Caddy Versions Save

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

v2.7.6

4 months ago

In this version we've made several fixes and enhancements with help from several contributors. Most changes are small, but some notable ones:

  • The templates middleware is now officially extensible (experimentally). This means modules can add custom functions/actions for templates to execute.
  • TLS storage cleaning is now synchronized across the cluster and remembered across restarts. This should greatly lower costs for expensive storage backends like DynamoDB.
  • Placeholders are now evaluated in config for certificate loaders.
  • Numerous bug fixes.

Thank you to everyone who contributed!

Changelog

  • 65c489a0 Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
  • ae5e2d96 caddyfile: Fix variadic placeholder false positive when token contains : (#5883)
  • db55da59 caddyhttp: Adjust scheme placeholder docs (#5910)
  • df5edf6b caddytls: Context to DecisionFunc (#5923)
  • 6d9a8337 caddytls: Sync distributed storage cleaning (#5940)
  • 11a082c0 cmd: Add newline character to version string in CLI output (#5895)
  • 979c413f cmd: upgrade: resolve symlink of the executable (#5891)
  • 64820706 core: Apply SO_REUSEPORT to UDP sockets (#5725)
  • 15adb893 core: quic listener will manage the underlying socket by itself (#5749)
  • 801ec756 fileserver: Add .m4v for browse template icon
  • b809ed71 go.mod: CVE-2023-45142 Update opentelemetry (#5908)
  • b4c7313c go.mod: Upgrade quic-go to v0.39.1
  • 36fce3fa go.mod: update quic-go version to v0.40.0 (#5922)
  • ec2de22a httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
  • f0ea489d httpcaddyfile: Remove port from logger names (#5881)
  • 87f63b12 httpredirectlistener: Only set read limit for when request is HTTP (#5917)
  • 16834d64 templates: Clarify include args docs, add .ClientIP (#5898)
  • 0259853a templates: Delete headers on httpError to reset to clean slate (#5905)
  • 2f7ceb57 templates: Offically make templates extensible (#5939)
  • 908e9569 tls: accept placeholders in string values of certificate loaders (#5963)

Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.5...v2.7.6

v2.7.5

6 months ago

In this release, we've fixed quite a few small bugs and annoyances, including HTTP/2 Rapid Reset which affected most HTTP/2 implementations.

On a personal note (from @mholt): I recently became a dad! I want to thank our maintainers for helping in so many ways while I've been taking extra time for family. Francis, Matthew, Mohammed, and others -- including all the contributors below, and then some -- are to thank for shipping this release.

Highlights

  • Updated https://github.com/quic-go/quic-go from v0.37.5 to v0.39.0, including many performance improvements. GSO and ECN are now enabled by default, but you may turn them off by setting the QUIC_GO_DISABLE_GSO=true and QUIC_GO_DISABLE_ECN=true environment variables respectively, if they cause you problems. See the quic-go release notes for more details.
  • The file server's fileserver.BrowseTemplate is now exported, so it may be customized by programs embedding Caddy. (ed8bb13c5df7656647ca7fc1fd09237631a6767c)
  • Environment variables loaded with --envfile no longer override existing variables. (#5803)
  • The encode handler now compresses application/wasm* content types by default. (#5869)
  • The reverse_proxy handler can now emit very detailed logs for debugging streaming and buffering. To enable it, set the verbose_logs subdirective, and set logging to debug level. Since the logs from this are very noisy, using verbose_logs to opt-in is necessary. We may ask you to enable this when asking for support! (#5793)
  • You can now check the version with caddy -v, like most other CLI utilities! (#5874)

Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!

