Steffen Busch
bfdb04912d
docs: add maybe template function documentation ( #7388 )
2025-12-06 06:51:28 -05:00
vnxme
31960dc998
Introduce packet conn wrappers ( #7180 )
...
* packet_conn_wrappers: Initial changes
* packet_conn_wrappers: Unwrap a packet conn only if there are no wrappers
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-12-04 14:15:56 -07:00
Francis Lavoie
be5f49fbeb
caddyhttp: Fix logging on wildcard sites when SkipUnmappedHosts is true ( #7372 )
2025-12-03 18:46:11 +00:00
Herman Slatman
7ebe72bbfe
caddypki: Add support for multiple intermediates in signing chain ( #7057 )
...
* caddypki: Add support for multiple intermediates in signing chain
* Move intermediate lifetime configuration check
In #7272 a check was changed to ensure that generated intermediate
certificates would always use a lifetime that falls within the
lifetime of the root. However, when a root and intermediate(s)
are supplied, the configuration value was being used instead of
the actual lifetimes of the certificates. The check was moved to
only be performed when an intermediate is generated; not when
loaded from disk.
* Add tests for `pemDecodeCertificateChain` and `pemDecodeCertificate`
* Use `crypto.Signer` instead of `any` in appropriate places
* Use latest Smallstep packages
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-12-03 11:30:00 -07:00
dependabot[bot]
8a87bb3ffb
build(deps): bump github.com/smallstep/certificates ( #7381 )
...
Bumps [github.com/smallstep/certificates](https://github.com/smallstep/certificates ) from 0.28.4 to 0.29.0.
- [Release notes](https://github.com/smallstep/certificates/releases )
- [Changelog](https://github.com/smallstep/certificates/blob/master/CHANGELOG.md )
- [Commits](https://github.com/smallstep/certificates/compare/v0.28.4...v0.29.0 )
---
updated-dependencies:
- dependency-name: github.com/smallstep/certificates
dependency-version: 0.29.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-03 10:45:18 -07:00
Mohammed Al Sahaf
df9386fa12
ci: escape backticks in changelogs embedded in JS ( #7382 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-12-03 16:40:31 +00:00
dependabot[bot]
786d537877
build(deps): bump the all-updates group with 3 updates ( #7376 )
...
Bumps the all-updates group with 3 updates: [github.com/klauspost/compress](https://github.com/klauspost/compress ), [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go ) and [go.uber.org/zap](https://github.com/uber-go/zap ).
Updates `github.com/klauspost/compress` from 1.18.1 to 1.18.2
- [Release notes](https://github.com/klauspost/compress/releases )
- [Commits](https://github.com/klauspost/compress/compare/v1.18.1...v1.18.2 )
Updates `github.com/quic-go/quic-go` from 0.57.0 to 0.57.1
- [Release notes](https://github.com/quic-go/quic-go/releases )
- [Commits](https://github.com/quic-go/quic-go/compare/v0.57.0...v0.57.1 )
Updates `go.uber.org/zap` from 1.27.0 to 1.27.1
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.27.0...v1.27.1 )
---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
dependency-version: 1.18.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: github.com/quic-go/quic-go
dependency-version: 0.57.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: go.uber.org/zap
dependency-version: 1.27.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 10:32:58 +03:00
Petr
67a9e0657e
reverseproxy: Fix retries for requests with bodies ( #7360 )
...
* capture the buffered body once, then reset clonedReq.Body before each retry
* no copy
* keep receiver name
* set the buf to nil after extraction and only return it to pool if not nil
---------
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
2025-11-24 12:03:18 -07:00
ledigang
2cb426776c
encode: modernize, replace HasSuffix+TrimSuffix with CutSuffix ( #7357 )
...
Signed-off-by: ledigang <shuangcui@msn.com>
2025-11-21 15:30:26 -07:00
Marten Seemann
b9e6f3b227
update quic-go to v0.57.0 ( #7359 )
2025-11-21 14:46:47 +03:00
dependabot[bot]
eead249382
build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 ( #7355 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.43.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.45.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.45.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-19 20:55:13 -07:00
WeidiDeng
a6da1acdc8
reverse_proxy: use interfaces to modify the behaviors of the transports ( #7353 )
2025-11-17 09:51:37 -07:00
Mohammed Al Sahaf
56282c5737
ci: implement new release flow ( #7341 )
...
