* httpcaddyfile: Validates TLS DNS challenge options
Adds validation to the TLS Caddyfile adapter to ensure that when DNS challenge options (such as propagation_delay or dns_ttl) are specified, a DNS provider is also configured.
Adds new integration tests to verify this validation logic, and implements a new mechanism for adapt tests to assert a config adapt error.
* Add some more AI-generated tests asserting config errors
* Parallel doesn't work here, we use global variables
* Windows fix
* chore: apply security best practices for CI
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant codeql job
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run scorecard flow on PRs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* ci: add dep review action
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* sprinkle permissions on Actions jobs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* README: add OpenSSF best practices badge
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* add draft OpenSSF Scorecard workflow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* client_auth: wire up leaf verifier Caddyfile
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* review feedback + tests
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* chore: upgrade .golangci.yml and workflow to v2
run `golangci-lint fmt`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run `golangci-lint run --fix`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* bring back comments to .golangci.yml
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* appease the linter some more
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* oops
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs where they were used before
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* disable rule `-QF1006`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* missed a spot
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* log: default logger should respect `{in,ex}clude`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* add tests
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* admin: Make sure that any admin routers are provisioned when local/remote admin servers are replaced at runtime.
* admin: check for provisioning errors during admin server replacements
* caddytls: Prefer managed wildcard certs over individual subdomain certs
* Repurpose force_automate as no_wildcard
* Fix a couple bugs
* Restore force_automate and use automate loader as wildcard override
* caddyauth: Set authentication provider error in placeholder for handle_errors directive
* caddyauth: Simplify error placeholder setting for authentication provider
The consensus is that host enforcement on unix sockets is ineffective, frustrating, and confusing. (Unix sockets have their own OS-level permissions system.)
Currently if we extract the DialInfo from a Request Context during an active health check, then the Upstream in the DialInfo is nil.
This PR attempts to set the Upstream to a sensible value, based on wether or not the Upstream has been overriden in the active health check's config.
* events: Refactor; move Event into core, so core can emit events
Requires some slight trickery to invert dependencies. We can't have the caddy package import the caddyevents package, because caddyevents imports caddy. Interface to the rescue!
Also add two new events, experimentally: started, and stopping. At the request of a sponsor.
Also rename "Filesystems" to "FileSystems" to match Go convention (unrelated to events, was just bugging me when I noticed it).
* Coupla bug fixes
* lol whoops
