chore(deps): update dependency caddyserver/caddy to v2.3.0 #7
Loading…
Reference in New Issue
No description provided.
Delete Branch "renovate/caddyserver-caddy-2.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v2.2.1->v2.3.0Release Notes
caddyserver/caddy
v2.3.0Compare Source
Caddy 2.3 is the first web server to be able to get certificates from multiple issuers (for redundancy)! We've also optimized several things for large-scale deployments, as there are businesses using Caddy to serve tens of thousands of sites per instance.
The main highlights of this release include:
Multi-issuer support. Caddy can now get certificates from multiple issuers for redundancy; if one fails, another will be tried. Caddy's new defaults are Let's Encrypt and ZeroSSL. You can customize these, including adding local/self-signed certificates as a last resort if desired. Caddy is the first web server to support multiple issuers, offering unrivaled reliability for your site's HTTPS. It is the first ACME client to support multiple CA fallbacks.
Improved on-demand TLS. On-demand TLS is an operating mode by which certificate obtain/renew operations are triggered on a TLS handshake that requires them, rather than happening at config-load time. We've moved a lot of the processing to the background where possible (e.g. when an existing certificate is still usable) so more connections will finish their handshakes faster, and fewer handshakes will fail (however, you still need to watch the logs and fix the errors before it's too late). Several businesses we know of currently rely on this unique feature at a scale of tens of thousands of sites.
Support for alternate certificate chains. You can now customize which certificate chains to download from ACME servers that offer more than one.
New
maphandler is ready for production use. (Caddyfile docs) It's been in Caddy for a few versions now but it's finally ready for production, with enhanced efficiency and functionality. We have been using this handler with a customer in production for a while now, on an instance that is handling thousands of sites.Customize servers and listeners with the Caddyfile. The Caddyfile structure is oriented around sites for convenience, so customizing servers has not been possible until now. You can now use global options to configure servers and their listeners (for example, protocol options, socket read options, and more) without having to use JSON config.
Of course, there are also numerous bug fixes and other enhancements, including bringing more configuration options into the Caddyfile. Thank you to everyone who contributed code, code reviews, or participated in the pre-releases.
There are a couple of minor breaking changes, but one was not documented and the other has always been an experimental feature:
⚠️ The
remote_ipmatcher no longer reads the X-Forwarded-For header by default. This was undocumented behavior, and an unsafe default. If you happened to be relying on this, please enableforwarded(in the Caddyfile, just putforwardedas the first argument before the ranges) to maintain that behavior. Remember that headers are very easy to spoof.⚠️ The
experimental_http3global option in the Caddyfile has been replaced with global server options, one of which is theexperimental_http3protocol. Docs will be updated shortly. This is still an unstable feature until HTTP/3 is finalized and our upstream QUIC/H3 lib is stable and we've decided to keep HTTP/3 enabled in the core by default.Along with this release, we've taken the opportunity to consolidate our documentation regarding getting/installing Caddy. There is no more
/docs/downloadpage, instead it was combined with/docs/installwhich better organizes the various official and unofficial ways to get Caddy. (To be clear, our download page at/downloadis still available.) Also, we started using Cloudsmith for our Debian packaging -- they're donating this service to our open source project and their team has been a pleasure to work with.This release is the work of at least 20 contributors. Thank you!
Changelog
c5197f5acme_server: fix reload of acme database (#3874)06ba006acme_server: switch to bbolt storage (#3868)7a3d9d8basicauth: Minor internal improvements (#3861)937ec34caddyauth: Prevent user enumeration by timing4cff36dcaddyauth: Use buffered channel passed to signal.Notify (#3895)3d0e046caddyauth: Use structured logc6dec30caddyfile: Add support for env var defaults; add tests (#3682)635f075caddyfile: Fix minor bug in formatter63bda6acaddyhttp: Clean up internal auto-HTTPS redirect codeb8a799dcaddyhttp: Document that remote_ip reads X-Forwarded-For header4fc5707caddyhttp: Fix header matcher when using nil966d5e6caddyhttp: Merge header matchers in Caddyfile (#3832)b4f49e2caddyhttp: Merge query matchers in Caddyfile (#3839)1438e4dcaddyhttp: New idle_timeout default of 5m9157051caddyhttp: Optimize large host matchersdeedf8acaddyhttp: Optionally use forwarded IP for remote_ip matcher349457ccaddyhttp: Return error if error handling errorb0f8fc7caddytls: Configure trusted CAs from PEM files (#3882)e384f07caddytls: Improve alt chain preference settings95af426caddytls: Support ACME alt cert chain preferences13781e6caddytls: Support multiple issuers (#3862)e7a5a38cmd: add ability to read config from stdin (#3898)eda9a1bfastcgi: Add timeouts support to Caddyfile adapter (#3842)6e9ac24fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739)7d7434cfileserver: Add debug loggingd8bcf5bfileserver: Fix "go up" links in browse listings (closes #3942)8d038cafileserver: Improve and clarify file hiding logic (#3844)0a7721dfileserver: Preserve transformed root (fix #3838)b6e96d6go.mod: Update CertMagica748151go.mod: Update CertMagic (fix #3911)1e480b8go.mod: update quic-go to v0.19.2 (#3880)5643dc3go.mod: update quic-go to v0.19.3 (#3901)31fbcd7go.mod: Upgrade some dependenciesa26f70aheaders: Fix Caddyfile parsing with request matcher (#3892)b0d5c2cheaders: Support default header values in Caddyfile with '?' (#3807)7c28ecbhttpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846)3cfefebhttpcaddyfile: Configure servers via global options (#3836)7e71915httpcaddyfile: Decrement counter when removing conn policy (fix #3906)03d853ehttpcaddyfile: Fix test on Windowsb6686a5httpcaddyfile: Improve AP logic with OnDemand63afffchttpcaddyfile: Proper log config with catch-all blocks (fix #3878)db4f1c0httpcaddyfile: Revise automation policy generation (#3824)c898a37httpcaddyfile: support matching headers that do not exist (#3909)dd26875logging: Fix for IP filteringebc278emetrics: allow disabling OpenMetrics negotiation (#3944)670b723requestbody: Add Caddyfile support (#3859)99b8f44reverse_proxy: Fix random_choose selection policy (#3811)4a641f6reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629)b660993reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829)53aa60areverseproxy: Handle "operation was canceled" errors (#3816)6e0849dreverseproxy: Implement cookie hash selection policy (#3809)9605853reverseproxy: Logging for streaming and upgrades (#3689)132525dreverseproxy: Minor lint fixes860cc6areverseproxy: Wire up some http transport options in Caddyfile (#3843)c9fdff9reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819)6ea6f3ereverseproxy: fix random hangs on http/2 requests with server push (#3875)Renovate configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻️ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.