* ci: implement new release flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant validation
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* extract key sha
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* pin github-scripts
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* switch to PR-based flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* don't use top-level permissions
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* restricted global perms + specific local perms
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* make PR draft
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-11-14 14:55:30 -07:00
KĂ©vin Dunglas
b3f2db233b
core: custom slog handlers for modules (log contextual data) ( #7346 )
2025-11-12 13:29:47 -07:00
dependabot[bot]
07d2aaf22e
build(deps): bump the all-updates group with 4 updates ( #7333 )
...
Bumps the all-updates group with 4 updates: [github.com/DeRuina/timberjack](https://github.com/DeRuina/timberjack ), [github.com/KimMachineGun/automemlimit](https://github.com/KimMachineGun/automemlimit ), [github.com/klauspost/compress](https://github.com/klauspost/compress ) and [go.step.sm/crypto](https://github.com/smallstep/crypto ).
Updates `github.com/DeRuina/timberjack` from 1.3.8 to 1.3.9
- [Release notes](https://github.com/DeRuina/timberjack/releases )
- [Changelog](https://github.com/DeRuina/timberjack/blob/main/CHANGELOG.md )
- [Commits](https://github.com/DeRuina/timberjack/compare/v1.3.8...v1.3.9 )
Updates `github.com/KimMachineGun/automemlimit` from 0.7.4 to 0.7.5
- [Release notes](https://github.com/KimMachineGun/automemlimit/releases )
- [Commits](https://github.com/KimMachineGun/automemlimit/compare/v0.7.4...v0.7.5 )
Updates `github.com/klauspost/compress` from 1.18.0 to 1.18.1
- [Release notes](https://github.com/klauspost/compress/releases )
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml )
- [Commits](https://github.com/klauspost/compress/compare/v1.18.0...v1.18.1 )
Updates `go.step.sm/crypto` from 0.72.0 to 0.73.0
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.72.0...v0.73.0 )
---
updated-dependencies:
- dependency-name: github.com/DeRuina/timberjack
dependency-version: 1.3.9
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: github.com/KimMachineGun/automemlimit
dependency-version: 0.7.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: github.com/klauspost/compress
dependency-version: 1.18.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: go.step.sm/crypto
dependency-version: 0.73.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all-updates
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-08 11:13:16 +03:00
Marten Seemann
f2199d48b2
chore: update quic-go to v0.56.0, enable qlog for HTTP/3 ( #7345 )
2025-11-08 00:41:15 -05:00
KĂ©vin Dunglas
8285eba842
caddyhttp: allow customizing the Server header ( #7338 )
2025-11-03 21:00:27 -07:00
Cooper de Nicola
895b56063a
chore: fix golangci-lint error G602 in caddyhttp ( #7334 )
2025-11-03 03:04:55 +00:00
Mohammed Al Sahaf
ddec1838b3
caddytls: correct documentation of LeafFolderLoader ( #7327 )
...
* caddytls: correct documentation of `LeafFolderLoader`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* fmt...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-11-01 18:29:55 +03:00
Ted
92c8bc7322
caddyfile: fix nested quotes formatted incorrectly by fmt ( #7045 )
...
* Fix incorrectly formatted quote within quotes with fmt
* Fix incorrectly formatted quote within quotes with fmt
2025-10-27 16:13:47 -06:00
WeidiDeng
abe0acabb6
reverseproxy: set default values for keepalive if only some of them are set ( #7318 )
2025-10-25 05:15:55 -04:00
Philipp Keidel
b54e870b26
tracing: switch to autoexport for OpenTelemetry span exporter ( #7317 )
2025-10-23 17:54:50 -06:00
dependabot[bot]
6d90c7707d
build(deps): bump github.com/slackhq/nebula from 1.9.5 to 1.9.7 ( #7315 )
...
Bumps [github.com/slackhq/nebula](https://github.com/slackhq/nebula ) from 1.9.5 to 1.9.7.
- [Release notes](https://github.com/slackhq/nebula/releases )
- [Changelog](https://github.com/slackhq/nebula/blob/v1.9.7/CHANGELOG.md )
- [Commits](https://github.com/slackhq/nebula/compare/v1.9.5...v1.9.7 )
---
updated-dependencies:
- dependency-name: github.com/slackhq/nebula
dependency-version: 1.9.7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-23 11:37:02 -06:00
dependabot[bot]
cd1c203777
build(deps): bump the all-updates group across 1 directory with 2 updates ( #7307 )
...
