| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Update to version 2.4.6: * caddycmd: Add `--keep-backup` to upgrade commands (#4387) * caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386) * caddycmd: fix caddy validate/fmt help message (#4377) * caddyhttp: Add support for triggering errors from `try_files` (#4346) * caddyhttp: Placeholder for client cert in DER + base64 format (#4241) * caddyhttp: reverseproxy: clarify warning for -insecure (#4379) * caddyhttp: Sanitize the path before evaluating path matchers (#4407) * caddytls: Mark storage clean timestamp at end of routine (#4401) * docs: General minor improvements * fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342) * fastcgi: Implement `try_files` override in Caddyfile directive (#4347) * fileserver: Fix compression breaks using httpInclude (#4352) (#4358) * fileserver: Fix displayed file size if it is symlink (#4354) * fileserver: Make file listing links purple once visited (#4356) * fileserver: Prevent focusing filter from scrolling on page load (#4393) * fileserver: properly handle escaped/non-ascii paths (#4332) * headers: Canonicalize case in replace (fix #4330) * httpcaddyfile: Empty tls policy for internal http localhost (#4398) * httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381) * map: Fix 95c03506 (avoid repeated expansions) * map: Fix regex mappings * reverseproxy: Log error at error level (fix #4360) * reverseproxy: Prevent copying the response if a response handler ran (#4388) * reverseproxy: Sanitize scheme and host on incoming requests (#4237) * templates: Add 'import' action (#4321) * templates: Add tests for funcInclude and funcImport (#4357) * templates: Propagate httpError to HTTP response
- Update to version 2.4.5:
* Hotfix for a regression introduced in 2.4.4 related to
combining the encode and reverse_proxy directives.
* cmd: export CaddyVersion(), Commands()
* encode: ignore flushing until after first write
* go.mod: Update CertMagic
- Update to version 2.4.4: * acmeserver: Don't set host for directory links by default * acmeserver: Trim slashes from path prefix * admin: Implement load_interval to pull config on a timer * admin: Replace admin cert cache when reloading * admin: Sync server variables * caddyfile: Better error message for missing site block braces * caddyfile: Error on invalid site addresses containing comma * caddyfile: keep error chain info in Dispenser.Errf * caddyhttp: Fix edgecase with auto HTTP->HTTPS logic * caddyhttp: Fix incorrect determination of gRPC protocol * caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi * caddyhttp: Updated the documentation for MatchQuery * caddytls: Add Caddyfile support for propagation_timeout * caddytls: Remove "IssuerRaw" field * cmd: Fix paths when using an env file * cmd: New add-package and remove-package commands * cmd: use net.ErrClosed for matching returned error * core: Unix ns and Unix ms time placeholders * encode: Tweak compression settings * fileserver: Add disable_canonical_uris Caddyfile subdirective * fileserver: Clarify docs about canonicalization * fileserver: Don't persist parsed template * fileserver: Fix browse name_dir_first sorting * fileserver: Fix browse not redirecting query parameters * fileserver: Only redirect if filename not rewritten * fileserver: Redirect within the original URL * go.mod: Update dependencies * httpcaddyfile: Add preferred_chains global option and issuer subdirective * httpcaddyfile: Add shortcut for proxy hostport placeholder * httpcaddyfile: Add skip_install_trust global option * httpcaddyfile: Don't add HTTP hosts to TLS APs * httpcaddyfile: Don't put localhost in public APs * httpcaddyfile: Ensure hosts to skip for logs can always be collected * httpcaddyfile: Improve unrecognized directive errors * httpcaddyfile: Reorder some directives * logging: Actually use level_key * logging: Add missing interface guards for replace filter * logging: Prep for common_log removal * logging: Warn for deprecated single_field encoder * metrics: use buildinfo collector from new collectors pkg * reverseproxy: Adjust test related to #4201 * reverseproxy: Always remove hop-by-hop headers * reverseproxy: Fix overwriting of max_idle_conns_per_host * reverseproxy: Incorporate latest proxy changes from stdlib * reverseproxy: Keep path to unix socket as dial address * reverseproxy: Remove redundant flushing
- Added hardening to systemd service(s). Modified: * caddy.service
- Update to version 2.4.1:
* logging: Implement dial timeout for net writer (fix #4083) (#4172)
* admin: Reinstate internal redirect for /id/ requests
* caddyfile: Add parse error on site address with trailing `{` (#4163)
* reverseproxy: Set the headers in the replacer before `handle_response` (#4165)
* ci: Run CI on PRs targeting minor version branches (#4164)
* cmd: upgrade: inherit the permissions of the original executable (#4160)
* httpcaddyfile: Fix automation policy consolidation again (fix #4161)
* caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)
* encode: Drop `prefer` from Caddyfile (#4156)
* encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151)
* caddytls: Run replacer on ask URL, for env vars (#4154)
