.3 instead which contains hot fixes.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: go.sum
Checkout
From your project repository, check out a new branch and test the changes.