Bumps the all-updates group with 2 updates in the / directory: [github.com/spf13/pflag](https://github.com/spf13/pflag ) and [go.step.sm/crypto](https://github.com/smallstep/crypto ).
Updates `github.com/spf13/pflag` from 1.0.9 to 1.0.10
- [Release notes](https://github.com/spf13/pflag/releases )
- [Commits](https://github.com/spf13/pflag/compare/v1.0.9...v1.0.10 )
Updates `go.step.sm/crypto` from 0.70.0 to 0.72.0
- [Release notes](https://github.com/smallstep/crypto/releases )
- [Commits](https://github.com/smallstep/crypto/compare/v0.70.0...v0.72.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/pflag
dependency-version: 1.0.10
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: all-updates
- dependency-name: go.step.sm/crypto
dependency-version: 0.72.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: all-updates
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-21 22:32:36 -06:00
wyrapeseed
57587ed18e
refactor: use reflect.TypeFor ( #7313 )
...
Signed-off-by: wyrapeseed <wyrapeseed@outlook.com>
2025-10-21 13:26:30 -06:00
WeidiDeng
1e21b660c4
reverseproxy: use http.Protocols to handle h2c requests ( #6990 )
2025-10-21 16:05:43 +00:00
Mohammed Al Sahaf
595aab8bc0
metrics: resolve per-host inifinite cardinality ( #7306 )
2025-10-21 06:06:56 +00:00
WeidiDeng
8aca108d2c
reverseproxy: do not disable keepalive if proxy protocol is used ( #7300 )
2025-10-21 05:09:37 +00:00
Pavel
156ce99d3a
listeners: Add support for named socket activation ( #7243 )
2025-10-21 04:55:42 +00:00
WeidiDeng
a7885aabec
intercept: use already buffered response if possible when intercepting ( #7028 )
2025-10-21 04:48:07 +00:00
Bashayer Alrumahi
f5f25d845a
logging: fix multiple regexp filters on same field ( fixes #7049 ) ( #7061 )
...
* logging: fix multiple regexp filters on same field (fixes #7049 )
* fix: add proper error handling in MultiRegexpFilter tests
* fix: resolve linter and test issues - Fix GCI import formatting issues - Fix MultiRegexpFilter input size limit test by ensuring output doesn't exceed max length after each operation - All tests now pass and linter issues resolved
* fix: update integration test for proper JSON encoding - Fix expected JSON output to use Unicode escape sequence for ampersand character - Integration tests now pass
2025-10-16 05:08:53 +00:00
WeidiDeng
1ce2a13ad1
caddyhttp: wrap accepted connection to suppress tls.ConnectionState ( #7247 )
2025-10-16 03:13:40 +00:00
Chris Seufert
d7185fd002
caddyhttp: Add trusted_proxies_unix for trusting unix socket X-Forwarded-* headers ( #7265 )
2025-10-16 02:47:32 +00:00
Anthony Biondo
7fb39ec1e5
reverseproxy: Use http1.1 upgrade for websocket for extended connect of http2 and http3 ( #7305 )
...
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
2025-10-16 02:20:20 +00:00
aeris
10ac7da037
logging: Switch from lumberjack to timberjack, add time-rolling options ( #7244 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2025-10-15 17:11:10 -04:00
wyrapeseed
d115cd1042
chore: fix some comments ( #7303 )
2025-10-15 03:58:53 +00:00
joshuamcbeth
de6b78009b
caddyhttp: Add server options keepalive_idle and keepalive_count ( #7298 )
...
* Add Server options KeepAliveIdle (keepalive_idle) and KeepAliveCount (keepalive_count)
Signed-off-by: Joshua McBeth <joshua.mcbeth@gmail.com>
* Add Server option KeepAliveDisable (keepalive_disable)
Signed-off-by: Joshua McBeth <joshua.mcbeth@gmail.com>
* Remove Server option KeepAliveDisable (keepalive_disable), disable when interval is negative
Signed-off-by: Joshua McBeth <joshua.mcbeth@gmail.com>
* Add keepalive parameters to caddyfiletest
Signed-off-by: Joshua McBeth <joshua.mcbeth@gmail.com>
---------
Signed-off-by: Joshua McBeth <joshua.mcbeth@gmail.com>
2025-10-14 12:03:23 -06:00
WeidiDeng
2ec28bca43
reverse_proxy: use http1 for outbound tls requests with placeholder that are likely websockets ( #7296 )
2025-10-09 10:36:49 -06:00
Marten Seemann
178294e9d7
chore: Update quic-go to v0.55.0 ( #7288 )
...
