Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Caddy 2.8 is (almost) here! We've made a ton of improvements and fixes and implemented some pretty awesome new features based on your feedback.
Thank you to our sponsors and everyone in the community who contributed! We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project.
We've had a lot of documented-deprecated code in place for a long time now, so this version introduces a few more breaking changes than usual; please review the notes below.
This is a beta release, so expect some rough edges. Test in staging before deploying to production, but please try it out! As usual, please file bugs for any issues you encounter. Thank you and have a great day!
:warning: Breaking changes:
email
global option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.acme
issuer with your email
filled out, and the ca
field set to ZeroSSL's ACME server URL.zerossl
issuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with the acme
module pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:
lego_deprecated
DNS provider module. It has been deprecated for 4 years. Use caddy-dns
modules instead; there are over 50 to choose from already. They are more flexible, compile much leaner, and are easier to implement and support. If yours is not supported it can be easily implemented. Sponsors at or above the Business tier can request to have their provider implemented for free.ask
option in the JSON has been deprecated in favor of a permission module (Caddyfile unchanged) (#6055), and Caddyfile support for permission
modules is added (6a02999)Etag
(used for concurrency control) is now a header, not a trailer. This is less efficient, but virtually no clients properly implement trailer support.basicauth
Caddyfile directive has been renamed to basic_auth
(#6092), and skip_log
has been renamed to log_skip
(#6066).basic_auth
handler no longer supports scrypt
(deprecated for over a year) (#6091)forwarded
option has been deprecated for a long time and has now been removed from the remote_ip
matcher (#6085)buffer_requests
, buffer_responses
, and max_buffer_size
settings have been removed after being deprecated for 14 months. Use request_buffers
and response_buffers
instead if you need buffering.Notable changes:
fs
directive can declare a file system plugin to use (#5057)["REDACTED"]
instead of empty array. (#5669)log_append
handler can add fields to the access logs (#6066)uuid
field to access logs when the {http.request.uuid}
placeholder is used (#5859){file.*}
global placeholder is available, where *
is a path to a file on disk which contains a value (generally used for secrets) (#5463)*
matcher token is no longer required in the Caddyfile (#5844)zstd
(#6140)uri query
(#6120, #6165)--adapter
flag is not needed for config files ending with .caddyfile
(#5919)local_ip
connection matcher (#6074)ask
endpoint into a permission
module, making it pluggable (#6055)Etag
a header, not a trailer (#6208)scrypt
(#6091)basicauth
to basic_auth
(#6092)fmt
command (#6056):
(#5883)uuid
to access logs when used (#5859)file_server browse
(#6093)scheme
placeholder docs (#5910)header
replacement with empty string (#6163)%2F
and %252F
(#6084)caddy respond
command (#6010)*.caddyfiletest
extension (#6119)nobadger
to exclude badgerdb (#6031)Usage
section (#6138)ctx.Slogger()
which returns an slog
logger (#5945)fs
directive (#5833)RegisterDirectiveOrder
function for plugin authors (#5865)handle_errors
directive (#5965)skip_log
in directive order (#6153)root
and rewrite
parsing to allow omitting matcher (#5844)zap.Option
support (#5944)wrap
default for filter
encoder (#5980)append
encoder, allow flatter filters config (#6069)log_append
handler (#6066)ip_mask
filter (#6094)ms
duration format and add docs (#6187)forwarded
option from remote_ip
matcher (#6085)query
now ANDs multiple keys (#6054)file.*
global replacements (#5463)tls_curves
option to HTTP transport (#5851)uri query
operations (#6120)uri query
replace operation (#6165)include
args docs, add .ClientIP
(#5898)httpError
to reset to clean slate (#5905)http.auth.user.id
in replacer as a special case (#6108)"<nil>"
(#6174)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.6...v2.8.0-beta.2
This release is obsolete. Please see the next release for the notes.
In this version we've made several fixes and enhancements with help from several contributors. Most changes are small, but some notable ones:
templates
middleware is now officially extensible (experimentally). This means modules can add custom functions/actions for templates to execute.Thank you to everyone who contributed!
:
(#5883)scheme
placeholder docs (#5910)include
args docs, add .ClientIP
(#5898)httpError
to reset to clean slate (#5905)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.5...v2.7.6
In this release, we've fixed quite a few small bugs and annoyances, including HTTP/2 Rapid Reset which affected most HTTP/2 implementations.
On a personal note (from @mholt): I recently became a dad! I want to thank our maintainers for helping in so many ways while I've been taking extra time for family. Francis, Matthew, Mohammed, and others -- including all the contributors below, and then some -- are to thank for shipping this release.
