| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
This release brings a number of bug fixes and minor enhancements. All
users should upgrade after testing and verifying their setups.
Thank you to all who contributed!
|
|
|
|
Caddy 2.6
This is our biggest release since Caddy 2.
Caddy 2 changed the way the world serves the Web. By providing an online config
API, automatic HTTPS, unlimited extensibility, certificate automation at scale,
modern protocols, sane defaults, and an unrivaled developer experience, we
boldly raised the bar for web servers.
Now with Caddy 2.6, we're doing it again. Caddy 2.6 is the first
general-purpose web server to seamlessly enable the newly-standardized HTTP/3
protocol for all configurations by default. We've virtualized the file system
so you can serve content from anywhere or anything. New event features let you
observe and control Caddy's internals with custom actions. Caddy is more useful
than ever for developers with its enhanced CLI tooling and features. And it's
faster than ever with non-trivial performance improvements. We think you will
love this release.
v2.6.1
Hotfix for unix sockets, the encode handler, and the caddy file-server command.
Please see the release notes for v2.6.0 for other important information if
you're coming from < 2.6!
|
|
|
|
This version builds with Go 1.19.
v2.5.0
- Reverse proxy: Dynamic upstreams, which is the ability to get the list of
upstreams at every request (more specifically, every iteration in the proxy
loop of every request) rather than just once at config-load time. Dynamic
upstream modules can be plugged in to provide Caddy with the latest list of
backends in real-time. Two standard modules have been implemented which can
get upstreams from SRV and A/AAAA record lookups.
This deprecates the lookup_srv JSON field for upstreams (and srv+ scheme
prefix in the Caddyfile), which will be removed in the future.
- Automatic HTTPS: Caddy will automatically try to get relevant certificates
from the local Tailscale instance (if running with permission to access the
Tailscale socket). This makes services running on a Tailscale network
automatically available over trusted HTTPS with Caddy.
- Tracing: New OpenTelemetry integration with the tracing handler module and
associated tracing directive.
- Reverse proxy: When using the response handlers, a new handler copy_response
is available to copy the proxy's response back to the client, and
copy_response_headers may be used to selectively copy header values from the
proxy's response.
- API: Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for
getting information about Caddy's managed CAs, including the chain of root
and intermediate certificates.
v2.5.1
- Fixed regression in Unix socket admin endpoints.
- Fixed regression in caddy trust commands.
- Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie)
use an improved highest-random-weight (HRW) algorithm for increased
consistency. The new rendezvous hash will ensure a client or request is
consistently mapped to a particular upstream even if the list of upstreams
changes.
- The reverse proxy is now able to rewrite the method and URI on its internal
copy of the request that goes to the upstream. Combined with new
handle_response capabilities, this enables the reverse proxy to fire off
"pre-check requests" (for lack of a better term) to make routing decisions
based on the results of that call. This enables a commonly-emerging pattern
called forward authentication wherein a backend is queried to assess a client's
authorization to be proxied. The full, verbose config for this is very flexible
but tedious, so we made a new wrapper directive called forward_auth that
eliminates the boilerplate.
v2.5.2
- New /adapt admin endpoint: Use your installed config adapters via API in
addition to the existing caddy adapt CLI command.
- New Etag/If-Match support for config API: Safely update your config
concurrently and avoid collisions by using our unique Etag implementation.
- Rename copied headers from reverse_proxy: If you're using handle_response,
you can more easily map headers to a different name for clients.
- Many HTTP matchers have been added to CEL: You can now use the logic of our
HTTP request matchers in CEL expressions.
- Notable bug fixes: EAB reuse, various QUIC & HTTP/3 fixes, more specific HTTP
status codes, various reverse proxy fixes.
|
|
|
|
|
|
|
|
|
|
Update the quic-go module to a version that works with Go 1.18.
Caddy 2.4.6 changes:
This release contains bug fixes and minor enhancements, including one patch
with potential security implications related to path matching.
Notable patches:
- Path matchers unescape/clean URI paths to normalize match space
- Fix regex matching in map handler
Notable enhancements:
- try_files can now accept =nnn (e.g. =404) to yield a status code instead of
a file.
- Template actions httpError (stop eval and return HTTP error) and import
(like include but changes template context) were added
- New placeholder {http.request.tls.client.certificate_der_base64}
|
|
|
|
|
|
|
|
|
|
|
|
... for packages where the go-module.mk defaults DTRT as-is.
|
|
|
|
2.4.4
-----
This release contains numerous bug fixes, updated dependencies, and QoL
improvements.