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-10-06 19:43:28 -04:00
GreyXor
13a4ec7597
basicauth: Implement argon2id ( #7186 )
...
* feat: add argon2id hash-password command
* feat: ardon2id owasp safe value
* feat: add argon2id compare method
* chore: fmt argon2id
* docs: more argon2id docs
* chore: upgrade x/crypto dep
* revert: remove golangci
* refactor: argon2id decode
* chore: update deps
* refactor: simplify argon2id compare return
* chore: upgrade dependencies
* chore: upgrade dependencies
2025-10-06 17:27:06 -06:00
Monviech
2f1d270968
httpcaddyfile: Map default_bind to BindHost in globalACMEDefaults ( #7278 )
...
* Implement BindHost fallback in ACME issuer
* Fix indentation
* Skip creating empty challenges stub in adapted json config
* Skip setting BindHost for DNS Challenge
* golangci-lint fix
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2025-10-06 16:48:38 -06:00
Aditya Bhargava
3c003deec6
httpcaddyfile: Add missing DNS challenge check for acme_dns ( #7270 )
...
* add optional argument to `mock` DNS provider
* preserve local DNS challenge settings when `acme_dns` is specified
* add missing check for `acme_dns`
2025-10-03 14:05:46 -06:00
dependabot[bot]
afbdcec08b
build(deps): bump the actions-deps group with 8 updates ( #7284 )
...
Bumps the actions-deps group with 8 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.13.0` | `2.13.1` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.5.0` | `6.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) | `4.7.3` | `4.8.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.9.2` | `3.10.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.5` | `0.20.6` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) | `3.0.0` | `4.0.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.2` | `2.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.30.0` | `3.30.5` |
Updates `step-security/harden-runner` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ec9f2d5744...f4a75cfd61https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582https://github.com/actions/dependency-review-action/releases )
- [Commits](595b5aeba7...56339e523chttps://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8achttps://github.com/peter-evans/repository-dispatch/releases )
- [Commits](ff45666b94...5fc4efd1a4https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](05b42c6244...4eaacf0543https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...3599b3baa1
2025-10-01 23:11:09 +00:00
Francis Lavoie
65e0ddc221
core: Reloading with SIGUSR1 if config never changed via admin ( #7258 )
2025-09-26 16:50:15 +00:00
WeidiDeng
b2ab419922
core: use reflect.TypeFor to check for encoding/json.RawMessage ( #7274 )
...
* check if the raw message type is the json v2 type
* use reflect.TypeFor to check for encoding/json.RawMessage
---------
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-09-26 10:46:18 -06:00
asttool
bc0e184130
caddyhttp: omit unnecessary reassignment ( #7276 )
...
Signed-off-by: asttool <asttool@outlook.com>
2025-09-26 10:44:58 -06:00
Y.Horie
1e82f9652e
caddypki: check intermediate lifetime to actual root cert lifetime ( #7272 )
2025-09-26 10:24:52 -06:00
Mohammed Al Sahaf
25be2f26fc
chore: ugh, lint fix... ( #7275 )
...
* chore: ugh, lint fix...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2025-09-26 03:14:48 -04:00
Marten Seemann
0c8798fce3
go.mod: update quic-go to v0.54.1 ( #7273 )
2025-09-25 19:24:26 -06:00
Gilbert Gilb's
f5c3094050
cmd: prevent commas in header values from being split ( #7268 )
...
`pflag.GetStringSlice` treats commas as delimiters, which causes issues
when passing headers whose values contain commas (`X-Robots-Tag:
noindex, nofollow`). These are incorrectly split into multiple headers
and errors out:
- `X-Robots-Tag: noindex`
- ` nofollow`
Switch to `pflag.GetStringArray`, which does not split on commas[1].
Note that this changes behavior for cases where multiple headers were
provided in a single argument with commas (`--header-down "X-Foo:
Bar,X-Bar: Foo"`). Such cases will now be treated as a single header
value. If this breaking change is unacceptable, we will need a smarter
fallback mechanism.
[1] https://github.com/spf13/pflag/pull/90
2025-09-22 21:12:06 -06:00