Changelog

  • 0e204b73 admin: Respond with 4xx on non-existing config path (#5870)
  • 89c407aa build(deps): bump actions/checkout from 3 to 4 (#5846)
  • 1405683c build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
  • 38a7b6b3 caddyfile: Adjust error formatting (#5765)
  • 7103ea09 caddyfile: Fix case where heredoc marker is empty after newline (#5769)
  • 10053f75 caddyfile: Loosen heredoc parsing (#5761)
  • 58ab3a01 caddyhttp: Use LimitedReader for HTTPRedirectListener (thank you to Bartek Nowotarski for reporting)
  • 9c419f1e cmd: Fix exiting with custom status code, add caddy -v (#5874)
  • f2ab7099 cmd: Prevent overwriting existing env vars with --envfile (#5803)
  • e0aaefab encode: Add application/wasm* to the default content types (#5869)
  • fa5a579b fileserver: Add command shortcuts -l and -a (#5854)
  • ed8bb13c fileserver: Export BrowseTemplate
  • 130f6d1f fileserver: Set canonical URL on browse template (#5867)
  • a306c5f7 fileserver: browse template SVG icons and UI tweaks (#5812)
  • 0a6d3333 fileserver: docs: clarify the ability to produce JSON array with browse (#5751)
  • 82c356f2 fix: caddytest.AssertResponseCode error message (#5853)
  • 888c6d7e go.mod: Update quic-go to v0.38.0 (#5772)
  • 88b4fbf2 go.mod: Upgrade dependencies incl. x/net/http
  • df995029 httpcaddyfile: Enable TLS for catch-all site if tls directive is specified (#5808)
  • 33d8d2c6 httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
  • 288216e1 httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)
  • 2cac3c54 httpcaddyfile: fix placeholder shorthands in named routes (#5791)
  • c46ec3b5 logging: Clone array on log filters, prevent side-effects (#5786)
  • 1b73e386 logging: query filter for array of strings (#5779)
  • 4776f62c replacer: change timezone to UTC for "time.now.http" placeholders (#5774)
  • a8586b05 reverseproxy: Add logging for dynamic A upstreams (#5857)
  • 3a3182fb reverseproxy: Add more debug logs (#5793)
  • 4feac4d8 reverseproxy: Allow fallthrough for response handlers without routes (#5780)
  • e8b8d4a8 reverseproxy: Fix least_conn policy regression (#5862)
  • 2a6859a5 reverseproxy: Fix retries on "upstreams unavailable" error (#5841)
  • 05dbe1c1 reverseproxy: Replace health header placeholders (#5861)
  • 1e0dea59 reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)
  • b245ecd3 reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)
  • 5653c36b templates: Add dummy RemoteAddr to httpInclude request, proxy compatibility (#5845)
  • 289934f3 tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)

New Contributors

Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.4...v2.7.5

v2.7.4

8 months ago

Caddy 2.7.4 rounds out some bug fixes from the 2.7 release. For example, Go made a last-minute breaking change to a new API that broke quic-go (HTTP/3) on Go 1.21 just before Go 1.21 was released; we resolved a few issues with on-demand TLS that are now much improved from the 2.6 tree; a couple race conditions were fixed in dynamic reverse proxy upstreams. We hope you will be pleased with this new version!

Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!

We encourage all users to test this new version and then upgrade. Thanks to all who get involved!

Changelog

  • 080db938 caddytls: Update docs for on-demand config
  • d8135505 cmd: Require config for caddy validate (fix #5612) (#5614)
  • a8492c06 fileserver: Don't repeat error for invalid method inside error context (#5705)
  • 2d7d806f fileserver: Slightly more fitting icons
  • f11c3c9f go.mod: Upgrade CertMagic and quic-go
  • 5b9c850a go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)
  • 936ee918 reverseproxy: Always return new upstreams (fix #5736) (#5752)
  • 431adc09 templates: Fix httpInclude (fix #5698)

New Contributors

Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.3...v2.7.4

v2.7.3

8 months ago

We're pleased to present Caddy 2.7, which makes significant strides in areas of scaling, performance, and niche features.

Special thank-you to @francislavoie, @Mohammed90, and other core team members for the ongoing dedication of their time to help maintain the project and help in our forums.

And a big thank-you to everyone else who contributed! You're awesome, and we're glad this project has so many contributors and sponsors to make it possible.

Docs are being updated and will be pushed live shortly. Thank you for your patience and for using Caddy!

(Note: Versions 2.7.0-2.7.2 contain bugs that were hotfixed within minutes and hours and a day of the release. Thank you to everyone who helped with that! And sorry for the trouble, we have learned lessons to help mitigate that in the future.)