Update: This release contains a known regression in the combination of encode
and reverse_proxy modules; please use v2.4.5 instead.
2.4.5
-----
A hotfix for a regression introduced in v2.4.4 related to combining the encode
and reverse_proxy directives.
|
|
|
|
|
|
|
|
v2.4.3
A bug fix for the bug fix, and a couple other bug fixes, including one security
fix for PHP sites. We think all users should upgrade after giving it a whirl in
their test environments. Please note some changes in this patch:
* In reverse_proxy, the max_idle_conns_per_host option has been removed
(both Caddyfile and JSON). This may be a breaking change for a few of you,
but it only breaks configs that relied on a bug. Instead of silently
failing, you will get an error if you continue using the property. For
Caddyfile, we basically renamed the property to
keepalive_idle_conns_per_host. In JSON, we simply removed the property, and
you should instead set keep_alive/max_idle_conns_per_host if you weren't
already. Previously, the Caddyfile subdirective set both MaxConnsPerHost
and MaxIdleConnsPerHost, which was confusing; and the JSON properties
overwrote each other, so one was removed.
* Security patch in the FastCGI transport that now sanitizes paths against
directory traversal outside the site root.
* Fix canonicalization redirects in file_server. v2.4.2 introduced a bugfix
for these redirects when used inside handle_path (i.e. rewriting
the path by stripping a prefix), but caused a regression for many other use
cases. This release includes a proper fix for all known, tested cases.
Basically: these redirects are not issued if the filename of a path was
rewritten internally.
v2.4.2
A few enhancements and bug fixes. Thanks to all who contributed to this
release!
|
|
|
|
2.4.0
Caddy v2.4.0 is our first stable release of 2021, ushering in over 110 patches
including new features and bug fixes. Thank you to the many contributors who
helped make this possible!
Highlights:
- Secure remote management. You can now enable secure remote access to Caddy's
admin API! It uses TLS mutual authentication, and you can even define
permissions for different users.
- Config pull at start. Caddy can be configured to load a different config at
startup. This is useful if your config is federated through a separate system
that doesn't have the ability to push configs to Caddy. This feature is
modular, so configurations can be loaded different ways!
- Server identity management. Caddy can automatically manage its own server
identity certificate, which can be used when negotiating TLS connections with
peers. This is required when enabling the secure admin API.
- Self-upgrade command. The new caddy upgrade command will replace the current
Caddy binary with an upgraded one from our website, with all the same modules
installed, including third-party plugins that are registered on our site! (We
can use this code to add/remove modules later, too.)
- Configure other apps from the HTTP Caddyfile. The global options block of the
Caddyfile now allows configuration of Caddy apps other than HTTP (for
example, dynamic_dns to keep DNS records pointed at your server with a dynamic
IP address).
- Caddyfile fmt lint check. When running with a Caddyfile, Caddy will emit a
warning if the Caddyfile is not formatted with caddy fmt.
- New abort directive. The abort directive is a special case of the
static_response HTTP handler that prevents an HTTP response by aborting the
handler chain immediately and forcefully closing the connection.
- New error directive. The error directive returns internal error values in the
HTTP handler chain, as if an HTTP error had occurred, causing your error
routes to be invoked.
- Configure response interception from Caddyfile. The reverse_proxy is capable
of intercepting responses from the backend, and now this is exposed in the
Caddyfile with handle_response.
- Better caddy list-modules output. Now modules are organized by standard and
non-standard modules, so you can easily see if a Caddy build has been
customized.
- Configure logging from Caddyfile. The process logs can now be configured from
the global options of the Caddyfile.
- Better content negotiation. The file server can now be configured to serve
precompressed sidecar files, and content encoding preferences are better
configured and honored.
- Dark mode in directory listings. The file server's "browse" file listings now
has a dark mode.
- Removed the logfmt log encoder. It was broken anyways, and its deprecation
has been warned in previous releases.
- Deprecated common_log format. It will be removed in a future release.
- Deprecated health_path in reverse_proxy directive. It has been replaced with
health_uri and will be removed in the future.
- Numerous bug fixes and improvements. Thanks for the detailed, helpful bug
reports! We appreciate your collaboration in making Caddy better.
2.4.1
A small patch release that contains a few noncritical but pleasant fixes
(unless you're using /id/ endpoints in the admin API; then you should
definitely get this update).
|
|
|
|
This version of caddy was super old, and the 2.x versions from wip are
the recommended ones to use.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded phraseanet since pkglint got the indentation wrong.
|
|
|
|
ok wiz@ for PMC
|
|
|
|
|
|
|
|
|