QUIC_GO_DISABLE_GSO=true
and QUIC_GO_DISABLE_ECN=true
environment variables respectively, if they cause you problems. See the quic-go
release notes for more details.fileserver.BrowseTemplate
is now exported, so it may be customized by programs embedding Caddy. (ed8bb13c5df7656647ca7fc1fd09237631a6767c)--envfile
no longer override existing variables. (#5803)encode
handler now compresses application/wasm*
content types by default. (#5869)reverse_proxy
handler can now emit very detailed logs for debugging streaming and buffering. To enable it, set the verbose_logs
subdirective, and set logging to debug
level. Since the logs from this are very noisy, using verbose_logs
to opt-in is necessary. We may ask you to enable this when asking for support! (#5793)caddy -v
, like most other CLI utilities! (#5874)Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
caddy -v
(#5874)--envfile
(#5803)application/wasm*
to the default content types (#5869)-l
and -a
(#5854)browse
(#5751)tls
directive is specified (#5808)least_conn
policy regression (#5862)RemoteAddr
to httpInclude
request, proxy compatibility (#5845)Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.4...v2.7.5
Caddy 2.7.4 rounds out some bug fixes from the 2.7 release. For example, Go made a last-minute breaking change to a new API that broke quic-go (HTTP/3) on Go 1.21 just before Go 1.21 was released; we resolved a few issues with on-demand TLS that are now much improved from the 2.6 tree; a couple race conditions were fixed in dynamic reverse proxy upstreams. We hope you will be pleased with this new version!
Caddy is on feature freeze until after 2.8 so we can improve our testing situation. These patches have all been tried to ensure they work as intended, but if you notice any issues please report them!
We encourage all users to test this new version and then upgrade. Thanks to all who get involved!
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.7.3...v2.7.4
We're pleased to present Caddy 2.7, which makes significant strides in areas of scaling, performance, and niche features.
Special thank-you to @francislavoie, @Mohammed90, and other core team members for the ongoing dedication of their time to help maintain the project and help in our forums.
And a big thank-you to everyone else who contributed! You're awesome, and we're glad this project has so many contributors and sponsors to make it possible.
Docs are being updated and will be pushed live shortly. Thank you for your patience and for using Caddy!
(Note: Versions 2.7.0-2.7.2 contain bugs that were hotfixed within minutes and hours and a day of the release. Thank you to everyone who helped with that! And sorry for the trouble, we have learned lessons to help mitigate that in the future.)
{args[2:]}
(#5249)Deprecations and possible breaking changes for some:
ask
endpoint is now required to enable On-Demand TLS (b97c76fb4789b8da0b80f5a2c1c1c5bebba163b5) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. The ask
endpoint is not required for local-only or internal-only names (#5384 and a7af7c486e5240da974e02b7dfee9d265aaa654a).lookup_srv
feature of the reverse proxy has been removed. It was replaced with the dynamic upstreams feature in 2.6. (#5396)remote_ip forwarded
matcher has been deprecated because it assumes trusting downstream proxies. Instead, the client_ip
matcher should be used along with trusted_proxies
configuration. (#5103 and #5104){args.0}
is now deprecated in favor of {args[0]}
.http.ResponseController
to call Flush()
or Hijack()
on the response writer. (#5654)Thank you to everyone who contributed! And thank you to our sponsors who truly make this project possible.
Full Changelog: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.3
resolvers
, fix smallstep deprecations (#5500)vars_regexp
matcher with placeholders (#5408)ResponseWriter.Unwrap()
, prep for Go 1.20's ResponseController
(#5509)invoke
directive (#5107)http.ResponseController
(#5654)pkix.Name
conversion to string (#5492)'
quotes in envfile parsing (#5437)caddy fmt
hints more clear (#5378)AppIfConfigured
(#5397)chmod
for abstract unix sockets (#5596)capture_stderr
(#5515)export-template
sub-command to file-server
(#5630)>
to defer shortcut for replacements (#5574)hostnames
& logger name overrides for log directive (#5643)string does not match ~[]E
error (#5675)reverse_proxy
, add HTTP listener wrapper (#5424)fallback
for some policies, instead of always random (#5488)query
and client_ip_hash
lb policies (#5468)lookup_srv
(#5396)a
upstream (#5401)tls_except_port
for active health checks (#5591)fileStat
function (#5497)readFile
action that does not evaluate templates (#5553)Do not use this release, use v2.7.3 instead which contains several hot fixes.
Do not use this release; use v2.7.3 instead. It contains a hotfix for a WebSocket issue.
Do not use this release, use v2.7.3 instead which contains hot fixes.
This release is obsolete. Please see the next release for the notes.