Highlights

  • The in-memory TLS certificate cache is no longer purged and recreated during config reloads, making reloads extremely lightweight even when managing thousands of certificates.
  • Significant HTTP/3 performance improvements (upstream in quic-go) including enabling 0-RTT. Caddy users should notice significantly better throughput for HTTP/3. Thanks for the fantastic work, @marten-seemann!
  • New default template for the file server's "browse" listings - more modern, easier to use, grid view, filetype-specific icons, and better dark mode (see #5427 for more screenshots and info) list view grid view
  • The reverse proxy now supports the PROXY protocol. Using external modules is no longer required; specifically, the plugin by @mastercactapus is now built-in. (#5424)
  • Caddyfile now supports Heredoc syntax for long embedded strings/documents. (#5385)
  • @francislavoie implemented a suite of enhancements to bring you more reliable, trustworthy client IP information, even through proxies and CDNs (#5104)
  • Certificate private keys will no longer be reused when renewing certificates.
  • Caddyfile import arg placeholders support slice syntax, e.g. {args[2:]} (#5249)
  • Customizable "fallback" policy for reverse proxy in case the primary policy isn't applicable. (#5488)
  • Etags are generated more sensibly for NixOS environments which all have Modified time of 1; and if you set your own Etag, it will not be overwritten.
  • EXPERIMENTAL: New short flags for the CLI. (#5379)
  • EXPERIMENTAL: The reverse proxy may be configured to keep hijacked connections (streams, WebSockets, etc.) open through config reloads. (#5567)
  • EXPERIMENTAL: Define "named routes" to reuse them without copying. Caddyfile snippets are useful for reusing config, but reusing the same HTTP routes involves lots of copied config and memory bloat. Named routes let you define a route once and reuse it throughout your HTTP server without copying. It is available for JSON and Caddyfile configs. (#5107)
  • EXPERIMENTAL: You can specify permissions for unix sockets. (#4741)
  • Many many bug fixes you may or may not notice :upside_down_face:

Deprecations and possible breaking changes for some:

  • :warning: The ask endpoint is now required to enable On-Demand TLS (b97c76fb4789b8da0b80f5a2c1c1c5bebba163b5) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. The ask endpoint is not required for local-only or internal-only names (#5384 and a7af7c486e5240da974e02b7dfee9d265aaa654a).
  • :warning: The on-demand config's throttle options are now deprecated because the 'ask' endpoint is required. Additionally, the 'ask' endpoint is checked and the throttle is applied before storage is queried for a certificate in order to limit load on the storage backend.
  • :warning: The long-deprecated lookup_srv feature of the reverse proxy has been removed. It was replaced with the dynamic upstreams feature in 2.6. (#5396)
  • :warning: The remote_ip forwarded matcher has been deprecated because it assumes trusting downstream proxies. Instead, the client_ip matcher should be used along with trusted_proxies configuration. (#5103 and #5104)
  • :warning: Placeholder syntax {args.0} is now deprecated in favor of {args[0]}.
  • :warning: Plugin authors will now need to use http.ResponseController to call Flush() or Hijack() on the response writer. (#5654)

Thank you to everyone who contributed! And thank you to our sponsors who truly make this project possible.