* httpcaddyfile: Add `grace_period` global option (#4152)
* caddyhttp: Fix fallback for the error handler chain (#4131)
* reverseproxy: Minor logging improvements
* fileserver: Fix `file` matcher with empty `try_files` (#4147)
* go.mod: CertMagic v0.13.1
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)
* cmd: Add --envfile flag to `start` command (#4141)
* httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077)
* httpcaddyfile: Add global option for `storage_clean_interval` (#4134)
* caddyhttp: performance improvement in HeaderRE Matcher (#4143)
* fileserver: Share template logic for both `templates` and `file_server browse` (#4093)
* caddytls: Implement remote IP connection matcher (#4123)
* httpcaddyfile: Fix unexpectedly removed policy (#4128)
* reverseproxy: fix hash selection policy (#4137)
* fileserver: Better handling of HTTP status override (#4132)
* caddyfile: Fix `import` replacing unrelated placeholders (#4129)
* caddytls: Add `load_storage` module (#4055)
* reverseproxy: Admin endpoint for reporting upstream statuses (#4125)
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)
* httpcaddyfile: Take into account host scheme/port (fix #4113)
* fuzz: fix the FuzzFormat comparison (#4117)
* caddytls: Disable OCSP stapling for manual certs (#4064)
* caddytls: Configurable storage clean interval
* caddyfile: reject cyclic imports (#4022)
* ci: fuzz: add 4 more fuzzing targets (#4105)
* fileserver: Add status code override (#4076)
* notify: Send all sd_notify signals from main caddy process (#4060)
* go.mod: Update quic-go to v0.20.1 (#4075)
* httpcaddyfile: Fix panic in automation policy consolidation (#4104)
* caddyfile: Normalize line endings before comparing fmt result (#4103)
* ci: accommodate go1.16 changes to go mod (#4102)
* Minor tweaks
* go.mod: Use latest CertMagic
* Use 600 instead of 644 for UUID file
* Change os to ioutil for now
* reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)
* caddy: Add InstanceID() method
* encode,staticfiles: Content negotiation, precompressed files (#4045)
* reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050)
* go.mod: Migrate to golang.org/x/term (#4073)
* caddyhttp: improve grammar of comment for AllowH2C (#4072)
* sigtrap_posix: add missing comma to SIGTERM info (#4078)
* cmd: Use formatted logger for config adapter warnings (#4080)
* cmd: main: fix minor doc typos (#4082)
* headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)
* .gitignore: add IDE files (#4087)
* fileserver: Add a few more debug lines (#4063)
* fileserver: Browse listing supports dark mode (#4066)
* CONTRIBUTING: fix spelling (#4070)
* httpcaddyfile: Add `error` directive for the existing handler (#4034)
* logging: add replace filter for static value replacement (#4029)
* caddyconfig: add global option for configuring loggers (#4028)
* map: Accept regex substitution in outputs (#3991)
* reverseproxy: Fix upstreams with placeholders with no port (#4046)
* rewrite: Implement regex path replacements
* fileserver: Don't replace in request paths (fix #4027)
* caddypki: Add SignWithRoot option for ACME server
* reverseproxy: Fix round robin data race (#4038)
* Update docs; commit setcap.sh
* go.mod: Latest CertMagic (updated libdns conventions)
* core: Initialize logging before admin
* caddytls: Remove old asset migration code (close #3894)
* reverseproxy: Add duration/latency placeholders (close #4012) (#4013)
* httpcaddyfile: Fix catch-all site block sorting
* ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024)
* caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998)
* Improve security warnings
* httpcaddyfile: Configure other apps from global options (#3990)
* cmd: Clean up `build-info` and `upgrade` output
* caddyhttp: Support placeholders in header matcher values (close #3916)
* caddytls: Save email with account if not already specified
* reverseproxy: Response buffering & configurable buffer size
* httpcaddyfile: Fix automation policies
* ci: deflake integration tests (#3966)
* httpcaddyfile: Add resolvers subdir of tls (close #4008)
* acmeserver: Support custom CAs from Caddyfile
* caddyhttp: Check for invalid subdirectives of static_response
* httpcaddyfile: Fix default issuers when email provided
* cmd: Add --force flag to reload command (close #4005)
* httpcaddyfile: Warn if site address uses unspecified IP (close #4004)
* httpcaddyfile: Sort catch-all site blocks properly (fix #4003)
* ci: update the command to run tests on the s390x machine (#3995)
* caddyhttp: Fix redir html status code, improve flow (#3987)
* caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983)
* admin: Identity management, remote admin, config loaders (#3994)
* caddycmd: Add upgrade command (#3972)
* Revert "requestbody: Allow overwriting remote address"
* caddytest: Update Caddyfile tests for formatting, HTTP-only blocks
* httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977)
* cmd: Print more detailed version with --environ
* map: Add missing json struct tag
* tests: use actual admin port value in error message (#3973)
* cmd: Implement sd_notify() to notify systemd about readiness (#3963)
* templates: Add fileExists and httpError template actions
* requestbody: Allow overwriting remote address
