* caddytls: Prefer managed wildcard certs over individual subdomain certs
* Repurpose force_automate as no_wildcard
* Fix a couple bugs
* Restore force_automate and use automate loader as wildcard override
* caddyauth: Set authentication provider error in placeholder for handle_errors directive
* caddyauth: Simplify error placeholder setting for authentication provider
Currently if we extract the DialInfo from a Request Context during an active health check, then the Upstream in the DialInfo is nil.
This PR attempts to set the Upstream to a sensible value, based on wether or not the Upstream has been overriden in the active health check's config.
* events: Refactor; move Event into core, so core can emit events
Requires some slight trickery to invert dependencies. We can't have the caddy package import the caddyevents package, because caddyevents imports caddy. Interface to the rescue!
Also add two new events, experimentally: started, and stopping. At the request of a sponsor.
Also rename "Filesystems" to "FileSystems" to match Go convention (unrelated to events, was just bugging me when I noticed it).
* Coupla bug fixes
* lol whoops
* core: add modular `network_proxy` support
Co-authored-by: @ImpostorKeanu
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* move modules around
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* add caddyfile implementation
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* address feedbcak
* Apply suggestions from code review
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* adapt ForwardProxyURL to use the NetworkProxyRaw
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant `url` in log
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* code review
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove `.source` from the module ID
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Publishing a DNS record for a name that doesn't have any could make wildcards ineffective, which would be surprising for site owners and could lead to downtime.
* caddytls: Initial commit of Encrypted ClientHello (ECH)
* WIP Caddyfile
* Fill out Caddyfile support
* Enhance godoc comments
* Augment, don't overwrite, HTTPS records
* WIP
* WIP: publication history
* Fix republication logic
* Apply global DNS module to ACME challenges
This allows DNS challenges to be enabled without locally-configured DNS modules
* Ignore false positive from prealloc linter
* ci: Use only latest Go version (1.24 currently)
We no longer support older Go versions, for security benefits.
* Remove old commented code
Static ECH keys for now
* Implement SendAsRetry
* use UTC timezone for modified time
* use http.ParseTime to handle If-Modified-Since
* use time.Compare to simplify comparison
* take the directory's modtime into consideration when calculating lastModified
* update comments about If-Modified-Since's handling
This reverts commit 932dac157a3c4693b80576477498bb86208b9b30.
Somehow the code I was looking at changed when I committed, without realizing it. This has already been fixed in #6777.
* reverse_proxy: re-add healthy upstreams metric
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* lint
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