New Contributors

Full Changelog: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.3

Changelog

  • 3f20a7c9 acmeserver: Configurable resolvers, fix smallstep deprecations (#5500)
  • b1366c7e build(deps): bump actions/setup-go from 3 to 4 (#5474)
  • dfe17c33 caddyconfig: Specify config adapter for HTTP loader (close #5607)
  • f3379f65 caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
  • 960150bb caddyfile: Implement heredoc support (#5385)
  • 8bc05e59 caddyfile: Implement variadics for import args placeholders (#5249)
  • 53b6fab1 caddyfile: Stricter parsing, error for brace on new line (#5505)
  • cee4441c caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
  • 9cde7155 caddyfile: Track import name instead of modifying filename (#5540)
  • bbe1952a caddyfile: Fix comparing if two tokens are on the same line (#5626)
  • 9f34383c caddyfile: check that matched key is not a substring of the replacement key (#5685)
  • cfc85ae8 caddyhttp: Add a getter for Server.name (#5531)
  • 05e99745 caddyhttp: Determine real client IP if trusted proxies configured (#5104)
  • c05e3898 caddyhttp: Enable 0-RTT QUIC (#5425)
  • 85375861 caddyhttp: Fix vars_regexp matcher with placeholders (#5408)
  • 1c9ea011 caddyhttp: Impl ResponseWriter.Unwrap(), prep for Go 1.20's ResponseController (#5509)
  • cbf16f6d caddyhttp: Implement named routes, invoke directive (#5107)
  • 2b3046de caddyhttp: Log request body bytes read (#5461)
  • 96919acc caddyhttp: Refactor cert Managers (fix #5415) (#5533)
  • d8d87a37 caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
  • 808b05c3 caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
  • 29452647 caddyhttp: Fix h3 shutdown (#5541)
  • 6a41b62e caddyhttp: Support custom network for HTTP/3 (#5573)
  • a7af7c48 caddytls: Allow on-demand w/o ask for internal-only
  • cd486c25 caddyhttp: Make use of http.ResponseController (#5654)
  • 18c309b5 caddyhttp: Preserve original error (fix #5652)
  • 66114cb1 caddyhttp: Trim dot/space only on Windows (fix #5613)
  • a02ecb0f caddytls: Check for nil ALPN; close #5470 (#5473)
  • faf0399e caddytls: Configurable fallback SNI (#5527)
  • e16a8868 caddytls: Eval replacer on automation policy subjects (#5459)
  • be53e432 caddytls: Relax the warning for on-demand (#5384)
  • b97c76fb caddytls: Require 'ask' endpoint for on-demand TLS
  • 0cc49c05 caddytls: Zero out throttle window first (#5443)
  • 4ba03c9d caddytls: Clarify some JSON config docs
  • 0e2c7e1d caddytls: Reuse certificate cache through reloads (#5623)
  • b301a3df celmatcher: Implement pkix.Name conversion to string (#5492)
  • 096971e3 ci/cd: ship tarballs with vendored deps (#5403)
  • 5ded5804 cmd: Adjust documentation for commands (#5377)
  • 508cf2aa cmd: Create pidfile before config load (close #5477)
  • 9e691955 cmd: Expand cobra support, add short flags (#5379)
  • 5ebb7d49 cmd: Reduce spammy logs from --watch
  • 79de6df9 cmd: Strict unmarshal for validate (#5383)
  • 205b1426 cmd: Support ' quotes in envfile parsing (#5437)
  • bf54892a cmd: make caddy fmt hints more clear (#5378)
  • 38cb587e cmd: Avoid spammy log messages (fix #5538)
  • 078f130a cmd: Implement storage import/export (#5532)
  • 8d304a45 cmd: Split unix sockets for admin endpoint addresses (#5696)
  • f6bab8ba context: Rename func to AppIfConfigured (#5397)
  • 806341e0 core: Properly preserve unix sockets (fix #5568)
  • 942fbb37 core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
  • 99d47050 core: Eliminate unnecessary shutdown delay on Unix (#5413)
  • c6ac350a core: Return default logger if no modules loaded
  • 22927e27 core: Add optional unix socket file permissions (#4741)
  • f66493ef core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)
  • 710824c3 core: Embed net.UDPConn to gain optimizations (#5606)
  • b51dc5d5 core: Refine mutex during reloads (fix #5628) (#5645)
  • 119e8794 core: Skip chmod for abstract unix sockets (#5596)
  • b3f0cea2 encode: flush status code when hijacked. (#5419)
  • 19139307 encode: Fix infinite recursion (#5672)
  • c8032867 fastcgi: Fix capture_stderr (#5515)
  • 571fc034 feature: watch include directory (#5521)
  • f9bd2d3e fileserver: Add color-scheme meta tag (#5475)
  • 6cc3cbbc fileserver: New file browse template (#5427)
  • 94d41a9d fileserver: Remove trailing slash on fs filenames (#5417)
  • 52d7335c fileserver: Use EscapedPath for browse (#5534)
  • 5bd9c490 fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)
  • 5336bc0f fileserver: Fix file browser breadcrumb font (#5543)
  • 2d236ead fileserver: Fix file browser footer in grid mode (#5536)
  • bd34cb6b fileserver: More filetypes for browse icons
  • 2615c9c5 fileserver: Only set Etag if not already set (fix #5546) (#5547)
  • 56af1ceb fileserver: browse: Better grid layout (#5564)
  • cdd3884b fileserver: browse: minor tweaks for grid view, dark mode (#5545)
  • 4e36b4c9 fileserver: Tweak grid view of browse template