* rewrite: Use RawPath instead of Path (fix #3596) (#3918)
* Update docs
* caddytls: Configurable OCSP stapling; global option (closes #3714)
* logging: Remove logfmt encoder (close #3575)
* httpcaddyfile: Support repeated use of cert_issuer global option
* caddytls: add 'key_type' subdirective (#3956)
* caddyfile: Refactor unmarshaling of module tokens
* go.mod: Update CertMagic and acmez (improved IDN support)
* reverseproxy: Caddyfile health check headers, host header support (#3948)
* httpcaddyfile: Adjust iterator when removing AP (fix #3953)
* cmd: Organize list-modules output; --packages flag (#3925)
* caddyfile: Introduce basic linting and fmt check (#3923)
- Create Caddy package
- Update to version 2.10.0:
* caddytls: Allow missing ECH meta file
* caddytls: Prefer managed wildcard certs over individual subdomain certs (#6959)
* caddytls: Add remote_ip to HTTP cert manager (close #6952)
* build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 (#6960)
* caddyauth: Set authentication provider error in placeholder (#6932)
* go.mod: Upgrade acmez and certmagic
* admin: Remove host checking for UDS (close #6832)
* reverseproxy: Add valid Upstream to DialInfo in active health checks (#6949)
* Fix the incorrect parameter order (#6951)
* chore: fix comment (#6950)
* caddyhttp: Document side effect of HTTP/3 early data (close #6936)
* go.mod: Upgrade to libdns 1.0 beta APIs (requires upgraded DNS providers)
* events: Refactor; move Event into core, so core can emit events (#6930)
* caddytls: Temporarily treat "" and "@" as equivalent for DNS publication
* go.mod: Upgrade CertMagic
* go.mod: Minor dependency upgrades
* caddytls: Don't publish HTTPS record for CNAME'd domain (fix #6922)
* core: add modular `network_proxy` support (#6399)
* update quic-go to v0.50.1 (#6918)
* chore: Modernize a couple for loops
* caddytls: Initialize permission module earlier (fix #6901)
* caddyfile: Fix formatting for backquote wrapped braces (#6903)
* caddytls: Convert AP subjects to punycode
* caddytls: Don't publish ECH configs if other records don't exist
* requestbody: Fix ContentLength calculation after body replacement (#6896)
* requestbody: Add set option to replace request body (#5795)
* headers: Allow nil HeaderOps (fix #6893)
* caddytls: Minor fixes for ECH
* caddytls: Fix TrustedCACerts backwards compatibility (#6889)
* caddytls: Pointer receiver (fix #6885)
* caddyfile: add error handling for unrecognized subdirective/options in various modules (#6884)
* reverseproxy: more comments about buffering and add new tests (#6778)
* chore: Remove unnecessary explicit type parameters
* caddytls: Reorder provisioning steps (fix #6877)
* ci: fix Go matrix (#6846)
* caddytls: Only make DNS solver if not already set (fix #6880)
* cmd: Promote undo maxProcs func to caller
* cmd: Only set memory/CPU limits on run (fix #6879)
* caddypki: Remove lifetime check at Caddyfile parse (fix #6878)
* go.mod: Upgrade dependencies
* caddytls: Fix broken refactor
* caddytls: Enhance ECH documentation
* Update min go version in readme
* readme: update Twitter name and link (#6874)
* build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#6876)
* caddytls: Encrypted ClientHello (ECH) (#6862)
* build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 (#6871)
* chore: upgrade cobra (#6868)
* Fix typo in TLS group x25519mlkem768
* caddytest: Support configuration defaults override (#6850)
* chore: update quic-go to v0.50.0 (#6854)
* go.mod: remove glog dependency (#6838)
* chore: ci: upgrade Go version to 1.24 (#6839)
* tests: tests for error handling & metrics in admin endpoints (#6805)
* caddytls: Support post-quantum key exchange mechanism X25519MLKEM768
* file_server: use the UTC timezone for modified time (#6830)
* Revert "logging: Always set fields func; fix #6829"
* logging: Always set fields func; fix #6829
* admin: fix index validation for PUT requests (#6824)
* reverseproxy: ignore duplicate collector registration error (#6820)
* build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 (#6814)
* fix: update broken link to Ardan Labs (#6800)
* reverse_proxy: re-add healthy upstreams metric (#6806)
* caddytls: Refactor sni matcher (#6812)
* cmd: automatically set GOMEMLIMIT (#6809)
* caddyhttp: ResponseRecorder sets stream regardless of 1xx
* caddytls: Fix sni_regexp matcher to obtain layer4 contexts (#6804)
* chore: don't use deprecated `archives.format_overrides.format` (#6807)
* chore: update quic-go to v0.49.0 (#6803)
* go.mod: Upgrade CertMagic to v0.21.7
* reverseproxy: Via header (#6275)
* logging: Fix crash if logging error is not HandlerError (#6777)
* caddytls: Initial support for ACME profiles
* fastcgi: improve parsePHPFastCGI docs (#6779)
- Packaging improvements:
* Update to BuildRequires: golang(API) >= 1.24 matching go.mod
* Use BuildRequires: two-digit golang(API) >= 1.x rather than
three digit 1.x.y default from go mod init defaults. Currently
the Provides: golang(API) expression is major version
(two-digit) only. We ship new go releases sufficiently quickly
that this has not often been an issue. Consideration is being
given to the best way to handle the new three digit go.mod
required minimum Go version.