  • 27bc16ab fileserver: add export-template sub-command to file-server (#5630)
  • e041962b fileserver: add lazy image loading (#5646)
  • c049bab4 fileserver: browse: Render SVG images in grid
  • 1af419e7 go.mod: Update some dependencies
  • 774f2288 go.mod: Upgrade CertMagic
  • 0de6064c go.mod: Upgrade CertMagic again
  • 9e943319 go.mod: Upgrade dependencies
  • 8cb1bb4a go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
  • 36546cd8 go.mod: Upgrade several dependencies
  • 398c12ae go.mod: Update quic-go to v0.36.0 (#5584)
  • 0468508e go.mod: Upgrade CertMagic for hotfix
  • 9c180a59 go.mod: Upgrade quic-go to 0.35.1
  • 415d1e7b go.mod: Upgrade some dependencies
  • f45a6de2 go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
  • e198c605 go.mod: Upgrade dependencies esp. smallstep/certificates
  • 4df27a20 go.mod: Use latest CertMagic (v0.19.1)
  • 94749e11 go.mod: Use quic-go 0.37.1
  • f857b32d go.mod: update quic-go to v0.36.2 (#5636)
  • 51b1bfb1 go.mod: Upgrade quic-go to v0.37.2 (fix #5680)
  • a8cc5d1a go.mod: Upgrade to quic-go v0.37.3
  • e8352aef headers: Add > Caddyfile shortcut for enabling defer (#5535)
  • dd86171d headers: Support deleting all headers as first op (#5464)
  • 3b19aa2b headers: Allow > to defer shortcut for replacements (#5574)
  • 330be2d8 httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
  • ca14b6ed httpcaddyfile: Sort Caddyfile slice
  • 5c51c1db httpcaddyfile: Allow hostnames & logger name overrides for log directive (#5643)
  • 4aa4f3ac httpcaddyfile: Fix string does not match ~[]E error (#5675)
  • 1aef807c log: Make sink logs encodable (#5441)
  • cdce452e logging: Actually honor the SoftStart parameter
  • f0e39817 logging: Add traceID field to access logs when tracing is active (#5507)
  • f3e8b9d9 logging: Soft start for net writer (close #5520)
  • b6fe5d4b proxyprotocol: Add PROXY protocol support to reverse_proxy, add HTTP listener wrapper (#5424)
  • f5a13a4a replacer: Add HTTP time format (#5458)
  • 48598e1f reverseproxy: Add fallback for some policies, instead of always random (#5488)
  • f8b59e77 reverseproxy: Add query and client_ip_hash lb policies (#5468)
  • 66e571e6 reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
  • 75b690d2 reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
  • 335cd2e8 reverseproxy: Fix active health check header canonicalization, refactor (#5446)
  • 2b04e09f reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
  • 10b265d2 reverseproxy: Header up/down support for CLI command (#5460)
  • b19946f6 reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
  • 4636109c reverseproxy: Remove deprecated lookup_srv (#5396)
  • 2182270a reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
  • 941eae5f reverseproxy: allow specifying ip version for dynamic a upstream (#5401)
  • e3909cc3 reverseproxy: refactor HTTP transport layer (#5369)
  • 424ae0f4 reverseproxy: Experimental streaming timeouts (#5567)
  • 2ddb7171 reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)
  • 361946eb reverseproxy: weighted_round_robin load balancing policy (#5579)
  • da235014 reverseproxy: Connection termination cleanup (#5663)
  • d7d16360 reverseproxy: Export ipVersions type (#5648)
  • 7a69ae75 reverseproxy: Honor tls_except_port for active health checks (#5591)
  • 5dec11f2 reverseproxy: Pointer receiver
  • 65e33fc1 reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)
  • 13a37688 rewrite: use escaped path, fix #5278 (#5504)
  • 2943c418 templates: Add fileStat function (#5497)
  • 31d75acc templates: Add readFile action that does not evaluate templates (#5553)
  • b4205617 tracing: Support autoprop from OTEL_PROPAGATORS (#5147)

v2.7.2

8 months ago

Do not use this release, use v2.7.3 instead which contains several hot fixes.

v2.7.1

8 months ago

Do not use this release; use v2.7.3 instead. It contains a hotfix for a WebSocket issue.

v2.7.0

8 months ago

Do not use this release, use v2.7.3 instead which contains hot fixes.

v2.7.0-beta.2

10 months ago

This release is obsolete. Please see the next release for the notes.

v2.7.0-beta.1

11 months ago

This release is obsolete. Please see the next release for notes.

v2.6.4

1 year ago

This release contains a hotfix for a regression in v2.6.3 related to proxying chunked requests. We recommend that all users who do so upgrade to v2.6.4.

Note that, in an effort to make error-prone configs less likely, we have deprecated the reverse proxy options:

  • buffer_requests
  • buffer_responses
  • max_buffer_size

and have introduced 2 new ones which take a size argument to enable buffering:

  • request_buffers <size>
  • response_buffers <size>

The deprecated options will be removed in a later version of Caddy, so please start using the new parameters instead.

Changelog

  • 0db29e2c go.mod: Upgrade acmez and x/net
  • 4b119a47 reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)